Recent and not so recent changes from 0.9.6-stable.

diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index 1c1e3b38575a3a5885cbe9ba910c49771b7140a3..48f60e623163e459146779a863528efc0855ebf9 100644 (file)
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -110,9 +110,8 @@ EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
        {
-       memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
        RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
-               ctx->c.rc4.key);
+                   key);
        return 1;
        }
 

diff --git a/crypto/mem.c b/crypto/mem.c
index 0df0a2a5491d3df9b2c7cbd1d09503b9f2500e41..6b38f4ad2a16ce7512820c6dfb7e1fa4b791469f 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -175,7 +175,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
        void *ret = NULL;
        extern unsigned char cleanse_ctr;
 
-       if (num < 0) return NULL;
+       if (num <= 0) return NULL;
 
        allow_customize = 0;
        if (malloc_debug_func != NULL)
@@ -216,7 +216,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
        void *ret = NULL;
        extern unsigned char cleanse_ctr;
 
-       if (num < 0) return NULL;
+       if (num <= 0) return NULL;
 
        allow_customize = 0;
        if (malloc_debug_func != NULL)
@@ -247,7 +247,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
        if (str == NULL)
                return CRYPTO_malloc(num, file, line);
 
-       if (num < 0) return NULL;
+       if (num <= 0) return NULL;
 
        if (realloc_debug_func != NULL)
                realloc_debug_func(str, NULL, num, file, line, 0);

diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index f78c2a6b43806edc1aed901ffa7ea0db3cd8890a..c25959a74282866ee469a32a47eb6bca5b788ece 100644 (file)
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
                break;
                }
 
-       if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+       if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
                                           for, not bytes */
                ret|=EVP_PKT_EXP;
        if(pkey==NULL) EVP_PKEY_free(pk);

diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
index a56ee2b92f2bae32ee0b498df4da6d03e29021d9..f0b731731f505a5940d534f813bc542964e71d3b 100644 (file)
--- a/doc/crypto/BIO_f_ssl.pod
+++ b/doc/crypto/BIO_f_ssl.pod
@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
        return 0;
  }
 
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
 
  /* Since there is a buffering BIO present we had better flush it */
  BIO_flush(sbio);

diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
index 2a987391147c1a1b1010ac3b58de7bca9ff2f991..42fa66b1975179192dc7a9a23d5afc7323525b98 100644 (file)
--- a/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 1
+=item 0
 
 The operation succeeded.
 
-=item 0
+=item 1
 
 The operation failed. Check the error queue to find out the reason.
 

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b98b79840a24bc2fc1eb645eb02fea9b777b9294..9db9d7fe7862b429b710b1c89915ef50219c09e5 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1786,7 +1786,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                if (algs & SSL_kRSA)
                        {
                        if (rsa == NULL
-                           || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                           || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
                                goto f_err;
@@ -1798,7 +1798,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
-                               || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                               || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
                                goto f_err;

diff --git a/ssl/ssl.h b/ssl/ssl.h
index ed2eae96e3a1fbb91e898bc7122a0b7094902b20..9d3a93c9ad55b0d12762a41f2907d68a99bf1c66 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1175,8 +1175,8 @@ char *SSL_alert_type_string(int value);
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index bb4cb2fdf07f0aae7a084385b93bf3ffbf176734..f41bc620ea46f2eabf23a17806c8e0181c68ac6d 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -483,12 +483,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
        return(i);
        }
 
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
        {
        if (*ca_list != NULL)
                sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
-       *ca_list=list;
+       *ca_list=name_list;
        }
 
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -510,14 +510,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
        return(ret);
        }
 
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
        {
-       set_client_CA_list(&(s->client_CA),list);
+       set_client_CA_list(&(s->client_CA),name_list);
        }
 
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
        {
-       set_client_CA_list(&(ctx->client_CA),list);
+       set_client_CA_list(&(ctx->client_CA),name_list);
        }
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 121056697aeb31c37426e070ba5db53d5111c1b8..8a9232b04e62f34851527e6146c5d11393485d56 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -310,10 +310,10 @@ static unsigned long ssl_cipher_get_disabled(void)
        }
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-               int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+               int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
-       int i, list_num;
+       int i, co_list_num;
        SSL_CIPHER *c;
 
        /*
@@ -324,18 +324,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
         */
 
        /* Get the initial list of ciphers */
-       list_num = 0;   /* actual count of ciphers */
+       co_list_num = 0;        /* actual count of ciphers */
        for (i = 0; i < num_of_ciphers; i++)
                {
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
                if ((c != NULL) && c->valid && !(c->algorithms & mask))
                        {
-                       list[list_num].cipher = c;
-                       list[list_num].next = NULL;
-                       list[list_num].prev = NULL;
-                       list[list_num].active = 0;
-                       list_num++;
+                       co_list[co_list_num].cipher = c;
+                       co_list[co_list_num].next = NULL;
+                       co_list[co_list_num].prev = NULL;
+                       co_list[co_list_num].active = 0;
+                       co_list_num++;
                        /*
                        if (!sk_push(ca_list,(char *)c)) goto err;
                        */
@@ -345,18 +345,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
        /*
         * Prepare linked list from list entries
         */     
-       for (i = 1; i < list_num - 1; i++)
+       for (i = 1; i < co_list_num - 1; i++)
                {
-               list[i].prev = &(list[i-1]);
-               list[i].next = &(list[i+1]);
+               co_list[i].prev = &(co_list[i-1]);
+               co_list[i].next = &(co_list[i+1]);
                }
-       if (list_num > 0)
+       if (co_list_num > 0)
                {
-               (*head_p) = &(list[0]);
+               (*head_p) = &(co_list[0]);
                (*head_p)->prev = NULL;
-               (*head_p)->next = &(list[1]);
-               (*tail_p) = &(list[list_num - 1]);
-               (*tail_p)->prev = &(list[list_num - 2]);
+               (*head_p)->next = &(co_list[1]);
+               (*tail_p) = &(co_list[co_list_num - 1]);
+               (*tail_p)->prev = &(co_list[co_list_num - 2]);
                (*tail_p)->next = NULL;
                }
        }
@@ -402,7 +402,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
 
 static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
                unsigned long algo_strength, unsigned long mask_strength,
-               int rule, int strength_bits, CIPHER_ORDER *list,
+               int rule, int strength_bits, CIPHER_ORDER *co_list,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
        CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -497,8 +497,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
        *tail_p = tail;
        }
 
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
-                                    CIPHER_ORDER **tail_p)
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+                                   CIPHER_ORDER **head_p,
+                                   CIPHER_ORDER **tail_p)
        {
        int max_strength_bits, i, *number_uses;
        CIPHER_ORDER *curr;
@@ -543,14 +544,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
        for (i = max_strength_bits; i >= 0; i--)
                if (number_uses[i] > 0)
                        ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
-                                       list, head_p, tail_p);
+                                       co_list, head_p, tail_p);
 
        OPENSSL_free(number_uses);
        return(1);
        }
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
-               CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+               CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
                CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
        {
        unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -674,7 +675,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        ok = 0;
                        if ((buflen == 8) &&
                                !strncmp(buf, "STRENGTH", 8))
-                               ok = ssl_cipher_strength_sort(list,
+                               ok = ssl_cipher_strength_sort(co_list,
                                        head_p, tail_p);
                        else
                                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -694,7 +695,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        {
                        ssl_cipher_apply_rule(algorithms, mask,
                                algo_strength, mask_strength, rule, -1,
-                               list, head_p, tail_p);
+                               co_list, head_p, tail_p);
                        }
                else
                        {
@@ -716,7 +717,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        unsigned long disabled_mask;
        STACK_OF(SSL_CIPHER) *cipherstack;
        const char *rule_p;
-       CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+       CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
        SSL_CIPHER **ca_list = NULL;
 
        /*
@@ -738,15 +739,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         * it is used for allocation.
         */
        num_of_ciphers = ssl_method->num_ciphers();
-       list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-       if (list == NULL)
+       co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+       if (co_list == NULL)
                {
                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                return(NULL);   /* Failure */
                }
 
        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-                                  list, &head, &tail);
+                                  co_list, &head, &tail);
 
        /*
         * We also need cipher aliases for selecting based on the rule_str.
@@ -762,7 +763,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
        if (ca_list == NULL)
                {
-               OPENSSL_free(list);
+               OPENSSL_free(co_list);
                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                return(NULL);   /* Failure */
                }
@@ -778,21 +779,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (strncmp(rule_str,"DEFAULT",7) == 0)
                {
                ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                       list, &head, &tail, ca_list);
+                       co_list, &head, &tail, ca_list);
                rule_p += 7;
                if (*rule_p == ':')
                        rule_p++;
                }
 
        if (ok && (strlen(rule_p) > 0))
-               ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+               ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
                                                ca_list);
 
        OPENSSL_free(ca_list);  /* Not needed anymore */
 
        if (!ok)
                {       /* Rule processing failure */
-               OPENSSL_free(list);
+               OPENSSL_free(co_list);
                return(NULL);
                }
        /*
@@ -801,7 +802,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
                {
-               OPENSSL_free(list);
+               OPENSSL_free(co_list);
                return(NULL);
                }
 
@@ -819,7 +820,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
                        }
                }
-       OPENSSL_free(list);     /* Not needed any longer */
+       OPENSSL_free(co_list);  /* Not needed any longer */
 
        /*
         * The following passage is a little bit odd. If pointer variables