Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl merge conflicts and undo the ses...
details: https://anonhg.NetBSD.org/src/rev/832353097780
branches: trunk
changeset: 750343:832353097780
user: christos <christos%NetBSD.org@localhost>
date: Sun Dec 27 00:48:55 2009 +0000
description:
merge conflicts and undo the session renegotiation disabling code.
diffstat:
crypto/external/bsd/openssl/dist/apps/ca.c | 57 ++----
crypto/external/bsd/openssl/dist/apps/ocsp.c | 46 ++++-
crypto/external/bsd/openssl/dist/apps/speed.c | 22 +-
crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c | 117 ++++++++-----
crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/cast/cast.h | 12 +-
crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c | 11 +-
crypto/external/bsd/openssl/dist/ssl/s23_clnt.c | 6 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 3 +-
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 72 ++++++-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 55 +++---
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c | 4 +-
crypto/external/bsd/openssl/lib/libcrypto/cms.inc | 4 +-
crypto/external/bsd/openssl/lib/libcrypto/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libssl/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libssl/ssl.inc | 4 +-
18 files changed, 279 insertions(+), 173 deletions(-)
diffs (truncated from 1099 to 300 lines):
diff -r 05d10b5fd326 -r 832353097780 crypto/external/bsd/openssl/dist/apps/ca.c
--- a/crypto/external/bsd/openssl/dist/apps/ca.c Sat Dec 26 23:29:52 2009 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/ca.c Sun Dec 27 00:48:55 2009 +0000
@@ -215,7 +215,6 @@
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -1263,7 +1262,12 @@
BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
(void)BIO_flush(bio_err);
buf[0][0]='\0';
- fgets(buf[0],10,stdin);
+ if (!fgets(buf[0],10,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
+ ret=0;
+ goto err;
+ }
if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
{
BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
@@ -1403,7 +1407,12 @@
if (!tmptm) goto err;
X509_gmtime_adj(tmptm,0);
X509_CRL_set_lastUpdate(crl, tmptm);
- X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL);
+ if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
+ NULL))
+ {
+ BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+ goto err;
+ }
X509_CRL_set_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
@@ -2117,7 +2126,12 @@
BIO_printf(bio_err,"Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0]='\0';
- fgets(buf,sizeof(buf)-1,stdin);
+ if (!fgets(buf,sizeof(buf)-1,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+ ok=0;
+ goto err;
+ }
if (!((buf[0] == 'y') || (buf[0] == 'Y')))
{
BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
@@ -2319,25 +2333,9 @@
continue;
}
- /*
- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
- continue;
- */
-
- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
- if (fix_data(nid, &j) == 0)
- {
- BIO_printf(bio_err,
- "invalid characters in string %s\n",buf);
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, 0))
goto err;
- }
-
- if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
- (unsigned char *)buf,
- strlen(buf))) == NULL)
- goto err;
-
- if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
@@ -2380,21 +2378,6 @@
return(ok);
}
-static int fix_data(int nid, int *type)
- {
- if (nid == NID_pkcs9_emailAddress)
- *type=V_ASN1_IA5STRING;
- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
- return(0);
- if (nid == NID_pkcs9_unstructuredName)
- *type=V_ASN1_IA5STRING;
- return(1);
- }
-
static int check_time_format(const char *str)
{
return ASN1_TIME_set_string(NULL, str);
diff -r 05d10b5fd326 -r 832353097780 crypto/external/bsd/openssl/dist/apps/ocsp.c
--- a/crypto/external/bsd/openssl/dist/apps/ocsp.c Sat Dec 26 23:29:52 2009 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/ocsp.c Sun Dec 27 00:48:55 2009 +0000
@@ -75,6 +75,7 @@
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include <openssl/x509v3.h>
#if defined(NETWARE_CLIB)
# ifdef NETWARE_BSDSOCK
@@ -113,6 +114,7 @@
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout);
#undef PROG
@@ -131,6 +133,7 @@
char *rsignfile = NULL, *rkeyfile = NULL;
char *outfile = NULL;
int add_nonce = 1, noverify = 0, use_ssl = -1;
+ STACK_OF(CONF_VALUE) *headers = NULL;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_BASICRESP *bs = NULL;
@@ -230,6 +233,16 @@
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-header"))
+ {
+ if (args[1] && args[2])
+ {
+ if (!X509V3_add_value(args[1], args[2], &headers))
+ goto end;
+ args += 2;
+ }
+ else badarg = 1;
+ }
else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
@@ -756,7 +769,7 @@
{
#ifndef OPENSSL_NO_SOCK
resp = process_responder(bio_err, req, host, path,
- port, use_ssl, req_timeout);
+ port, use_ssl, headers, req_timeout);
if (!resp)
goto end;
#else
@@ -905,6 +918,7 @@
sk_OCSP_CERTID_free(ids);
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
+ sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
if (use_ssl != -1)
{
@@ -1260,10 +1274,12 @@
}
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
+ int i;
OCSP_REQ_CTX *ctx = NULL;
OCSP_RESPONSE *rsp = NULL;
fd_set confds;
@@ -1280,16 +1296,13 @@
return NULL;
}
- if (req_timeout == -1)
- return OCSP_sendreq_bio(cbio, path, req);
-
if (BIO_get_fd(cbio, &fd) <= 0)
{
BIO_puts(err, "Can't get connection fd\n");
goto err;
}
- if (rv <= 0)
+ if (req_timeout != -1 && rv <= 0)
{
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
@@ -1304,15 +1317,27 @@
}
- ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
if (!ctx)
return NULL;
+
+ for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
+ {
+ CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+ if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+ goto err;
+ }
+
+ if (!OCSP_REQ_CTX_set1_req(ctx, req))
+ goto err;
for (;;)
{
rv = OCSP_sendreq_nbio(&rsp, ctx);
if (rv != -1)
break;
+ if (req_timeout == -1)
+ continue;
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
tv.tv_usec = 0;
@@ -1336,7 +1361,7 @@
BIO_puts(err, "Select error\n");
break;
}
-
+
}
err:
if (ctx)
@@ -1347,6 +1372,7 @@
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
+ STACK_OF(CONF_VALUE) *headers,
int req_timeout)
{
BIO *cbio = NULL;
@@ -1381,14 +1407,14 @@
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
}
- resp = query_responder(err, cbio, path, req, req_timeout);
+ resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responsder\n");
end:
+ if (cbio)
+ BIO_free_all(cbio);
if (ctx)
SSL_CTX_free(ctx);
- if (cbio)
- BIO_free_all(cbio);
return resp;
}
diff -r 05d10b5fd326 -r 832353097780 crypto/external/bsd/openssl/dist/apps/speed.c
--- a/crypto/external/bsd/openssl/dist/apps/speed.c Sat Dec 26 23:29:52 2009 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/speed.c Sun Dec 27 00:48:55 2009 +0000
@@ -184,8 +184,12 @@
#include <openssl/ecdh.h>
#endif
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 1
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+# define NO_FORK 1
+#elif HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK 1
#endif
#undef BUFSIZE
@@ -200,7 +204,7 @@
static void pkey_print_message(const char *str, const char *str2,
long num, int bits, int sec);
static void print_result(int alg,int run_no,int count,double time_used);
-#ifdef HAVE_FORK
+#ifndef NO_FORK
static int do_multi(int multi);
#endif
@@ -587,7 +591,7 @@
const EVP_CIPHER *evp_cipher=NULL;
const EVP_MD *evp_md=NULL;
int decrypt=0;
-#ifdef HAVE_FORK
+#ifndef NO_FORK
int multi=0;
#endif
@@ -715,7 +719,7 @@
j--;
}
#endif
-#ifdef HAVE_FORK
Home |
Main Index |
Thread Index |
Old Index