Recent and not so recent changes from 0.9.6-stable.

crypto/evp/e_rc4.c

@@ -110,9 +110,8 @@ EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
 	{
-	memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
 	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
-		ctx->c.rc4.key);
+		    key);
 	return 1;
 	}
 

crypto/mem.c

@@ -175,7 +175,7 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -216,7 +216,7 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 	void *ret = NULL;
 	extern unsigned char cleanse_ctr;
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -247,7 +247,7 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 	if (str == NULL)
 		return CRYPTO_malloc(num, file, line);
 
-	if (num < 0) return NULL;
+	if (num <= 0) return NULL;
 
 	if (realloc_debug_func != NULL)
 		realloc_debug_func(str, NULL, num, file, line, 0);

crypto/x509/x509type.c

@@ -106,7 +106,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 		break;
 		}
 
-	if (EVP_PKEY_size(pk) <= 512/8)	/* /8 because it's 512 bits we look
+	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
 					   for, not bytes */
 		ret|=EVP_PKT_EXP;
 	if(pkey==NULL) EVP_PKEY_free(pk);

doc/crypto/BIO_f_ssl.pod

@@ -287,8 +287,8 @@ a client and also echoes the request to standard output.
 	return 0;
  }
 
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
+ BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
  for(;;) {
@@ -301,7 +301,7 @@ a client and also echoes the request to standard output.
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "</pre>\r\n");
+ BIO_puts(sbio, "\r\n");
 
  /* Since there is a buffering BIO present we had better flush it */
  BIO_flush(sbio);

doc/ssl/SSL_COMP_add_compression_method.pod

@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 1
+=item 0
 
 The operation succeeded.
 
-=item 0
+=item 1
 
 The operation failed. Check the error queue to find out the reason.
 

ssl/s3_clnt.c

@@ -1786,7 +1786,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
-			    || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1798,7 +1798,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
-				|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;

ssl/ssl.h

@@ -1175,8 +1175,8 @@ char *SSL_alert_type_string(int value);
 char *SSL_alert_desc_string_long(int value);
 char *SSL_alert_desc_string(int value);
 
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);

ssl/ssl_cert.c

@@ -483,12 +483,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	return(i);
 	}
 
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
 	{
 	if (*ca_list != NULL)
 		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
-	*ca_list=list;
+	*ca_list=name_list;
 	}
 
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@@ -510,14 +510,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	return(ret);
 	}
 
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(s->client_CA),list);
+	set_client_CA_list(&(s->client_CA),name_list);
 	}
 
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
 	{
-	set_client_CA_list(&(ctx->client_CA),list);
+	set_client_CA_list(&(ctx->client_CA),name_list);
 	}
 
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)

ssl/ssl_ciph.c

@@ -310,10 +310,10 @@ static unsigned long ssl_cipher_get_disabled(void)
 	}
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
-	int i, list_num;
+	int i, co_list_num;
 	SSL_CIPHER *c;
 
 	/*
@@ -324,18 +324,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	 */
 
 	/* Get the initial list of ciphers */
-	list_num = 0;	/* actual count of ciphers */
+	co_list_num = 0;	/* actual count of ciphers */
 	for (i = 0; i < num_of_ciphers; i++)
 		{
 		c = ssl_method->get_cipher(i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid && !(c->algorithms & mask))
 			{
-			list[list_num].cipher = c;
-			list[list_num].next = NULL;
-			list[list_num].prev = NULL;
-			list[list_num].active = 0;
-			list_num++;
+			co_list[co_list_num].cipher = c;
+			co_list[co_list_num].next = NULL;
+			co_list[co_list_num].prev = NULL;
+			co_list[co_list_num].active = 0;
+			co_list_num++;
 			/*
 			if (!sk_push(ca_list,(char *)c)) goto err;
 			*/
@@ -345,18 +345,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
 	/*
 	 * Prepare linked list from list entries
 	 */	
-	for (i = 1; i < list_num - 1; i++)
+	for (i = 1; i < co_list_num - 1; i++)
 		{
-		list[i].prev = &(list[i-1]);
-		list[i].next = &(list[i+1]);
+		co_list[i].prev = &(co_list[i-1]);
+		co_list[i].next = &(co_list[i+1]);
 		}
-	if (list_num > 0)
+	if (co_list_num > 0)
 		{
-		(*head_p) = &(list[0]);
+		(*head_p) = &(co_list[0]);
 		(*head_p)->prev = NULL;
-		(*head_p)->next = &(list[1]);
-		(*tail_p) = &(list[list_num - 1]);
-		(*tail_p)->prev = &(list[list_num - 2]);
+		(*head_p)->next = &(co_list[1]);
+		(*tail_p) = &(co_list[co_list_num - 1]);
+		(*tail_p)->prev = &(co_list[co_list_num - 2]);
 		(*tail_p)->next = NULL;
 		}
 	}
@@ -402,7 +402,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
 
 static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 		unsigned long algo_strength, unsigned long mask_strength,
-		int rule, int strength_bits, CIPHER_ORDER *list,
+		int rule, int strength_bits, CIPHER_ORDER *co_list,
 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
 	{
 	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -497,7 +497,8 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
 	*tail_p = tail;
 	}
 
-static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+				    CIPHER_ORDER **head_p,
 				    CIPHER_ORDER **tail_p)
 	{
 	int max_strength_bits, i, *number_uses;
@@ -543,14 +544,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
 	for (i = max_strength_bits; i >= 0; i--)
 		if (number_uses[i] > 0)
 			ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
-					list, head_p, tail_p);
+					co_list, head_p, tail_p);
 
 	OPENSSL_free(number_uses);
 	return(1);
 	}
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
-		CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
 		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
 	{
 	unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -674,7 +675,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			ok = 0;
 			if ((buflen == 8) &&
 				!strncmp(buf, "STRENGTH", 8))
-				ok = ssl_cipher_strength_sort(list,
+				ok = ssl_cipher_strength_sort(co_list,
 					head_p, tail_p);
 			else
 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -694,7 +695,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			{
 			ssl_cipher_apply_rule(algorithms, mask,
 				algo_strength, mask_strength, rule, -1,
-				list, head_p, tail_p);
+				co_list, head_p, tail_p);
 			}
 		else
 			{
@@ -716,7 +717,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	unsigned long disabled_mask;
 	STACK_OF(SSL_CIPHER) *cipherstack;
 	const char *rule_p;
-	CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
 	SSL_CIPHER **ca_list = NULL;
 
 	/*
@@ -738,15 +739,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * it is used for allocation.
 	 */
 	num_of_ciphers = ssl_method->num_ciphers();
-	list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-	if (list == NULL)
+	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+	if (co_list == NULL)
 		{
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
 
 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-				   list, &head, &tail);
+				   co_list, &head, &tail);
 
 	/*
 	 * We also need cipher aliases for selecting based on the rule_str.
@@ -762,7 +763,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
 	if (ca_list == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 		return(NULL);	/* Failure */
 		}
@@ -778,21 +779,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	if (strncmp(rule_str,"DEFAULT",7) == 0)
 		{
 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-			list, &head, &tail, ca_list);
+			co_list, &head, &tail, ca_list);
 		rule_p += 7;
 		if (*rule_p == ':')
 			rule_p++;
 		}
 
 	if (ok && (strlen(rule_p) > 0))
-		ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+		ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
 						ca_list);
 
 	OPENSSL_free(ca_list);	/* Not needed anymore */
 
 	if (!ok)
 		{	/* Rule processing failure */
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 	/*
@@ -801,7 +802,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
 		{
-		OPENSSL_free(list);
+		OPENSSL_free(co_list);
 		return(NULL);
 		}
 
@@ -819,7 +820,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 #endif
 			}
 		}
-	OPENSSL_free(list);	/* Not needed any longer */
+	OPENSSL_free(co_list);	/* Not needed any longer */
 
 	/*
 	 * The following passage is a little bit odd. If pointer variables