Browse code
openssl : Upgrade to 1.0.2p
Change-Id: I5a39a6e1ad7054b8408763acf37dc64150c44b78
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5509
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Him Kalyan Bordoloi authored on 2018/08/19 13:50:28Showing 4 changed files
- SPECS/openssl/openssl-1.0.2n-ipv6apps.patch
- SPECS/openssl/openssl-drbg-default-read-system-fips.patch
- SPECS/openssl/openssl-ipv6apps.patch
- SPECS/openssl/openssl.spec
| 1 | 1 |
deleted file mode 100644 |
| ... | ... |
@@ -1,526 +0,0 @@ |
| 1 |
-diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h |
|
| 2 |
-+++ openssl-1.0.2a/apps/s_apps.h 2015-04-20 15:05:00.353137701 +0200 |
|
| 3 |
-@@ -151,7 +151,7 @@ typedef fd_mask fd_set; |
|
| 4 |
- #define PORT_STR "4433" |
|
| 5 |
- #define PROTOCOL "tcp" |
|
| 6 |
- |
|
| 7 |
--int do_server(int port, int type, int *ret, |
|
| 8 |
-+int do_server(char *port, int type, int *ret, |
|
| 9 |
- int (*cb) (char *hostname, int s, int stype, |
|
| 10 |
- unsigned char *context), unsigned char *context, |
|
| 11 |
- int naccept); |
|
| 12 |
-@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS |
|
| 13 |
- int ssl_print_curves(BIO *out, SSL *s, int noshared); |
|
| 14 |
- #endif |
|
| 15 |
- int ssl_print_tmp_key(BIO *out, SSL *s); |
|
| 16 |
--int init_client(int *sock, char *server, int port, int type); |
|
| 17 |
-+int init_client(int *sock, char *server, char *port, int type); |
|
| 18 |
- int should_retry(int i); |
|
| 19 |
- int extract_port(char *str, short *port_ptr); |
|
| 20 |
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|
| 21 |
-- short *p); |
|
| 22 |
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr); |
|
| 23 |
- |
|
| 24 |
- long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
|
| 25 |
- int argi, long argl, long ret); |
|
| 26 |
-diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c |
|
| 27 |
-+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 15:06:42.338503234 +0200 |
|
| 28 |
-@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv) |
|
| 29 |
- int cbuf_len, cbuf_off; |
|
| 30 |
- int sbuf_len, sbuf_off; |
|
| 31 |
- fd_set readfds, writefds; |
|
| 32 |
-- short port = PORT; |
|
| 33 |
-+ char *port_str = PORT_STR; |
|
| 34 |
- int full_log = 1; |
|
| 35 |
- char *host = SSL_HOST_NAME; |
|
| 36 |
- char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; |
|
| 37 |
-@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv) |
|
| 38 |
- } else if (strcmp(*argv, "-port") == 0) {
|
|
| 39 |
- if (--argc < 1) |
|
| 40 |
- goto bad; |
|
| 41 |
-- port = atoi(*(++argv)); |
|
| 42 |
-- if (port == 0) |
|
| 43 |
-- goto bad; |
|
| 44 |
-+ port_str = *(++argv); |
|
| 45 |
- } else if (strcmp(*argv, "-connect") == 0) {
|
|
| 46 |
- if (--argc < 1) |
|
| 47 |
- goto bad; |
|
| 48 |
-- if (!extract_host_port(*(++argv), &host, NULL, &port)) |
|
| 49 |
-+ if (!extract_host_port(*(++argv), &host, &port_str)) |
|
| 50 |
- goto bad; |
|
| 51 |
- } else if (strcmp(*argv, "-verify") == 0) {
|
|
| 52 |
- verify = SSL_VERIFY_PEER; |
|
| 53 |
-@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv) |
|
| 54 |
- |
|
| 55 |
- re_start: |
|
| 56 |
- |
|
| 57 |
-- if (init_client(&s, host, port, socket_type) == 0) {
|
|
| 58 |
-+ if (init_client(&s, host, port_str, socket_type) == 0) {
|
|
| 59 |
- BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); |
|
| 60 |
- SHUTDOWN(s); |
|
| 61 |
- goto end; |
|
| 62 |
-diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c |
|
| 63 |
-+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 15:10:47.245187746 +0200 |
|
| 64 |
-@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[]) |
|
| 65 |
- {
|
|
| 66 |
- X509_VERIFY_PARAM *vpm = NULL; |
|
| 67 |
- int badarg = 0; |
|
| 68 |
-- short port = PORT; |
|
| 69 |
-+ char *port_str = PORT_STR; |
|
| 70 |
- char *CApath = NULL, *CAfile = NULL; |
|
| 71 |
- char *chCApath = NULL, *chCAfile = NULL; |
|
| 72 |
- char *vfyCApath = NULL, *vfyCAfile = NULL; |
|
| 73 |
-@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[]) |
|
| 74 |
- if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
|
|
| 75 |
- if (--argc < 1) |
|
| 76 |
- goto bad; |
|
| 77 |
-- if (!extract_port(*(++argv), &port)) |
|
| 78 |
-+ port_str = *(++argv); |
|
| 79 |
-+ if (port_str == NULL || *port_str == '\0') |
|
| 80 |
- goto bad; |
|
| 81 |
- } else if (strcmp(*argv, "-naccept") == 0) {
|
|
| 82 |
- if (--argc < 1) |
|
| 83 |
-@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[]) |
|
| 84 |
- BIO_printf(bio_s_out, "ACCEPT\n"); |
|
| 85 |
- (void)BIO_flush(bio_s_out); |
|
| 86 |
- if (rev) |
|
| 87 |
-- do_server(port, socket_type, &accept_socket, rev_body, context, |
|
| 88 |
-+ do_server(port_str, socket_type, &accept_socket, rev_body, context, |
|
| 89 |
- naccept); |
|
| 90 |
- else if (www) |
|
| 91 |
-- do_server(port, socket_type, &accept_socket, www_body, context, |
|
| 92 |
-+ do_server(port_str, socket_type, &accept_socket, www_body, context, |
|
| 93 |
- naccept); |
|
| 94 |
- else |
|
| 95 |
-- do_server(port, socket_type, &accept_socket, sv_body, context, |
|
| 96 |
-+ do_server(port_str, socket_type, &accept_socket, sv_body, context, |
|
| 97 |
- naccept); |
|
| 98 |
- print_stats(bio_s_out, ctx); |
|
| 99 |
- ret = 0; |
|
| 100 |
-diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c |
|
| 101 |
-+++ openssl-1.0.2a/apps/s_socket.c 2015-04-20 15:32:53.960079507 +0200 |
|
| 102 |
-@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha |
|
| 103 |
- static void ssl_sock_cleanup(void); |
|
| 104 |
- # endif |
|
| 105 |
- static int ssl_sock_init(void); |
|
| 106 |
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); |
|
| 107 |
--static int init_server(int *sock, int port, int type); |
|
| 108 |
--static int init_server_long(int *sock, int port, char *ip, int type); |
|
| 109 |
-+static int init_server(int *sock, char *port, int type); |
|
| 110 |
- static int do_accept(int acc_sock, int *sock, char **host); |
|
| 111 |
- static int host_ip(char *str, unsigned char ip[4]); |
|
| 112 |
- |
|
| 113 |
-@@ -231,65 +229,66 @@ static int ssl_sock_init(void) |
|
| 114 |
- return (1); |
|
| 115 |
- } |
|
| 116 |
- |
|
| 117 |
--int init_client(int *sock, char *host, int port, int type) |
|
| 118 |
-+int init_client(int *sock, char *host, char *port, int type) |
|
| 119 |
- {
|
|
| 120 |
-- unsigned char ip[4]; |
|
| 121 |
-- |
|
| 122 |
-- memset(ip, '\0', sizeof ip); |
|
| 123 |
-- if (!host_ip(host, &(ip[0]))) |
|
| 124 |
-- return 0; |
|
| 125 |
-- return init_client_ip(sock, ip, port, type); |
|
| 126 |
--} |
|
| 127 |
-- |
|
| 128 |
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
|
| 129 |
--{
|
|
| 130 |
-- unsigned long addr; |
|
| 131 |
-- struct sockaddr_in them; |
|
| 132 |
-- int s, i; |
|
| 133 |
-+ struct addrinfo *res, *res0, hints; |
|
| 134 |
-+ char *failed_call = NULL; |
|
| 135 |
-+ int s; |
|
| 136 |
-+ int e; |
|
| 137 |
- |
|
| 138 |
- if (!ssl_sock_init()) |
|
| 139 |
- return (0); |
|
| 140 |
- |
|
| 141 |
-- memset((char *)&them, 0, sizeof(them)); |
|
| 142 |
-- them.sin_family = AF_INET; |
|
| 143 |
-- them.sin_port = htons((unsigned short)port); |
|
| 144 |
-- addr = (unsigned long) |
|
| 145 |
-- ((unsigned long)ip[0] << 24L) | |
|
| 146 |
-- ((unsigned long)ip[1] << 16L) | |
|
| 147 |
-- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); |
|
| 148 |
-- them.sin_addr.s_addr = htonl(addr); |
|
| 149 |
-- |
|
| 150 |
-- if (type == SOCK_STREAM) |
|
| 151 |
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
| 152 |
-- else /* ( type == SOCK_DGRAM) */ |
|
| 153 |
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
| 154 |
-- |
|
| 155 |
-- if (s == INVALID_SOCKET) {
|
|
| 156 |
-- perror("socket");
|
|
| 157 |
-+ memset(&hints, '\0', sizeof(hints)); |
|
| 158 |
-+ hints.ai_socktype = type; |
|
| 159 |
-+ hints.ai_flags = AI_ADDRCONFIG; |
|
| 160 |
-+ |
|
| 161 |
-+ e = getaddrinfo(host, port, &hints, &res); |
|
| 162 |
-+ if (e) {
|
|
| 163 |
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); |
|
| 164 |
-+ if (e == EAI_SYSTEM) |
|
| 165 |
-+ perror("getaddrinfo");
|
|
| 166 |
- return (0); |
|
| 167 |
- } |
|
| 168 |
-+ |
|
| 169 |
-+ res0 = res; |
|
| 170 |
-+ while (res) {
|
|
| 171 |
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); |
|
| 172 |
-+ if (s == INVALID_SOCKET) {
|
|
| 173 |
-+ failed_call = "socket"; |
|
| 174 |
-+ goto nextres; |
|
| 175 |
-+ } |
|
| 176 |
- # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) |
|
| 177 |
-- if (type == SOCK_STREAM) {
|
|
| 178 |
-- i = 0; |
|
| 179 |
-- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i)); |
|
| 180 |
-- if (i < 0) {
|
|
| 181 |
-- closesocket(s); |
|
| 182 |
-- perror("keepalive");
|
|
| 183 |
-- return (0); |
|
| 184 |
-+ if (type == SOCK_STREAM) {
|
|
| 185 |
-+ int i = 0; |
|
| 186 |
-+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, |
|
| 187 |
-+ (char *)&i, sizeof(i)); |
|
| 188 |
-+ if (i < 0) {
|
|
| 189 |
-+ failed_call = "keepalive"; |
|
| 190 |
-+ goto nextres; |
|
| 191 |
-+ } |
|
| 192 |
- } |
|
| 193 |
-- } |
|
| 194 |
- # endif |
|
| 195 |
-- |
|
| 196 |
-- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
|
|
| 197 |
-- closesocket(s); |
|
| 198 |
-- perror("connect");
|
|
| 199 |
-- return (0); |
|
| 200 |
-+ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
|
|
| 201 |
-+ freeaddrinfo(res0); |
|
| 202 |
-+ *sock = s; |
|
| 203 |
-+ return (1); |
|
| 204 |
-+ } |
|
| 205 |
-+ |
|
| 206 |
-+ failed_call = "socket"; |
|
| 207 |
-+ nextres: |
|
| 208 |
-+ if (s != INVALID_SOCKET) |
|
| 209 |
-+ close(s); |
|
| 210 |
-+ res = res->ai_next; |
|
| 211 |
- } |
|
| 212 |
-- *sock = s; |
|
| 213 |
-- return (1); |
|
| 214 |
-+ freeaddrinfo(res0); |
|
| 215 |
-+ closesocket(s); |
|
| 216 |
-+ |
|
| 217 |
-+ perror(failed_call); |
|
| 218 |
-+ return (0); |
|
| 219 |
- } |
|
| 220 |
- |
|
| 221 |
--int do_server(int port, int type, int *ret, |
|
| 222 |
-+int do_server(char *port, int type, int *ret, |
|
| 223 |
- int (*cb) (char *hostname, int s, int stype, |
|
| 224 |
- unsigned char *context), unsigned char *context, |
|
| 225 |
- int naccept) |
|
| 226 |
-@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r |
|
| 227 |
- } |
|
| 228 |
- } |
|
| 229 |
- |
|
| 230 |
--static int init_server_long(int *sock, int port, char *ip, int type) |
|
| 231 |
-+static int init_server(int *sock, char *port, int type) |
|
| 232 |
- {
|
|
| 233 |
-- int ret = 0; |
|
| 234 |
-- struct sockaddr_in server; |
|
| 235 |
-- int s = -1; |
|
| 236 |
-+ struct addrinfo *res, *res0 = NULL, hints; |
|
| 237 |
-+ char *failed_call = NULL; |
|
| 238 |
-+ int s = INVALID_SOCKET; |
|
| 239 |
-+ int e; |
|
| 240 |
- |
|
| 241 |
- if (!ssl_sock_init()) |
|
| 242 |
- return (0); |
|
| 243 |
- |
|
| 244 |
-- memset((char *)&server, 0, sizeof(server)); |
|
| 245 |
-- server.sin_family = AF_INET; |
|
| 246 |
-- server.sin_port = htons((unsigned short)port); |
|
| 247 |
-- if (ip == NULL) |
|
| 248 |
-- server.sin_addr.s_addr = INADDR_ANY; |
|
| 249 |
-- else |
|
| 250 |
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ |
|
| 251 |
--# ifndef BIT_FIELD_LIMITS |
|
| 252 |
-- memcpy(&server.sin_addr.s_addr, ip, 4); |
|
| 253 |
--# else |
|
| 254 |
-- memcpy(&server.sin_addr, ip, 4); |
|
| 255 |
--# endif |
|
| 256 |
-- |
|
| 257 |
-- if (type == SOCK_STREAM) |
|
| 258 |
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
| 259 |
-- else /* type == SOCK_DGRAM */ |
|
| 260 |
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
| 261 |
-+ memset(&hints, '\0', sizeof(hints)); |
|
| 262 |
-+ hints.ai_family = AF_INET6; |
|
| 263 |
-+ tryipv4: |
|
| 264 |
-+ hints.ai_socktype = type; |
|
| 265 |
-+ hints.ai_flags = AI_PASSIVE; |
|
| 266 |
-+ |
|
| 267 |
-+ e = getaddrinfo(NULL, port, &hints, &res); |
|
| 268 |
-+ if (e) {
|
|
| 269 |
-+ if (hints.ai_family == AF_INET) {
|
|
| 270 |
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); |
|
| 271 |
-+ if (e == EAI_SYSTEM) |
|
| 272 |
-+ perror("getaddrinfo");
|
|
| 273 |
-+ return (0); |
|
| 274 |
-+ } else |
|
| 275 |
-+ res = NULL; |
|
| 276 |
-+ } |
|
| 277 |
- |
|
| 278 |
-- if (s == INVALID_SOCKET) |
|
| 279 |
-- goto err; |
|
| 280 |
-+ res0 = res; |
|
| 281 |
-+ while (res) {
|
|
| 282 |
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); |
|
| 283 |
-+ if (s == INVALID_SOCKET) {
|
|
| 284 |
-+ failed_call = "socket"; |
|
| 285 |
-+ goto nextres; |
|
| 286 |
-+ } |
|
| 287 |
-+ if (hints.ai_family == AF_INET6) {
|
|
| 288 |
-+ int j = 0; |
|
| 289 |
-+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j); |
|
| 290 |
-+ } |
|
| 291 |
- # if defined SOL_SOCKET && defined SO_REUSEADDR |
|
| 292 |
-- {
|
|
| 293 |
-- int j = 1; |
|
| 294 |
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
|
| 295 |
-- } |
|
| 296 |
--# endif |
|
| 297 |
-- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
|
|
| 298 |
--# ifndef OPENSSL_SYS_WINDOWS |
|
| 299 |
-- perror("bind");
|
|
| 300 |
-+ {
|
|
| 301 |
-+ int j = 1; |
|
| 302 |
-+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
|
| 303 |
-+ } |
|
| 304 |
- # endif |
|
| 305 |
-- goto err; |
|
| 306 |
-+ |
|
| 307 |
-+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
|
|
| 308 |
-+ failed_call = "bind"; |
|
| 309 |
-+ goto nextres; |
|
| 310 |
-+ } |
|
| 311 |
-+ if (type == SOCK_STREAM && listen(s, 128) == -1) {
|
|
| 312 |
-+ failed_call = "listen"; |
|
| 313 |
-+ goto nextres; |
|
| 314 |
-+ } |
|
| 315 |
-+ |
|
| 316 |
-+ *sock = s; |
|
| 317 |
-+ return (1); |
|
| 318 |
-+ |
|
| 319 |
-+ nextres: |
|
| 320 |
-+ if (s != INVALID_SOCKET) |
|
| 321 |
-+ close(s); |
|
| 322 |
-+ res = res->ai_next; |
|
| 323 |
- } |
|
| 324 |
-- /* Make it 128 for linux */ |
|
| 325 |
-- if (type == SOCK_STREAM && listen(s, 128) == -1) |
|
| 326 |
-- goto err; |
|
| 327 |
-- *sock = s; |
|
| 328 |
-- ret = 1; |
|
| 329 |
-- err: |
|
| 330 |
-- if ((ret == 0) && (s != -1)) {
|
|
| 331 |
-- SHUTDOWN(s); |
|
| 332 |
-+ if (res0) |
|
| 333 |
-+ freeaddrinfo(res0); |
|
| 334 |
-+ |
|
| 335 |
-+ if (s == INVALID_SOCKET) {
|
|
| 336 |
-+ if (hints.ai_family == AF_INET6) {
|
|
| 337 |
-+ hints.ai_family = AF_INET; |
|
| 338 |
-+ goto tryipv4; |
|
| 339 |
-+ } |
|
| 340 |
-+ perror("socket");
|
|
| 341 |
-+ return (0); |
|
| 342 |
- } |
|
| 343 |
-- return (ret); |
|
| 344 |
--} |
|
| 345 |
- |
|
| 346 |
--static int init_server(int *sock, int port, int type) |
|
| 347 |
--{
|
|
| 348 |
-- return (init_server_long(sock, port, NULL, type)); |
|
| 349 |
-+ perror(failed_call); |
|
| 350 |
-+ return (0); |
|
| 351 |
- } |
|
| 352 |
- |
|
| 353 |
- static int do_accept(int acc_sock, int *sock, char **host) |
|
| 354 |
- {
|
|
| 355 |
-+ static struct sockaddr_storage from; |
|
| 356 |
-+ char buffer[NI_MAXHOST]; |
|
| 357 |
- int ret; |
|
| 358 |
-- struct hostent *h1, *h2; |
|
| 359 |
-- static struct sockaddr_in from; |
|
| 360 |
- int len; |
|
| 361 |
- /* struct linger ling; */ |
|
| 362 |
- |
|
| 363 |
-@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int * |
|
| 364 |
- ling.l_onoff=1; |
|
| 365 |
- ling.l_linger=0; |
|
| 366 |
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); |
|
| 367 |
-- if (i < 0) { perror("linger"); return(0); }
|
|
| 368 |
-+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
|
|
| 369 |
- i=0; |
|
| 370 |
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
|
| 371 |
-- if (i < 0) { perror("keepalive"); return(0); }
|
|
| 372 |
-+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
|
|
| 373 |
- */ |
|
| 374 |
- |
|
| 375 |
- if (host == NULL) |
|
| 376 |
- goto end; |
|
| 377 |
--# ifndef BIT_FIELD_LIMITS |
|
| 378 |
-- /* I should use WSAAsyncGetHostByName() under windows */ |
|
| 379 |
-- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, |
|
| 380 |
-- sizeof(from.sin_addr.s_addr), AF_INET); |
|
| 381 |
--# else |
|
| 382 |
-- h1 = gethostbyaddr((char *)&from.sin_addr, |
|
| 383 |
-- sizeof(struct in_addr), AF_INET); |
|
| 384 |
--# endif |
|
| 385 |
-- if (h1 == NULL) {
|
|
| 386 |
-- BIO_printf(bio_err, "bad gethostbyaddr\n"); |
|
| 387 |
-+ |
|
| 388 |
-+ if (getnameinfo((struct sockaddr *)&from, sizeof(from), |
|
| 389 |
-+ buffer, sizeof(buffer), NULL, 0, 0)) {
|
|
| 390 |
-+ BIO_printf(bio_err, "getnameinfo failed\n"); |
|
| 391 |
- *host = NULL; |
|
| 392 |
- /* return(0); */ |
|
| 393 |
- } else {
|
|
| 394 |
-- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
|
|
| 395 |
-+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {
|
|
| 396 |
- perror("OPENSSL_malloc");
|
|
| 397 |
- closesocket(ret); |
|
| 398 |
- return (0); |
|
| 399 |
- } |
|
| 400 |
-- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); |
|
| 401 |
-- |
|
| 402 |
-- h2 = GetHostByName(*host); |
|
| 403 |
-- if (h2 == NULL) {
|
|
| 404 |
-- BIO_printf(bio_err, "gethostbyname failure\n"); |
|
| 405 |
-- closesocket(ret); |
|
| 406 |
-- return (0); |
|
| 407 |
-- } |
|
| 408 |
-- if (h2->h_addrtype != AF_INET) {
|
|
| 409 |
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
|
| 410 |
-- closesocket(ret); |
|
| 411 |
-- return (0); |
|
| 412 |
-- } |
|
| 413 |
-+ strcpy(*host, buffer); |
|
| 414 |
- } |
|
| 415 |
- end: |
|
| 416 |
- *sock = ret; |
|
| 417 |
- return (1); |
|
| 418 |
- } |
|
| 419 |
- |
|
| 420 |
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|
| 421 |
-- short *port_ptr) |
|
| 422 |
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr) |
|
| 423 |
- {
|
|
| 424 |
-- char *h, *p; |
|
| 425 |
-+ char *h, *p, *x; |
|
| 426 |
- |
|
| 427 |
-- h = str; |
|
| 428 |
-- p = strchr(str, ':'); |
|
| 429 |
-+ x = h = str; |
|
| 430 |
-+ if (*h == '[') {
|
|
| 431 |
-+ h++; |
|
| 432 |
-+ p = strchr(h, ']'); |
|
| 433 |
-+ if (p == NULL) {
|
|
| 434 |
-+ BIO_printf(bio_err, "no ending bracket for IPv6 address\n"); |
|
| 435 |
-+ return (0); |
|
| 436 |
-+ } |
|
| 437 |
-+ *(p++) = '\0'; |
|
| 438 |
-+ x = p; |
|
| 439 |
-+ } |
|
| 440 |
-+ p = strchr(x, ':'); |
|
| 441 |
- if (p == NULL) {
|
|
| 442 |
- BIO_printf(bio_err, "no port defined\n"); |
|
| 443 |
- return (0); |
|
| 444 |
- } |
|
| 445 |
- *(p++) = '\0'; |
|
| 446 |
- |
|
| 447 |
-- if ((ip != NULL) && !host_ip(str, ip)) |
|
| 448 |
-- goto err; |
|
| 449 |
- if (host_ptr != NULL) |
|
| 450 |
- *host_ptr = h; |
|
| 451 |
-+ if (port_ptr != NULL) |
|
| 452 |
-+ *port_ptr = p; |
|
| 453 |
- |
|
| 454 |
-- if (!extract_port(p, port_ptr)) |
|
| 455 |
-- goto err; |
|
| 456 |
-- return (1); |
|
| 457 |
-- err: |
|
| 458 |
-- return (0); |
|
| 459 |
--} |
|
| 460 |
-- |
|
| 461 |
--static int host_ip(char *str, unsigned char ip[4]) |
|
| 462 |
--{
|
|
| 463 |
-- unsigned int in[4]; |
|
| 464 |
-- int i; |
|
| 465 |
-- |
|
| 466 |
-- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == |
|
| 467 |
-- 4) {
|
|
| 468 |
-- for (i = 0; i < 4; i++) |
|
| 469 |
-- if (in[i] > 255) {
|
|
| 470 |
-- BIO_printf(bio_err, "invalid IP address\n"); |
|
| 471 |
-- goto err; |
|
| 472 |
-- } |
|
| 473 |
-- ip[0] = in[0]; |
|
| 474 |
-- ip[1] = in[1]; |
|
| 475 |
-- ip[2] = in[2]; |
|
| 476 |
-- ip[3] = in[3]; |
|
| 477 |
-- } else { /* do a gethostbyname */
|
|
| 478 |
-- struct hostent *he; |
|
| 479 |
-- |
|
| 480 |
-- if (!ssl_sock_init()) |
|
| 481 |
-- return (0); |
|
| 482 |
-- |
|
| 483 |
-- he = GetHostByName(str); |
|
| 484 |
-- if (he == NULL) {
|
|
| 485 |
-- BIO_printf(bio_err, "gethostbyname failure\n"); |
|
| 486 |
-- goto err; |
|
| 487 |
-- } |
|
| 488 |
-- /* cast to short because of win16 winsock definition */ |
|
| 489 |
-- if ((short)he->h_addrtype != AF_INET) {
|
|
| 490 |
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
|
| 491 |
-- return (0); |
|
| 492 |
-- } |
|
| 493 |
-- ip[0] = he->h_addr_list[0][0]; |
|
| 494 |
-- ip[1] = he->h_addr_list[0][1]; |
|
| 495 |
-- ip[2] = he->h_addr_list[0][2]; |
|
| 496 |
-- ip[3] = he->h_addr_list[0][3]; |
|
| 497 |
-- } |
|
| 498 |
-- return (1); |
|
| 499 |
-- err: |
|
| 500 |
-- return (0); |
|
| 501 |
--} |
|
| 502 |
-- |
|
| 503 |
--int extract_port(char *str, short *port_ptr) |
|
| 504 |
--{
|
|
| 505 |
-- int i; |
|
| 506 |
-- struct servent *s; |
|
| 507 |
-- |
|
| 508 |
-- i = atoi(str); |
|
| 509 |
-- if (i != 0) |
|
| 510 |
-- *port_ptr = (unsigned short)i; |
|
| 511 |
-- else {
|
|
| 512 |
-- s = getservbyname(str, "tcp"); |
|
| 513 |
-- if (s == NULL) {
|
|
| 514 |
-- BIO_printf(bio_err, "getservbyname failure for %s\n", str); |
|
| 515 |
-- return (0); |
|
| 516 |
-- } |
|
| 517 |
-- *port_ptr = ntohs((unsigned short)s->s_port); |
|
| 518 |
-- } |
|
| 519 |
- return (1); |
|
| 520 |
- } |
|
| 521 |
- |
|
| 522 |
- |
| ... | ... |
@@ -1,14 +1,17 @@ |
| 1 |
-diff -rup openssl-1.0.2k/crypto/o_init.c openssl-1.0.2k-new/crypto/o_init.c |
|
| 2 |
-+++ openssl-1.0.2k-new/crypto/o_init.c 2017-07-27 17:18:49.016782797 -0700 |
|
| 3 |
-@@ -57,10 +57,57 @@ |
|
| 1 |
+diff -ur openssl-1.0.2p/crypto/o_init.c openssl-1.0.2p-new/crypto/o_init.c |
|
| 2 |
+--- openssl-1.0.2p/crypto/o_init.c 2018-08-14 05:48:58.000000000 -0700 |
|
| 3 |
+@@ -57,6 +57,7 @@ |
|
| 4 | 4 |
#include <openssl/err.h> |
| 5 | 5 |
#ifdef OPENSSL_FIPS |
| 6 | 6 |
# include <openssl/fips.h> |
| 7 | 7 |
+# include <openssl/fips_rand.h> |
| 8 | 8 |
# include <openssl/rand.h> |
| 9 |
+ |
|
| 10 |
+ # ifndef OPENSSL_NO_DEPRECATED |
|
| 11 |
+@@ -66,6 +67,51 @@ |
|
| 9 | 12 |
#endif |
| 10 |
- |
|
| 13 |
+ |
|
| 11 | 14 |
/* |
| 12 | 15 |
+ * |
| 13 | 16 |
+ * Enable FIPS mode based on host FIPS mode / env variable. |
| ... | ... |
@@ -54,12 +57,11 @@ diff -rup openssl-1.0.2k/crypto/o_init.c openssl-1.0.2k-new/crypto/o_init.c |
| 54 | 54 |
+} |
| 55 | 55 |
+#endif |
| 56 | 56 |
+ |
| 57 |
-+ |
|
| 58 | 57 |
+/* |
| 59 | 58 |
* Perform any essential OpenSSL initialization operations. Currently only |
| 60 | 59 |
* sets FIPS callbacks |
| 61 | 60 |
*/ |
| 62 |
-@@ -79,6 +126,17 @@ void OPENSSL_init(void) |
|
| 61 |
+@@ -84,6 +130,17 @@ |
|
| 63 | 62 |
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); |
| 64 | 63 |
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); |
| 65 | 64 |
RAND_init_fips(); |
| 66 | 65 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,468 @@ |
| 0 |
+diff -ur openssl-1.0.2p/apps/s_apps.h openssl-1.0.2p-new/apps/s_apps.h |
|
| 1 |
+--- openssl-1.0.2p/apps/s_apps.h 2018-08-14 05:49:04.000000000 -0700 |
|
| 2 |
+@@ -151,7 +151,7 @@ |
|
| 3 |
+ #define PORT_STR "4433" |
|
| 4 |
+ #define PROTOCOL "tcp" |
|
| 5 |
+ |
|
| 6 |
+-int do_server(int port, int type, int *ret, |
|
| 7 |
++int do_server(char *port, int type, int *ret, |
|
| 8 |
+ int (*cb) (int s, int stype, unsigned char *context), |
|
| 9 |
+ unsigned char *context, int naccept); |
|
| 10 |
+ #ifdef HEADER_X509_H |
|
| 11 |
+@@ -166,11 +166,10 @@ |
|
| 12 |
+ int ssl_print_curves(BIO *out, SSL *s, int noshared); |
|
| 13 |
+ #endif |
|
| 14 |
+ int ssl_print_tmp_key(BIO *out, SSL *s); |
|
| 15 |
+-int init_client(int *sock, char *server, int port, int type); |
|
| 16 |
++int init_client(int *sock, char *server, char *port, int type); |
|
| 17 |
+ int should_retry(int i); |
|
| 18 |
+ int extract_port(char *str, short *port_ptr); |
|
| 19 |
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|
| 20 |
+- short *p); |
|
| 21 |
++int extract_host_port(char *str, char **host_ptr, char **port_ptr); |
|
| 22 |
+ |
|
| 23 |
+ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
|
| 24 |
+ int argi, long argl, long ret); |
|
| 25 |
+diff -ur openssl-1.0.2p/apps/s_client.c openssl-1.0.2p-new/apps/s_client.c |
|
| 26 |
+--- openssl-1.0.2p/apps/s_client.c 2018-08-14 05:49:04.000000000 -0700 |
|
| 27 |
+@@ -668,7 +668,7 @@ |
|
| 28 |
+ int cbuf_len, cbuf_off; |
|
| 29 |
+ int sbuf_len, sbuf_off; |
|
| 30 |
+ fd_set readfds, writefds; |
|
| 31 |
+- short port = PORT; |
|
| 32 |
++ char *port_str = PORT_STR; |
|
| 33 |
+ int full_log = 1; |
|
| 34 |
+ char *host = SSL_HOST_NAME; |
|
| 35 |
+ char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; |
|
| 36 |
+@@ -792,13 +792,11 @@ |
|
| 37 |
+ } else if (strcmp(*argv, "-port") == 0) {
|
|
| 38 |
+ if (--argc < 1) |
|
| 39 |
+ goto bad; |
|
| 40 |
+- port = atoi(*(++argv)); |
|
| 41 |
+- if (port == 0) |
|
| 42 |
+- goto bad; |
|
| 43 |
++ port_str = *(++argv); |
|
| 44 |
+ } else if (strcmp(*argv, "-connect") == 0) {
|
|
| 45 |
+ if (--argc < 1) |
|
| 46 |
+ goto bad; |
|
| 47 |
+- if (!extract_host_port(*(++argv), &host, NULL, &port)) |
|
| 48 |
++ if (!extract_host_port(*(++argv), &host, &port_str)) |
|
| 49 |
+ goto bad; |
|
| 50 |
+ } else if (strcmp(*argv, "-verify") == 0) {
|
|
| 51 |
+ verify = SSL_VERIFY_PEER; |
|
| 52 |
+@@ -1449,7 +1447,7 @@ |
|
| 53 |
+ |
|
| 54 |
+ re_start: |
|
| 55 |
+ |
|
| 56 |
+- if (init_client(&s, host, port, socket_type) == 0) {
|
|
| 57 |
++ if (init_client(&s, host, port_str, socket_type) == 0) {
|
|
| 58 |
+ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); |
|
| 59 |
+ SHUTDOWN(s); |
|
| 60 |
+ goto end; |
|
| 61 |
+diff -ur openssl-1.0.2p/apps/s_server.c openssl-1.0.2p-new/apps/s_server.c |
|
| 62 |
+--- openssl-1.0.2p/apps/s_server.c 2018-08-14 05:49:04.000000000 -0700 |
|
| 63 |
+@@ -1082,7 +1082,7 @@ |
|
| 64 |
+ {
|
|
| 65 |
+ X509_VERIFY_PARAM *vpm = NULL; |
|
| 66 |
+ int badarg = 0; |
|
| 67 |
+- short port = PORT; |
|
| 68 |
++ char *port_str = PORT_STR; |
|
| 69 |
+ char *CApath = NULL, *CAfile = NULL; |
|
| 70 |
+ char *chCApath = NULL, *chCAfile = NULL; |
|
| 71 |
+ char *vfyCApath = NULL, *vfyCAfile = NULL; |
|
| 72 |
+@@ -1173,7 +1173,8 @@ |
|
| 73 |
+ if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
|
|
| 74 |
+ if (--argc < 1) |
|
| 75 |
+ goto bad; |
|
| 76 |
+- if (!extract_port(*(++argv), &port)) |
|
| 77 |
++ port_str = *(++argv); |
|
| 78 |
++ if (port_str == NULL || *port_str == '\0') |
|
| 79 |
+ goto bad; |
|
| 80 |
+ } else if (strcmp(*argv, "-naccept") == 0) {
|
|
| 81 |
+ if (--argc < 1) |
|
| 82 |
+@@ -2069,13 +2070,13 @@ |
|
| 83 |
+ BIO_printf(bio_s_out, "ACCEPT\n"); |
|
| 84 |
+ (void)BIO_flush(bio_s_out); |
|
| 85 |
+ if (rev) |
|
| 86 |
+- do_server(port, socket_type, &accept_socket, rev_body, context, |
|
| 87 |
++ do_server(port_str, socket_type, &accept_socket, rev_body, context, |
|
| 88 |
+ naccept); |
|
| 89 |
+ else if (www) |
|
| 90 |
+- do_server(port, socket_type, &accept_socket, www_body, context, |
|
| 91 |
++ do_server(port_str, socket_type, &accept_socket, www_body, context, |
|
| 92 |
+ naccept); |
|
| 93 |
+ else |
|
| 94 |
+- do_server(port, socket_type, &accept_socket, sv_body, context, |
|
| 95 |
++ do_server(port_str, socket_type, &accept_socket, sv_body, context, |
|
| 96 |
+ naccept); |
|
| 97 |
+ print_stats(bio_s_out, ctx); |
|
| 98 |
+ ret = 0; |
|
| 99 |
+diff -ur openssl-1.0.2p/apps/s_socket.c openssl-1.0.2p-new/apps/s_socket.c |
|
| 100 |
+--- openssl-1.0.2p/apps/s_socket.c 2018-08-14 05:49:04.000000000 -0700 |
|
| 101 |
+@@ -106,9 +106,7 @@ |
|
| 102 |
+ static void ssl_sock_cleanup(void); |
|
| 103 |
+ # endif |
|
| 104 |
+ static int ssl_sock_init(void); |
|
| 105 |
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); |
|
| 106 |
+-static int init_server(int *sock, int port, int type); |
|
| 107 |
+-static int init_server_long(int *sock, int port, char *ip, int type); |
|
| 108 |
++static int init_server(int *sock, char *port, int type); |
|
| 109 |
+ static int do_accept(int acc_sock, int *sock); |
|
| 110 |
+ static int host_ip(char *str, unsigned char ip[4]); |
|
| 111 |
+ |
|
| 112 |
+@@ -231,65 +229,66 @@ |
|
| 113 |
+ return (1); |
|
| 114 |
+ } |
|
| 115 |
+ |
|
| 116 |
+-int init_client(int *sock, char *host, int port, int type) |
|
| 117 |
++int init_client(int *sock, char *host, char *port, int type) |
|
| 118 |
+ {
|
|
| 119 |
+- unsigned char ip[4]; |
|
| 120 |
+- |
|
| 121 |
+- memset(ip, '\0', sizeof(ip)); |
|
| 122 |
+- if (!host_ip(host, &(ip[0]))) |
|
| 123 |
+- return 0; |
|
| 124 |
+- return init_client_ip(sock, ip, port, type); |
|
| 125 |
+-} |
|
| 126 |
+- |
|
| 127 |
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
|
| 128 |
+-{
|
|
| 129 |
+- unsigned long addr; |
|
| 130 |
+- struct sockaddr_in them; |
|
| 131 |
+- int s, i; |
|
| 132 |
++ struct addrinfo *res, *res0, hints; |
|
| 133 |
++ char *failed_call = NULL; |
|
| 134 |
++ int s; |
|
| 135 |
++ int e; |
|
| 136 |
+ |
|
| 137 |
+ if (!ssl_sock_init()) |
|
| 138 |
+ return (0); |
|
| 139 |
+ |
|
| 140 |
+- memset((char *)&them, 0, sizeof(them)); |
|
| 141 |
+- them.sin_family = AF_INET; |
|
| 142 |
+- them.sin_port = htons((unsigned short)port); |
|
| 143 |
+- addr = (unsigned long) |
|
| 144 |
+- ((unsigned long)ip[0] << 24L) | |
|
| 145 |
+- ((unsigned long)ip[1] << 16L) | |
|
| 146 |
+- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); |
|
| 147 |
+- them.sin_addr.s_addr = htonl(addr); |
|
| 148 |
+- |
|
| 149 |
+- if (type == SOCK_STREAM) |
|
| 150 |
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
| 151 |
+- else /* ( type == SOCK_DGRAM) */ |
|
| 152 |
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
| 153 |
+- |
|
| 154 |
+- if (s == INVALID_SOCKET) {
|
|
| 155 |
+- perror("socket");
|
|
| 156 |
++ memset(&hints, '\0', sizeof(hints)); |
|
| 157 |
++ hints.ai_socktype = type; |
|
| 158 |
++ hints.ai_flags = AI_ADDRCONFIG; |
|
| 159 |
++ |
|
| 160 |
++ e = getaddrinfo(host, port, &hints, &res); |
|
| 161 |
++ if (e) {
|
|
| 162 |
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); |
|
| 163 |
++ if (e == EAI_SYSTEM) |
|
| 164 |
++ perror("getaddrinfo");
|
|
| 165 |
+ return (0); |
|
| 166 |
+ } |
|
| 167 |
++ |
|
| 168 |
++ res0 = res; |
|
| 169 |
++ while (res) {
|
|
| 170 |
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); |
|
| 171 |
++ if (s == INVALID_SOCKET) {
|
|
| 172 |
++ failed_call = "socket"; |
|
| 173 |
++ goto nextres; |
|
| 174 |
++ } |
|
| 175 |
+ # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) |
|
| 176 |
+- if (type == SOCK_STREAM) {
|
|
| 177 |
+- i = 0; |
|
| 178 |
+- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i)); |
|
| 179 |
+- if (i < 0) {
|
|
| 180 |
+- closesocket(s); |
|
| 181 |
+- perror("keepalive");
|
|
| 182 |
+- return (0); |
|
| 183 |
++ if (type == SOCK_STREAM) {
|
|
| 184 |
++ int i = 0; |
|
| 185 |
++ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, |
|
| 186 |
++ (char *)&i, sizeof(i)); |
|
| 187 |
++ if (i < 0) {
|
|
| 188 |
++ failed_call = "keepalive"; |
|
| 189 |
++ goto nextres; |
|
| 190 |
++ } |
|
| 191 |
+ } |
|
| 192 |
+- } |
|
| 193 |
+ # endif |
|
| 194 |
++ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
|
|
| 195 |
++ freeaddrinfo(res0); |
|
| 196 |
++ *sock = s; |
|
| 197 |
++ return (1); |
|
| 198 |
++ } |
|
| 199 |
+ |
|
| 200 |
+- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
|
|
| 201 |
+- closesocket(s); |
|
| 202 |
+- perror("connect");
|
|
| 203 |
+- return (0); |
|
| 204 |
++ failed_call = "socket"; |
|
| 205 |
++ nextres: |
|
| 206 |
++ if (s != INVALID_SOCKET) |
|
| 207 |
++ close(s); |
|
| 208 |
++ res = res->ai_next; |
|
| 209 |
+ } |
|
| 210 |
+- *sock = s; |
|
| 211 |
+- return (1); |
|
| 212 |
++ freeaddrinfo(res0); |
|
| 213 |
++ closesocket(s); |
|
| 214 |
++ |
|
| 215 |
++ perror(failed_call); |
|
| 216 |
++ return (0); |
|
| 217 |
+ } |
|
| 218 |
+ |
|
| 219 |
+-int do_server(int port, int type, int *ret, |
|
| 220 |
++int do_server(char *port, int type, int *ret, |
|
| 221 |
+ int (*cb) (int s, int stype, unsigned char *context), |
|
| 222 |
+ unsigned char *context, int naccept) |
|
| 223 |
+ {
|
|
| 224 |
+@@ -324,66 +323,88 @@ |
|
| 225 |
+ } |
|
| 226 |
+ } |
|
| 227 |
+ |
|
| 228 |
+-static int init_server_long(int *sock, int port, char *ip, int type) |
|
| 229 |
++static int init_server(int *sock, char *port, int type) |
|
| 230 |
+ {
|
|
| 231 |
+- int ret = 0; |
|
| 232 |
+- struct sockaddr_in server; |
|
| 233 |
+- int s = -1; |
|
| 234 |
++ struct addrinfo *res, *res0 = NULL, hints; |
|
| 235 |
++ char *failed_call = NULL; |
|
| 236 |
++ int s = INVALID_SOCKET; |
|
| 237 |
++ int e; |
|
| 238 |
+ |
|
| 239 |
+ if (!ssl_sock_init()) |
|
| 240 |
+ return (0); |
|
| 241 |
+ |
|
| 242 |
+- memset((char *)&server, 0, sizeof(server)); |
|
| 243 |
+- server.sin_family = AF_INET; |
|
| 244 |
+- server.sin_port = htons((unsigned short)port); |
|
| 245 |
+- if (ip == NULL) |
|
| 246 |
+- server.sin_addr.s_addr = INADDR_ANY; |
|
| 247 |
+- else |
|
| 248 |
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ |
|
| 249 |
+-# ifndef BIT_FIELD_LIMITS |
|
| 250 |
+- memcpy(&server.sin_addr.s_addr, ip, 4); |
|
| 251 |
+-# else |
|
| 252 |
+- memcpy(&server.sin_addr, ip, 4); |
|
| 253 |
+-# endif |
|
| 254 |
+- |
|
| 255 |
+- if (type == SOCK_STREAM) |
|
| 256 |
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
| 257 |
+- else /* type == SOCK_DGRAM */ |
|
| 258 |
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
| 259 |
++ memset(&hints, '\0', sizeof(hints)); |
|
| 260 |
++ hints.ai_family = AF_INET6; |
|
| 261 |
++ tryipv4: |
|
| 262 |
++ hints.ai_socktype = type; |
|
| 263 |
++ hints.ai_flags = AI_PASSIVE; |
|
| 264 |
++ |
|
| 265 |
++ e = getaddrinfo(NULL, port, &hints, &res); |
|
| 266 |
++ if (e) {
|
|
| 267 |
++ if (hints.ai_family == AF_INET) {
|
|
| 268 |
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); |
|
| 269 |
++ if (e == EAI_SYSTEM) |
|
| 270 |
++ perror("getaddrinfo");
|
|
| 271 |
++ return (0); |
|
| 272 |
++ } else |
|
| 273 |
++ res = NULL; |
|
| 274 |
++ } |
|
| 275 |
+ |
|
| 276 |
+- if (s == INVALID_SOCKET) |
|
| 277 |
+- goto err; |
|
| 278 |
++ res0 = res; |
|
| 279 |
++ while (res) {
|
|
| 280 |
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); |
|
| 281 |
++ if (s == INVALID_SOCKET) {
|
|
| 282 |
++ failed_call = "socket"; |
|
| 283 |
++ goto nextres; |
|
| 284 |
++ } |
|
| 285 |
++ if (hints.ai_family == AF_INET6) {
|
|
| 286 |
++ int j = 0; |
|
| 287 |
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j); |
|
| 288 |
++ } |
|
| 289 |
+ # if defined SOL_SOCKET && defined SO_REUSEADDR |
|
| 290 |
+- {
|
|
| 291 |
+- int j = 1; |
|
| 292 |
+- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); |
|
| 293 |
+- } |
|
| 294 |
+-# endif |
|
| 295 |
+- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
|
|
| 296 |
+-# ifndef OPENSSL_SYS_WINDOWS |
|
| 297 |
+- perror("bind");
|
|
| 298 |
++ {
|
|
| 299 |
++ int j = 1; |
|
| 300 |
++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
|
| 301 |
++ } |
|
| 302 |
+ # endif |
|
| 303 |
+- goto err; |
|
| 304 |
++ |
|
| 305 |
++ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
|
|
| 306 |
++ failed_call = "bind"; |
|
| 307 |
++ goto nextres; |
|
| 308 |
++ } |
|
| 309 |
++ if (type == SOCK_STREAM && listen(s, 128) == -1) {
|
|
| 310 |
++ failed_call = "listen"; |
|
| 311 |
++ goto nextres; |
|
| 312 |
++ } |
|
| 313 |
++ |
|
| 314 |
++ *sock = s; |
|
| 315 |
++ return (1); |
|
| 316 |
++ |
|
| 317 |
++ nextres: |
|
| 318 |
++ if (s != INVALID_SOCKET) |
|
| 319 |
++ close(s); |
|
| 320 |
++ res = res->ai_next; |
|
| 321 |
+ } |
|
| 322 |
+- /* Make it 128 for linux */ |
|
| 323 |
+- if (type == SOCK_STREAM && listen(s, 128) == -1) |
|
| 324 |
+- goto err; |
|
| 325 |
+- *sock = s; |
|
| 326 |
+- ret = 1; |
|
| 327 |
+- err: |
|
| 328 |
+- if ((ret == 0) && (s != -1)) {
|
|
| 329 |
+- SHUTDOWN(s); |
|
| 330 |
++ if (res0) |
|
| 331 |
++ freeaddrinfo(res0); |
|
| 332 |
++ |
|
| 333 |
++ if (s == INVALID_SOCKET) {
|
|
| 334 |
++ if (hints.ai_family == AF_INET6) {
|
|
| 335 |
++ hints.ai_family = AF_INET; |
|
| 336 |
++ goto tryipv4; |
|
| 337 |
++ } |
|
| 338 |
++ perror("socket");
|
|
| 339 |
++ return (0); |
|
| 340 |
+ } |
|
| 341 |
+- return (ret); |
|
| 342 |
+-} |
|
| 343 |
+ |
|
| 344 |
+-static int init_server(int *sock, int port, int type) |
|
| 345 |
+-{
|
|
| 346 |
+- return (init_server_long(sock, port, NULL, type)); |
|
| 347 |
++ perror(failed_call); |
|
| 348 |
++ return (0); |
|
| 349 |
+ } |
|
| 350 |
+ |
|
| 351 |
+ static int do_accept(int acc_sock, int *sock) |
|
| 352 |
+ {
|
|
| 353 |
++ static struct sockaddr_storage from; |
|
| 354 |
++ char buffer[NI_MAXHOST]; |
|
| 355 |
+ int ret; |
|
| 356 |
+ |
|
| 357 |
+ if (!ssl_sock_init()) |
|
| 358 |
+@@ -422,89 +443,33 @@ |
|
| 359 |
+ return 1; |
|
| 360 |
+ } |
|
| 361 |
+ |
|
| 362 |
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|
| 363 |
+- short *port_ptr) |
|
| 364 |
++int extract_host_port(char *str, char **host_ptr, char **port_ptr) |
|
| 365 |
+ {
|
|
| 366 |
+- char *h, *p; |
|
| 367 |
++ char *h, *p, *x; |
|
| 368 |
+ |
|
| 369 |
+- h = str; |
|
| 370 |
+- p = strchr(str, ':'); |
|
| 371 |
++ x = h = str; |
|
| 372 |
++ if (*h == '[') {
|
|
| 373 |
++ h++; |
|
| 374 |
++ p = strchr(h, ']'); |
|
| 375 |
++ if (p == NULL) {
|
|
| 376 |
++ BIO_printf(bio_err, "no ending bracket for IPv6 address\n"); |
|
| 377 |
++ return (0); |
|
| 378 |
++ } |
|
| 379 |
++ *(p++) = '\0'; |
|
| 380 |
++ x = p; |
|
| 381 |
++ } |
|
| 382 |
++ p = strchr(x, ':'); |
|
| 383 |
+ if (p == NULL) {
|
|
| 384 |
+ BIO_printf(bio_err, "no port defined\n"); |
|
| 385 |
+ return (0); |
|
| 386 |
+ } |
|
| 387 |
+ *(p++) = '\0'; |
|
| 388 |
+ |
|
| 389 |
+- if ((ip != NULL) && !host_ip(str, ip)) |
|
| 390 |
+- goto err; |
|
| 391 |
+ if (host_ptr != NULL) |
|
| 392 |
+ *host_ptr = h; |
|
| 393 |
++ if (port_ptr != NULL) |
|
| 394 |
++ *port_ptr = p; |
|
| 395 |
+ |
|
| 396 |
+- if (!extract_port(p, port_ptr)) |
|
| 397 |
+- goto err; |
|
| 398 |
+- return (1); |
|
| 399 |
+- err: |
|
| 400 |
+- return (0); |
|
| 401 |
+-} |
|
| 402 |
+- |
|
| 403 |
+-static int host_ip(char *str, unsigned char ip[4]) |
|
| 404 |
+-{
|
|
| 405 |
+- unsigned int in[4]; |
|
| 406 |
+- int i; |
|
| 407 |
+- |
|
| 408 |
+- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == |
|
| 409 |
+- 4) {
|
|
| 410 |
+- for (i = 0; i < 4; i++) |
|
| 411 |
+- if (in[i] > 255) {
|
|
| 412 |
+- BIO_printf(bio_err, "invalid IP address\n"); |
|
| 413 |
+- goto err; |
|
| 414 |
+- } |
|
| 415 |
+- ip[0] = in[0]; |
|
| 416 |
+- ip[1] = in[1]; |
|
| 417 |
+- ip[2] = in[2]; |
|
| 418 |
+- ip[3] = in[3]; |
|
| 419 |
+- } else { /* do a gethostbyname */
|
|
| 420 |
+- struct hostent *he; |
|
| 421 |
+- |
|
| 422 |
+- if (!ssl_sock_init()) |
|
| 423 |
+- return (0); |
|
| 424 |
+- |
|
| 425 |
+- he = GetHostByName(str); |
|
| 426 |
+- if (he == NULL) {
|
|
| 427 |
+- BIO_printf(bio_err, "gethostbyname failure\n"); |
|
| 428 |
+- goto err; |
|
| 429 |
+- } |
|
| 430 |
+- /* cast to short because of win16 winsock definition */ |
|
| 431 |
+- if ((short)he->h_addrtype != AF_INET) {
|
|
| 432 |
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
|
| 433 |
+- return (0); |
|
| 434 |
+- } |
|
| 435 |
+- ip[0] = he->h_addr_list[0][0]; |
|
| 436 |
+- ip[1] = he->h_addr_list[0][1]; |
|
| 437 |
+- ip[2] = he->h_addr_list[0][2]; |
|
| 438 |
+- ip[3] = he->h_addr_list[0][3]; |
|
| 439 |
+- } |
|
| 440 |
+- return (1); |
|
| 441 |
+- err: |
|
| 442 |
+- return (0); |
|
| 443 |
+-} |
|
| 444 |
+- |
|
| 445 |
+-int extract_port(char *str, short *port_ptr) |
|
| 446 |
+-{
|
|
| 447 |
+- int i; |
|
| 448 |
+- struct servent *s; |
|
| 449 |
+- |
|
| 450 |
+- i = atoi(str); |
|
| 451 |
+- if (i != 0) |
|
| 452 |
+- *port_ptr = (unsigned short)i; |
|
| 453 |
+- else {
|
|
| 454 |
+- s = getservbyname(str, "tcp"); |
|
| 455 |
+- if (s == NULL) {
|
|
| 456 |
+- BIO_printf(bio_err, "getservbyname failure for %s\n", str); |
|
| 457 |
+- return (0); |
|
| 458 |
+- } |
|
| 459 |
+- *port_ptr = ntohs((unsigned short)s->s_port); |
|
| 460 |
+- } |
|
| 461 |
+ return (1); |
|
| 462 |
+ } |
|
| 463 |
+ |
| ... | ... |
@@ -1,17 +1,17 @@ |
| 1 | 1 |
Summary: Management tools and libraries relating to cryptography |
| 2 | 2 |
Name: openssl |
| 3 |
-Version: 1.0.2n |
|
| 4 |
-Release: 2%{?dist}
|
|
| 3 |
+Version: 1.0.2p |
|
| 4 |
+Release: 1%{?dist}
|
|
| 5 | 5 |
License: OpenSSL |
| 6 | 6 |
URL: http://www.openssl.org |
| 7 | 7 |
Group: System Environment/Security |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
|
| 11 |
-%define sha1 openssl=0ca2957869206de193603eca6d89f532f61680b1 |
|
| 11 |
+%define sha1 openssl=f34b5322e92415755c7d58bf5d0d5cf37666382c |
|
| 12 | 12 |
Source1: rehash_ca_certificates.sh |
| 13 | 13 |
Patch0: c_rehash.patch |
| 14 |
-Patch1: openssl-1.0.2n-ipv6apps.patch |
|
| 14 |
+Patch1: openssl-ipv6apps.patch |
|
| 15 | 15 |
Patch2: openssl-init-conslidate.patch |
| 16 | 16 |
Patch3: openssl-drbg-default-read-system-fips.patch |
| 17 | 17 |
%if %{with_check}
|
| ... | ... |
@@ -118,6 +118,8 @@ rm -rf %{buildroot}/*
|
| 118 | 118 |
/%{_bindir}/rehash_ca_certificates.sh
|
| 119 | 119 |
|
| 120 | 120 |
%changelog |
| 121 |
+* Fri Aug 17 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 1.0.2p-1 |
|
| 122 |
+- Upgrade to 1.0.2p |
|
| 121 | 123 |
* Wed Mar 21 2018 Dheeraj Shetty <dheerajs@vmware.com> 1.0.2n-2 |
| 122 | 124 |
- Add script which rehashes the certificates |
| 123 | 125 |
* Tue Jan 02 2018 Xiaolin Li <xiaolinl@vmware.com> 1.0.2n-1 |