diff options
| author | Myles Borins <mborins@us.ibm.com> | 2016-01-29 11:30:16 -0800 |
|---|---|---|
| committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2016-01-31 15:07:12 +0900 |
| commit | 1f434787fcb36b2dea36dbfebc8ff7f899b6d262 (patch) | |
| tree | 89fbd0f262a3ba0a2557df53a30e1a3807e1a3b4 /deps/openssl/openssl/apps | |
| parent | 6cbbfef994930bc47581d592124e82b58e55ac7b (diff) | |
| download | android-node-v8-1f434787fcb36b2dea36dbfebc8ff7f899b6d262.tar.gz android-node-v8-1f434787fcb36b2dea36dbfebc8ff7f899b6d262.tar.bz2 android-node-v8-1f434787fcb36b2dea36dbfebc8ff7f899b6d262.zip | |
deps: upgrade openssl sources to 1.0.2f
This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl
Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: copy openssl header files to include dir
All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.
Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .
Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html
iojs needs to stop using masm and move to nasm or yasm on Win32.
Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
openssl: fix keypress requirement in apps on win32
Reapply b910613792dac946b295855963869933a9089044 .
Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
docs: update openssl UPDATING guide
the guide is now current with the steps taken to update
openssl to v1.0.2f
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>
Diffstat (limited to 'deps/openssl/openssl/apps')
| -rw-r--r-- | deps/openssl/openssl/apps/app_rand.c | 8 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/engine.c | 2 | ||||
| l--------- | deps/openssl/openssl/apps/md4.c | 1 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/ocsp.c | 2 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/pkcs12.c | 42 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/pkeyutl.c | 34 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/s_client.c | 13 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/s_server.c | 2 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/speed.c | 2 | ||||
| -rw-r--r-- | deps/openssl/openssl/apps/x509.c | 7 |
10 files changed, 49 insertions, 64 deletions
diff --git a/deps/openssl/openssl/apps/app_rand.c b/deps/openssl/openssl/apps/app_rand.c index ef0dd2ba8c..7f40bba764 100644 --- a/deps/openssl/openssl/apps/app_rand.c +++ b/deps/openssl/openssl/apps/app_rand.c @@ -124,13 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) char buffer[200]; #ifdef OPENSSL_SYS_WINDOWS - /* - * allocate 2 to dont_warn not to use RAND_screen() via - * -no_rand_screen option in s_client - */ - if (dont_warn != 2) { - RAND_screen(); - } + RAND_screen(); #endif if (file == NULL) diff --git a/deps/openssl/openssl/apps/engine.c b/deps/openssl/openssl/apps/engine.c index 460ec60cb1..f54631b50d 100644 --- a/deps/openssl/openssl/apps/engine.c +++ b/deps/openssl/openssl/apps/engine.c @@ -1,4 +1,4 @@ -/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ +/* apps/engine.c */ /* * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project * 2000. diff --git a/deps/openssl/openssl/apps/md4.c b/deps/openssl/openssl/apps/md4.c deleted file mode 120000 index 03269af9bc..0000000000 --- a/deps/openssl/openssl/apps/md4.c +++ /dev/null @@ -1 +0,0 @@ -openssl-1.0.2e/../crypto/md4/md4.c
\ No newline at end of file diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c index 6ed255d4b5..5da51df514 100644 --- a/deps/openssl/openssl/apps/ocsp.c +++ b/deps/openssl/openssl/apps/ocsp.c @@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); + nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); /* Examine each certificate id in the request */ for (i = 0; i < id_count; i++) { diff --git a/deps/openssl/openssl/apps/pkcs12.c b/deps/openssl/openssl/apps/pkcs12.c index e41b445a50..cbb75b7d5f 100644 --- a/deps/openssl/openssl/apps/pkcs12.c +++ b/deps/openssl/openssl/apps/pkcs12.c @@ -79,7 +79,8 @@ const EVP_CIPHER *enc; # define CLCERTS 0x8 # define CACERTS 0x10 -int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); +static int get_cert_chain(X509 *cert, X509_STORE *store, + STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -594,7 +595,7 @@ int MAIN(int argc, char **argv) vret = get_cert_chain(ucert, store, &chain2); X509_STORE_free(store); - if (!vret) { + if (vret == X509_V_OK) { /* Exclude verified certificate */ for (i = 1; i < sk_X509_num(chain2); i++) sk_X509_push(certs, sk_X509_value(chain2, i)); @@ -602,7 +603,7 @@ int MAIN(int argc, char **argv) X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); } else { - if (vret >= 0) + if (vret != X509_V_ERR_UNSPECIFIED) BIO_printf(bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); else @@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, /* Given a single certificate return a verified chain or NULL if error */ -/* Hope this is OK .... */ - -int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) +static int get_cert_chain(X509 *cert, X509_STORE *store, + STACK_OF(X509) **chain) { X509_STORE_CTX store_ctx; - STACK_OF(X509) *chn; + STACK_OF(X509) *chn = NULL; int i = 0; - /* - * FIXME: Should really check the return status of X509_STORE_CTX_init - * for an error, but how that fits into the return value of this function - * is less obvious. - */ - X509_STORE_CTX_init(&store_ctx, store, cert, NULL); - if (X509_verify_cert(&store_ctx) <= 0) { - i = X509_STORE_CTX_get_error(&store_ctx); - if (i == 0) - /* - * avoid returning 0 if X509_verify_cert() did not set an - * appropriate error value in the context - */ - i = -1; - chn = NULL; - goto err; - } else + if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) { + *chain = NULL; + return X509_V_ERR_UNSPECIFIED; + } + + if (X509_verify_cert(&store_ctx) > 0) chn = X509_STORE_CTX_get1_chain(&store_ctx); - err: + else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0) + i = X509_V_ERR_UNSPECIFIED; + X509_STORE_CTX_cleanup(&store_ctx); *chain = chn; - return i; } diff --git a/deps/openssl/openssl/apps/pkeyutl.c b/deps/openssl/openssl/apps/pkeyutl.c index aaa90740ad..501fd6304a 100644 --- a/deps/openssl/openssl/apps/pkeyutl.c +++ b/deps/openssl/openssl/apps/pkeyutl.c @@ -74,10 +74,11 @@ static void usage(void); static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e); + char *passargin, int pkey_op, ENGINE *e, + int impl); static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file); + const char *file, ENGINE* e); static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, unsigned char *out, size_t *poutlen, @@ -97,6 +98,7 @@ int MAIN(int argc, char **argv) EVP_PKEY_CTX *ctx = NULL; char *passargin = NULL; int keysize = -1; + int engine_impl = 0; unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; size_t buf_outlen; @@ -137,7 +139,7 @@ int MAIN(int argc, char **argv) else { ctx = init_ctx(&keysize, *(++argv), keyform, key_type, - passargin, pkey_op, e); + passargin, pkey_op, e, engine_impl); if (!ctx) { BIO_puts(bio_err, "Error initializing context\n"); ERR_print_errors(bio_err); @@ -147,7 +149,7 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*argv, "-peerkey")) { if (--argc < 1) badarg = 1; - else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) + else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e)) badarg = 1; } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) @@ -171,6 +173,8 @@ int MAIN(int argc, char **argv) badarg = 1; else e = setup_engine(bio_err, *(++argv), 0); + } else if (!strcmp(*argv, "-engine_impl")) { + engine_impl = 1; } #endif else if (!strcmp(*argv, "-pubin")) @@ -368,7 +372,8 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, - "-engine e use engine e, possibly a hardware device.\n"); + "-engine e use engine e, maybe a hardware device, for loading keys.\n"); + BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n"); #endif BIO_printf(bio_err, "-passin arg pass phrase source\n"); @@ -376,10 +381,12 @@ static void usage() static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e) + char *passargin, int pkey_op, ENGINE *e, + int engine_impl) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; + ENGINE *impl = NULL; char *passin = NULL; int rv = -1; X509 *x; @@ -419,7 +426,12 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, if (!pkey) goto end; - ctx = EVP_PKEY_CTX_new(pkey, e); +#ifndef OPENSSL_NO_ENGINE + if (engine_impl) + impl = e; +#endif + + ctx = EVP_PKEY_CTX_new(pkey, impl); EVP_PKEY_free(pkey); @@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, } static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file) + const char *file, ENGINE* e) { EVP_PKEY *peer = NULL; + ENGINE* engine = NULL; int ret; if (!ctx) { BIO_puts(err, "-peerkey command before -inkey\n"); return 0; } - peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); + if (peerform == FORMAT_ENGINE) + engine = e; + + peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key"); if (!peer) { BIO_printf(bio_err, "Error reading peer key %s\n", file); diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index 95fe6d48c7..022ca6cf6b 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -236,7 +236,6 @@ static BIO *bio_c_msg = NULL; static int c_quiet = 0; static int c_ign_eof = 0; static int c_brief = 0; -static int c_no_rand_screen = 0; #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ @@ -316,7 +315,7 @@ static void sc_usage(void) " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); BIO_printf(bio_err, - " -verify_host host - check peer certificate matches \"host\"\n"); + " -verify_hostname host - check peer certificate matches \"host\"\n"); BIO_printf(bio_err, " -verify_email email - check peer certificate matches \"email\"\n"); BIO_printf(bio_err, @@ -457,10 +456,6 @@ static void sc_usage(void) " -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); -#ifdef OPENSSL_SYS_WINDOWS - BIO_printf(bio_err, - " -no_rand_screen - Do not use RAND_screen() to initialize random state\n"); -#endif } #ifndef OPENSSL_NO_TLSEXT @@ -1140,10 +1135,6 @@ int MAIN(int argc, char **argv) keymatexportlen = atoi(*(++argv)); if (keymatexportlen == 0) goto bad; -#ifdef OPENSSL_SYS_WINDOWS - } else if (strcmp(*argv, "-no_rand_screen") == 0) { - c_no_rand_screen = 1; -#endif } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -1249,7 +1240,7 @@ int MAIN(int argc, char **argv) if (!load_excert(&exc, bio_err)) goto end; - if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c index f19532b75f..65cbaaf6eb 100644 --- a/deps/openssl/openssl/apps/s_server.c +++ b/deps/openssl/openssl/apps/s_server.c @@ -498,7 +498,7 @@ static void sv_usage(void) BIO_printf(bio_err, " -accept arg - port to accept on (default is %d)\n", PORT); BIO_printf(bio_err, - " -verify_host host - check peer certificate matches \"host\"\n"); + " -verify_hostname host - check peer certificate matches \"host\"\n"); BIO_printf(bio_err, " -verify_email email - check peer certificate matches \"email\"\n"); BIO_printf(bio_err, diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index 3697b71ec1..95adcc19cc 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -1,4 +1,4 @@ -/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */ +/* apps/speed.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/deps/openssl/openssl/apps/x509.c b/deps/openssl/openssl/apps/x509.c index 864a60dda2..7c215bced0 100644 --- a/deps/openssl/openssl/apps/x509.c +++ b/deps/openssl/openssl/apps/x509.c @@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - /* Lets just make it 12:00am GMT, Jan 1 1970 */ - /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ - /* 28 days to be certified */ - - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey)) |