Date: Tue, 27 Mar 2018 17:03:01 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r331625 - in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bf crypto/bio crypto/bn crypto/conf crypto/des crypto/dh crypto/dsa crypto/ec crypto/ecdh crypto/engine crypto/... Message-ID: <201803271703.w2RH316x049460@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue Mar 27 17:03:01 2018 New Revision: 331625 URL: https://svnweb.freebsd.org/changeset/base/331625 Log: Import OpenSSL 1.0.2o. Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/LICENSE vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/app_rand.c vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/ciphers.c vendor-crypto/openssl/dist/apps/cms.c vendor-crypto/openssl/dist/apps/dgst.c vendor-crypto/openssl/dist/apps/dsaparam.c vendor-crypto/openssl/dist/apps/ecparam.c vendor-crypto/openssl/dist/apps/enc.c vendor-crypto/openssl/dist/apps/errstr.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/openssl.c vendor-crypto/openssl/dist/apps/passwd.c vendor-crypto/openssl/dist/apps/pkcs12.c vendor-crypto/openssl/dist/apps/pkcs8.c vendor-crypto/openssl/dist/apps/rand.c vendor-crypto/openssl/dist/apps/req.c vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/apps/s_socket.c vendor-crypto/openssl/dist/apps/s_time.c vendor-crypto/openssl/dist/apps/speed.c vendor-crypto/openssl/dist/apps/x509.c vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c vendor-crypto/openssl/dist/crypto/asn1/a_object.c vendor-crypto/openssl/dist/crypto/asn1/a_strex.c vendor-crypto/openssl/dist/crypto/asn1/a_time.c vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c vendor-crypto/openssl/dist/crypto/asn1/asn1.h vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c vendor-crypto/openssl/dist/crypto/bf/bftest.c vendor-crypto/openssl/dist/crypto/bio/b_dump.c vendor-crypto/openssl/dist/crypto/bio/b_print.c vendor-crypto/openssl/dist/crypto/bio/bio_cb.c vendor-crypto/openssl/dist/crypto/bio/bss_bio.c vendor-crypto/openssl/dist/crypto/bio/bss_conn.c vendor-crypto/openssl/dist/crypto/bio/bss_file.c vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_mont.c vendor-crypto/openssl/dist/crypto/bn/bn_print.c vendor-crypto/openssl/dist/crypto/bn/bntest.c vendor-crypto/openssl/dist/crypto/bn/expspeed.c vendor-crypto/openssl/dist/crypto/bn/exptest.c vendor-crypto/openssl/dist/crypto/conf/conf_def.c vendor-crypto/openssl/dist/crypto/conf/conf_mod.c vendor-crypto/openssl/dist/crypto/des/destest.c vendor-crypto/openssl/dist/crypto/des/ecb_enc.c vendor-crypto/openssl/dist/crypto/des/fcrypt.c vendor-crypto/openssl/dist/crypto/des/read_pwd.c vendor-crypto/openssl/dist/crypto/des/set_key.c vendor-crypto/openssl/dist/crypto/dh/dhtest.c vendor-crypto/openssl/dist/crypto/dsa/dsatest.c vendor-crypto/openssl/dist/crypto/ec/ec_lib.c vendor-crypto/openssl/dist/crypto/ec/ec_mult.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp224.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp256.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256.c vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c vendor-crypto/openssl/dist/crypto/ec/ectest.c vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c vendor-crypto/openssl/dist/crypto/engine/eng_table.c vendor-crypto/openssl/dist/crypto/err/err.c vendor-crypto/openssl/dist/crypto/err/err_prn.c vendor-crypto/openssl/dist/crypto/evp/bio_b64.c vendor-crypto/openssl/dist/crypto/evp/digest.c vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/e_camellia.c vendor-crypto/openssl/dist/crypto/evp/evp_enc.c vendor-crypto/openssl/dist/crypto/evp/evp_locl.h vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist/crypto/evp/evp_test.c vendor-crypto/openssl/dist/crypto/evp/openbsd_hw.c vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c vendor-crypto/openssl/dist/crypto/hmac/hmac.c vendor-crypto/openssl/dist/crypto/jpake/jpake.c vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c vendor-crypto/openssl/dist/crypto/md4/md4.c vendor-crypto/openssl/dist/crypto/mem_dbg.c vendor-crypto/openssl/dist/crypto/o_init.c vendor-crypto/openssl/dist/crypto/o_time.c vendor-crypto/openssl/dist/crypto/objects/o_names.c vendor-crypto/openssl/dist/crypto/objects/obj_dat.c vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/pem/pem_info.c vendor-crypto/openssl/dist/crypto/pem/pem_lib.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/rand/rand_egd.c vendor-crypto/openssl/dist/crypto/rand/rand_unix.c vendor-crypto/openssl/dist/crypto/rsa/rsa_crpt.c vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c vendor-crypto/openssl/dist/crypto/srp/srp_grps.h vendor-crypto/openssl/dist/crypto/threads/mttest.c vendor-crypto/openssl/dist/crypto/ts/Makefile vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c vendor-crypto/openssl/dist/crypto/x509/x509_txt.c vendor-crypto/openssl/dist/crypto/x509/x509_v3.c vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c vendor-crypto/openssl/dist/doc/apps/ca.pod vendor-crypto/openssl/dist/doc/apps/ecparam.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/verify.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_length.pod vendor-crypto/openssl/dist/doc/crypto/BIO_s_mem.pod vendor-crypto/openssl/dist/doc/crypto/BN_zero.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod vendor-crypto/openssl/dist/doc/crypto/threads.pod vendor-crypto/openssl/dist/engines/ccgost/README.gost vendor-crypto/openssl/dist/engines/ccgost/gost_eng.c vendor-crypto/openssl/dist/engines/e_atalla.c vendor-crypto/openssl/dist/ssl/Makefile vendor-crypto/openssl/dist/ssl/bad_dtls_test.c vendor-crypto/openssl/dist/ssl/d1_lib.c vendor-crypto/openssl/dist/ssl/d1_pkt.c vendor-crypto/openssl/dist/ssl/fatalerrtest.c vendor-crypto/openssl/dist/ssl/kssl.c vendor-crypto/openssl/dist/ssl/s23_srvr.c vendor-crypto/openssl/dist/ssl/s2_clnt.c vendor-crypto/openssl/dist/ssl/s2_enc.c vendor-crypto/openssl/dist/ssl/s2_lib.c vendor-crypto/openssl/dist/ssl/s2_srvr.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl_cert.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_sess.c vendor-crypto/openssl/dist/ssl/ssltest.c vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/t1_trce.c Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/CHANGES Tue Mar 27 17:03:01 2018 (r331625) @@ -7,6 +7,21 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] + + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + Changes between 1.0.2m and 1.0.2n [7 Dec 2017] *) Read/write after SSL object in error state @@ -2012,8 +2027,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester + <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/Configure Tue Mar 27 17:03:01 2018 (r331625) @@ -354,7 +354,7 @@ my %table=( "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", # DEC Alpha OSF/1/Tru64 targets. # @@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } -if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) +if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) { $cflags =~ s/\-mno\-cygwin\s*//; $shared_ldflag =~ s/\-mno\-cygwin\s*//; @@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } -my $ecc = $cc; -$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; +my %predefined; +# collect compiler pre-defines from gcc or gcc-alike... +open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |"); +while (<PIPE>) { + m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$1} = defined($2) ? $2 : ""; +} +close(PIPE); + if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__}); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } - if ($ecc eq "clang") + if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { @@ -1723,15 +1730,14 @@ while (<IN>) s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Mar 27 17:03:01 2018 (r331625) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://repo.freebsd.org/base" -setenv OSSLVER 1.0.2n -# OSSLTAG format: v1_0_2n +setenv OSSLVER 1.0.2o +# OSSLTAG format: v1_0_2o ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist/LICENSE ============================================================================== --- vendor-crypto/openssl/dist/LICENSE Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/LICENSE Tue Mar 27 17:03:01 2018 (r331625) @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/Makefile Tue Mar 27 17:03:01 2018 (r331625) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2n +VERSION=1.0.2o MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend +MAKEDEPPROG= cc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/NEWS Tue Mar 27 17:03:01 2018 (r331625) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] + + o Constructed ASN.1 types with a recursive definition could exceed the + stack (CVE-2018-0739) + Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] o Read/write after SSL object in error state (CVE-2017-3737) Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/README Tue Mar 27 17:03:01 2018 (r331625) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2n 7 Dec 2017 + OpenSSL 1.0.2o 27 Mar 2018 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/app_rand.c ============================================================================== --- vendor-crypto/openssl/dist/apps/app_rand.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/app_rand.c Tue Mar 27 17:03:01 2018 (r331625) @@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, i #endif if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); else if (RAND_egd(file) > 0) { /* * we try if the given filename is an EGD socket. if it is, we don't @@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) return 0; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); if (file == NULL || !RAND_write_file(file)) { BIO_printf(bio_e, "unable to write 'random state'\n"); return 0; Modified: vendor-crypto/openssl/dist/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/apps.c Tue Mar 27 17:03:01 2018 (r331625) @@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM BUF_strlcpy(buf[0], serialfile, BSIZE); else { #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); #endif } #ifdef RL_DEBUG @@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", @@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile); #endif dbattr_conf = NCONF_new(NULL); if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { @@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); @@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_s goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); @@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *c JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); + BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk)); (void)BIO_flush(bconn); JPAKE_STEP3A_release(&s3a); } @@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *c JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); + BIO_write(bconn, s3b.hk, sizeof(s3b.hk)); (void)BIO_flush(bconn); JPAKE_STEP3B_release(&s3b); } @@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn) char buf[10240]; int l; - l = BIO_gets(bconn, buf, sizeof buf); + l = BIO_gets(bconn, buf, sizeof(buf)); assert(l > 0); assert(buf[l - 1] == '\n'); buf[l - 1] = '\0'; @@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO * int l; JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); + l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk)); + assert(l == sizeof(s3a.hhk)); if (!JPAKE_STEP3A_process(ctx, &s3a)) { ERR_print_errors(bio_err); exit(1); @@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO * int l; JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); + l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk)); + assert(l == sizeof(s3b.hk)); if (!JPAKE_STEP3B_process(ctx, &s3b)) { ERR_print_errors(bio_err); exit(1); Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/ca.c Tue Mar 27 17:03:01 2018 (r331625) @@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = - NULL; + X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; ASN1_UTCTIME *tm, *tmptm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; @@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * goto err; } - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject */ - /* - * and add it later on because of the method extensions are added - * (altName) - */ - - if (email_dn) - dn_subject = subject; - else { - X509_NAME_ENTRY *tmpne; - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if (!(dn_subject = X509_NAME_dup(subject))) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); - X509_NAME_ENTRY_free(tmpne); - } - } - - if (BN_is_zero(serial)) - row[DB_serial] = BUF_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == 'E') - p = "Expired"; - else if (rrow[DB_type][0] == 'R') - p = "Revoked"; - else if (rrow[DB_type][0] == 'V') - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto err; - } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, @@ -2056,12 +1955,126 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * goto err; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0) { - if (!X509_set_subject_name(ret, dn_subject)) + if (verbose) + BIO_printf(bio_err, + "The subject name appears to be ok, checking data base for clashes\n"); + + /* Build the correct Subject if no e-mail is wanted in the subject */ + + if (!email_dn) { + X509_NAME_ENTRY *tmpne; + X509_NAME *dn_subject; + + /* + * Its best to dup the subject DN and then delete any email addresses + * because this retains its structure. + */ + if (!(dn_subject = X509_NAME_dup(subject))) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto err; + } + while ((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, + -1)) >= 0) { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + + if (!X509_set_subject_name(ret, dn_subject)) { + X509_NAME_free(dn_subject); + goto err; + } + X509_NAME_free(dn_subject); } + row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (BN_is_zero(serial)) + row[DB_serial] = BUF_strdup("00"); + else + row[DB_serial] = BN_bn2hex(serial); + if (row[DB_serial] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (row[DB_name][0] == '\0') { + /* + * An empty subject! We'll use the serial number instead. If + * unique_subject is in use then we don't want different entries with + * empty subjects matching each other. + */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + } + + if (db->attributes.unique_subject) { + OPENSSL_STRING *crow = row; + + rrow = TXT_DB_get_by_index(db->db, DB_name, crow); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + } + if (rrow == NULL) { + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err, + " check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) { + BIO_printf(bio_err, "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p = "Expired"; + else if (rrow[DB_type][0] == 'R') + p = "Revoked"; + else if (rrow[DB_type][0] == 'V') + p = "Valid"; + else + p = "\ninvalid type, Data base error\n"; + BIO_printf(bio_err, "Type :%s\n", p);; + if (rrow[DB_type][0] == 'R') { + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Was revoked on:%s\n", p); + } + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Expires on :%s\n", p); + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Serial Number :%s\n", p); + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "File name :%s\n", p); + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Subject Name :%s\n", p); + ok = -1; /* This is now a 'bad' error. */ + goto err; + } + if (!default_op) { BIO_printf(bio_err, "Certificate Details:\n"); /* @@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_rev_date] = OPENSSL_malloc(1); row[DB_file] = OPENSSL_malloc(8); - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || (row[DB_rev_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + (row[DB_file] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * irow = NULL; ok = 1; err: - if (irow != NULL) { + if (ok != 1) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); - OPENSSL_free(irow); } + OPENSSL_free(irow); if (CAname != NULL) X509_NAME_free(CAname); if (subject != NULL) X509_NAME_free(subject); - if ((dn_subject != NULL) && !email_dn) - X509_NAME_free(dn_subject); if (tmptm != NULL) ASN1_UTCTIME_free(tmptm); if (ok <= 0) { @@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, else row[DB_serial] = BN_bn2hex(bn); BN_free(bn); + if (row[DB_name] != NULL && row[DB_name][0] == '\0') { + /* Entries with empty Subjects actually use the serial number instead */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + } if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; Modified: vendor-crypto/openssl/dist/apps/ciphers.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ciphers.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/ciphers.c Tue Mar 27 17:03:01 2018 (r331625) @@ -217,7 +217,7 @@ int MAIN(int argc, char **argv) BIO_printf(STDout, "%s - ", nm); } #endif - BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); + BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf))); } } Modified: vendor-crypto/openssl/dist/apps/cms.c ============================================================================== --- vendor-crypto/openssl/dist/apps/cms.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/cms.c Tue Mar 27 17:03:01 2018 (r331625) @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -977,12 +977,16 @@ int MAIN(int argc, char **argv) signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, e, "signer certificate"); - if (!signer) + if (!signer) { + ret = 2; goto end; + } key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (!key) { + ret = 2; goto end; + } for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; Modified: vendor-crypto/openssl/dist/apps/dgst.c ============================================================================== --- vendor-crypto/openssl/dist/apps/dgst.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/dgst.c Tue Mar 27 17:03:01 2018 (r331625) @@ -145,7 +145,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); md = EVP_get_digestbyname(pname); Modified: vendor-crypto/openssl/dist/apps/dsaparam.c ============================================================================== --- vendor-crypto/openssl/dist/apps/dsaparam.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/dsaparam.c Tue Mar 27 17:03:01 2018 (r331625) @@ -382,6 +382,9 @@ int MAIN(int argc, char **argv) printf("\treturn(dsa);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); Modified: vendor-crypto/openssl/dist/apps/ecparam.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ecparam.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/ecparam.c Tue Mar 27 17:03:01 2018 (r331625) @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -546,6 +546,9 @@ int MAIN(int argc, char **argv) BIO_printf(out, "\treturn(group);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); @@ -581,6 +584,9 @@ int MAIN(int argc, char **argv) if (EC_KEY_set_group(eckey, group) == 0) goto end; + + if (new_form) + EC_KEY_set_conv_form(eckey, form); if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); Modified: vendor-crypto/openssl/dist/apps/enc.c ============================================================================== --- vendor-crypto/openssl/dist/apps/enc.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/enc.c Tue Mar 27 17:03:01 2018 (r331625) @@ -114,7 +114,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { static const char magic[] = "Salted__"; - char mbuf[sizeof magic - 1]; + char mbuf[sizeof(magic) - 1]; char *strbuf = NULL; unsigned char *buff = NULL, *bufsize = NULL; int bsize = BSIZE, verbose = 0; @@ -154,7 +154,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) base64 = 1; #ifdef ZLIB @@ -247,7 +247,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0] = '\0'; - if (!fgets(buf, sizeof buf, infile)) { + if (!fgets(buf, sizeof(buf), infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", file); goto bad; } @@ -432,7 +432,7 @@ int MAIN(int argc, char **argv) for (;;) { char buf[200]; - BIO_snprintf(buf, sizeof buf, "enter %s %s password:", + BIO_snprintf(buf, sizeof(buf), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -517,31 +517,31 @@ int MAIN(int argc, char **argv) else { if (enc) { if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof salt) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) goto end; /* * If -P option then don't bother writing */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof magic - 1) != sizeof magic - 1 + sizeof(magic) - 1) != sizeof(magic) - 1 || BIO_write(wbio, (char *)salt, - sizeof salt) != sizeof salt)) { + sizeof(salt)) != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) || BIO_read(rbio, (unsigned char *)salt, - sizeof salt) != sizeof salt) { + sizeof(salt)) != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; - } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } @@ -564,7 +564,7 @@ int MAIN(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof iv)) { + } else if (!set_hex(hiv, iv, sizeof(iv))) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } Modified: vendor-crypto/openssl/dist/apps/errstr.c ============================================================================== --- vendor-crypto/openssl/dist/apps/errstr.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/errstr.c Tue Mar 27 17:03:01 2018 (r331625) @@ -108,7 +108,7 @@ int MAIN(int argc, char **argv) for (i = 1; i < argc; i++) { if (sscanf(argv[i], "%lx", &l)) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); printf("%s\n", buf); } else { printf("%s: bad error code\n", argv[i]); Modified: vendor-crypto/openssl/dist/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ocsp.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/ocsp.c Tue Mar 27 17:03:01 2018 (r331625) @@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb *pcbio = cbio; for (;;) { - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ Modified: vendor-crypto/openssl/dist/apps/openssl.c ============================================================================== --- vendor-crypto/openssl/dist/apps/openssl.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/openssl.c Tue Mar 27 17:03:01 2018 (r331625) @@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[]) prog = prog_init(); /* first check the program name */ - program_name(Argv[0], pname, sizeof pname); + program_name(Argv[0], pname, sizeof(pname)); f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); @@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[]) for (;;) { ret = 0; p = buf; - n = sizeof buf; + n = sizeof(buf); i = 0; for (;;) { p[0] = '\0'; @@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void) /* Purely so it looks nice when the user hits ? */ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; - qsort(functions, i, sizeof *functions, SortFnByName); + qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new()) == NULL) return (NULL); Modified: vendor-crypto/openssl/dist/apps/passwd.c ============================================================================== --- vendor-crypto/openssl/dist/apps/passwd.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/passwd.c Tue Mar 27 17:03:01 2018 (r331625) @@ -252,7 +252,7 @@ int MAIN(int argc, char **argv) /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char * EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) + EVP_DigestUpdate(&md, buf, sizeof(buf)); EVP_DigestUpdate(&md, buf, i); n = passwd_len; @@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char * for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + (i & 1) ? passwd_len : sizeof(buf)); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len); + (i & 1) ? sizeof(buf) : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); @@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char * { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char * buf_perm[15] = buf[11]; # ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); + assert(16 == sizeof(buf_perm)); # endif output = salt_out + salt_len; Modified: vendor-crypto/openssl/dist/apps/pkcs12.c ============================================================================== --- vendor-crypto/openssl/dist/apps/pkcs12.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/pkcs12.c Tue Mar 27 17:03:01 2018 (r331625) @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read MAC password"); # endif if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -629,13 +629,13 @@ int MAIN(int argc, char **argv) # endif if (!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); # ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -698,7 +698,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read import password"); # endif if (!noprompt - && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; @@ -708,7 +708,7 @@ int MAIN(int argc, char **argv) # endif if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); if ((options & INFO) && p12->mac) BIO_printf(bio_err, "MAC Iteration %ld\n", Modified: vendor-crypto/openssl/dist/apps/pkcs8.c ============================================================================== --- vendor-crypto/openssl/dist/apps/pkcs8.c Tue Mar 27 16:38:32 2018 (r331624) +++ vendor-crypto/openssl/dist/apps/pkcs8.c Tue Mar 27 17:03:01 2018 (r331625) @@ -277,7 +277,7 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof(pass), "Enter Encryption Password:", 1)) goto end; } app_RAND_load_file(NULL, bio_err, 0); @@ -331,7 +331,7 @@ int MAIN(int argc, char **argv) p8pass = passin; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803271703.w2RH316x049460>