diff options
| -rw-r--r-- | openssl/Makefile | 12 | ||||
| -rw-r--r-- | openssl/openssl-1.0.0-stable-SNAP-20091118.tar.gz | bin | 0 -> 3988497 bytes | |||
| -rw-r--r-- | openssl/openssl-SNAP-20090310.tar.gz | bin | 3936276 -> 0 bytes | |||
| -rwxr-xr-x | openssl/update-snapshot.sh | 2 | ||||
| -rw-r--r-- | pow/POW-0.7/POW.c | 30 | ||||
| -rw-r--r-- | rcynic/rcynic.c | 33 |
6 files changed, 54 insertions, 23 deletions
diff --git a/openssl/Makefile b/openssl/Makefile index 425a7457..35a800bc 100644 --- a/openssl/Makefile +++ b/openssl/Makefile @@ -1,6 +1,8 @@ # $Id$ -VERSION = SNAP-20090310 +VERSION = 1.0.0-stable-SNAP-20091118 + +OPTIONS = enable-rfc3779 enable-cms no-dso enable-shared --prefix=`pwd` # Kludge alert: # @@ -25,8 +27,14 @@ clean: rm -rf openssl-${VERSION} openssl cd tests; ${MAKE} $@ +# Ordinarily we let ./config guess the platform target. When +# debugging, we usually need to specify an explicit target, in which +# case it's probably easier to use ./Configure. + openssl-${VERSION}/Makefile: openssl-${VERSION}/config - cd openssl-${VERSION}; PERL=/usr/bin/perl ./config enable-rfc3779 enable-cms no-dso enable-shared --prefix=`pwd` + cd openssl-${VERSION}; PERL=/usr/bin/perl ./config ${OPTIONS} +# cd openssl-${VERSION}; PERL=/usr/bin/perl ./Configure debug-BSD-x86-elf ${OPTIONS} + cd openssl-${VERSION}; ${MAKE} depend openssl-${VERSION}/config: openssl-${VERSION}.tar.gz gzip -c -d openssl-${VERSION}.tar.gz | tar -xf - diff --git a/openssl/openssl-1.0.0-stable-SNAP-20091118.tar.gz b/openssl/openssl-1.0.0-stable-SNAP-20091118.tar.gz Binary files differnew file mode 100644 index 00000000..40de00cd --- /dev/null +++ b/openssl/openssl-1.0.0-stable-SNAP-20091118.tar.gz diff --git a/openssl/openssl-SNAP-20090310.tar.gz b/openssl/openssl-SNAP-20090310.tar.gz Binary files differdeleted file mode 100644 index ccc4661a..00000000 --- a/openssl/openssl-SNAP-20090310.tar.gz +++ /dev/null diff --git a/openssl/update-snapshot.sh b/openssl/update-snapshot.sh index 74ae157d..02e51b89 100755 --- a/openssl/update-snapshot.sh +++ b/openssl/update-snapshot.sh @@ -4,7 +4,7 @@ # Fetch today's OpenSSL snapshot and do everything needed to make it # the current code other than the svn commit. -version="SNAP-$(date +%Y%m%d)" +version="1.0.0-stable-SNAP-$(date +%Y%m%d)" tarball="openssl-${version}.tar.gz" diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c index a4be59f3..e4e8cc2e 100644 --- a/pow/POW-0.7/POW.c +++ b/pow/POW-0.7/POW.c @@ -47,7 +47,9 @@ #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/md5.h> +#ifndef OPENSSL_NO_MD2 #include <openssl/md2.h> +#endif #include <openssl/sha.h> #include <openssl/hmac.h> #include <openssl/ripemd.h> @@ -128,7 +130,9 @@ //#define NO_DH // Digests +#ifndef OPENSSL_NO_MD2 #define MD2_DIGEST 1 +#endif #define MD5_DIGEST 2 #define SHA_DIGEST 3 #define SHA1_DIGEST 4 @@ -1032,7 +1036,9 @@ static char X509_object_sign__doc__[] = " signed, it should be one of the following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -1071,10 +1077,12 @@ X509_object_sign(x509_object *self, PyObject *args) lose("could not sign certificate"); break; +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: if (!X509_sign(self->x509, pkey, EVP_md2())) lose("could not sign certificate"); break; +#endif case SHA_DIGEST: if (!X509_sign(self->x509, pkey, EVP_sha())) @@ -3112,7 +3120,9 @@ static char x509_crl_object_sign__doc__[] = " signed, it should be one of the following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -3150,10 +3160,12 @@ x509_crl_object_sign(x509_crl_object *self, PyObject *args) lose("could not sign CRL"); break; +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: if (!X509_CRL_sign(self->crl, pkey, EVP_md2())) lose("could not sign CRL"); break; +#endif case SHA_DIGEST: if (!X509_CRL_sign(self->crl, pkey, EVP_sha())) @@ -5511,7 +5523,9 @@ static char asymmetric_object_sign__doc__[] = " following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -5545,10 +5559,12 @@ asymmetric_object_sign(asymmetric_object *self, PyObject *args) lose("could not allocate memory"); switch(digest_type) { +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: digest_nid = NID_md2; digest_len = MD2_DIGEST_LENGTH; break; +#endif case MD5_DIGEST: digest_nid = NID_md5; digest_len = MD5_DIGEST_LENGTH; @@ -5646,7 +5662,9 @@ static char asymmetric_object_verify__doc__[] = " following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -5673,10 +5691,12 @@ asymmetric_object_verify(asymmetric_object *self, PyObject *args) goto error; switch (digest_type) { +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: digest_len = MD2_DIGEST_LENGTH; digest_nid = NID_md2; break; +#endif case MD5_DIGEST: digest_len = MD5_DIGEST_LENGTH; digest_nid = NID_md5; @@ -6090,10 +6110,12 @@ digest_object_new(int digest_type) goto error; switch(digest_type) { +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: self->digest_type = MD2_DIGEST; EVP_DigestInit(&self->digest_ctx, EVP_md2()); break; +#endif case MD5_DIGEST: self->digest_type = MD5_DIGEST; EVP_DigestInit(&self->digest_ctx, EVP_md5()); @@ -6334,9 +6356,11 @@ hmac_object_new(int digest_type, char *key, int key_len) goto error; switch (digest_type) { +#ifndef OPENSSL_NO_MD2 case MD2_DIGEST: md = EVP_md2(); break; +#endif case MD5_DIGEST: md = EVP_md5(); break; @@ -7379,7 +7403,9 @@ static char pow_module_new_digest__doc__[] = " of digest to create and should be one of the following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -7421,7 +7447,9 @@ static char pow_module_new_hmac__doc__[] = " string and <parameter>type</parameter> should be one of the following:\n" " </para>\n" " <simplelist>\n" +#ifndef OPENSSL_NO_MD2 " <member><constant>MD2_DIGEST</constant></member>\n" +#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" @@ -8407,7 +8435,9 @@ init_POW(void) #endif // message digests +#ifndef OPENSSL_NO_MD2 Define_Integer_Constant(MD2_DIGEST); +#endif Define_Integer_Constant(MD5_DIGEST); Define_Integer_Constant(SHA_DIGEST); Define_Integer_Constant(SHA1_DIGEST); diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index 3a67e135..317bd8ae 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -285,7 +285,7 @@ typedef struct certinfo { typedef struct rcynic_ctx { char *authenticated, *old_authenticated, *unauthenticated; char *jane, *rsync_program; - STACK_OF(STRING) *rsync_cache, *backup_cache; + STACK_OF(OPENSSL_STRING) *rsync_cache, *backup_cache; STACK_OF(HOST_MIB_COUNTER) *host_counters; int indent, use_syslog, allow_stale_crl, allow_stale_manifest, use_links; int require_crl_in_manifest, rsync_timeout, priority[LOG_LEVEL_T_MAX]; @@ -347,19 +347,12 @@ static const unsigned char id_sha256[] = */ static const char rpki_policy_oid[] = "1.3.6.1.5.5.7.14.2"; -/** - * Missing definition that should have been in safestack.h. - */ -#ifndef sk_STRING_delete -#define sk_STRING_delete(st, i) SKM_sk_delete(STRING, (st), (i)) -#endif - /** * Type-safe wrapper around free() to keep safestack macros happy. */ -static void STRING_free(STRING s) +static void OPENSSL_STRING_free(OPENSSL_STRING s) { free(s); } @@ -748,11 +741,11 @@ static int mkdir_maybe(const rcynic_ctx_t *rc, const char *name) /** * strdup() a string and push it onto a stack. */ -static int sk_STRING_push_strdup(STACK_OF(STRING) *sk, const char *str) +static int sk_OPENSSL_STRING_push_strdup(STACK_OF(OPENSSL_STRING) *sk, const char *str) { char *s = strdup(str); - if (s && sk_STRING_push(sk, s)) + if (s && sk_OPENSSL_STRING_push(sk, s)) return 1; if (s) free(s); @@ -1097,7 +1090,7 @@ static int rsync_cached(const rcynic_ctx_t *rc, strcpy(buffer, uri); if ((s = strrchr(buffer, '/')) != NULL && s[1] == '\0') *s = '\0'; - while (sk_STRING_find(rc->rsync_cache, buffer) < 0) { + while (sk_OPENSSL_STRING_find(rc->rsync_cache, buffer) < 0) { if ((s = strrchr(buffer, '/')) == NULL) return 0; *s = '\0'; @@ -1304,7 +1297,7 @@ static int rsync(const rcynic_ctx_t *rc, strcpy(buffer, uri + SIZEOF_RSYNC); if ((s = strrchr(buffer, '/')) != NULL && s[1] == '\0') *s = '\0'; - if (!sk_STRING_push_strdup(rc->rsync_cache, buffer)) + if (!sk_OPENSSL_STRING_push_strdup(rc->rsync_cache, buffer)) logmsg(rc, log_sys_err, "Couldn't cache URI %s, blundering onward", uri); return ret; @@ -1981,7 +1974,7 @@ static X509 *check_cert(rcynic_ctx_t *rc, if (uri_to_filename(rc, uri, path, sizeof(path), rc->authenticated) && !access(path, R_OK)) { - if (backup || sk_STRING_find(rc->backup_cache, uri) < 0) + if (backup || sk_OPENSSL_STRING_find(rc->backup_cache, uri) < 0) return NULL; mib_increment(rc, uri, current_cert_recheck); logmsg(rc, log_telemetry, "Rechecking cert %s", uri); @@ -1997,8 +1990,8 @@ static X509 *check_cert(rcynic_ctx_t *rc, mib_increment(rc, uri, (backup ? backup_cert_accepted : current_cert_accepted)); if (!backup) - (void) sk_STRING_delete(rc->backup_cache, sk_STRING_find(rc->backup_cache, uri)); - else if (!sk_STRING_push_strdup(rc->backup_cache, uri)) + (void) sk_OPENSSL_STRING_delete(rc->backup_cache, sk_OPENSSL_STRING_find(rc->backup_cache, uri)); + else if (!sk_OPENSSL_STRING_push_strdup(rc->backup_cache, uri)) logmsg(rc, log_sys_err, "Couldn't cache URI %s, blundering onward", uri); } else if (!access(path, F_OK)) { @@ -2818,12 +2811,12 @@ int main(int argc, char *argv[]) } - if ((rc.rsync_cache = sk_STRING_new(uri_cmp)) == NULL) { + if ((rc.rsync_cache = sk_OPENSSL_STRING_new(uri_cmp)) == NULL) { logmsg(&rc, log_sys_err, "Couldn't allocate rsync_cache stack"); goto done; } - if ((rc.backup_cache = sk_STRING_new(uri_cmp)) == NULL) { + if ((rc.backup_cache = sk_OPENSSL_STRING_new(uri_cmp)) == NULL) { logmsg(&rc, log_sys_err, "Couldn't allocate backup_cache stack"); goto done; } @@ -3089,8 +3082,8 @@ int main(int argc, char *argv[]) * Do NOT free cfg_section, NCONF_free() takes care of that */ sk_X509_pop_free(certs, X509_free); - sk_STRING_pop_free(rc.rsync_cache, STRING_free); - sk_STRING_pop_free(rc.backup_cache, STRING_free); + sk_OPENSSL_STRING_pop_free(rc.rsync_cache, OPENSSL_STRING_free); + sk_OPENSSL_STRING_pop_free(rc.backup_cache, OPENSSL_STRING_free); sk_HOST_MIB_COUNTER_pop_free(rc.host_counters, HOST_MIB_COUNTER_free); X509_STORE_free(rc.x509_store); NCONF_free(cfg_handle); |