rpms/openssl/devel openssl-1.0.0-beta3-cipher-change.patch, NONE, 1.1 openssl-1.0.0-beta3-default-paths.patch, NONE, 1.1 openssl-1.0.0-beta3-defaults.patch, NONE, 1.1 openssl-1.0.0-beta3-enginesdir.patch, NONE, 1.1 openssl-1.0.0-beta3-fips.patch, NONE, 1.1 openssl-1.0.0-beta3-fipscheck.patch, NONE, 1.1 openssl-1.0.0-beta3-fipsmode.patch, NONE, 1.1 openssl-1.0.0-beta3-fipsrng.patch, NONE, 1.1 openssl-1.0.0-beta3-ipv6-apps.patch, NONE, 1.1 openssl-1.0.0-beta3-krb5.patch, NONE, 1.1 openssl-1.0.0-beta3-namingblk.patch, NONE, 1.1 openssl-1.0.0-beta3-namingstr.patch, NONE, 1.1 openssl-1.0.0-beta3-redhat.patch, NONE, 1.1 openssl-1.0.0-beta3-soversion.patch, NONE, 1.1 .cvsignore, 1.18, 1.19 README.FIPS, 1.1, 1.2 hobble-openssl, 1.7, 1.8 openssl.spec, 1.133, 1.134 sources, 1.20, 1.21 openssl-0.9.8a-defaults.patch, 1.3, NONE openssl-0.9.8a-enginesdir.patch, 1.1, NONE openssl-0.9.8a-link-krb5.patch, 1.1, NONE openssl-0.9.8a-reuse-cipher-change.patch, 1.1, NONE openssl-0.9.8g-default-paths.patch, 1.1, NONE openssl-0.9.8g-ipv6-apps.patch, 1.1, NONE openssl-0.9.8g-no-extssl.patch, 1.2, NONE openssl-0.9.8j-eap-fast.patch, 1.1, NONE openssl-0.9.8j-enginesdir.patch, 1.1, NONE openssl-0.9.8j-fips-no-pairwise.patch, 1.1, NONE openssl-0.9.8j-nocanister.patch, 1.1, NONE openssl-0.9.8j-redhat.patch, 1.1, NONE openssl-0.9.8j-soversion.patch, 1.1, NONE openssl-0.9.8k-dtls-compat.patch, 1.1, NONE openssl-0.9.8k-dtls-dos.patch, 1.1, NONE openssl-0.9.8k-fips-rng-seed.patch, 1.1, NONE openssl-0.9.8k-fipscheck-hmac.patch, 1.1, NONE openssl-0.9.8k-kernel-fipsmode.patch, 1.1, NONE openssl-0.9.8k-multi-crl.patch, 1.1, NONE openssl-0.9.8k-shlib-version.patch, 1.1, NONE openssl-0.9.8k-use-fipscheck.patch, 1.1, NONE openssl-0.9.8k-x509-name-cmp.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Thu Aug 20 14:18:42 UTC 2009
Author: tmraz
Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21444
Modified Files:
.cvsignore README.FIPS hobble-openssl openssl.spec sources
Added Files:
openssl-1.0.0-beta3-cipher-change.patch
openssl-1.0.0-beta3-default-paths.patch
openssl-1.0.0-beta3-defaults.patch
openssl-1.0.0-beta3-enginesdir.patch
openssl-1.0.0-beta3-fips.patch
openssl-1.0.0-beta3-fipscheck.patch
openssl-1.0.0-beta3-fipsmode.patch
openssl-1.0.0-beta3-fipsrng.patch
openssl-1.0.0-beta3-ipv6-apps.patch
openssl-1.0.0-beta3-krb5.patch
openssl-1.0.0-beta3-namingblk.patch
openssl-1.0.0-beta3-namingstr.patch
openssl-1.0.0-beta3-redhat.patch
openssl-1.0.0-beta3-soversion.patch
Removed Files:
openssl-0.9.8a-defaults.patch openssl-0.9.8a-enginesdir.patch
openssl-0.9.8a-link-krb5.patch
openssl-0.9.8a-reuse-cipher-change.patch
openssl-0.9.8g-default-paths.patch
openssl-0.9.8g-ipv6-apps.patch openssl-0.9.8g-no-extssl.patch
openssl-0.9.8j-eap-fast.patch openssl-0.9.8j-enginesdir.patch
openssl-0.9.8j-fips-no-pairwise.patch
openssl-0.9.8j-nocanister.patch openssl-0.9.8j-redhat.patch
openssl-0.9.8j-soversion.patch
openssl-0.9.8k-dtls-compat.patch openssl-0.9.8k-dtls-dos.patch
openssl-0.9.8k-fips-rng-seed.patch
openssl-0.9.8k-fipscheck-hmac.patch
openssl-0.9.8k-kernel-fipsmode.patch
openssl-0.9.8k-multi-crl.patch
openssl-0.9.8k-shlib-version.patch
openssl-0.9.8k-use-fipscheck.patch
openssl-0.9.8k-x509-name-cmp.patch
Log Message:
* Thu Aug 20 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.1.beta3
- update to new major upstream release
openssl-1.0.0-beta3-cipher-change.patch:
ssl.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-cipher-change.patch ---
diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
--- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200
@@ -511,7 +511,7 @@ typedef struct ssl_session_st
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
@@ -528,7 +528,7 @@ typedef struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL 0x80000FFFL
+#define SSL_OP_ALL 0x80000FF7L
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU 0x00001000L
openssl-1.0.0-beta3-default-paths.patch:
s_client.c | 9 +++++----
s_server.c | 16 ++++++++++------
s_time.c | 9 +++++----
3 files changed, 20 insertions(+), 14 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-default-paths.patch ---
diff -up openssl-1.0.0-beta3/apps/s_client.c.default-paths openssl-1.0.0-beta3/apps/s_client.c
--- openssl-1.0.0-beta3/apps/s_client.c.default-paths 2009-06-30 18:10:24.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 18:17:52.000000000 +0200
@@ -888,12 +888,13 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.0-beta3/apps/s_server.c.default-paths openssl-1.0.0-beta3/apps/s_server.c
--- openssl-1.0.0-beta3/apps/s_server.c.default-paths 2009-06-30 18:10:24.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 18:18:40.000000000 +0200
@@ -1403,12 +1403,13 @@ bad:
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1457,8 +1458,11 @@ bad:
SSL_CTX_sess_set_cache_size(ctx2,128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.0-beta3/apps/s_time.c.default-paths openssl-1.0.0-beta3/apps/s_time.c
--- openssl-1.0.0-beta3/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_time.c 2009-08-05 18:00:35.000000000 +0200
@@ -373,12 +373,13 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
if (tm_cipher == NULL)
openssl-1.0.0-beta3-defaults.patch:
openssl.cnf | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-defaults.patch ---
diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/openssl.cnf
--- openssl-1.0.0-beta3/apps/openssl.cnf.defaults 2009-04-04 20:09:43.000000000 +0200
+++ openssl-1.0.0-beta3/apps/openssl.cnf 2009-08-04 22:57:16.000000000 +0200
@@ -103,7 +103,8 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
+default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -126,17 +127,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+#stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
+localityName_default = Default City
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (eg, YOUR name)
+commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
openssl-1.0.0-beta3-enginesdir.patch:
Configure | 9 +++++++--
engines/Makefile | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-enginesdir.patch ---
diff -up openssl-1.0.0-beta3/Configure.enginesdir openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.enginesdir 2009-08-10 19:46:32.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-10 19:46:32.000000000 +0200
@@ -616,6 +616,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix="";
my $cross_compile_prefix="";
@@ -820,6 +821,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1037,7 +1042,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1645,7 +1650,7 @@ while (<IN>)
# $foo is to become "$prefix/lib$multilib/engines";
# as Makefile.org and engines/Makefile are adapted for
# $multilib suffix.
- my $foo = "$prefix/lib/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff -up openssl-1.0.0-beta3/engines/Makefile.enginesdir openssl-1.0.0-beta3/engines/Makefile
--- openssl-1.0.0-beta3/engines/Makefile.enginesdir 2009-06-14 04:37:22.000000000 +0200
+++ openssl-1.0.0-beta3/engines/Makefile 2009-08-10 19:46:48.000000000 +0200
@@ -123,7 +123,7 @@ install:
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx ); \
done; \
fi
openssl-1.0.0-beta3-fips.patch:
Configure | 14
Makefile.org | 6
crypto/Makefile | 6
crypto/bf/bf_skey.c | 7
crypto/bf/blowfish.h | 4
crypto/bn/Makefile | 4
crypto/bn/bn.h | 11
crypto/bn/bn_x931p.c | 272 ++++++++++
crypto/camellia/camellia.h | 5
crypto/camellia/cmll_misc.c | 13
crypto/cast/c_skey.c | 7
crypto/cast/cast.h | 4
crypto/crypto.h | 57 ++
crypto/dh/dh.h | 5
crypto/dh/dh_err.c | 3
crypto/dh/dh_gen.c | 18
crypto/dh/dh_key.c | 21
crypto/dsa/dsa.h | 23
crypto/dsa/dsa_gen.c | 19
crypto/dsa/dsa_key.c | 48 +
crypto/dsa/dsa_ossl.c | 36 +
crypto/err/err_all.c | 6
crypto/evp/digest.c | 60 ++
crypto/evp/e_aes.c | 41 -
crypto/evp/e_camellia.c | 2
crypto/evp/e_des3.c | 24
crypto/evp/e_null.c | 2
crypto/evp/evp.h | 23
crypto/evp/evp_enc.c | 69 ++
crypto/evp/evp_err.c | 1
crypto/evp/evp_lib.c | 22
crypto/evp/evp_locl.h | 29 -
crypto/evp/m_dss.c | 2
crypto/evp/m_dss1.c | 2
crypto/evp/m_sha1.c | 15
crypto/evp/names.c | 8
crypto/fips/Makefile | 81 +++
crypto/fips/cavs/fips_aesavs.c | 939 +++++++++++++++++++++++++++++++++++++
crypto/fips/cavs/fips_desmovs.c | 702 +++++++++++++++++++++++++++
crypto/fips/cavs/fips_dssvs.c | 537 +++++++++++++++++++++
crypto/fips/cavs/fips_rngvs.c | 230 +++++++++
crypto/fips/cavs/fips_rsagtest.c | 390 +++++++++++++++
crypto/fips/cavs/fips_rsastest.c | 370 ++++++++++++++
crypto/fips/cavs/fips_rsavtest.c | 377 ++++++++++++++
crypto/fips/cavs/fips_shatest.c | 388 +++++++++++++++
crypto/fips/cavs/fips_utl.h | 343 +++++++++++++
crypto/fips/fips.c | 419 ++++++++++++++++
crypto/fips/fips.h | 163 ++++++
crypto/fips/fips_aes_selftest.c | 101 +++
crypto/fips/fips_des_selftest.c | 137 +++++
crypto/fips/fips_dsa_selftest.c | 180 +++++++
crypto/fips/fips_hmac_selftest.c | 135 +++++
crypto/fips/fips_rand.c | 410 ++++++++++++++++
crypto/fips/fips_rand.h | 77 +++
crypto/fips/fips_rand_selftest.c | 371 ++++++++++++++
crypto/fips/fips_randtest.c | 248 +++++++++
crypto/fips/fips_rsa_selftest.c | 432 +++++++++++++++++
crypto/fips/fips_rsa_x931g.c | 281 +++++++++++
crypto/fips/fips_sha1_selftest.c | 97 +++
crypto/fips/fips_standalone_sha1.c | 173 ++++++
crypto/fips/fips_test_suite.c | 588 +++++++++++++++++++++++
crypto/fips_err.c | 7
crypto/fips_err.h | 137 +++++
crypto/fips_locl.h | 72 ++
crypto/hmac/hmac.c | 14
crypto/hmac/hmac.h | 1
crypto/md2/md2.h | 3
crypto/md2/md2_dgst.c | 7
crypto/md4/md4.h | 3
crypto/md4/md4_dgst.c | 7
crypto/md5/md5.h | 3
crypto/md5/md5_dgst.c | 7
crypto/mdc2/mdc2.h | 4
crypto/mdc2/mdc2dgst.c | 7
crypto/mem.c | 2
crypto/o_init.c | 80 +++
crypto/opensslconf.h.in | 15
crypto/pkcs12/p12_crt.c | 11
crypto/rand/md_rand.c | 12
crypto/rand/rand.h | 17
crypto/rand/rand_err.c | 17
crypto/rand/rand_lib.c | 17
crypto/rc2/rc2.h | 4
crypto/rc2/rc2_skey.c | 17
crypto/rc4/Makefile | 4
crypto/rc4/asm/rc4-586.pl | 8
crypto/rc4/asm/rc4-s390x.pl | 2
crypto/rc4/asm/rc4-x86_64.pl | 2
crypto/rc4/rc4.h | 5
crypto/rc4/rc4_fblk.c | 75 ++
crypto/rc4/rc4_skey.c | 14
crypto/ripemd/ripemd.h | 3
crypto/ripemd/rmd_dgst.c | 7
crypto/rsa/rsa.h | 28 +
crypto/rsa/rsa_eay.c | 158 ++++--
crypto/rsa/rsa_err.c | 6
crypto/rsa/rsa_gen.c | 99 +++
crypto/rsa/rsa_lib.c | 87 +--
crypto/rsa/rsa_sign.c | 10
crypto/sha/sha.h | 3
crypto/sha/sha1dgst.c | 4
crypto/sha/sha256.c | 10
crypto/sha/sha512.c | 12
crypto/sha/sha_dgst.c | 6
crypto/sha/sha_locl.h | 7
ssl/s23_clnt.c | 16
ssl/s23_srvr.c | 9
ssl/s3_clnt.c | 6
ssl/s3_enc.c | 4
ssl/s3_srvr.c | 2
ssl/ssl_ciph.c | 7
ssl/ssl_lib.c | 8
ssl/ssltest.c | 35 +
ssl/t1_enc.c | 2
114 files changed, 9984 insertions(+), 177 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-fips.patch ---
diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.fips 2009-08-11 18:07:30.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-11 18:07:30.000000000 +0200
@@ -654,6 +654,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml
my $processor="";
my $default_ranlib;
my $perl;
+my $fips=0;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
@@ -797,6 +798,10 @@ PROCESS_ARGS:
}
elsif (/^386$/)
{ $processor=386; }
+ elsif (/^fips$/)
+ {
+ $fips=1;
+ }
elsif (/^rsaref$/)
{
# No RSAref support any more since it's not needed.
@@ -1349,6 +1354,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no
$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
+if ($fips)
+ {
+ $openssl_other_defines.="#define OPENSSL_FIPS\n";
+ }
+
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
@@ -1504,6 +1514,10 @@ while (<IN>)
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
+ if ($fips)
+ {
+ s/^FIPS=.*/FIPS=yes/;
+ }
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto/bf/bf_skey.c
--- openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100
+++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-08-11 18:07:30.000000000 +0200
@@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
#include <openssl/blowfish.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "bf_locl.h"
#include "bf_pi.h"
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(BF)
{
int i;
BF_LONG *p,ri,in[2];
diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypto/bf/blowfish.h
--- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-08-11 18:07:30.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-08-11 18:07:30.000000000 +0200
@@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
-
+#ifdef OPENSSL_FIPS
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/bn.h
--- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-08-11 18:07:30.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-08-11 18:07:30.000000000 +0200
@@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n
int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c
--- /dev/null 2009-07-27 08:39:22.849064505 +0200
+++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-08-11 18:07:30.000000000 +0200
@@ -0,0 +1,272 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+
+/* X9.31 routines for prime derivation */
+
+/* X9.31 prime derivation. This is used to generate the primes pi
+ * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
+ * integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+ BN_GENCB *cb)
+ {
+ int i = 0;
+ if (!BN_copy(pi, Xpi))
+ return 0;
+ if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+ return 0;
+ for(;;)
+ {
+ i++;
+ BN_GENCB_call(cb, 0, i);
+ /* NB 27 MR is specificed in X9.31 */
+ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+ break;
+ if (!BN_add_word(pi, 2))
+ return 0;
+ }
+ BN_GENCB_call(cb, 2, i);
+ return 1;
+ }
+
+/* This is the main X9.31 prime derivation function. From parameters
+ * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
+ * not NULL they will be returned too: this is needed for testing.
+ */
+
[...11497 lines suppressed...]
+#endif
+
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
/* we have SSLv3/TLSv1 in an SSLv2 header
diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c
--- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-08-11 18:07:30.000000000 +0200
@@ -156,6 +156,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s)
q=md_buf;
for (num=2; num > 0; num--)
{
+ EVP_MD_CTX_set_flags(&md_ctx,
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c
--- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-08-11 18:07:30.000000000 +0200
@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *
#endif
k=0;
EVP_MD_CTX_init(&m5);
+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_init(&s1);
for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
{
@@ -614,6 +615,8 @@ int ssl3_digest_cached_records(SSL *s)
if ((mask & s->s3->tmp.new_cipher->algorithm2) && md)
{
s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
}
@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in
return 0;
}
EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
if (n < 0)
diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c
--- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-08-11 18:07:30.000000000 +0200
@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s
j=0;
for (num=2; num > 0; num--)
{
+ EVP_MD_CTX_set_flags(&md_ctx,
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_ciph.c
--- openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips 2009-04-07 14:10:59.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-11 18:07:30.000000000 +0200
@@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
!(c->algorithm_mac & disabled_mac) &&
+#ifdef OPENSSL_FIPS
+ (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
!(c->algorithm_ssl & disabled_ssl))
{
co_list[co_list_num].cipher = c;
@@ -1423,7 +1426,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
for (curr = head; curr != NULL; curr = curr->next)
{
+#ifdef OPENSSL_FIPS
+ if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
if (curr->active)
+#endif
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib.c
--- openssl-1.0.0-beta3/ssl/ssl_lib.c.fips 2009-06-30 13:57:24.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-08-11 18:07:30.000000000 +0200
@@ -1470,6 +1470,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
return(NULL);
}
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && (meth->version < TLS1_VERSION))
+ {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return NULL;
+ }
+#endif
+
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest.c
--- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-08-11 18:07:30.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-08-11 18:07:30.000000000 +0200
@@ -265,6 +265,9 @@ static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+ fprintf(stderr,"-F - run test in FIPS mode\n");
+#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -484,6 +487,9 @@ int main(int argc, char *argv[])
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+ int fips_mode=0;
+#endif
verbose = 0;
debug = 0;
@@ -515,7 +521,16 @@ int main(int argc, char *argv[])
while (argc >= 1)
{
- if (strcmp(*argv,"-server_auth") == 0)
+ if(!strcmp(*argv,"-F"))
+ {
+#ifdef OPENSSL_FIPS
+ fips_mode=1;
+#else
+ fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+ EXIT(0);
+#endif
+ }
+ else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@ -711,6 +726,20 @@ bad:
EXIT(1);
}
+#ifdef OPENSSL_FIPS
+ if(fips_mode)
+ {
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ else
+ fprintf(stderr,"*** IN FIPS MODE ***\n");
+ }
+#endif
+
if (print_time)
{
if (!bio_pair)
@@ -2153,12 +2182,12 @@ static int MS_CALLBACK app_verify_callba
}
#ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
+# if 0
if(s->version == TLS1_VERSION)
FIPS_allow_md5(1);
# endif
ok = X509_verify_cert(ctx);
-# ifdef OPENSSL_FIPS
+# if 0
if(s->version == TLS1_VERSION)
FIPS_allow_md5(0);
# endif
diff -up openssl-1.0.0-beta3/ssl/t1_enc.c.fips openssl-1.0.0-beta3/ssl/t1_enc.c
--- openssl-1.0.0-beta3/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-08-11 18:07:30.000000000 +0200
@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
+ HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
openssl-1.0.0-beta3-fipscheck.patch:
Makefile | 13 ++
fips.c | 218 +++++++++++++++++++++++++++++++++++++++++++++++++
fips_standalone_sha1.c | 42 ++++-----
3 files changed, 251 insertions(+), 22 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-fipscheck.patch ---
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-10 20:11:59.000000000 +0200
@@ -47,6 +47,7 @@
*
*/
+#define _GNU_SOURCE
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
@@ -56,6 +57,9 @@
#include <openssl/rsa.h>
#include <string.h>
#include <limits.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
@@ -165,6 +169,204 @@ int FIPS_selftest()
&& FIPS_selftest_dsa();
}
+/* we implement what libfipscheck does ourselves */
+
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+
+static const char conv[] = "0123456789abcdef";
+
+static char *
+bin2hex(void *buf, size_t len)
+{
+ char *hex, *p;
+ unsigned char *src = buf;
+
+ hex = malloc(len * 2 + 1);
+ if (hex == NULL)
+ return NULL;
+
+ p = hex;
+
+ while (len > 0) {
+ unsigned c;
+
+ c = *src;
+ src++;
+
+ *p = conv[c >> 4];
+ ++p;
+ *p = conv[c & 0x0f];
+ ++p;
+ --len;
+ }
+ *p = '\0';
+ return hex;
+}
+
+#define HMAC_PREFIX "."
+#define HMAC_SUFFIX ".hmac"
+#define READ_BUFFER_LENGTH 16384
+
+static char *
+make_hmac_path(const char *origpath)
+{
+ char *path, *p;
+ const char *fn;
+
+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
+ if(path == NULL) {
+ return NULL;
+ }
+
+ fn = strrchr(origpath, '/');
+ if (fn == NULL) {
+ fn = origpath;
+ } else {
+ ++fn;
+ }
+
+ strncpy(path, origpath, fn-origpath);
+ p = path + (fn - origpath);
+ p = stpcpy(p, HMAC_PREFIX);
+ p = stpcpy(p, fn);
+ p = stpcpy(p, HMAC_SUFFIX);
+
+ return path;
+}
+
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+static int
+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+ FILE *f = NULL;
+ int rv = -1;
+ unsigned char rbuf[READ_BUFFER_LENGTH];
+ size_t len;
+ unsigned int hlen;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+
+ f = fopen(path, "r");
+
+ if (f == NULL) {
+ goto end;
+ }
+
+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
+
+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+ HMAC_Update(&c, rbuf, len);
+ }
+
+ len = sizeof(rbuf);
+ /* reuse rbuf for hmac */
+ HMAC_Final(&c, rbuf, &hlen);
+
+ *buf = malloc(hlen);
+ if (*buf == NULL) {
+ goto end;
+ }
+
+ *hmaclen = hlen;
+
+ memcpy(*buf, rbuf, hlen);
+
+ rv = 0;
+end:
+ HMAC_CTX_cleanup(&c);
+
+ if (f)
+ fclose(f);
+
+ return rv;
+}
+
+static int
+FIPSCHECK_verify(const char *libname, const char *symbolname)
+{
+ char path[PATH_MAX+1];
+ int rv;
+ FILE *hf;
+ char *hmacpath, *p;
+ char *hmac = NULL;
+ size_t n;
+
+ rv = get_library_path(libname, symbolname, path, sizeof(path));
+
+ if (rv < 0)
+ return 0;
+
+ hmacpath = make_hmac_path(path);
+
+ hf = fopen(hmacpath, "r");
+ if (hf == NULL) {
+ free(hmacpath);
+ return 0;
+ }
+
+ if (getline(&hmac, &n, hf) > 0) {
+ void *buf;
+ size_t hmaclen;
+ char *hex;
+
+ if ((p=strchr(hmac, '\n')) != NULL)
+ *p = '\0';
+
+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
+ rv = -4;
+ goto end;
+ }
+
+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
+ free(buf);
+ rv = -5;
+ goto end;
+ }
+
+ if (strcmp(hex, hmac) != 0) {
+ rv = -1;
+ }
+ free(buf);
+ free(hex);
+ }
+
+end:
+ free(hmac);
+ free(hmacpath);
+ fclose(hf);
+
+ if (rv < 0)
+ return 0;
+
+ /* check successful */
+ return 1;
+}
+
int FIPS_mode_set(int onoff)
{
int fips_set_owning_thread();
@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
}
#endif
+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
/* Perform RNG KAT before seeding */
if (!FIPS_selftest_rng())
{
diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
--- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-10 20:11:59.000000000 +0200
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
#ifdef OPENSSL_FIPS
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
const char *key)
{
size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
if (len > SHA_CBLOCK)
{
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,key,len);
- SHA1_Final(keymd,md_ctx);
- len=20;
+ SHA256_Init(md_ctx);
+ SHA256_Update(md_ctx,key,len);
+ SHA256_Final(keymd,md_ctx);
+ len=SHA256_DIGEST_LENGTH;
}
else
memcpy(keymd,key,len);
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x36^keymd[i];
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+ SHA256_Init(md_ctx);
+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x5c^keymd[i];
- SHA1_Init(o_ctx);
- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+ SHA256_Init(o_ctx);
+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
}
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
{
- unsigned char buf[20];
+ unsigned char buf[SHA256_DIGEST_LENGTH];
- SHA1_Final(buf,md_ctx);
- SHA1_Update(o_ctx,buf,sizeof buf);
- SHA1_Final(md,o_ctx);
+ SHA256_Final(buf,md_ctx);
+ SHA256_Update(o_ctx,buf,sizeof buf);
+ SHA256_Final(md,o_ctx);
}
#endif
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
int main(int argc,char **argv)
{
#ifdef OPENSSL_FIPS
- static char key[]="etaonrishdlcupfm";
+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
int n,binary=0;
if(argc < 2)
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
for(; n < argc ; ++n)
{
FILE *f=fopen(argv[n],"rb");
- SHA_CTX md_ctx,o_ctx;
- unsigned char md[20];
+ SHA256_CTX md_ctx,o_ctx;
+ unsigned char md[SHA256_DIGEST_LENGTH];
int i;
if(!f)
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
else
break;
}
- SHA1_Update(&md_ctx,buf,l);
+ SHA256_Update(&md_ctx,buf,l);
}
hmac_final(md,&md_ctx,&o_ctx);
if (binary)
{
- fwrite(md,20,1,stdout);
+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
break; /* ... for single(!) file */
}
- printf("HMAC-SHA1(%s)= ",argv[n]);
- for(i=0 ; i < 20 ; ++i)
+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
printf("%02x",md[i]);
printf("\n");
}
diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
--- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck 2009-08-10 20:11:59.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-10 20:27:45.000000000 +0200
@@ -16,6 +16,9 @@ GENERAL=Makefile
TEST=fips_test_suite.c fips_randtest.c
APPS=
+PROGRAM= fips_standalone_sha1
+EXE= $(PROGRAM)$(EXE_EXT)
+
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
fips_rsa_x931g.o
+LIBCRYPTO=-L.. -lcrypto
+
SRC= $(LIBSRC) fips_standalone_sha1.c
EXHEADER= fips.h fips_rand.h
@@ -35,13 +40,15 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-all: lib
+all: lib exe
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
+exe: $(EXE)
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -77,5 +84,9 @@ dclean:
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+$(EXE): $(PROGRAM).o
+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
+
# DO NOT DELETE THIS LINE -- make depend depends on it.
openssl-1.0.0-beta3-fipsmode.patch:
crypto/engine/eng_all.c | 14 ++++++++++
crypto/evp/c_allc.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++
crypto/evp/c_alld.c | 33 +++++++++++++++++++++++++
crypto/o_init.c | 38 +++++++++++++++++++++++++++++
ssl/ssl_algs.c | 38 +++++++++++++++++++++++++++++
5 files changed, 185 insertions(+)
--- NEW FILE openssl-1.0.0-beta3-fipsmode.patch ---
diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
--- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200
@@ -58,9 +58,23 @@
#include "cryptlib.h"
#include "eng_int.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
void ENGINE_load_builtin_engines(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (FIPS_mode()) {
+ /* We allow loading dynamic engine as a third party
+ engine might be FIPS validated.
+ User is disallowed to load non-validated engines
+ by security policy. */
+ ENGINE_load_dynamic();
+ return;
+ }
+#endif
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
--- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if(!FIPS_mode())
+ {
+#endif
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_ede_cfb());
+ EVP_add_cipher(EVP_des_ede3_cfb());
+
+ EVP_add_cipher(EVP_des_ede_ofb());
+ EVP_add_cipher(EVP_des_ede3_ofb());
+
+ EVP_add_cipher(EVP_des_ede_cbc());
+ EVP_add_cipher(EVP_des_ede3_cbc());
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+ EVP_add_cipher(EVP_des_ede());
+ EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_ecb());
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_128_cfb());
+ EVP_add_cipher(EVP_aes_128_cfb1());
+ EVP_add_cipher(EVP_aes_128_cfb8());
+ EVP_add_cipher(EVP_aes_128_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_128_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+ EVP_add_cipher(EVP_aes_192_ecb());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_192_cfb());
+ EVP_add_cipher(EVP_aes_192_cfb1());
+ EVP_add_cipher(EVP_aes_192_cfb8());
+ EVP_add_cipher(EVP_aes_192_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_192_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+ EVP_add_cipher(EVP_aes_256_ecb());
+ EVP_add_cipher(EVP_aes_256_cbc());
+ EVP_add_cipher(EVP_aes_256_cfb());
+ EVP_add_cipher(EVP_aes_256_cfb1());
+ EVP_add_cipher(EVP_aes_256_cfb8());
+ EVP_add_cipher(EVP_aes_256_ofb());
+#if 0
+ EVP_add_cipher(EVP_aes_256_ctr());
+#endif
+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#endif
+ }
+#endif
}
diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
--- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (!FIPS_mode())
+ {
+#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
+#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+ EVP_add_digest(EVP_sha1());
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef OPENSSL_NO_DSA
+ EVP_add_digest(EVP_dss1());
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+ }
#endif
}
diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
--- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200
@@ -59,6 +59,43 @@
#include <e_os.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <openssl/fips.h>
+
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static void init_fips_mode(void)
+ {
+ char buf[2] = "0";
+ int fd;
+
+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ {
+ buf[0] = '1';
+ }
+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
+ {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+ close(fd);
+ }
+ /* Failure reading the fips mode switch file means just not
+ * switching into FIPS mode. We would break too many things
+ * otherwise.
+ */
+
+ if (buf[0] == '1')
+ {
+ FIPS_mode_set(1);
+ }
+ }
+#endif
+
/* Perform any essential OpenSSL initialization operations.
* Currently only sets FIPS callbacks
*/
@@ -72,6 +109,7 @@ void OPENSSL_init_library(void)
#ifdef CRYPTO_MDEBUG
CRYPTO_malloc_debug_init();
#endif
+ init_fips_mode();
done = 1;
}
#endif
diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
--- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
+#ifdef OPENSSL_FIPS
+ OPENSSL_init_library();
+ if (!FIPS_mode())
+ {
+#endif
+
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
@@ -115,6 +121,38 @@ int SSL_library_init(void)
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
+#ifdef OPENSSL_FIPS
+ }
+ else
+ {
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_256_cbc());
+#endif
+#ifndef OPENSSL_NO_MD5
+ /* needed even in the FIPS mode for TLS MAC */
+ EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA
+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
+ }
+#endif
#ifndef OPENSSL_NO_COMP
/* This will initialise the built-in compression algorithms.
The value returned is a STACK_OF(SSL_COMP), but that can
openssl-1.0.0-beta3-fipsrng.patch:
fips/fips.c | 12 ++++++------
fips/fips_rand.c | 14 +++++++++++++-
rand/rand_lcl.h | 5 ++++-
3 files changed, 23 insertions(+), 8 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-fipsrng.patch ---
diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips.c
--- openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:14:36.000000000 +0200
@@ -427,22 +427,22 @@ int FIPS_mode_set(int onoff)
goto end;
}
+ /* now switch the RNG into FIPS mode */
+ fips_set_rand_check(FIPS_rand_method());
+ RAND_set_rand_method(FIPS_rand_method());
+
/* automagically seed PRNG if not already seeded */
if(!FIPS_rand_status())
{
- if(RAND_bytes(buf,sizeof buf) <= 0)
+ RAND_poll();
+ if (!FIPS_rand_status())
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
- FIPS_rand_set_key(buf,32);
- FIPS_rand_seed(buf+32,16);
}
- /* now switch into FIPS mode */
- fips_set_rand_check(FIPS_rand_method());
- RAND_set_rand_method(FIPS_rand_method());
if(FIPS_selftest())
fips_set_mode(1);
else
diff -up openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips_rand.c
--- openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:16:48.000000000 +0200
@@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
{
int i;
if (!ctx->keyed)
- return 0;
+ {
+ FIPS_RAND_SIZE_T keylen = 16;
+
+ if (seedlen - keylen < AES_BLOCK_LENGTH)
+ return 0;
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
+ keylen += 8;
+ if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
+ keylen += 8;
+ seedlen -= keylen;
+ fips_set_prng_key(ctx, seed+seedlen, keylen);
+ }
/* In test mode seed is just supplied data */
if (ctx->test_mode)
{
@@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
unsigned char tmp[AES_BLOCK_LENGTH];
int i;
+ FIPS_selftest_check();
if (ctx->error)
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
diff -up openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng openssl-1.0.0-beta3/crypto/rand/rand_lcl.h
--- openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng 2009-08-11 18:12:13.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/rand/rand_lcl.h 2009-08-11 18:18:13.000000000 +0200
@@ -112,8 +112,11 @@
#ifndef HEADER_RAND_LCL_H
#define HEADER_RAND_LCL_H
+#ifndef OPENSSL_FIPS
#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
-
+#else
+#define ENTROPY_NEEDED 48 /* we need 48 bytes of randomness for FIPS rng */
+#endif
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
openssl-1.0.0-beta3-ipv6-apps.patch:
s_apps.h | 7 -
s_client.c | 9 -
s_server.c | 9 -
s_socket.c | 315 ++++++++++++++++++++++++-------------------------------------
4 files changed, 140 insertions(+), 200 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-ipv6-apps.patch ---
diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
--- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
--- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200
@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port_str = PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ if (!extract_host_port(*(++argv),&host,&port_str))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -956,7 +955,7 @@ bad:
re_start:
- if (init_client(&s,host,port,socket_type) == 0)
+ if (init_client(&s,host,port_str,socket_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
--- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200
@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- short port=PORT;
+ char *port_str = PORT_STR;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1685,9 +1684,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
--- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100
+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server(int *sock, char *port, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
return(1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
{
- unsigned char ip[4];
-
- if (!host_ip(host,&(ip[0])))
- {
- return(0);
- }
- return(init_client_ip(sock,ip,port,type));
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
+ struct addrinfo *res, *res0, hints;
+ char * failed_call = NULL;
+ int s;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+ e = getaddrinfo(host, port, &hints, &res);
+ if (e)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
if (type == SOCK_STREAM)
{
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
+ int i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+ (char *)&i,sizeof(i));
+ if (i < 0) {
+ failed_call = "keepalive";
+ goto nextres;
+ }
}
#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
- { closesocket(s); perror("connect"); return(0); }
+ if (connect(s,(struct sockaddr *)res->ai_addr,
+ res->ai_addrlen) == 0)
+ {
+ freeaddrinfo(res0);
*sock=s;
return(1);
}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ failed_call = "socket";
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
+ }
+ freeaddrinfo(res0);
+
+ perror(failed_call);
+ return(0);
+ }
+
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{
int sock;
char *name = NULL;
@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
{
- int ret=0;
- struct sockaddr_in server;
- int s= -1,i;
+ struct addrinfo *res, *res0, hints;
+ char * failed_call = NULL;
+ char port_name[8];
+ int s;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman at acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
-#else
- memcpy(&server.sin_addr,ip,4);
-#endif
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+ e = getaddrinfo(NULL, port, &hints, &res);
+ if (e)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
- if (s == INVALID_SOCKET) goto err;
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j);
}
#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+
+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
{
-#ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-#endif
- goto err;
+ failed_call = "bind";
+ goto nextres;
}
- /* Make it 128 for linux */
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
- i=0;
- *sock=s;
- ret=1;
-err:
- if ((ret == 0) && (s != -1))
+ if (type==SOCK_STREAM && listen(s,128) == -1)
{
- SHUTDOWN(s);
+ failed_call = "listen";
+ goto nextres;
}
- return(ret);
+
+ *sock=s;
+ return(1);
+
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
}
+ freeaddrinfo(res0);
-static int init_server(int *sock, int port, int type)
- {
- return(init_server_long(sock, port, NULL, type));
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+ perror(failed_call);
+ return(0);
}
static int do_accept(int acc_sock, int *sock, char **host)
{
- int ret,i;
- struct hostent *h1,*h2;
- static struct sockaddr_in from;
+ static struct sockaddr_storage from;
+ char buffer[NI_MAXHOST];
+ int ret;
int len;
/* struct linger ling; */
@@ -425,137 +443,62 @@ redoit:
if (i < 0) { perror("keepalive"); return(0); }
*/
- if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
-#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
+ if (host == NULL)
{
- BIO_printf(bio_err,"bad gethostbyaddr\n");
- *host=NULL;
- /* return(0); */
- }
- else
- {
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
- {
- perror("OPENSSL_malloc");
+ *sock=ret;
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- h2=GetHostByName(*host);
- if (h2 == NULL)
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+ buffer, sizeof(buffer),
+ NULL, 0, 0))
{
- BIO_printf(bio_err,"gethostbyname failure\n");
+ BIO_printf(bio_err,"getnameinfo failed\n");
+ *host=NULL;
return(0);
}
- i=0;
- if (h2->h_addrtype != AF_INET)
+ else
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ {
+ perror("OPENSSL_malloc");
return(0);
}
- }
-end:
+ strcpy(*host, buffer);
*sock=ret;
return(1);
}
+ }
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
+int extract_host_port(char *str, char **host_ptr,
+ char **port_ptr)
{
- char *h,*p;
+ char *h,*p,*x;
- h=str;
- p=strchr(str,':');
+ x=h=str;
+ if (*h == '[')
+ {
+ h++;
+ p=strchr(h,']');
if (p == NULL)
{
- BIO_printf(bio_err,"no port defined\n");
+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
return(0);
}
*(p++)='\0';
-
- if ((ip != NULL) && !host_ip(str,ip))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
- if (!extract_port(p,port_ptr))
- goto err;
- return(1);
-err:
- return(0);
+ x = p;
}
-
-static int host_ip(char *str, unsigned char ip[4])
- {
- unsigned int in[4];
- int i;
-
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
- {
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
- he=GetHostByName(str);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
+ p=strchr(x,':');
+ if (p == NULL)
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
- }
- return(1);
-err:
+ BIO_printf(bio_err,"no port defined\n");
return(0);
}
+ *(p++)='\0';
-int extract_port(char *str, short *port_ptr)
- {
- int i;
- struct servent *s;
+ if (host_ptr != NULL) *host_ptr=h;
+ if (port_ptr != NULL) *port_ptr=p;
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- s=getservbyname(str,"tcp");
- if (s == NULL)
- {
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
- return(0);
- }
- *port_ptr=ntohs((unsigned short)s->s_port);
- }
return(1);
}
openssl-1.0.0-beta3-krb5.patch:
Makefile.org | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE openssl-1.0.0-beta3-krb5.patch ---
diff -up openssl-1.0.0-beta3/Makefile.org.krb5 openssl-1.0.0-beta3/Makefile.org
--- openssl-1.0.0-beta3/Makefile.org.krb5 2009-04-23 18:12:09.000000000 +0200
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:01:16.000000000 +0200
@@ -299,7 +299,7 @@ build-shared: do_$(SHLIB_TARGET) link-sh
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
openssl-1.0.0-beta3-namingblk.patch:
asn1/a_set.c | 37 +++++++++++++++++++------------------
asn1/asn1.h | 13 +++++++------
asn1/asn_pack.c | 8 ++++----
stack/safestack.h | 48 ++++++++++++++++++++++++------------------------
4 files changed, 54 insertions(+), 52 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-namingblk.patch ---
Index: openssl/crypto/asn1/a_set.c
RCS File: /v/openssl/cvs/openssl/crypto/asn1/a_set.c,v
rcsdiff -q -kk '-r1.20' '-r1.20.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/a_set.c,v' 2>/dev/null
--- openssl/crypto/asn1/a_set.c 2009/01/01 18:30:50 1.20
+++ openssl/crypto/asn1/a_set.c 2009/07/27 21:21:25 1.20.2.1
@@ -85,7 +85,7 @@
}
/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set)
{
@@ -97,8 +97,8 @@
int totSize;
if (a == NULL) return(0);
- for (i=sk_BLOCK_num(a)-1; i>=0; i--)
- ret+=i2d(sk_BLOCK_value(a,i),NULL);
+ for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
+ ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
r=ASN1_object_size(1,ret,ex_tag);
if (pp == NULL) return(r);
@@ -109,10 +109,10 @@
/* And then again by Ben */
/* And again by Steve */
- if(!is_set || (sk_BLOCK_num(a) < 2))
+ if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
{
- for (i=0; i<sk_BLOCK_num(a); i++)
- i2d(sk_BLOCK_value(a,i),&p);
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
*pp=p;
return(r);
@@ -120,17 +120,17 @@
pStart = p; /* Catch the beg of Setblobs*/
/* In this array we will store the SET blobs */
- rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
+ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL)
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
return(0);
}
- for (i=0; i<sk_BLOCK_num(a); i++)
+ for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
{
rgSetBlob[i].pbData = p; /* catch each set encode blob */
- i2d(sk_BLOCK_value(a,i),&p);
+ i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
SetBlob
*/
@@ -140,7 +140,7 @@
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
- qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
+ qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize)))
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -149,7 +149,7 @@
/* Copy to temp mem */
p = pTempMem;
- for(i=0; i<sk_BLOCK_num(a); ++i)
+ for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
{
memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
p += rgSetBlob[i].cbData;
@@ -163,17 +163,18 @@
return(r);
}
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+ const unsigned char **pp,
long length, d2i_of_void *d2i,
- void (*free_func)(BLOCK), int ex_tag,
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class)
{
ASN1_const_CTX c;
- STACK_OF(BLOCK) *ret=NULL;
+ STACK_OF(OPENSSL_BLOCK) *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{
- if ((ret=sk_BLOCK_new_null()) == NULL)
+ if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
goto err;
@@ -221,7 +222,7 @@
asn1_add_error(*pp,(int)(c.p- *pp));
goto err;
}
- if (!sk_BLOCK_push(ret,s)) goto err;
+ if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
}
if (a != NULL) (*a)=ret;
*pp=c.p;
@@ -230,9 +231,9 @@
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
{
if (free_func != NULL)
- sk_BLOCK_pop_free(ret,free_func);
+ sk_OPENSSL_BLOCK_pop_free(ret,free_func);
else
- sk_BLOCK_free(ret);
+ sk_OPENSSL_BLOCK_free(ret);
}
return(NULL);
}
Index: openssl/crypto/asn1/asn1.h
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn1.h,v
rcsdiff -q -kk '-r1.166.2.3' '-r1.166.2.4' -u '/v/openssl/cvs/openssl/crypto/asn1/asn1.h,v' 2>/dev/null
--- openssl/crypto/asn1/asn1.h 2009/07/24 11:15:55 1.166.2.3
+++ openssl/crypto/asn1/asn1.h 2009/07/27 21:21:25 1.166.2.4
@@ -887,12 +887,13 @@
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
int is_set);
-STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+ const unsigned char **pp,
long length, d2i_of_void *d2i,
- void (*free_func)(BLOCK), int ex_tag,
+ void (*free_func)(OPENSSL_BLOCK), int ex_tag,
int ex_class);
#ifndef OPENSSL_NO_BIO
@@ -1045,9 +1046,9 @@
int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
unsigned char *data, int max_len);
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len );
void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
Index: openssl/crypto/asn1/asn_pack.c
RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v
rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v' 2>/dev/null
--- openssl/crypto/asn1/asn_pack.c 2008/11/12 03:57:49 1.19
+++ openssl/crypto/asn1/asn_pack.c 2009/07/27 21:21:25 1.19.2.1
@@ -66,10 +66,10 @@
/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(BLOCK))
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
{
- STACK_OF(BLOCK) *sk;
+ STACK_OF(OPENSSL_BLOCK) *sk;
const unsigned char *pbuf;
pbuf = buf;
if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@
* OPENSSL_malloc'ed buffer
*/
-unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
unsigned char **buf, int *len)
{
int safelen;
Index: openssl/crypto/stack/safestack.h
RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v
rcsdiff -q -kk '-r1.72.2.4' '-r1.72.2.5' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null
--- openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4
+++ openssl/crypto/stack/safestack.h 2009/07/27 21:21:25 1.72.2.5
@@ -128,8 +128,8 @@
* nul-terminated. These should also be distinguished from "normal"
* stacks. */
-typedef void *BLOCK;
-DECLARE_SPECIAL_STACK_OF(BLOCK, void)
+typedef void *OPENSSL_BLOCK;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
/* SKM_sk_... stack macros are internal to safestack.h:
* never use them directly, use sk_<type>_... instead */
@@ -2055,29 +2055,29 @@
#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null())
-#define sk_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_value(st, i) ((BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(BLOCK), st), i))
-#define sk_BLOCK_num(st) SKM_sk_num(BLOCK, st)
-#define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func))
-#define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i)
-#define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st)
-#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st))
-#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i))
-#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr))
-#define sk_BLOCK_set_cmp_func(st, cmp) \
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \
((int (*)(const void * const *,const void * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st)
-#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st))
-#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st))
-#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st))
-#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
openssl-1.0.0-beta3-namingstr.patch:
apps/apps.c | 16 ++--
apps/apps.h | 6 -
apps/asn1pars.c | 16 ++--
apps/ca.c | 22 +++---
apps/cms.c | 64 ++++++++---------
apps/crl2p7.c | 12 +--
apps/dgst.c | 22 +++---
apps/engine.c | 40 +++++------
apps/ocsp.c | 18 ++---
apps/pkcs12.c | 12 +--
apps/req.c | 12 +--
apps/s_server.c | 6 -
apps/smime.c | 36 +++++-----
apps/x509.c | 6 -
crypto/cryptlib.c | 10 +-
crypto/engine/eng_dyn.c | 12 +--
crypto/lhash/lhash.h | 4 -
crypto/stack/safestack.h | 168 +++++++++++++++++++++++------------------------
crypto/txt_db/txt_db.c | 60 ++++++++--------
crypto/txt_db/txt_db.h | 18 ++---
crypto/x509v3/v3_utl.c | 36 +++++-----
crypto/x509v3/x509v3.h | 8 +-
22 files changed, 302 insertions(+), 302 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-namingstr.patch ---
Index: openssl/apps/apps.c
RCS File: /v/openssl/cvs/openssl/apps/apps.c,v
rcsdiff -q -kk '-r1.133.2.6' '-r1.133.2.7' -u '/v/openssl/cvs/openssl/apps/apps.c,v' 2>/dev/null
--- openssl/apps/apps.c 2009/06/29 16:09:58 1.133.2.6
+++ openssl/apps/apps.c 2009/07/27 21:08:43 1.133.2.7
@@ -1488,7 +1488,7 @@
return p;
}
-static unsigned long index_serial_hash(const CSTRING *a)
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
{
const char *n;
@@ -1497,7 +1497,7 @@
return(lh_strhash(n));
}
-static int index_serial_cmp(const CSTRING *a, const CSTRING *b)
+static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{
const char *aa,*bb;
@@ -1509,16 +1509,16 @@
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
-static unsigned long index_name_hash(const CSTRING *a)
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
{ return(lh_strhash(a[DB_name])); }
-int index_name_cmp(const CSTRING *a, const CSTRING *b)
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{ return(strcmp(a[DB_name], b[DB_name])); }
-static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
Index: openssl/apps/apps.h
RCS File: /v/openssl/cvs/openssl/apps/apps.h,v
rcsdiff -q -kk '-r1.91' '-r1.91.2.1' -u '/v/openssl/cvs/openssl/apps/apps.h,v' 2>/dev/null
--- openssl/apps/apps.h 2008/11/24 17:27:05 1.91
+++ openssl/apps/apps.h 2009/07/27 21:08:44 1.91.2.1
@@ -295,9 +295,9 @@
int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
void free_index(CA_DB *db);
#define index_name_cmp_noconst(a, b) \
- index_name_cmp((const CSTRING *)CHECKED_PTR_OF(STRING, a), \
- (const CSTRING *)CHECKED_PTR_OF(STRING, b))
-int index_name_cmp(const CSTRING *a, const CSTRING *b);
+ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+ (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(char *str, long chtype, int multirdn);
Index: openssl/apps/asn1pars.c
RCS File: /v/openssl/cvs/openssl/apps/asn1pars.c,v
rcsdiff -q -kk '-r1.26' '-r1.26.2.1' -u '/v/openssl/cvs/openssl/apps/asn1pars.c,v' 2>/dev/null
--- openssl/apps/asn1pars.c 2008/11/05 18:38:51 1.26
+++ openssl/apps/asn1pars.c 2009/07/27 21:08:44 1.26.2.1
@@ -96,7 +96,7 @@
unsigned char *tmpbuf;
const unsigned char *ctmpbuf;
BUF_MEM *buf=NULL;
- STACK_OF(STRING) *osk=NULL;
+ STACK_OF(OPENSSL_STRING) *osk=NULL;
ASN1_TYPE *at=NULL;
informat=FORMAT_PEM;
@@ -113,7 +113,7 @@
prog=argv[0];
argc--;
argv++;
- if ((osk=sk_STRING_new_null()) == NULL)
+ if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
{
BIO_printf(bio_err,"Memory allocation failure\n");
goto end;
@@ -169,7 +169,7 @@
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
- sk_STRING_push(osk,*(++argv));
+ sk_OPENSSL_STRING_push(osk,*(++argv));
}
else if (strcmp(*argv,"-genstr") == 0)
{
@@ -302,18 +302,18 @@
/* If any structs to parse go through in sequence */
- if (sk_STRING_num(osk))
+ if (sk_OPENSSL_STRING_num(osk))
{
tmpbuf=(unsigned char *)str;
tmplen=num;
- for (i=0; i<sk_STRING_num(osk); i++)
+ for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
{
ASN1_TYPE *atmp;
int typ;
- j=atoi(sk_STRING_value(osk,i));
+ j=atoi(sk_OPENSSL_STRING_value(osk,i));
if (j == 0)
{
- BIO_printf(bio_err,"'%s' is an invalid number\n",sk_STRING_value(osk,i));
+ BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
continue;
}
tmpbuf+=j;
@@ -378,7 +378,7 @@
ERR_print_errors(bio_err);
if (buf != NULL) BUF_MEM_free(buf);
if (at != NULL) ASN1_TYPE_free(at);
- if (osk != NULL) sk_STRING_free(osk);
+ if (osk != NULL) sk_OPENSSL_STRING_free(osk);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
Index: openssl/apps/ca.c
RCS File: /v/openssl/cvs/openssl/apps/ca.c,v
rcsdiff -q -kk '-r1.167' '-r1.167.2.1' -u '/v/openssl/cvs/openssl/apps/ca.c,v' 2>/dev/null
--- openssl/apps/ca.c 2009/03/09 13:59:07 1.167
+++ openssl/apps/ca.c 2009/07/27 21:08:44 1.167.2.1
@@ -883,9 +883,9 @@
if (db == NULL) goto err;
/* Lets check some fields */
- for (i=0; i<sk_PSTRING_num(db->db->data); i++)
+ for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp=sk_PSTRING_value(db->db->data,i);
+ pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@@ -938,7 +938,7 @@
#endif
TXT_DB_write(out,db->db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
- sk_PSTRING_num(db->db->data));
+ sk_OPENSSL_PSTRING_num(db->db->data));
BIO_printf(bio_err,"generating index\n");
}
@@ -1408,9 +1408,9 @@
ASN1_TIME_free(tmptm);
- for (i=0; i<sk_PSTRING_num(db->db->data); i++)
+ for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp=sk_PSTRING_value(db->db->data,i);
+ pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1685,9 +1685,9 @@
int ok= -1,i,j,last,nid;
const char *p;
CONF_VALUE *cv;
- STRING row[DB_NUMBER];
- STRING *irow=NULL;
- STRING *rrow=NULL;
+ OPENSSL_STRING row[DB_NUMBER];
+ OPENSSL_STRING *irow=NULL;
+ OPENSSL_STRING *rrow=NULL;
char buf[25];
tmptm=ASN1_UTCTIME_new();
@@ -1929,7 +1929,7 @@
if (db->attributes.unique_subject)
{
- STRING *crow=row;
+ OPENSSL_STRING *crow=row;
rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
if (rrow != NULL)
@@ -2632,9 +2632,9 @@
else
a_y2k = 0;
- for (i = 0; i < sk_PSTRING_num(db->db->data); i++)
+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- rrow = sk_PSTRING_value(db->db->data, i);
+ rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == 'V')
{
Index: openssl/apps/cms.c
RCS File: /v/openssl/cvs/openssl/apps/cms.c,v
rcsdiff -q -kk '-r1.23.2.1' '-r1.23.2.2' -u '/v/openssl/cvs/openssl/apps/cms.c,v' 2>/dev/null
--- openssl/apps/cms.c 2009/04/16 17:22:47 1.23.2.1
+++ openssl/apps/cms.c 2009/07/27 21:08:44 1.23.2.2
@@ -71,9 +71,9 @@
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
int rr_allorfirst,
- STACK_OF(STRING) *rr_from);
+ STACK_OF(OPENSSL_STRING) *rr_from);
#define SMIME_OP 0x10
#define SMIME_IP 0x20
@@ -108,7 +108,7 @@
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
- STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
char *certsoutfile = NULL;
const EVP_CIPHER *cipher = NULL;
@@ -122,7 +122,7 @@
int flags = CMS_DETACHED, noout = 0, print = 0;
int verify_retcode = 0;
int rr_print = 0, rr_allorfirst = -1;
- STACK_OF(STRING) *rr_to = NULL, *rr_from = NULL;
+ STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
CMS_ReceiptRequest *rr = NULL;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
@@ -281,8 +281,8 @@
goto argerr;
args++;
if (!rr_from)
- rr_from = sk_STRING_new_null();
- sk_STRING_push(rr_from, *args);
+ rr_from = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(rr_from, *args);
}
else if (!strcmp(*args,"-receipt_request_to"))
{
@@ -290,8 +290,8 @@
goto argerr;
args++;
if (!rr_to)
- rr_to = sk_STRING_new_null();
- sk_STRING_push(rr_to, *args);
+ rr_to = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(rr_to, *args);
}
else if (!strcmp (*args, "-print"))
{
@@ -387,13 +387,13 @@
if (signerfile)
{
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
- skkeys = sk_STRING_new_null();
- sk_STRING_push(skkeys, keyfile);
+ skkeys = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
@@ -435,12 +435,12 @@
goto argerr;
}
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
- skkeys = sk_STRING_new_null();
- sk_STRING_push(skkeys, keyfile);
+ skkeys = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
}
@@ -539,13 +539,13 @@
if (signerfile)
{
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
- skkeys = sk_STRING_new_null();
+ skkeys = sk_OPENSSL_STRING_new_null();
if (!keyfile)
keyfile = signerfile;
- sk_STRING_push(skkeys, keyfile);
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners)
{
@@ -980,11 +980,11 @@
}
else
flags |= CMS_REUSE_DIGEST;
- for (i = 0; i < sk_STRING_num(sksigners); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
{
CMS_SignerInfo *si;
- signerfile = sk_STRING_value(sksigners, i);
- keyfile = sk_STRING_value(skkeys, i);
+ signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+ keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@@ -1160,9 +1160,9 @@
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
- sk_STRING_free(sksigners);
+ sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
- sk_STRING_free(skkeys);
+ sk_OPENSSL_STRING_free(skkeys);
if (secret_key)
OPENSSL_free(secret_key);
if (secret_keyid)
@@ -1172,9 +1172,9 @@
if (rr)
CMS_ReceiptRequest_free(rr);
if (rr_to)
- sk_STRING_free(rr_to);
+ sk_OPENSSL_STRING_free(rr_to);
if (rr_from)
- sk_STRING_free(rr_from);
+ sk_OPENSSL_STRING_free(rr_from);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
@@ -1296,7 +1296,7 @@
}
}
-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
{
int i;
STACK_OF(GENERAL_NAMES) *ret;
@@ -1305,9 +1305,9 @@
ret = sk_GENERAL_NAMES_new_null();
if (!ret)
goto err;
- for (i = 0; i < sk_STRING_num(ns); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
{
- char *str = sk_STRING_value(ns, i);
+ char *str = sk_OPENSSL_STRING_value(ns, i);
gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
if (!gen)
goto err;
@@ -1335,9 +1335,9 @@
}
-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
int rr_allorfirst,
- STACK_OF(STRING) *rr_from)
+ STACK_OF(OPENSSL_STRING) *rr_from)
{
STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
CMS_ReceiptRequest *rr;
Index: openssl/apps/crl2p7.c
RCS File: /v/openssl/cvs/openssl/apps/crl2p7.c,v
rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/apps/crl2p7.c,v' 2>/dev/null
--- openssl/apps/crl2p7.c 2008/06/04 11:00:45 1.19
+++ openssl/apps/crl2p7.c 2009/07/27 21:08:45 1.19.2.1
@@ -92,7 +92,7 @@
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
X509_CRL *crl=NULL;
- STACK_OF(STRING) *certflst=NULL;
+ STACK_OF(OPENSSL_STRING) *certflst=NULL;
STACK_OF(X509_CRL) *crl_stack=NULL;
STACK_OF(X509) *cert_stack=NULL;
int ret=1,nocrl=0;
@@ -140,8 +140,8 @@
else if (strcmp(*argv,"-certfile") == 0)
{
if (--argc < 1) goto bad;
- if(!certflst) certflst = sk_STRING_new_null();
- sk_STRING_push(certflst,*(++argv));
+ if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(certflst,*(++argv));
}
else
{
@@ -226,8 +226,8 @@
if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
p7s->cert=cert_stack;
- if(certflst) for(i = 0; i < sk_STRING_num(certflst); i++) {
- certfile = sk_STRING_value(certflst, i);
+ if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+ certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack,certfile) < 0)
{
BIO_printf(bio_err, "error loading certificates\n");
@@ -236,7 +236,7 @@
}
}
- sk_STRING_free(certflst);
+ sk_OPENSSL_STRING_free(certflst);
if (outfile == NULL)
{
Index: openssl/apps/dgst.c
RCS File: /v/openssl/cvs/openssl/apps/dgst.c,v
rcsdiff -q -kk '-r1.54.2.3' '-r1.54.2.4' -u '/v/openssl/cvs/openssl/apps/dgst.c,v' 2>/dev/null
--- openssl/apps/dgst.c 2009/04/26 12:16:12 1.54.2.3
+++ openssl/apps/dgst.c 2009/07/27 21:08:45 1.54.2.4
@@ -127,7 +127,7 @@
#endif
char *hmac_key=NULL;
char *mac_name=NULL;
- STACK_OF(STRING) *sigopts = NULL, *macopts = NULL;
+ STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
apps_startup();
@@ -230,8 +230,8 @@
if (--argc < 1)
break;
if (!sigopts)
- sigopts = sk_STRING_new_null();
- if (!sigopts || !sk_STRING_push(sigopts, *(++argv)))
+ sigopts = sk_OPENSSL_STRING_new_null();
+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
break;
}
else if (strcmp(*argv,"-macopt") == 0)
@@ -239,8 +239,8 @@
if (--argc < 1)
break;
if (!macopts)
- macopts = sk_STRING_new_null();
- if (!macopts || !sk_STRING_push(macopts, *(++argv)))
+ macopts = sk_OPENSSL_STRING_new_null();
+ if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
break;
}
else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -365,9 +365,9 @@
if (macopts)
{
char *macopt;
- for (i = 0; i < sk_STRING_num(macopts); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
{
- macopt = sk_STRING_value(macopts, i);
+ macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
{
BIO_printf(bio_err,
@@ -424,9 +424,9 @@
if (sigopts)
{
char *sigopt;
- for (i = 0; i < sk_STRING_num(sigopts); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
{
- sigopt = sk_STRING_value(sigopts, i);
+ sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0)
{
BIO_printf(bio_err,
@@ -531,9 +531,9 @@
BIO_free_all(out);
EVP_PKEY_free(sigkey);
if (sigopts)
- sk_STRING_free(sigopts);
+ sk_OPENSSL_STRING_free(sigopts);
if (macopts)
- sk_STRING_free(macopts);
+ sk_OPENSSL_STRING_free(macopts);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
apps_shutdown();
Index: openssl/apps/engine.c
RCS File: /v/openssl/cvs/openssl/apps/engine.c,v
rcsdiff -q -kk '-r1.34' '-r1.34.2.1' -u '/v/openssl/cvs/openssl/apps/engine.c,v' 2>/dev/null
--- openssl/apps/engine.c 2009/02/15 15:29:59 1.34
+++ openssl/apps/engine.c 2009/07/27 21:08:45 1.34.2.1
@@ -200,7 +200,7 @@
char *desc = NULL;
int flags;
int xpos = 0;
- STACK_OF(STRING) *cmds = NULL;
+ STACK_OF(OPENSSL_STRING) *cmds = NULL;
if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0))
@@ -211,7 +211,7 @@
return 1;
}
- cmds = sk_STRING_new_null();
+ cmds = sk_OPENSSL_STRING_new_null();
if(!cmds)
goto err;
@@ -284,16 +284,16 @@
BIO_printf(bio_out, "\n");
ret = 1;
err:
- if(cmds) sk_STRING_pop_free(cmds, identity);
+ if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
if(name) OPENSSL_free(name);
if(desc) OPENSSL_free(desc);
return ret;
}
-static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out,
- const char *indent)
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+ BIO *bio_out, const char *indent)
{
- int loop, res, num = sk_STRING_num(cmds);
+ int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if(num < 0)
{
@@ -304,7 +304,7 @@
{
char buf[256];
const char *cmd, *arg;
- cmd = sk_STRING_value(cmds, loop);
+ cmd = sk_OPENSSL_STRING_value(cmds, loop);
res = 1; /* assume success */
/* Check if this command has no ":arg" */
if((arg = strstr(cmd, ":")) == NULL)
@@ -344,9 +344,9 @@
const char **pp;
int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
ENGINE *e;
- STACK_OF(STRING) *engines = sk_STRING_new_null();
- STACK_OF(STRING) *pre_cmds = sk_STRING_new_null();
- STACK_OF(STRING) *post_cmds = sk_STRING_new_null();
+ STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
+ STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
+ STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
int badops=1;
BIO *bio_out=NULL;
const char *indent = " ";
@@ -393,20 +393,20 @@
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
- sk_STRING_push(pre_cmds,*argv);
+ sk_OPENSSL_STRING_push(pre_cmds,*argv);
}
else if (strcmp(*argv,"-post") == 0)
{
argc--; argv++;
if (argc == 0)
goto skip_arg_loop;
- sk_STRING_push(post_cmds,*argv);
+ sk_OPENSSL_STRING_push(post_cmds,*argv);
}
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
goto skip_arg_loop;
else
- sk_STRING_push(engines,*argv);
+ sk_OPENSSL_STRING_push(engines,*argv);
argc--;
argv++;
}
@@ -421,17 +421,17 @@
goto end;
}
- if (sk_STRING_num(engines) == 0)
+ if (sk_OPENSSL_STRING_num(engines) == 0)
{
for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
{
- sk_STRING_push(engines,(char *)ENGINE_get_id(e));
+ sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
}
}
- for (i=0; i<sk_STRING_num(engines); i++)
+ for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
{
- const char *id = sk_STRING_value(engines,i);
+ const char *id = sk_OPENSSL_STRING_value(engines,i);
if ((e = ENGINE_by_id(id)) != NULL)
{
const char *name = ENGINE_get_name(e);
@@ -533,9 +533,9 @@
end:
ERR_print_errors(bio_err);
- sk_STRING_pop_free(engines, identity);
- sk_STRING_pop_free(pre_cmds, identity);
- sk_STRING_pop_free(post_cmds, identity);
+ sk_OPENSSL_STRING_pop_free(engines, identity);
+ sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
+ sk_OPENSSL_STRING_pop_free(post_cmds, identity);
if (bio_out != NULL) BIO_free_all(bio_out);
apps_shutdown();
OPENSSL_EXIT(ret);
Index: openssl/apps/ocsp.c
RCS File: /v/openssl/cvs/openssl/apps/ocsp.c,v
rcsdiff -q -kk '-r1.54.2.1' '-r1.54.2.2' -u '/v/openssl/cvs/openssl/apps/ocsp.c,v' 2>/dev/null
--- openssl/apps/ocsp.c 2009/04/02 15:19:03 1.54.2.1
+++ openssl/apps/ocsp.c 2009/07/27 21:08:45 1.54.2.2
@@ -99,7 +99,7 @@
static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
STACK_OF(OCSP_CERTID) *ids);
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(STRING) *names,
+ STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage);
@@ -153,7 +153,7 @@
int badarg = 0;
int i;
int ignore_err = 0;
- STACK_OF(STRING) *reqnames = NULL;
+ STACK_OF(OPENSSL_STRING) *reqnames = NULL;
STACK_OF(OCSP_CERTID) *ids = NULL;
X509 *rca_cert = NULL;
@@ -170,7 +170,7 @@
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
args = argv + 1;
- reqnames = sk_STRING_new_null();
+ reqnames = sk_OPENSSL_STRING_new_null();
ids = sk_OCSP_CERTID_new_null();
while (!badarg && *args && *args[0] == '-')
{
@@ -432,7 +432,7 @@
if (!cert_id_md) cert_id_md = EVP_sha1();
if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
goto end;
- if(!sk_STRING_push(reqnames, *args))
+ if(!sk_OPENSSL_STRING_push(reqnames, *args))
goto end;
}
else badarg = 1;
@@ -445,7 +445,7 @@
if (!cert_id_md) cert_id_md = EVP_sha1();
if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
goto end;
- if(!sk_STRING_push(reqnames, *args))
+ if(!sk_OPENSSL_STRING_push(reqnames, *args))
goto end;
}
else badarg = 1;
@@ -901,7 +901,7 @@
OCSP_REQUEST_free(req);
OCSP_RESPONSE_free(resp);
OCSP_BASICRESP_free(bs);
- sk_STRING_free(reqnames);
+ sk_OPENSSL_STRING_free(reqnames);
sk_OCSP_CERTID_free(ids);
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
@@ -971,7 +971,7 @@
}
static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK_OF(STRING) *names,
+ STACK_OF(OPENSSL_STRING) *names,
STACK_OF(OCSP_CERTID) *ids, long nsec,
long maxage)
{
@@ -983,13 +983,13 @@
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
- if (!bs || !req || !sk_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
+ if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
return 1;
for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
{
id = sk_OCSP_CERTID_value(ids, i);
- name = sk_STRING_value(names, i);
+ name = sk_OPENSSL_STRING_value(names, i);
BIO_printf(out, "%s: ", name);
if(!OCSP_resp_find_status(bs, id, &status, &reason,
Index: openssl/apps/pkcs12.c
RCS File: /v/openssl/cvs/openssl/apps/pkcs12.c,v
rcsdiff -q -kk '-r1.92.2.1' '-r1.92.2.2' -u '/v/openssl/cvs/openssl/apps/pkcs12.c,v' 2>/dev/null
--- openssl/apps/pkcs12.c 2009/06/17 12:05:49 1.92.2.1
+++ openssl/apps/pkcs12.c 2009/07/27 21:08:45 1.92.2.2
@@ -117,7 +117,7 @@
int ret = 1;
int macver = 1;
int noprompt = 0;
- STACK_OF(STRING) *canames = NULL;
+ STACK_OF(OPENSSL_STRING) *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
@@ -222,8 +222,8 @@
} else if (!strcmp (*args, "-caname")) {
if (args[1]) {
args++;
- if (!canames) canames = sk_STRING_new_null();
- sk_STRING_push(canames, *args);
+ if (!canames) canames = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(canames, *args);
} else badarg = 1;
} else if (!strcmp (*args, "-in")) {
if (args[1]) {
@@ -549,9 +549,9 @@
/* Add any CA names */
- for (i = 0; i < sk_STRING_num(canames); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
{
- catmp = (unsigned char *)sk_STRING_value(canames, i);
+ catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
@@ -687,7 +687,7 @@
#endif
BIO_free(in);
BIO_free_all(out);
- if (canames) sk_STRING_free(canames);
+ if (canames) sk_OPENSSL_STRING_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
Index: openssl/apps/req.c
RCS File: /v/openssl/cvs/openssl/apps/req.c,v
rcsdiff -q -kk '-r1.139.2.2' '-r1.139.2.3' -u '/v/openssl/cvs/openssl/apps/req.c,v' 2>/dev/null
--- openssl/apps/req.c 2009/04/23 17:16:38 1.139.2.2
+++ openssl/apps/req.c 2009/07/27 21:08:45 1.139.2.3
@@ -165,7 +165,7 @@
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
- STACK_OF(STRING) *pkeyopts = NULL;
+ STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
EVP_PKEY *pkey=NULL;
int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
long newkey = -1;
@@ -306,8 +306,8 @@
if (--argc < 1)
goto bad;
if (!pkeyopts)
- pkeyopts = sk_STRING_new_null();
- if (!pkeyopts || !sk_STRING_push(pkeyopts, *(++argv)))
+ pkeyopts = sk_OPENSSL_STRING_new_null();
+ if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
goto bad;
}
else if (strcmp(*argv,"-batch") == 0)
@@ -667,9 +667,9 @@
if (pkeyopts)
{
char *genopt;
- for (i = 0; i < sk_STRING_num(pkeyopts); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
{
- genopt = sk_STRING_value(pkeyopts, i);
+ genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0)
{
BIO_printf(bio_err,
@@ -1083,7 +1083,7 @@
if (genctx)
EVP_PKEY_CTX_free(genctx);
if (pkeyopts)
- sk_STRING_free(pkeyopts);
+ sk_OPENSSL_STRING_free(pkeyopts);
#ifndef OPENSSL_NO_ENGINE
if (gen_eng)
ENGINE_free(gen_eng);
Index: openssl/apps/s_server.c
RCS File: /v/openssl/cvs/openssl/apps/s_server.c,v
rcsdiff -q -kk '-r1.136.2.4' '-r1.136.2.5' -u '/v/openssl/cvs/openssl/apps/s_server.c,v' 2>/dev/null
--- openssl/apps/s_server.c 2009/06/30 16:10:24 1.136.2.4
+++ openssl/apps/s_server.c 2009/07/27 21:08:46 1.136.2.5
@@ -712,7 +712,7 @@
int use_ssl;
unsigned char *rspder = NULL;
int rspderlen;
- STACK_OF(STRING) *aia = NULL;
+ STACK_OF(OPENSSL_STRING) *aia = NULL;
X509 *x = NULL;
X509_STORE_CTX inctx;
X509_OBJECT obj;
@@ -734,7 +734,7 @@
aia = X509_get1_ocsp(x);
if (aia)
{
- if (!OCSP_parse_url(sk_STRING_value(aia, 0),
+ if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
&host, &port, &path, &use_ssl))
{
BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -742,7 +742,7 @@
}
if (srctx->verbose)
BIO_printf(err, "cert_status: AIA URL: %s\n",
- sk_STRING_value(aia, 0));
+ sk_OPENSSL_STRING_value(aia, 0));
}
else
{
Index: openssl/apps/smime.c
RCS File: /v/openssl/cvs/openssl/apps/smime.c,v
rcsdiff -q -kk '-r1.69' '-r1.69.2.1' -u '/v/openssl/cvs/openssl/apps/smime.c,v' 2>/dev/null
--- openssl/apps/smime.c 2008/11/05 18:38:51 1.69
+++ openssl/apps/smime.c 2009/07/27 21:08:46 1.69.2.1
@@ -93,7 +93,7 @@
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
- STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
@@ -260,13 +260,13 @@
if (signerfile)
{
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
- skkeys = sk_STRING_new_null();
- sk_STRING_push(skkeys, keyfile);
+ skkeys = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
@@ -302,12 +302,12 @@
goto argerr;
}
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
- skkeys = sk_STRING_new_null();
- sk_STRING_push(skkeys, keyfile);
+ skkeys = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
}
keyfile = *++args;
}
@@ -389,13 +389,13 @@
if (signerfile)
{
if (!sksigners)
- sksigners = sk_STRING_new_null();
- sk_STRING_push(sksigners, signerfile);
+ sksigners = sk_OPENSSL_STRING_new_null();
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys)
- skkeys = sk_STRING_new_null();
+ skkeys = sk_OPENSSL_STRING_new_null();
if (!keyfile)
keyfile = signerfile;
- sk_STRING_push(skkeys, keyfile);
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners)
{
@@ -707,10 +707,10 @@
}
else
flags |= PKCS7_REUSE_DIGEST;
- for (i = 0; i < sk_STRING_num(sksigners); i++)
+ for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
{
- signerfile = sk_STRING_value(sksigners, i);
- keyfile = sk_STRING_value(skkeys, i);
+ signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+ keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@@ -807,9 +807,9 @@
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
- sk_STRING_free(sksigners);
+ sk_OPENSSL_STRING_free(sksigners);
if (skkeys)
- sk_STRING_free(skkeys);
+ sk_OPENSSL_STRING_free(skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
Index: openssl/apps/x509.c
RCS File: /v/openssl/cvs/openssl/apps/x509.c,v
rcsdiff -q -kk '-r1.102.2.3' '-r1.102.2.4' -u '/v/openssl/cvs/openssl/apps/x509.c,v' 2>/dev/null
--- openssl/apps/x509.c 2009/07/14 15:14:39 1.102.2.3
+++ openssl/apps/x509.c 2009/07/27 21:08:46 1.102.2.4
@@ -738,14 +738,14 @@
else if ((email == i) || (ocsp_uri == i))
{
int j;
- STACK_OF(STRING) *emlst;
+ STACK_OF(OPENSSL_STRING) *emlst;
if (email == i)
emlst = X509_get1_email(x);
else
emlst = X509_get1_ocsp(x);
- for (j = 0; j < sk_STRING_num(emlst); j++)
+ for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
BIO_printf(STDout, "%s\n",
- sk_STRING_value(emlst, j));
+ sk_OPENSSL_STRING_value(emlst, j));
X509_email_free(emlst);
}
else if (aliasout == i)
Index: openssl/crypto/cryptlib.c
RCS File: /v/openssl/cvs/openssl/crypto/cryptlib.c,v
rcsdiff -q -kk '-r1.75.2.2' '-r1.75.2.3' -u '/v/openssl/cvs/openssl/crypto/cryptlib.c,v' 2>/dev/null
--- openssl/crypto/cryptlib.c 2009/05/05 19:23:14 1.75.2.2
+++ openssl/crypto/cryptlib.c 2009/07/27 21:08:48 1.75.2.3
@@ -174,7 +174,7 @@
/* This is for applications to allocate new type names in the non-dynamic
array of lock names. These are numbered with positive numbers. */
-static STACK_OF(STRING) *app_locks=NULL;
+static STACK_OF(OPENSSL_STRING) *app_locks=NULL;
/* For applications that want a more dynamic way of handling threads, the
following stack is used. These are externally numbered with negative
@@ -210,7 +210,7 @@
SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
#endif
- if ((app_locks == NULL) && ((app_locks=sk_STRING_new_null()) == NULL))
+ if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL))
{
CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
return(0);
@@ -220,7 +220,7 @@
CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
return(0);
}
- i=sk_STRING_push(app_locks,str);
+ i=sk_OPENSSL_STRING_push(app_locks,str);
if (!i)
OPENSSL_free(str);
else
@@ -651,10 +651,10 @@
return("dynamic");
else if (type < CRYPTO_NUM_LOCKS)
return(lock_names[type]);
- else if (type-CRYPTO_NUM_LOCKS > sk_STRING_num(app_locks))
+ else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks))
return("ERROR");
else
- return(sk_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
+ return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
}
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
Index: openssl/crypto/engine/eng_dyn.c
RCS File: /v/openssl/cvs/openssl/crypto/engine/eng_dyn.c,v
rcsdiff -q -kk '-r1.14' '-r1.14.2.1' -u '/v/openssl/cvs/openssl/crypto/engine/eng_dyn.c,v' 2>/dev/null
--- openssl/crypto/engine/eng_dyn.c 2008/06/04 11:01:29 1.14
+++ openssl/crypto/engine/eng_dyn.c 2009/07/27 21:08:49 1.14.2.1
@@ -146,7 +146,7 @@
* 'dirs' for loading. Default is to use 'dirs' as a fallback. */
int dir_load;
/* A stack of directories from which ENGINEs could be loaded */
- STACK_OF(STRING) *dirs;
+ STACK_OF(OPENSSL_STRING) *dirs;
};
/* This is the "ex_data" index we obtain and reserve for use with our context
@@ -174,7 +174,7 @@
if(ctx->engine_id)
OPENSSL_free((void*)ctx->engine_id);
if(ctx->dirs)
- sk_STRING_pop_free(ctx->dirs, int_free_str);
+ sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
OPENSSL_free(ctx);
}
}
@@ -203,7 +203,7 @@
c->DYNAMIC_F1 = "v_check";
c->DYNAMIC_F2 = "bind_engine";
c->dir_load = 1;
- c->dirs = sk_STRING_new_null();
+ c->dirs = sk_OPENSSL_STRING_new_null();
if(!c->dirs)
{
ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
@@ -393,7 +393,7 @@
ERR_R_MALLOC_FAILURE);
return 0;
}
- sk_STRING_insert(ctx->dirs, tmp_str, -1);
+ sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
}
return 1;
default:
@@ -411,11 +411,11 @@
ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
return 1;
/* If we're not allowed to use 'dirs' or we have none, fail */
- if(!ctx->dir_load || (num = sk_STRING_num(ctx->dirs)) < 1)
+ if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
return 0;
for(loop = 0; loop < num; loop++)
{
- const char *s = sk_STRING_value(ctx->dirs, loop);
+ const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
if(!merge)
return 0;
Index: openssl/crypto/lhash/lhash.h
RCS File: /v/openssl/cvs/openssl/crypto/lhash/lhash.h,v
rcsdiff -q -kk '-r1.23' '-r1.23.2.1' -u '/v/openssl/cvs/openssl/crypto/lhash/lhash.h,v' 2>/dev/null
--- openssl/crypto/lhash/lhash.h 2008/06/04 11:01:31 1.23
+++ openssl/crypto/lhash/lhash.h 2009/07/27 21:08:50 1.23.2.1
@@ -230,8 +230,8 @@
lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
-DECLARE_LHASH_OF(STRING);
-DECLARE_LHASH_OF(CSTRING);
+DECLARE_LHASH_OF(OPENSSL_STRING);
+DECLARE_LHASH_OF(OPENSSL_CSTRING);
#ifdef __cplusplus
}
Index: openssl/crypto/stack/safestack.h
RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v
rcsdiff -q -kk '-r1.72.2.3' '-r1.72.2.4' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null
--- openssl/crypto/stack/safestack.h 2009/04/28 21:56:04 1.72.2.3
+++ openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4
@@ -110,9 +110,9 @@
* string. For now, I'm settling for dealing with the fact it is a
* string at all.
*/
-typedef char *STRING;
+typedef char *OPENSSL_STRING;
-typedef const char *CSTRING;
+typedef const char *OPENSSL_CSTRING;
/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
* STACK_OF(STRING) is really more like STACK_OF(char), only, as
@@ -122,7 +122,7 @@
* macros below.
*/
-DECLARE_SPECIAL_STACK_OF(STRING, char)
+DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
/* Similarly, we sometimes use a block of characters, NOT
* nul-terminated. These should also be distinguished from "normal"
@@ -2030,29 +2030,29 @@
#define sk_void_sort(st) SKM_sk_sort(void, (st))
#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
-#define sk_STRING_new(cmp) ((STACK_OF(STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_STRING_new_null() ((STACK_OF(STRING) *)sk_new_null())
-#define sk_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_STRING_value(st, i) ((STRING)sk_value(CHECKED_PTR_OF(STACK_OF(STRING), st), i))
-#define sk_STRING_num(st) SKM_sk_num(STRING, st)
-#define sk_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_FREE_FUNC2(STRING, free_func))
-#define sk_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val), i)
-#define sk_STRING_free(st) SKM_sk_free(STRING, st)
-#define sk_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), i, CHECKED_PTR_OF(char, val))
-#define sk_STRING_zero(st) SKM_sk_zero(STRING, (st))
-#define sk_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(STRING), st), CHECKED_CONST_PTR_OF(char, val))
-#define sk_STRING_delete(st, i) SKM_sk_delete(STRING, (st), (i))
-#define sk_STRING_delete_ptr(st, ptr) (STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, ptr))
-#define sk_STRING_set_cmp_func(st, cmp) \
+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \
((int (*)(const char * const *,const char * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_STRING_dup(st) SKM_sk_dup(STRING, st)
-#define sk_STRING_shift(st) SKM_sk_shift(STRING, (st))
-#define sk_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st))
-#define sk_STRING_sort(st) SKM_sk_sort(STRING, (st))
-#define sk_STRING_is_sorted(st) SKM_sk_is_sorted(STRING, (st))
+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
@@ -2080,29 +2080,29 @@
#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
-#define sk_PSTRING_new(cmp) ((STACK_OF(PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(STRING, cmp)))
-#define sk_PSTRING_new_null() ((STACK_OF(PSTRING) *)sk_new_null())
-#define sk_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val))
-#define sk_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val))
-#define sk_PSTRING_value(st, i) ((PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(PSTRING), st), i))
-#define sk_PSTRING_num(st) SKM_sk_num(PSTRING, st)
-#define sk_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_FREE_FUNC2(PSTRING, free_func))
-#define sk_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val), i)
-#define sk_PSTRING_free(st) SKM_sk_free(PSTRING, st)
-#define sk_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), i, CHECKED_PTR_OF(STRING, val))
-#define sk_PSTRING_zero(st) SKM_sk_zero(PSTRING, (st))
-#define sk_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val))
-#define sk_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(PSTRING), st), CHECKED_CONST_PTR_OF(STRING, val))
-#define sk_PSTRING_delete(st, i) SKM_sk_delete(PSTRING, (st), (i))
-#define sk_PSTRING_delete_ptr(st, ptr) (PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, ptr))
-#define sk_PSTRING_set_cmp_func(st, cmp) \
- ((int (*)(const STRING * const *,const STRING * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_CMP_FUNC(STRING, cmp)))
-#define sk_PSTRING_dup(st) SKM_sk_dup(PSTRING, st)
-#define sk_PSTRING_shift(st) SKM_sk_shift(PSTRING, (st))
-#define sk_PSTRING_pop(st) (STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st))
-#define sk_PSTRING_sort(st) SKM_sk_sort(PSTRING, (st))
-#define sk_PSTRING_is_sorted(st) SKM_sk_is_sorted(PSTRING, (st))
+#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \
+ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
@@ -2390,24 +2390,6 @@
LHM_lh_stats_bio(CONF_VALUE,lh,out)
#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
-#define lh_CSTRING_new() LHM_lh_new(CSTRING,cstring)
-#define lh_CSTRING_insert(lh,inst) LHM_lh_insert(CSTRING,lh,inst)
-#define lh_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(CSTRING,lh,inst)
-#define lh_CSTRING_delete(lh,inst) LHM_lh_delete(CSTRING,lh,inst)
-#define lh_CSTRING_doall(lh,fn) LHM_lh_doall(CSTRING,lh,fn)
-#define lh_CSTRING_doall_arg(lh,fn,arg_type,arg) \
- LHM_lh_doall_arg(CSTRING,lh,fn,arg_type,arg)
-#define lh_CSTRING_error(lh) LHM_lh_error(CSTRING,lh)
-#define lh_CSTRING_num_items(lh) LHM_lh_num_items(CSTRING,lh)
-#define lh_CSTRING_down_load(lh) LHM_lh_down_load(CSTRING,lh)
-#define lh_CSTRING_node_stats_bio(lh,out) \
- LHM_lh_node_stats_bio(CSTRING,lh,out)
-#define lh_CSTRING_node_usage_stats_bio(lh,out) \
- LHM_lh_node_usage_stats_bio(CSTRING,lh,out)
-#define lh_CSTRING_stats_bio(lh,out) \
- LHM_lh_stats_bio(CSTRING,lh,out)
-#define lh_CSTRING_free(lh) LHM_lh_free(CSTRING,lh)
-
#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
@@ -2534,6 +2516,42 @@
LHM_lh_stats_bio(OBJ_NAME,lh,out)
#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
+#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
+#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
+#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
+ LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
+ LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
+ LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
+ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
+
+#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
+#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
+#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
+ LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
+ LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
+ LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_stats_bio(lh,out) \
+ LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
+
#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
@@ -2551,24 +2569,6 @@
#define lh_SSL_SESSION_stats_bio(lh,out) \
LHM_lh_stats_bio(SSL_SESSION,lh,out)
#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
-
-#define lh_STRING_new() LHM_lh_new(STRING,string)
-#define lh_STRING_insert(lh,inst) LHM_lh_insert(STRING,lh,inst)
-#define lh_STRING_retrieve(lh,inst) LHM_lh_retrieve(STRING,lh,inst)
-#define lh_STRING_delete(lh,inst) LHM_lh_delete(STRING,lh,inst)
-#define lh_STRING_doall(lh,fn) LHM_lh_doall(STRING,lh,fn)
-#define lh_STRING_doall_arg(lh,fn,arg_type,arg) \
- LHM_lh_doall_arg(STRING,lh,fn,arg_type,arg)
-#define lh_STRING_error(lh) LHM_lh_error(STRING,lh)
-#define lh_STRING_num_items(lh) LHM_lh_num_items(STRING,lh)
-#define lh_STRING_down_load(lh) LHM_lh_down_load(STRING,lh)
-#define lh_STRING_node_stats_bio(lh,out) \
- LHM_lh_node_stats_bio(STRING,lh,out)
-#define lh_STRING_node_usage_stats_bio(lh,out) \
- LHM_lh_node_usage_stats_bio(STRING,lh,out)
-#define lh_STRING_stats_bio(lh,out) \
- LHM_lh_stats_bio(STRING,lh,out)
-#define lh_STRING_free(lh) LHM_lh_free(STRING,lh)
/* End of util/mkstack.pl block, you may now edit :-) */
#endif /* !defined HEADER_SAFESTACK_H */
Index: openssl/crypto/txt_db/txt_db.c
RCS File: /v/openssl/cvs/openssl/crypto/txt_db/txt_db.c,v
rcsdiff -q -kk '-r1.25' '-r1.25.2.1' -u '/v/openssl/cvs/openssl/crypto/txt_db/txt_db.c,v' 2>/dev/null
--- openssl/crypto/txt_db/txt_db.c 2008/07/04 23:12:51 1.25
+++ openssl/crypto/txt_db/txt_db.c 2009/07/27 21:08:51 1.25.2.1
@@ -78,7 +78,7 @@
int size=BUFSIZE;
int offset=0;
char *p,*f;
- STRING *pp;
+ OPENSSL_STRING *pp;
BUF_MEM *buf=NULL;
if ((buf=BUF_MEM_new()) == NULL) goto err;
@@ -89,7 +89,7 @@
ret->num_fields=num;
ret->index=NULL;
ret->qual=NULL;
- if ((ret->data=sk_PSTRING_new_null()) == NULL)
+ if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL)
goto err;
if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL)
goto err;
@@ -163,7 +163,7 @@
goto err;
}
pp[n]=p;
- if (!sk_PSTRING_push(ret->data,pp))
+ if (!sk_OPENSSL_PSTRING_push(ret->data,pp))
{
#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */
fprintf(stderr,"failure in sk_push\n");
@@ -182,7 +182,7 @@
#endif
if (ret != NULL)
{
- if (ret->data != NULL) sk_PSTRING_free(ret->data);
+ if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data);
if (ret->index != NULL) OPENSSL_free(ret->index);
if (ret->qual != NULL) OPENSSL_free(ret->qual);
if (ret != NULL) OPENSSL_free(ret);
@@ -193,10 +193,10 @@
return(ret);
}
-STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, STRING *value)
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value)
{
- STRING *ret;
- LHASH_OF(STRING) *lh;
+ OPENSSL_STRING *ret;
+ LHASH_OF(OPENSSL_STRING) *lh;
if (idx >= db->num_fields)
{
@@ -209,16 +209,16 @@
db->error=DB_ERROR_NO_INDEX;
return(NULL);
}
- ret=lh_STRING_retrieve(lh,value);
+ ret=lh_OPENSSL_STRING_retrieve(lh,value);
db->error=DB_ERROR_OK;
return(ret);
}
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(STRING *),
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *),
LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
{
- LHASH_OF(STRING) *idx;
- STRING *r;
+ LHASH_OF(OPENSSL_STRING) *idx;
+ OPENSSL_STRING *r;
int i,n;
if (field >= db->num_fields)
@@ -227,26 +227,26 @@
return(0);
}
/* FIXME: we lose type checking at this point */
- if ((idx=(LHASH_OF(STRING) *)lh_new(hash,cmp)) == NULL)
+ if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL)
{
db->error=DB_ERROR_MALLOC;
return(0);
}
- n=sk_PSTRING_num(db->data);
+ n=sk_OPENSSL_PSTRING_num(db->data);
for (i=0; i<n; i++)
{
- r=sk_PSTRING_value(db->data,i);
+ r=sk_OPENSSL_PSTRING_value(db->data,i);
if ((qual != NULL) && (qual(r) == 0)) continue;
- if ((r=lh_STRING_insert(idx,r)) != NULL)
+ if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL)
{
db->error=DB_ERROR_INDEX_CLASH;
- db->arg1=sk_PSTRING_find(db->data,r);
+ db->arg1=sk_OPENSSL_PSTRING_find(db->data,r);
db->arg2=i;
- lh_STRING_free(idx);
+ lh_OPENSSL_STRING_free(idx);
return(0);
}
}
- if (db->index[field] != NULL) lh_STRING_free(db->index[field]);
+ if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]);
db->index[field]=idx;
db->qual[field]=qual;
return(1);
@@ -261,11 +261,11 @@
if ((buf=BUF_MEM_new()) == NULL)
goto err;
- n=sk_PSTRING_num(db->data);
+ n=sk_OPENSSL_PSTRING_num(db->data);
nn=db->num_fields;
for (i=0; i<n; i++)
{
- pp=sk_PSTRING_value(db->data,i);
+ pp=sk_OPENSSL_PSTRING_value(db->data,i);
l=0;
for (j=0; j<nn; j++)
@@ -300,10 +300,10 @@
return(ret);
}
-int TXT_DB_insert(TXT_DB *db, STRING *row)
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
{
int i;
- STRING *r;
+ OPENSSL_STRING *r;
for (i=0; i<db->num_fields; i++)
{
@@ -311,7 +311,7 @@
{
if ((db->qual[i] != NULL) &&
(db->qual[i](row) == 0)) continue;
- r=lh_STRING_retrieve(db->index[i],row);
+ r=lh_OPENSSL_STRING_retrieve(db->index[i],row);
if (r != NULL)
{
db->error=DB_ERROR_INDEX_CLASH;
@@ -322,7 +322,7 @@
}
}
/* We have passed the index checks, now just append and insert */
- if (!sk_PSTRING_push(db->data,row))
+ if (!sk_OPENSSL_PSTRING_push(db->data,row))
{
db->error=DB_ERROR_MALLOC;
goto err;
@@ -334,7 +334,7 @@
{
if ((db->qual[i] != NULL) &&
(db->qual[i](row) == 0)) continue;
- (void)lh_STRING_insert(db->index[i],row);
+ (void)lh_OPENSSL_STRING_insert(db->index[i],row);
}
}
return(1);
@@ -353,18 +353,18 @@
if (db->index != NULL)
{
for (i=db->num_fields-1; i>=0; i--)
- if (db->index[i] != NULL) lh_STRING_free(db->index[i]);
+ if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]);
OPENSSL_free(db->index);
}
if (db->qual != NULL)
OPENSSL_free(db->qual);
if (db->data != NULL)
{
- for (i=sk_PSTRING_num(db->data)-1; i>=0; i--)
+ for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--)
{
/* check if any 'fields' have been allocated
* from outside of the initial block */
- p=sk_PSTRING_value(db->data,i);
+ p=sk_OPENSSL_PSTRING_value(db->data,i);
max=p[db->num_fields]; /* last address */
if (max == NULL) /* new row */
{
@@ -380,9 +380,9 @@
OPENSSL_free(p[n]);
}
}
- OPENSSL_free(sk_PSTRING_value(db->data,i));
+ OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i));
}
- sk_PSTRING_free(db->data);
+ sk_OPENSSL_PSTRING_free(db->data);
}
OPENSSL_free(db);
}
Index: openssl/crypto/txt_db/txt_db.h
RCS File: /v/openssl/cvs/openssl/crypto/txt_db/txt_db.h,v
rcsdiff -q -kk '-r1.11' '-r1.11.2.1' -u '/v/openssl/cvs/openssl/crypto/txt_db/txt_db.h,v' 2>/dev/null
--- openssl/crypto/txt_db/txt_db.h 2008/06/04 11:01:38 1.11
+++ openssl/crypto/txt_db/txt_db.h 2009/07/27 21:08:51 1.11.2.1
@@ -77,19 +77,19 @@
extern "C" {
#endif
-typedef STRING *PSTRING;
-DECLARE_SPECIAL_STACK_OF(PSTRING, STRING)
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
typedef struct txt_db_st
{
int num_fields;
- STACK_OF(PSTRING) *data;
- LHASH_OF(STRING) **index;
- int (**qual)(STRING *);
+ STACK_OF(OPENSSL_PSTRING) *data;
+ LHASH_OF(OPENSSL_STRING) **index;
+ int (**qual)(OPENSSL_STRING *);
long error;
long arg1;
long arg2;
- STRING *arg_row;
+ OPENSSL_STRING *arg_row;
} TXT_DB;
#ifndef OPENSSL_NO_BIO
@@ -99,11 +99,11 @@
TXT_DB *TXT_DB_read(char *in, int num);
long TXT_DB_write(char *out, TXT_DB *db);
#endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(STRING *),
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
void TXT_DB_free(TXT_DB *db);
-STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, STRING *value);
-int TXT_DB_insert(TXT_DB *db, STRING *value);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
#ifdef __cplusplus
}
Index: openssl/crypto/x509v3/v3_utl.c
RCS File: /v/openssl/cvs/openssl/crypto/x509v3/v3_utl.c,v
rcsdiff -q -kk '-r1.44' '-r1.44.2.1' -u '/v/openssl/cvs/openssl/crypto/x509v3/v3_utl.c,v' 2>/dev/null
--- openssl/crypto/x509v3/v3_utl.c 2009/02/14 21:49:36 1.44
+++ openssl/crypto/x509v3/v3_utl.c 2009/07/27 21:08:53 1.44.2.1
@@ -67,9 +67,9 @@
static char *strip_spaces(char *name);
static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK_OF(STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(STRING str);
-static int append_ia5(STACK_OF(STRING) **sk, ASN1_IA5STRING *email);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static void str_free(OPENSSL_STRING str);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
static int ipv4_from_asc(unsigned char *v4, const char *in);
static int ipv6_from_asc(unsigned char *v6, const char *in);
@@ -463,10 +463,10 @@
return strcmp(*a, *b);
}
-STACK_OF(STRING) *X509_get1_email(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
{
GENERAL_NAMES *gens;
- STACK_OF(STRING) *ret;
+ STACK_OF(OPENSSL_STRING) *ret;
gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
ret = get_email(X509_get_subject_name(x), gens);
@@ -474,10 +474,10 @@
return ret;
}
-STACK_OF(STRING) *X509_get1_ocsp(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
{
AUTHORITY_INFO_ACCESS *info;
- STACK_OF(STRING) *ret = NULL;
+ STACK_OF(OPENSSL_STRING) *ret = NULL;
int i;
info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
@@ -499,11 +499,11 @@
return ret;
}
-STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x)
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
{
GENERAL_NAMES *gens;
STACK_OF(X509_EXTENSION) *exts;
- STACK_OF(STRING) *ret;
+ STACK_OF(OPENSSL_STRING) *ret;
exts = X509_REQ_get_extensions(x);
gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
@@ -514,9 +514,9 @@
}
-static STACK_OF(STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
{
- STACK_OF(STRING) *ret = NULL;
+ STACK_OF(OPENSSL_STRING) *ret = NULL;
X509_NAME_ENTRY *ne;
ASN1_IA5STRING *email;
GENERAL_NAME *gen;
@@ -539,23 +539,23 @@
return ret;
}
-static void str_free(STRING str)
+static void str_free(OPENSSL_STRING str)
{
OPENSSL_free(str);
}
-static int append_ia5(STACK_OF(STRING) **sk, ASN1_IA5STRING *email)
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
{
char *emtmp;
/* First some sanity checks */
if(email->type != V_ASN1_IA5STRING) return 1;
if(!email->data || !email->length) return 1;
- if(!*sk) *sk = sk_STRING_new(sk_strcmp);
+ if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
if(!*sk) return 0;
/* Don't add duplicates */
- if(sk_STRING_find(*sk, (char *)email->data) != -1) return 1;
+ if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1;
emtmp = BUF_strdup((char *)email->data);
- if(!emtmp || !sk_STRING_push(*sk, emtmp)) {
+ if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
X509_email_free(*sk);
*sk = NULL;
return 0;
@@ -563,9 +563,9 @@
return 1;
}
-void X509_email_free(STACK_OF(STRING) *sk)
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
{
- sk_STRING_pop_free(sk, str_free);
+ sk_OPENSSL_STRING_pop_free(sk, str_free);
}
/* Convert IP addresses both IPv4 and IPv6 into an
Index: openssl/crypto/x509v3/x509v3.h
RCS File: /v/openssl/cvs/openssl/crypto/x509v3/x509v3.h,v
rcsdiff -q -kk '-r1.126.2.1' '-r1.126.2.2' -u '/v/openssl/cvs/openssl/crypto/x509v3/x509v3.h,v' 2>/dev/null
--- openssl/crypto/x509v3/x509v3.h 2009/04/19 17:58:01 1.126.2.1
+++ openssl/crypto/x509v3/x509v3.h 2009/07/27 21:08:53 1.126.2.2
@@ -693,10 +693,10 @@
void X509_PURPOSE_cleanup(void);
int X509_PURPOSE_get_id(X509_PURPOSE *);
-STACK_OF(STRING) *X509_get1_email(X509 *x);
-STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK_OF(STRING) *sk);
-STACK_OF(STRING) *X509_get1_ocsp(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
openssl-1.0.0-beta3-redhat.patch:
Configure | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-redhat.patch ---
diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.redhat 2009-07-08 10:50:52.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-04 22:46:59.000000000 +0200
@@ -331,32 +331,32 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### SPARC Linux setups
# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -370,8 +370,8 @@ my %table=(
#
# <appro at fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
openssl-1.0.0-beta3-soversion.patch:
Configure | 2 +-
Makefile.org | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE openssl-1.0.0-beta3-soversion.patch ---
diff -up openssl-1.0.0-beta3/Configure.soversion openssl-1.0.0-beta3/Configure
--- openssl-1.0.0-beta3/Configure.soversion 2009-08-04 23:06:52.000000000 +0200
+++ openssl-1.0.0-beta3/Configure 2009-08-04 23:06:52.000000000 +0200
@@ -1514,7 +1514,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
diff -up openssl-1.0.0-beta3/Makefile.org.soversion openssl-1.0.0-beta3/Makefile.org
--- openssl-1.0.0-beta3/Makefile.org.soversion 2009-08-04 23:06:52.000000000 +0200
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:11:01.000000000 +0200
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
+SHLIB_SONAMEVER=10
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -289,10 +290,9 @@ clean-shared:
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
@@ -303,7 +303,7 @@ do_$(SHLIB_TARGET):
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/.cvsignore,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -p -r1.18 -r1.19
--- .cvsignore 25 Mar 2009 21:12:41 -0000 1.18
+++ .cvsignore 20 Aug 2009 14:18:41 -0000 1.19
@@ -1 +1 @@
-openssl-0.9.8k-usa.tar.bz2
+openssl-1.0.0-beta3-usa.tar.bz2
Index: README.FIPS
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/README.FIPS,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- README.FIPS 30 Jun 2009 14:20:37 -0000 1.1
+++ README.FIPS 20 Aug 2009 14:18:41 -0000 1.2
@@ -69,3 +69,7 @@ To query whether the module is in the er
- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
state, 0 otherwise.
+
+To zeroize the FIPS RNG key and internal state the application calls:
+
+- void RAND_cleanup(void)
Index: hobble-openssl
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/hobble-openssl,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- hobble-openssl 8 Nov 2005 13:52:28 -0000 1.7
+++ hobble-openssl 20 Aug 2009 14:18:41 -0000 1.8
@@ -4,33 +4,32 @@
set -e
# Clean out patent-or-otherwise-encumbered code.
-# MDC-2: 4,908,861 13/03/2007
+# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 25/05/2010
# RC5: 5,724,428 03/03/2015
# EC: ????????? ??/??/2015
# Remove assembler portions of IDEA, MDC2, and RC5.
-(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
+(find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
# IDEA, MDC2, RC5, EC.
-for a in idea mdc2 rc5 ec ecdh ecdsa; do
+for a in idea rc5 ec ecdh ecdsa; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
+for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_ecdsa.c"`; do
echo Destroying $c
> $c
done
for h in `find crypto ssl apps test -name "*.h"` ; do
- echo Removing IDEA, MDC2, RC5, and EC references from $h
+ echo Removing IDEA, RC5, and EC references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
- /^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.133
retrieving revision 1.134
diff -u -p -r1.133 -r1.134
--- openssl.spec 25 Jul 2009 20:54:16 -0000 1.133
+++ openssl.spec 20 Aug 2009 14:18:42 -0000 1.134
@@ -8,7 +8,10 @@
# 0.9.8ab soversion = 6
# 0.9.8g soversion = 7
# 0.9.8jk + EAP-FAST soversion = 8
-%define soversion 8
+# 1.0.0 soversion = 10
+%define soversion 10
+
+%define beta beta3
# Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@@ -19,11 +22,11 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
-Version: 0.9.8k
-Release: 7%{?dist}
+Version: 1.0.0
+Release: 0.1.%{beta}%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
-Source: openssl-%{version}-usa.tar.bz2
+Source: openssl-%{version}-%{beta}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
Source6: make-dummy-cert
@@ -32,41 +35,34 @@ Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
Source11: README.FIPS
# Build changes
-Patch0: openssl-0.9.8j-redhat.patch
-Patch1: openssl-0.9.8a-defaults.patch
-Patch2: openssl-0.9.8a-link-krb5.patch
-Patch3: openssl-0.9.8j-soversion.patch
-Patch4: openssl-0.9.8j-enginesdir.patch
+Patch0: openssl-1.0.0-beta3-redhat.patch
+Patch1: openssl-1.0.0-beta3-defaults.patch
+Patch2: openssl-1.0.0-beta3-krb5.patch
+Patch3: openssl-1.0.0-beta3-soversion.patch
+Patch4: openssl-1.0.0-beta3-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch
-Patch7: openssl-0.9.8k-shlib-version.patch
# Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch
-Patch22: openssl-0.9.8k-x509-name-cmp.patch
-Patch23: openssl-0.9.8g-default-paths.patch
-Patch24: openssl-0.9.8g-no-extssl.patch
+Patch23: openssl-1.0.0-beta3-default-paths.patch
# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-0.9.8j-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
-Patch38: openssl-0.9.8a-reuse-cipher-change.patch
-Patch39: openssl-0.9.8g-ipv6-apps.patch
-Patch40: openssl-0.9.8j-nocanister.patch
-Patch41: openssl-0.9.8k-use-fipscheck.patch
-Patch42: openssl-0.9.8k-fipscheck-hmac.patch
-Patch44: openssl-0.9.8k-kernel-fipsmode.patch
+Patch38: openssl-1.0.0-beta3-cipher-change.patch
+Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
+Patch40: openssl-1.0.0-beta3-fips.patch
+Patch41: openssl-1.0.0-beta3-fipscheck.patch
+Patch43: openssl-1.0.0-beta3-fipsmode.patch
+Patch44: openssl-1.0.0-beta3-fipsrng.patch
Patch45: openssl-0.9.8j-env-nozlib.patch
-Patch46: openssl-0.9.8j-eap-fast.patch
Patch47: openssl-0.9.8j-readme-warning.patch
Patch48: openssl-0.9.8j-bad-mime.patch
-Patch49: openssl-0.9.8j-fips-no-pairwise.patch
-Patch50: openssl-0.9.8k-fips-rng-seed.patch
-Patch51: openssl-0.9.8k-multi-crl.patch
-Patch52: openssl-0.9.8k-dtls-compat.patch
-Patch53: openssl-0.9.8k-dtls-dos.patch
-Patch54: openssl-0.9.8k-algo-doc.patch
+Patch49: openssl-0.9.8k-algo-doc.patch
# Backported fixes including security fixes
+Patch60: openssl-1.0.0-beta3-namingstr.patch
+Patch61: openssl-1.0.0-beta3-namingblk.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -76,6 +72,14 @@ BuildRequires: mktemp, krb5-devel, perl,
BuildRequires: /usr/bin/rename
Requires: mktemp, ca-certificates >= 2008-5
+# Temporary hack
+Requires(post): coreutils
+%ifarch ppc64 s390x sparc64 x86_64
+Provides: libcrypto.so.8()(64bit) libssl.so.8()(64bit)
+%else
+Provides: libcrypto.so.8 libssl.so.8
+%endif
+
%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
@@ -116,7 +120,7 @@ package provides Perl scripts for conver
from other formats to the formats used by the OpenSSL toolkit.
%prep
-%setup -q
+%setup -q -n %{name}-%{version}-%{beta}
%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
@@ -127,12 +131,9 @@ from other formats to the formats used b
%patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
-%patch7 -p1 -b .shlib-version
%patch21 -p1 -b .aliasing-bug
-%patch22 -p1 -b .name-cmp
%patch23 -p1 -b .default-paths
-%patch24 -p1 -b .no-extssl
%patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir
@@ -140,20 +141,16 @@ from other formats to the formats used b
%patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change
%patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .nocanister
-%patch41 -p1 -b .use-fipscheck
-%patch42 -p1 -b .fipscheck-hmac
-%patch44 -p1 -b .fipsmode
+%patch40 -p1 -b .fips
+%patch41 -p1 -b .fipscheck
+%patch43 -p1 -b .fipsmode
+%patch44 -p1 -b .fipsrng
%patch45 -p1 -b .env-nozlib
-%patch46 -p1 -b .eap-fast
%patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime
-%patch49 -p1 -b .no-pairwise
-%patch50 -p1 -b .rng-seed
-%patch51 -p1 -b .multi-crl
-%patch52 -p1 -b .dtls-compat
-%patch53 -p1 -b .dtls-dos
-%patch54 -p1 -b .algo-doc
+%patch49 -p1 -b .algo-doc
+%patch60 -p1 -b .namingstr
+%patch61 -p1 -b .namingblk
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -201,7 +198,7 @@ sslarch=linux-generic32
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
- --with-krb5-dir=/usr ${sslarch} fipscanisterbuild
+ --with-krb5-dir=/usr ${sslarch} fips
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
@@ -240,9 +237,9 @@ make -C test apps tests
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
- fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
+ crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
- fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
+ crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}
@@ -263,6 +260,9 @@ for lib in $RPM_BUILD_ROOT%{_libdir}/*.s
chmod 755 ${lib}
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
+# Temporary hack
+ ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.8
+
done
# Install a makefile for generating keys and self-signed certs, and a script
@@ -378,6 +378,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipsca
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
+# Temporary hack
+%attr(0755,root,root) /%{_lib}/*.so.8
+
%files devel
%defattr(-,root,root)
%{_prefix}/include/openssl
@@ -393,14 +396,28 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipsca
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/c_rehash
%attr(0644,root,root) %{_mandir}/man1*/*.pl*
-%dir %{_sysconfdir}/pki/tls/misc
%{_sysconfdir}/pki/tls/misc/*.pl
+%{_sysconfdir}/pki/tls/misc/tsget
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
+%triggerpostun -- openssl < 1.0.0
+# Temporary hack
+[ $1 != 0 ] || exit 0
+if [ "$(readlink /%{_lib}/libcrypto.so.8)" != libcrypto.so.%{version} ] ; then
+ ln -sf libcrypto.so.%{version} /%{_lib}/libcrypto.so.8 || :
+fi
+if [ "$(readlink /%{_lib}/libssl.so.8)" != libssl.so.%{version} ] ; then
+ ln -sf libssl.so.%{version} /%{_lib}/libssl.so.8 || :
+fi
+/sbin/ldconfig -X
+
%changelog
+* Thu Aug 20 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.1.beta3
+- update to new major upstream release
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.8k-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/sources,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- sources 25 Mar 2009 21:12:41 -0000 1.20
+++ sources 20 Aug 2009 14:18:42 -0000 1.21
@@ -1 +1 @@
-de4f31dd6546e8e11b4ffd4332b3c162 openssl-0.9.8k-usa.tar.bz2
+9926dcf78e797a12d8e3ffd7a018824b openssl-1.0.0-beta3-usa.tar.bz2
--- openssl-0.9.8a-defaults.patch DELETED ---
--- openssl-0.9.8a-enginesdir.patch DELETED ---
--- openssl-0.9.8a-link-krb5.patch DELETED ---
--- openssl-0.9.8a-reuse-cipher-change.patch DELETED ---
--- openssl-0.9.8g-default-paths.patch DELETED ---
--- openssl-0.9.8g-ipv6-apps.patch DELETED ---
--- openssl-0.9.8g-no-extssl.patch DELETED ---
--- openssl-0.9.8j-eap-fast.patch DELETED ---
--- openssl-0.9.8j-enginesdir.patch DELETED ---
--- openssl-0.9.8j-fips-no-pairwise.patch DELETED ---
--- openssl-0.9.8j-nocanister.patch DELETED ---
--- openssl-0.9.8j-redhat.patch DELETED ---
--- openssl-0.9.8j-soversion.patch DELETED ---
--- openssl-0.9.8k-dtls-compat.patch DELETED ---
--- openssl-0.9.8k-dtls-dos.patch DELETED ---
--- openssl-0.9.8k-fips-rng-seed.patch DELETED ---
--- openssl-0.9.8k-fipscheck-hmac.patch DELETED ---
--- openssl-0.9.8k-kernel-fipsmode.patch DELETED ---
--- openssl-0.9.8k-multi-crl.patch DELETED ---
--- openssl-0.9.8k-shlib-version.patch DELETED ---
--- openssl-0.9.8k-use-fipscheck.patch DELETED ---
--- openssl-0.9.8k-x509-name-cmp.patch DELETED ---
More information about the fedora-extras-commits
mailing list