aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--openssl/CHANGES35
-rw-r--r--openssl/FAQ2
-rw-r--r--openssl/LICENSE2
-rw-r--r--openssl/Makefile2
-rw-r--r--openssl/NEWS19
-rw-r--r--openssl/README4
-rw-r--r--openssl/VMS/mkshared.com29
-rw-r--r--openssl/apps/makeapps.com65
-rw-r--r--openssl/crypto/asn1/a_strex.c17
-rw-r--r--openssl/crypto/asn1/a_strnid.c2
-rw-r--r--openssl/crypto/asn1/ameth_lib.c2
-rw-r--r--openssl/crypto/asn1/asn1.h2
-rw-r--r--openssl/crypto/bio/bss_dgram.c2
-rw-r--r--openssl/crypto/bio/bss_file.c12
-rw-r--r--openssl/crypto/comp/c_rle.c3
-rw-r--r--openssl/crypto/crypto-lib.com65
-rw-r--r--openssl/crypto/dsa/dsa_ossl.c18
-rw-r--r--openssl/crypto/ec/ec2_smpl.c3
-rw-r--r--openssl/crypto/ec/ec_key.c8
-rw-r--r--openssl/crypto/ec/ecp_smpl.c3
-rw-r--r--openssl/crypto/engine/engine.h3
-rw-r--r--openssl/crypto/install.com2
-rw-r--r--openssl/crypto/opensslv.h6
-rw-r--r--openssl/crypto/stack/safestack.h60
-rw-r--r--openssl/crypto/ts/ts_verify_ctx.c5
-rw-r--r--openssl/crypto/x509v3/v3_addr.c6
-rw-r--r--openssl/crypto/x509v3/v3_asid.c31
-rw-r--r--openssl/engines/e_capi.c2
-rw-r--r--openssl/engines/e_gmp.c2
-rw-r--r--openssl/engines/e_padlock.c6
-rw-r--r--openssl/engines/makeengines.com68
-rw-r--r--openssl/makevms.com89
-rw-r--r--openssl/openssl.spec6
-rw-r--r--openssl/ssl/d1_enc.c6
-rw-r--r--openssl/ssl/d1_pkt.c3
-rw-r--r--openssl/ssl/install.com2
-rw-r--r--openssl/ssl/s2_srvr.c5
-rw-r--r--openssl/ssl/ssl-lib.com67
-rw-r--r--openssl/ssl/t1_lib.c8
-rw-r--r--openssl/test/maketests.com67
-rw-r--r--openssl/util/mk1mf.pl2
-rw-r--r--openssl/util/mkerr.pl2
-rw-r--r--openssl/util/mkstack.pl20
-rw-r--r--packages.txt2
44 files changed, 607 insertions, 158 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES
index 38bfd34aa..5cae85c9c 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,16 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
*) Disable code workaround for ancient and obsolete Netscape browsers
@@ -872,11 +882,34 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson]
diff --git a/openssl/FAQ b/openssl/FAQ
index 50e931408..0e008cbdd 100644
--- a/openssl/FAQ
+++ b/openssl/FAQ
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
+OpenSSL 1.0.0d was released on Feb 8th, 2011.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff --git a/openssl/LICENSE b/openssl/LICENSE
index a2c4adcbe..e47d101f1 100644
--- a/openssl/LICENSE
+++ b/openssl/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/openssl/Makefile b/openssl/Makefile
index 009688314..5b918c486 100644
--- a/openssl/Makefile
+++ b/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.0c
+VERSION=1.0.0d
MAJOR=1
MINOR=0.0
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/openssl/NEWS b/openssl/NEWS
index 139c1e02b..a9c9b7803 100644
--- a/openssl/NEWS
+++ b/openssl/NEWS
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+
+ o Fix for security issue CVE-2011-0014
+
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180
@@ -24,7 +28,7 @@
o Fix for security issue CVE-2010-1633.
o GOST MAC and CFB fixes.
- Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
@@ -47,6 +51,19 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+ o Fix for security issue CVE-2011-0014
+
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+
+ o Fix for security issue CVE-2010-3864.
+
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
o Fix for security issue CVE-2010-0742.
diff --git a/openssl/README b/openssl/README
index 509350db7..e3858eab8 100644
--- a/openssl/README
+++ b/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 1.0.0c 2 Dec 2010
+ OpenSSL 1.0.0d
- Copyright (c) 1998-2010 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/openssl/VMS/mkshared.com b/openssl/VMS/mkshared.com
index c8acd2ade..2f9167eea 100644
--- a/openssl/VMS/mkshared.com
+++ b/openssl/VMS/mkshared.com
@@ -38,7 +38,7 @@ $ libopt = "''libdir'LIBCRYPTO.OPT"
$ libmap = "''libdir'LIBCRYPTO.MAP"
$ libgoal= "''libdir'LIBCRYPTO.EXE"
$ libref = ""
-$ gosub create_nonvax_shr
+$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.''ARCH'.EXE.SSL]"
@@ -47,7 +47,26 @@ $ libopt = "''libdir'LIBSSL.OPT"
$ libmap = "''libdir'LIBSSL.MAP"
$ libgoal= "''libdir'LIBSSL.EXE"
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
-$ gosub create_nonvax_shr
+$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
+$ arch_vax = 0
+$ libid = "Crypto"
+$ libnum = "[.UTIL]LIBEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.CRYPTO]"
+$ libolb = "''libdir'LIBCRYPTO32.OLB"
+$ libopt = "''libdir'LIBCRYPTO32.OPT"
+$ libmap = "''libdir'LIBCRYPTO32.MAP"
+$ libgoal= "''libdir'LIBCRYPTO32.EXE"
+$ libref = ""
+$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
+$ libid = "SSL"
+$ libnum = "[.UTIL]SSLEAY.NUM"
+$ libdir = "[.''ARCH'.EXE.SSL]"
+$ libolb = "''libdir'LIBSSL32.OLB"
+$ libopt = "''libdir'LIBSSL32.OPT"
+$ libmap = "''libdir'LIBSSL32.MAP"
+$ libgoal= "''libdir'LIBSSL32.EXE"
+$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO32.EXE"
+$ if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
$ else
$ arch_vax = 1
$ libtit = "CRYPTO_TRANSFER_VECTOR"
@@ -62,7 +81,7 @@ $ libmap = "''libdir'LIBCRYPTO.MAP"
$ libgoal= "''libdir'LIBCRYPTO.EXE"
$ libref = ""
$ libvec = "LIBCRYPTO"
-$ gosub create_vax_shr
+$ if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr
$ libtit = "SSL_TRANSFER_VECTOR"
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
@@ -75,11 +94,11 @@ $ libmap = "''libdir'LIBSSL.MAP"
$ libgoal= "''libdir'LIBSSL.EXE"
$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
$ libvec = "LIBSSL"
-$ gosub create_vax_shr
+$ if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr
$ endif
$ exit
$
-$! ----- Soubroutines to build the shareable libraries
+$! ----- Subroutines to build the shareable libraries
$! For each supported architecture, there's a main shareable library
$! creator, which is called from the main code above.
$! The creator will define a number of variables to tell the next levels of
diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com
index 58f286562..7a728e6a5 100644
--- a/openssl/apps/makeapps.com
+++ b/openssl/apps/makeapps.com
@@ -39,6 +39,13 @@ $! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
$!
$! P5, if defined, sets a choice of programs to compile.
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6.
+$! For 32 bit architectures (VAX), P6 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Define A TCP/IP Library That We Will Need To Link To.
$! (That Is, If We Need To Link To One.)
@@ -73,11 +80,11 @@ $ PROGRAMS := OPENSSL
$!
$! Define The CRYPTO Library.
$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
$!
$! Define The SSL Library.
$!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB
$!
$! Define The OBJ Directory.
$!
@@ -563,6 +570,58 @@ $! End The P1 Check.
$!
$ ENDIF
$!
+$! Check To See If P6 Is Blank.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P6 Is Valid
+$!
+$ IF (P6.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P6.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
$! Check To See If P2 Is Blank.
$!
$ IF (P2.EQS."")
@@ -690,7 +749,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
$!
diff --git a/openssl/crypto/asn1/a_strex.c b/openssl/crypto/asn1/a_strex.c
index 7fc14d329..264ebf239 100644
--- a/openssl/crypto/asn1/a_strex.c
+++ b/openssl/crypto/asn1/a_strex.c
@@ -74,6 +74,11 @@
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB)
+
/* Three IO functions for sending data to memory, a BIO and
* and a FILE pointer.
@@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch
if(!io_ch(arg, tmphex, 3)) return -1;
return 3;
}
+ /* If we get this far and do any escaping at all must escape
+ * the escape character itself: backslash.
+ */
+ if (chtmp == '\\' && flags & ESC_FLAGS) {
+ if(!io_ch(arg, "\\\\", 2)) return -1;
+ return 2;
+ }
if(!io_ch(arg, &chtmp, 1)) return -1;
return 1;
}
@@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
4, -1, 2 /* 28-30 */
};
-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
- ASN1_STRFLGS_ESC_QUOTE | \
- ASN1_STRFLGS_ESC_CTRL | \
- ASN1_STRFLGS_ESC_MSB)
-
/* This is the main function, print out an
* ASN1_STRING taking note of various escape
* and display options. Returns number of
diff --git a/openssl/crypto/asn1/a_strnid.c b/openssl/crypto/asn1/a_strnid.c
index 753021a7a..2fc48c155 100644
--- a/openssl/crypto/asn1/a_strnid.c
+++ b/openssl/crypto/asn1/a_strnid.c
@@ -95,7 +95,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
* default: the default value, Printable, T61, BMP.
*/
-int ASN1_STRING_set_default_mask_asc(char *p)
+int ASN1_STRING_set_default_mask_asc(const char *p)
{
unsigned long mask;
char *end;
diff --git a/openssl/crypto/asn1/ameth_lib.c b/openssl/crypto/asn1/ameth_lib.c
index 9a8b6cc22..5a581b90e 100644
--- a/openssl/crypto/asn1/ameth_lib.c
+++ b/openssl/crypto/asn1/ameth_lib.c
@@ -172,7 +172,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
{
const EVP_PKEY_ASN1_METHOD *t;
- ENGINE *e;
for (;;)
{
@@ -184,6 +183,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
if (pe)
{
#ifndef OPENSSL_NO_ENGINE
+ ENGINE *e;
/* type will contain the final unaliased type */
e = ENGINE_get_pkey_asn1_meth_engine(type);
if (e)
diff --git a/openssl/crypto/asn1/asn1.h b/openssl/crypto/asn1/asn1.h
index f7718b5a9..59540e4e7 100644
--- a/openssl/crypto/asn1/asn1.h
+++ b/openssl/crypto/asn1/asn1.h
@@ -1067,7 +1067,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(char *p);
+int ASN1_STRING_set_default_mask_asc(const char *p);
unsigned long ASN1_STRING_get_default_mask(void);
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask);
diff --git a/openssl/crypto/bio/bss_dgram.c b/openssl/crypto/bio/bss_dgram.c
index eb7e36546..07d012a46 100644
--- a/openssl/crypto/bio/bss_dgram.c
+++ b/openssl/crypto/bio/bss_dgram.c
@@ -340,7 +340,7 @@ static int dgram_write(BIO *b, const char *in, int inl)
if (data->peer.sa.sa_family == AF_INET)
peerlen = sizeof(data->peer.sa_in);
-#if OPENSSL_USE_IVP6
+#if OPENSSL_USE_IPV6
else if (data->peer.sa.sa_family == AF_INET6)
peerlen = sizeof(data->peer.sa_in6);
#endif
diff --git a/openssl/crypto/bio/bss_file.c b/openssl/crypto/bio/bss_file.c
index 8bfa0bcd9..b954fe7eb 100644
--- a/openssl/crypto/bio/bss_file.c
+++ b/openssl/crypto/bio/bss_file.c
@@ -123,6 +123,7 @@ BIO *BIO_new_file(const char *filename, const char *mode)
#if defined(_WIN32) && defined(CP_UTF8)
int sz, len_0 = (int)strlen(filename)+1;
+ DWORD flags;
/*
* Basically there are three cases to cover: a) filename is
@@ -136,17 +137,22 @@ BIO *BIO_new_file(const char *filename, const char *mode)
* ERROR_NO_UNICODE_TRANSLATION, in which case we fall
* back to fopen...
*/
- if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+ if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS),
+ filename,len_0,NULL,0))>0 ||
+ (GetLastError()==ERROR_INVALID_FLAGS &&
+ (sz=MultiByteToWideChar(CP_UTF8,(flags=0),
filename,len_0,NULL,0))>0)
+ )
{
WCHAR wmode[8];
WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
- if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+ if (MultiByteToWideChar(CP_UTF8,flags,
filename,len_0,wfilename,sz) &&
MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
wmode,sizeof(wmode)/sizeof(wmode[0])) &&
- (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT
+ (file=_wfopen(wfilename,wmode))==NULL &&
+ (errno==ENOENT || errno==EBADF)
) /* UTF-8 decode succeeded, but no file, filename
* could still have been locale-ized... */
file = fopen(filename,mode);
diff --git a/openssl/crypto/comp/c_rle.c b/openssl/crypto/comp/c_rle.c
index efd366fa2..18bceae51 100644
--- a/openssl/crypto/comp/c_rle.c
+++ b/openssl/crypto/comp/c_rle.c
@@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
{
int i;
- if (olen < (ilen-1))
+ if (ilen == 0 || olen < (ilen-1))
{
/* ZZZZZZZZZZZZZZZZZZZZZZ */
return(-1);
@@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
}
return(ilen-1);
}
-
diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com
index 96d9d5354..6719c8aed 100644
--- a/openssl/crypto/crypto-lib.com
+++ b/openssl/crypto/crypto-lib.com
@@ -47,6 +47,13 @@ $! P6, if defined, sets a choice of crypto methods to compile.
$! WARNING: this should only be done to recompile some part of an already
$! fully compiled library.
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P7.
+$! For 32 bit architectures (VAX), P7 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Define A TCP/IP Library That We Will Need To Link To.
$! (That Is, If We Need To Link To One.)
@@ -140,11 +147,11 @@ $ ENDIF
$!
$! Define The Library Name.
$!
-$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$ LIB_NAME := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB
$!
$! Define The CRYPTO-LIB We Are To Use.
$!
-$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
+$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB
$!
$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
$!
@@ -907,6 +914,58 @@ $! End The P5 Check.
$!
$ ENDIF
$!
+$! Check To See If P7 Is Blank.
+$!
+$ IF (P7.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P7 Is Valid
+$!
+$ IF (P7.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P7.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P7," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P7 Check.
+$!
+$ ENDIF
+$!
$! Check To See If P3 Is Blank.
$!
$ IF (P3.EQS."")
@@ -1034,7 +1093,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
diff --git a/openssl/crypto/dsa/dsa_ossl.c b/openssl/crypto/dsa/dsa_ossl.c
index 1fb665ec5..a3ddd7d28 100644
--- a/openssl/crypto/dsa/dsa_ossl.c
+++ b/openssl/crypto/dsa/dsa_ossl.c
@@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
s=BN_new();
if (s == NULL) goto err;
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dlen > SHA256_DIGEST_LENGTH)
- {
- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
- goto err;
- }
-
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
@@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
return -1;
}
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dgst_len > SHA256_DIGEST_LENGTH)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return -1;
- }
-
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
diff --git a/openssl/crypto/ec/ec2_smpl.c b/openssl/crypto/ec/ec2_smpl.c
index cf357b462..af94458ca 100644
--- a/openssl/crypto/ec/ec2_smpl.c
+++ b/openssl/crypto/ec/ec2_smpl.c
@@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
{
return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
}
+
+ if (EC_POINT_is_at_infinity(group, b))
+ return 1;
if (a->Z_is_one && b->Z_is_one)
{
diff --git a/openssl/crypto/ec/ec_key.c b/openssl/crypto/ec/ec_key.c
index 12fb0e6d6..522802c07 100644
--- a/openssl/crypto/ec/ec_key.c
+++ b/openssl/crypto/ec/ec_key.c
@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
-
+
+ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
+ {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+ goto err;
+ }
+
if ((ctx = BN_CTX_new()) == NULL)
goto err;
if ((point = EC_POINT_new(eckey->group)) == NULL)
diff --git a/openssl/crypto/ec/ecp_smpl.c b/openssl/crypto/ec/ecp_smpl.c
index 4d26f8bdf..66a92e2a9 100644
--- a/openssl/crypto/ec/ecp_smpl.c
+++ b/openssl/crypto/ec/ecp_smpl.c
@@ -1406,6 +1406,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
{
return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
}
+
+ if (EC_POINT_is_at_infinity(group, b))
+ return 1;
if (a->Z_is_one && b->Z_is_one)
{
diff --git a/openssl/crypto/engine/engine.h b/openssl/crypto/engine/engine.h
index 7fbd95f63..943aeae21 100644
--- a/openssl/crypto/engine/engine.h
+++ b/openssl/crypto/engine/engine.h
@@ -677,6 +677,7 @@ typedef struct st_dynamic_fns {
* can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
#define IMPLEMENT_DYNAMIC_CHECK_FN() \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
return 0; }
@@ -700,6 +701,8 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
const dynamic_fns *fns);
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
OPENSSL_EXPORT \
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+ OPENSSL_EXPORT \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
diff --git a/openssl/crypto/install.com b/openssl/crypto/install.com
index b3290165c..8bc1e180e 100644
--- a/openssl/crypto/install.com
+++ b/openssl/crypto/install.com
@@ -106,7 +106,7 @@ $ EXHEADER_CMS := cms.h
$ EXHEADER_PQUEUE := pqueue.h
$ EXHEADER_TS := ts.h
$ EXHEADER_JPAKE := jpake.h
-$ LIBS := LIBCRYPTO
+$ LIBS := LIBCRYPTO,LIBCRYPTO32
$
$ EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
$
diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h
index 79c679cbf..e7fca8345 100644
--- a/openssl/crypto/opensslv.h
+++ b/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000003f
+#define OPENSSL_VERSION_NUMBER 0x1000004fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c-fips 2 Dec 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d-fips 8 Feb 2011"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c 2 Dec 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d 8 Feb 2011"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h
index a498f1b10..39914bdde 100644
--- a/openssl/crypto/stack/safestack.h
+++ b/openssl/crypto/stack/safestack.h
@@ -2033,75 +2033,75 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \
((int (*)(const char * const *,const char * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \
((int (*)(const void * const *,const void * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \
((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
diff --git a/openssl/crypto/ts/ts_verify_ctx.c b/openssl/crypto/ts/ts_verify_ctx.c
index b079b50fc..609b7735d 100644
--- a/openssl/crypto/ts/ts_verify_ctx.c
+++ b/openssl/crypto/ts/ts_verify_ctx.c
@@ -56,7 +56,6 @@
*
*/
-#include <assert.h>
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/ts.h>
@@ -74,7 +73,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
{
- assert(ctx != NULL);
+ OPENSSL_assert(ctx != NULL);
memset(ctx, 0, sizeof(TS_VERIFY_CTX));
}
@@ -116,7 +115,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
ASN1_OCTET_STRING *msg;
const ASN1_INTEGER *nonce;
- assert(req != NULL);
+ OPENSSL_assert(req != NULL);
if (ret)
TS_VERIFY_CTX_cleanup(ret);
else
diff --git a/openssl/crypto/x509v3/v3_addr.c b/openssl/crypto/x509v3/v3_addr.c
index 9087d66e0..0d70e8696 100644
--- a/openssl/crypto/x509v3/v3_addr.c
+++ b/openssl/crypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
unsigned char addr[ADDR_RAW_BUF_LEN];
int i, n;
+ if (bs->length < 0)
+ return 0;
switch (afi) {
case IANA_AFI_IPV4:
+ if (bs->length > 4)
+ return 0;
addr_expand(addr, bs, 4, fill);
BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
break;
case IANA_AFI_IPV6:
+ if (bs->length > 16)
+ return 0;
addr_expand(addr, bs, 16, fill);
for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
;
diff --git a/openssl/crypto/x509v3/v3_asid.c b/openssl/crypto/x509v3/v3_asid.c
index 56702f86b..3f434c060 100644
--- a/openssl/crypto/x509v3/v3_asid.c
+++ b/openssl/crypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
#include <stdio.h>
#include <string.h>
-#include <assert.h>
#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
{
const ASIdOrRange *a = *a_, *b = *b_;
- assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
(a->type == ASIdOrRange_range && a->u.range != NULL &&
a->u.range->min != NULL && a->u.range->max != NULL));
- assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
(b->type == ASIdOrRange_range && b->u.range != NULL &&
b->u.range->min != NULL && b->u.range->max != NULL));
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
if (*choice == NULL) {
if ((*choice = ASIdentifierChoice_new()) == NULL)
return 0;
- assert((*choice)->u.inherit == NULL);
+ OPENSSL_assert((*choice)->u.inherit == NULL);
if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
return 0;
(*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
if (*choice == NULL) {
if ((*choice = ASIdentifierChoice_new()) == NULL)
return 0;
- assert((*choice)->u.asIdsOrRanges == NULL);
+ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
(*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
if ((*choice)->u.asIdsOrRanges == NULL)
return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
ASN1_INTEGER **min,
ASN1_INTEGER **max)
{
- assert(aor != NULL && min != NULL && max != NULL);
+ OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
switch (aor->type) {
case ASIdOrRange_id:
*min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
int v3_asid_is_canonical(ASIdentifiers *asid)
{
return (asid == NULL ||
- (ASIdentifierChoice_is_canonical(asid->asnum) ||
+ (ASIdentifierChoice_is_canonical(asid->asnum) &&
ASIdentifierChoice_is_canonical(asid->rdi)));
}
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
/*
* We have a list. Sort it.
*/
- assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+ OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
/*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
/*
* Make sure we're properly sorted (paranoia).
*/
- assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
/*
* Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
}
}
- assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
ret = 1;
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
X509 *x;
- assert(chain != NULL && sk_X509_num(chain) > 0);
- assert(ctx != NULL || ext != NULL);
- assert(ctx == NULL || ctx->verify_cb != NULL);
+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+ OPENSSL_assert(ctx != NULL || ext != NULL);
+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
/*
* Figure out where to start. If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
} else {
i = 0;
x = sk_X509_value(chain, i);
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if ((ext = x->rfc3779_asid) == NULL)
goto done;
}
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
*/
for (i++; i < sk_X509_num(chain); i++) {
x = sk_X509_value(chain, i);
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if (x->rfc3779_asid == NULL) {
if (child_as != NULL || child_rdi != NULL)
validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
/*
* Trust anchor can't inherit.
*/
- assert(x != NULL);
+ OPENSSL_assert(x != NULL);
if (x->rfc3779_asid != NULL) {
if (x->rfc3779_asid->asnum != NULL &&
x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
diff --git a/openssl/engines/e_capi.c b/openssl/engines/e_capi.c
index 5871491fd..24b620fc0 100644
--- a/openssl/engines/e_capi.c
+++ b/openssl/engines/e_capi.c
@@ -1814,6 +1814,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
#include <openssl/engine.h>
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
IMPLEMENT_DYNAMIC_CHECK_FN()
#else
diff --git a/openssl/engines/e_gmp.c b/openssl/engines/e_gmp.c
index c1f5601b6..a3d47151e 100644
--- a/openssl/engines/e_gmp.c
+++ b/openssl/engines/e_gmp.c
@@ -471,6 +471,8 @@ static int bind_fn(ENGINE *e, const char *id)
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
#else
OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
#endif
#endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
diff --git a/openssl/engines/e_padlock.c b/openssl/engines/e_padlock.c
index 381a74605..7d0941980 100644
--- a/openssl/engines/e_padlock.c
+++ b/openssl/engines/e_padlock.c
@@ -108,6 +108,8 @@ static ENGINE *ENGINE_padlock (void);
# endif
#endif
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
void ENGINE_load_padlock (void)
{
/* On non-x86 CPUs it just returns. */
@@ -120,6 +122,8 @@ void ENGINE_load_padlock (void)
#endif
}
+#endif
+
#ifdef COMPILE_HW_PADLOCK
/* We do these includes here to avoid header problems on platforms that
do not have the VIA padlock anyway... */
@@ -1218,6 +1222,8 @@ static RAND_METHOD padlock_rand = {
#else /* !COMPILE_HW_PADLOCK */
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
IMPLEMENT_DYNAMIC_CHECK_FN()
#endif
diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com
index 6cf423607..0d3174257 100644
--- a/openssl/engines/makeengines.com
+++ b/openssl/engines/makeengines.com
@@ -28,6 +28,13 @@ $!
$! P6 if defined, denotes which engines to build. If not defined,
$! all available engines are built.
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P7.
+$! For 32 bit architectures (VAX), P7 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!-----------------------------------------------------------------------------
$!
$! Set the default TCP/IP library to link against if needed
@@ -81,7 +88,7 @@ $ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
$!
$! Set the goal files, and create them if necessary
$!
-$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
$!
$! OK, time to check options and initialise
@@ -92,6 +99,7 @@ $ OPT_DEBUG = P2
$ OPT_COMPILER = P3
$ OPT_TCPIP_LIB = P4
$ OPT_SPECIAL_THREADS = P5
+$ OPT_POINTER_SIZE = P7
$
$ GOSUB CHECK_OPTIONS
$ GOSUB INITIALISE
@@ -557,6 +565,58 @@ $! End The OPT_SPECIAL_THREADS Check.
$!
$ ENDIF
$!
+$! Check To See If OPT_POINTER_SIZE Is Blank.
+$!
+$ IF (OPT_POINTER_SIZE.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is OPT_POINTER_SIZE Is Valid
+$!
+$ IF (OPT_POINTER_SIZE.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (OPT_POINTER_SIZE.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",OPT_POINTER_SIZE," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The OPT_POINTER_SIZE Check.
+$!
+$ ENDIF
+$!
$! Check To See If OPT_COMPILER Is Blank.
$!
$ IF (OPT_COMPILER.EQS."")
@@ -684,7 +744,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
@@ -720,7 +780,7 @@ $ EXIT
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -752,7 +812,7 @@ $!
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+ "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
diff --git a/openssl/makevms.com b/openssl/makevms.com
index 20211b73b..8c59c67ca 100644
--- a/openssl/makevms.com
+++ b/openssl/makevms.com
@@ -32,8 +32,13 @@ $! APPS Just build the "[.xxx.EXE.APPS]" application programs for Open
$! ENGINES Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL.
$!
$!
-$! P2 is ignored (it was used to denote if RSAref should be used or not,
-$! and is simply kept so surrounding scripts don't get confused)
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P2.
+$! For 32 bit architectures (VAX), P2 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging
$! information.
@@ -581,7 +586,7 @@ $ TIME = F$TIME()
$!
$! Write The [.CRYPTO._xxx]BUILDINF.H File.
$!
-$! WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
+$ WRITE H_FILE "#define CFLAGS ""/POINTER_SIZE=''POINTER_SIZE'"""
$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
$ WRITE H_FILE "#define DATE ""''TIME'"" "
$!
@@ -726,14 +731,14 @@ $! That's All, Time To RETURN.
$!
$ RETURN
$!
-$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library.
+$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB" Library.
$!
$ CRYPTO:
$!
$! Tell The User What We Are Doing.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB Library."
$!
$! Go To The [.CRYPTO] Directory.
$!
@@ -741,11 +746,11 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO]
$!
$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
$!
-$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'"
+$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
$!
$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
$!
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -755,14 +760,14 @@ $! Time To RETURN.
$!
$ RETURN
$!
-$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library.
+$! Build The "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library.
$!
$ SSL:
$!
$! Tell The User What We Are Doing.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library."
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL''LIB32'.OLB Library."
$!
$! Go To The [.SSL] Directory.
$!
@@ -770,7 +775,7 @@ $ SET DEFAULT SYS$DISK:[.SSL]
$!
$! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
$!
-$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -795,7 +800,7 @@ $ SET DEFAULT SYS$DISK:[.SSL]
$!
$! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
$!
-$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -820,7 +825,7 @@ $ SET DEFAULT SYS$DISK:[.TEST]
$!
$! Build The Test Programs.
$!
-$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -845,7 +850,7 @@ $ SET DEFAULT SYS$DISK:[.APPS]
$!
$! Build The Application Programs.
$!
-$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -870,7 +875,7 @@ $ SET DEFAULT SYS$DISK:[.ENGINES]
$!
$! Build The Application Programs.
$!
-$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
$!
$! Go Back To The Main Directory.
$!
@@ -927,9 +932,9 @@ $!
$! Tell The User We Don't Know What They Want.
$!
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [not-used option] [Debug option] <Compiler>"
+$ WRITE SYS$OUTPUT "USAGE: @MAKEVMS.COM [Target] [Pointer size] [Debug option] <Compiler>"
$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL NORSAREF NODEBUG "
+$ WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG "
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The Target ",P1," Is Invalid. The Valid Target Options Are:"
$ WRITE SYS$OUTPUT ""
@@ -966,6 +971,58 @@ $! End The P1 Check.
$!
$ ENDIF
$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P2 Is Valid
+$!
+$ IF (P2.EQS."32")
+$ THEN
+$ POINTER_SIZE = "32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P2.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "32"
+$ ELSE
+$ POINTER_SIZE = "64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
$! Check To See If P3 Is Blank.
$!
$ IF (P3.EQS."NODEBUG")
diff --git a/openssl/openssl.spec b/openssl/openssl.spec
index 9b9072a7d..bcfb32612 100644
--- a/openssl/openssl.spec
+++ b/openssl/openssl.spec
@@ -2,15 +2,15 @@
%define libmaj 1
%define libmin 0
%define librel 0
-%define librev c
+%define librev d
Release: 1
%define openssldir /var/ssl
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: %{libmaj}.%{libmin}.%{librel}
-#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+#Version: %{libmaj}.%{libmin}.%{librel}
+Version: %{libmaj}.%{libmin}.%{librel}%{librev}
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Copyright: Freely distributable
Group: System Environment/Libraries
diff --git a/openssl/ssl/d1_enc.c b/openssl/ssl/d1_enc.c
index 8fa57347a..becbab91c 100644
--- a/openssl/ssl/d1_enc.c
+++ b/openssl/ssl/d1_enc.c
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
if (!send)
{
if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
+ return -1;
}
EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index 1fd58bf59..c10514222 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
goto err;
/* otherwise enc_err == -1 */
- goto err;
+ al=SSL_AD_BAD_RECORD_MAC;
+ goto f_err;
}
#ifdef TLS_DEBUG
diff --git a/openssl/ssl/install.com b/openssl/ssl/install.com
index 7f5606759..fe1d7268e 100644
--- a/openssl/ssl/install.com
+++ b/openssl/ssl/install.com
@@ -43,7 +43,7 @@ $ IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
$
$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
$ E_EXE := ssl_task
-$ LIBS := LIBSSL
+$ LIBS := LIBSSL,LIBSSL32
$
$ XEXE_DIR := [-.'ARCH'.EXE.SSL]
$
diff --git a/openssl/ssl/s2_srvr.c b/openssl/ssl/s2_srvr.c
index 947167687..bc885e8e7 100644
--- a/openssl/ssl/s2_srvr.c
+++ b/openssl/ssl/s2_srvr.c
@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
p+=3;
n2s(p,i); s->s2->tmp.clear=i;
n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
- if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+ n2s(p,i);
+ if(i > SSL_MAX_KEY_ARG_LENGTH)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
return -1;
}
+ s->session->key_arg_length=i;
s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
}
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index c5ca9e1df..35bdd34de 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -42,6 +42,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB
$!
$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P6.
+$! For 32 bit architectures (VAX), P6 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Define A TCP/IP Library That We Will Need To Link To.
$! (That Is, If We Need To Link To One.)
@@ -118,11 +125,11 @@ $ ENDIF
$!
$! Define The Library Name.
$!
-$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$ SSL_LIB := 'EXE_DIR'LIBSSL'LIB32'.OLB
$!
$! Define The CRYPTO-LIB We Are To Use.
$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
$!
$! Check To See What We Are To Do.
$!
@@ -156,7 +163,7 @@ $! Compile The Library.
$!
$ LIBRARY:
$!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library...
$!
$ IF (F$SEARCH(SSL_LIB).EQS."")
$ THEN
@@ -653,6 +660,58 @@ $! End The P5 Check.
$!
$ ENDIF
$!
+$! Check To See If P6 Is Blank.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P6 Is Valid
+$!
+$ IF (P6.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P6.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P6," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
$! Check To See If P3 Is Blank.
$!
$ IF (P3.EQS."")
@@ -780,7 +839,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
"/NOLIST/PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
$!
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index 5cdd7e572..85371c87b 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com
index 3d8129bf2..5dd797e35 100644
--- a/openssl/test/maketests.com
+++ b/openssl/test/maketests.com
@@ -36,6 +36,13 @@ $! SOCKETSHR for SOCKETSHR+NETLIB
$!
$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
$!
+$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P5.
+$! For 32 bit architectures (VAX), P5 is ignored.
+$! Currently supported values are:
+$!
+$! 32 To ge a library compiled with /POINTER_SIZE=32
+$! 64 To ge a library compiled with /POINTER_SIZE=64
+$!
$!
$! Define A TCP/IP Library That We Will Need To Link To.
$! (That is, If Wee Need To Link To One.)
@@ -72,11 +79,11 @@ $ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
$!
$! Define The CRYPTO-LIB We Are To Use.
$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
$!
$! Define The SSL We Are To Use.
$!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB
$!
$! Create the OBJ and EXE Directories, if needed.
$!
@@ -496,7 +503,59 @@ $! End The Valid Arguement Check.
$!
$ ENDIF
$!
-$! End The P2 Check.
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P5 Is Blank.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$ POINTER_SIZE = ""
+$ ELSE
+$!
+$! Check is P5 Is Valid
+$!
+$ IF (P5.EQS."32")
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ LIB32 = ""
+$ ELSE
+$ LIB32 = "32"
+$ ENDIF
+$ ELSE
+$ IF (P5.EQS."64")
+$ THEN
+$ LIB32 = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$ POINTER_SIZE = "/POINTER_SIZE=32"
+$ ELSE
+$ POINTER_SIZE = "/POINTER_SIZE=64"
+$ ENDIF
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " 32 : Compile with 32 bit pointer size"
+$ WRITE SYS$OUTPUT " 64 : Compile with 64 bit pointer size"
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ GOTO TIDY
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$ ENDIF
+$!
+$! End The P5 Check.
$!
$ ENDIF
$!
@@ -627,7 +686,7 @@ $!
$ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC /DECC"
-$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89" + -
+$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89 ''POINTER_SIZE'" + -
"/NOLIST /PREFIX=ALL" + -
"/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
$!
diff --git a/openssl/util/mk1mf.pl b/openssl/util/mk1mf.pl
index 68a415a39..afe8c7326 100644
--- a/openssl/util/mk1mf.pl
+++ b/openssl/util/mk1mf.pl
@@ -679,7 +679,7 @@ foreach (split(/\s+/,$engines))
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
-foreach (split(/\s+/,$otherlibs))
+foreach (split(" ",$otherlibs))
{
my $uc = $_;
$uc =~ tr /a-z/A-Z/;
diff --git a/openssl/util/mkerr.pl b/openssl/util/mkerr.pl
index 15b774f27..d8ea43a5d 100644
--- a/openssl/util/mkerr.pl
+++ b/openssl/util/mkerr.pl
@@ -391,7 +391,7 @@ foreach $lib (keys %csrc)
} else {
push @out,
"/* ====================================================================\n",
-" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n",
+" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
" *\n",
" * Redistribution and use in source and binary forms, with or without\n",
" * modification, are permitted provided that the following conditions\n",
diff --git a/openssl/util/mkstack.pl b/openssl/util/mkstack.pl
index 6a43757c9..f708610a7 100644
--- a/openssl/util/mkstack.pl
+++ b/openssl/util/mkstack.pl
@@ -104,25 +104,25 @@ EOF
#define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp)))
#define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null())
-#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
-#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
-#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i))
+#define sk_${t1}_push(st, val) sk_push(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_find(st, val) sk_find(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_STACK_OF($t1, st), i))
#define sk_${t1}_num(st) SKM_sk_num($t1, st)
-#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func))
-#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i)
+#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF($t1, st), CHECKED_SK_FREE_FUNC2($t1, free_func))
+#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val), i)
#define sk_${t1}_free(st) SKM_sk_free(${t1}, st)
-#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_set(st, i, val) sk_set(CHECKED_STACK_OF($t1, st), i, CHECKED_PTR_OF($t2, val))
#define sk_${t1}_zero(st) SKM_sk_zero($t1, (st))
-#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_unshift(st, val) sk_unshift(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, val))
#define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val))
#define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i))
-#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr))
+#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr(CHECKED_STACK_OF($t1, st), CHECKED_PTR_OF($t2, ptr))
#define sk_${t1}_set_cmp_func(st, cmp) \\
((int (*)(const $t2 * const *,const $t2 * const *)) \\
- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp)))
+ sk_set_cmp_func(CHECKED_STACK_OF($t1, st), CHECKED_SK_CMP_FUNC($t2, cmp)))
#define sk_${t1}_dup(st) SKM_sk_dup($t1, st)
#define sk_${t1}_shift(st) SKM_sk_shift($t1, (st))
-#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st))
+#define sk_${t1}_pop(st) ($t2 *)sk_pop(CHECKED_STACK_OF($t1, st))
#define sk_${t1}_sort(st) SKM_sk_sort($t1, (st))
#define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st))
diff --git a/packages.txt b/packages.txt
index 0df8958d8..d9b9cb17c 100644
--- a/packages.txt
+++ b/packages.txt
@@ -65,7 +65,7 @@ libxcb git version
libxkbfile-1.0.7
mesa git version
mkfontscale git version
-openssl-1.0.0c
+openssl-1.0.0d
pixman git version
pthreads-w32-2-8-0-release
randrproto git version