Upgrade to OpenSSL 1.0.1h
sha1sum of distribution:
b2239599c8bf8f7fc48590a55205c26abe560bf8 openssl-1.0.1h.tar.gz
Bug: 15442813
Change-Id: I9abd00afcb7efb0e80b27bf7beade3c6dc511082
diff --git a/apps/enc.c b/apps/enc.c
index 719acc3..19ea3df 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -331,6 +331,12 @@
setup_engine(bio_err, engine, 0);
#endif
+ if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+ {
+ BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
+ goto end;
+ }
+
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 83c5a76..767f12c 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -127,6 +127,7 @@
ENGINE *e = NULL;
char **args;
char *host = NULL, *port = NULL, *path = "/";
+ char *thost = NULL, *tport = NULL, *tpath = NULL;
char *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL;
char *signfile = NULL, *keyfile = NULL;
@@ -204,6 +205,12 @@
}
else if (!strcmp(*args, "-url"))
{
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
if (args[1])
{
args++;
@@ -212,6 +219,9 @@
BIO_printf(bio_err, "Error parsing URL\n");
badarg = 1;
}
+ thost = host;
+ tport = port;
+ tpath = path;
}
else badarg = 1;
}
@@ -920,12 +930,12 @@
sk_X509_pop_free(verify_other, X509_free);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
- if (use_ssl != -1)
- {
- OPENSSL_free(host);
- OPENSSL_free(port);
- OPENSSL_free(path);
- }
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
OPENSSL_EXIT(ret);
}
diff --git a/apps/req.c b/apps/req.c
index 5e034a8..d41385d 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1489,7 +1489,13 @@
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
(unsigned char *) buf, -1,-1,mval)) goto err;
ret=1;
@@ -1548,7 +1554,12 @@
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
+ if(!req_check_len(i, n_min, n_max))
+ {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
(unsigned char *)buf, -1)) {
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 84c3b44..146a960 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -747,6 +747,10 @@
break;
#endif
+ case TLSEXT_TYPE_padding:
+ extname = "TLS padding";
+ break;
+
default:
extname = "unknown";
break;
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 380efdb..94eb40f 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -274,7 +274,7 @@
{
i=0;
i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
+ if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
}
#endif
@@ -450,6 +450,7 @@
if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
{
perror("OPENSSL_malloc");
+ closesocket(ret);
return(0);
}
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
@@ -458,11 +459,13 @@
if (h2 == NULL)
{
BIO_printf(bio_err,"gethostbyname failure\n");
+ closesocket(ret);
return(0);
}
if (h2->h_addrtype != AF_INET)
{
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ closesocket(ret);
return(0);
}
}
diff --git a/apps/smime.c b/apps/smime.c
index c583f8a..d1fe32d 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -541,8 +541,8 @@
{
if (!cipher)
{
-#ifndef OPENSSL_NO_RC2
- cipher = EVP_rc2_40_cbc();
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;