Browse code

add openssl 1.0.2 patches

Hanno Böck authored on 21/02/2015 12:00:56
Showing 3 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,611 @@
1
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
2
+
3
+--- openssl-1.0.2/apps/s_apps.h
4
+@@ -154,7 +154,7 @@
5
+ int do_server(int port, int type, int *ret,
6
+               int (*cb) (char *hostname, int s, int stype,
7
+                          unsigned char *context), unsigned char *context,
8
+-              int naccept);
9
++              int naccept, int use_ipv4, int use_ipv6);
10
+ #ifdef HEADER_X509_H
11
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
12
+ #endif
13
+@@ -167,7 +167,8 @@
14
+ int ssl_print_curves(BIO *out, SSL *s, int noshared);
15
+ #endif
16
+ int ssl_print_tmp_key(BIO *out, SSL *s);
17
+-int init_client(int *sock, char *server, int port, int type);
18
++int init_client(int *sock, char *server, int port, int type,
19
++		int use_ipv4, int use_ipv6);
20
+ int should_retry(int i);
21
+ int extract_port(char *str, short *port_ptr);
22
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
23
+--- openssl-1.0.2/apps/s_client.c
24
+@@ -302,6 +302,10 @@
25
+ {
26
+     BIO_printf(bio_err, "usage: s_client args\n");
27
+     BIO_printf(bio_err, "\n");
28
++    BIO_printf(bio_err, " -4             - use IPv4 only\n");
29
++#if OPENSSL_USE_IPV6
30
++    BIO_printf(bio_err, " -6             - use IPv6 only\n");
31
++#endif
32
+     BIO_printf(bio_err, " -host host     - use -connect instead\n");
33
+     BIO_printf(bio_err, " -port port     - use -connect instead\n");
34
+     BIO_printf(bio_err,
35
+@@ -658,6 +662,7 @@
36
+     int sbuf_len, sbuf_off;
37
+     fd_set readfds, writefds;
38
+     short port = PORT;
39
++    int use_ipv4, use_ipv6;
40
+     int full_log = 1;
41
+     char *host = SSL_HOST_NAME;
42
+     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
43
+@@ -709,7 +714,11 @@
44
+ #endif
45
+     char *sess_in = NULL;
46
+     char *sess_out = NULL;
47
+-    struct sockaddr peer;
48
++#if OPENSSL_USE_IPV6
49
++    struct sockaddr_storage peer;
50
++#else
51
++    struct sockaddr_in peer;
52
++#endif
53
+     int peerlen = sizeof(peer);
54
+     int fallback_scsv = 0;
55
+     int enable_timeouts = 0;
56
+@@ -737,6 +746,12 @@
57
+ 
58
+     meth = SSLv23_client_method();
59
+ 
60
++    use_ipv4 = 1;
61
++#if OPENSSL_USE_IPV6
62
++    use_ipv6 = 1;
63
++#else
64
++    use_ipv6 = 0;
65
++#endif
66
+     apps_startup();
67
+     c_Pause = 0;
68
+     c_quiet = 0;
69
+@@ -1096,6 +1111,16 @@
70
+             jpake_secret = *++argv;
71
+         }
72
+ #endif
73
++	else if (strcmp(*argv,"-4") == 0) {
74
++	    use_ipv4 = 1;
75
++	    use_ipv6 = 0;
76
++	}
77
++#if OPENSSL_USE_IPV6
78
++	else if (strcmp(*argv,"-6") == 0) {
79
++	    use_ipv4 = 0;
80
++	    use_ipv6 = 1;
81
++	}
82
++#endif
83
+ #ifndef OPENSSL_NO_SRTP
84
+         else if (strcmp(*argv, "-use_srtp") == 0) {
85
+             if (--argc < 1)
86
+@@ -1421,7 +1446,7 @@
87
+ 
88
+  re_start:
89
+ 
90
+-    if (init_client(&s, host, port, socket_type) == 0) {
91
++    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
92
+         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
93
+         SHUTDOWN(s);
94
+         goto end;
95
+@@ -1444,7 +1469,7 @@
96
+     if (socket_type == SOCK_DGRAM) {
97
+ 
98
+         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
99
+-        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
100
++        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
101
+             BIO_printf(bio_err, "getsockname:errno=%d\n",
102
+                        get_last_socket_error());
103
+             SHUTDOWN(s);
104
+--- openssl-1.0.2/apps/s_server.c
105
+@@ -643,6 +643,10 @@
106
+     BIO_printf(bio_err,
107
+                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
108
+ #endif
109
++    BIO_printf(bio_err, " -4            - use IPv4 only\n");
110
++#if OPENSSL_USE_IPV6
111
++    BIO_printf(bio_err, " -6            - use IPv6 only\n");
112
++#endif
113
+     BIO_printf(bio_err,
114
+                " -keymatexport label   - Export keying material using label\n");
115
+     BIO_printf(bio_err,
116
+@@ -1070,6 +1074,7 @@
117
+     int state = 0;
118
+     const SSL_METHOD *meth = NULL;
119
+     int socket_type = SOCK_STREAM;
120
++    int use_ipv4, use_ipv6;
121
+     ENGINE *e = NULL;
122
+     char *inrand = NULL;
123
+     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
124
+@@ -1111,6 +1116,12 @@
125
+ 
126
+     meth = SSLv23_server_method();
127
+ 
128
++    use_ipv4 = 1;
129
++#if OPENSSL_USE_IPV6
130
++    use_ipv6 = 1;
131
++#else
132
++    use_ipv6 = 0;
133
++#endif
134
+     local_argc = argc;
135
+     local_argv = argv;
136
+ 
137
+@@ -1503,6 +1514,16 @@
138
+             jpake_secret = *(++argv);
139
+         }
140
+ #endif
141
++	else if (strcmp(*argv,"-4") == 0) {
142
++	    use_ipv4 = 1;
143
++	    use_ipv6 = 0;
144
++	}
145
++#if OPENSSL_USE_IPV6
146
++	else if (strcmp(*argv,"-6") == 0) {
147
++	    use_ipv4 = 0;
148
++	    use_ipv6 = 1;
149
++	}
150
++#endif
151
+ #ifndef OPENSSL_NO_SRTP
152
+         else if (strcmp(*argv, "-use_srtp") == 0) {
153
+             if (--argc < 1)
154
+@@ -2023,13 +2044,13 @@
155
+     (void)BIO_flush(bio_s_out);
156
+     if (rev)
157
+         do_server(port, socket_type, &accept_socket, rev_body, context,
158
+-                  naccept);
159
++                  naccept, use_ipv4, use_ipv6);
160
+     else if (www)
161
+         do_server(port, socket_type, &accept_socket, www_body, context,
162
+-                  naccept);
163
++                  naccept, use_ipv4, use_ipv6);
164
+     else
165
+         do_server(port, socket_type, &accept_socket, sv_body, context,
166
+-                  naccept);
167
++                  naccept, use_ipv4, use_ipv6);
168
+     print_stats(bio_s_out, ctx);
169
+     ret = 0;
170
+  end:
171
+--- openssl-1.0.2/apps/s_socket.c
172
+@@ -101,16 +101,16 @@
173
+ #  include "netdb.h"
174
+ # endif
175
+ 
176
+-static struct hostent *GetHostByName(char *name);
177
++static struct hostent *GetHostByName(char *name, int domain);
178
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
179
+ static void ssl_sock_cleanup(void);
180
+ # endif
181
+ static int ssl_sock_init(void);
182
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
183
+-static int init_server(int *sock, int port, int type);
184
+-static int init_server_long(int *sock, int port, char *ip, int type);
185
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
186
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
187
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
188
+ static int do_accept(int acc_sock, int *sock, char **host);
189
+-static int host_ip(char *str, unsigned char ip[4]);
190
++static int host_ip(char *str, unsigned char *ip, int domain);
191
+ 
192
+ # ifdef OPENSSL_SYS_WIN16
193
+ #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
194
+@@ -231,38 +231,68 @@
195
+     return (1);
196
+ }
197
+ 
198
+-int init_client(int *sock, char *host, int port, int type)
199
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
200
+ {
201
++# if OPENSSL_USE_IPV6
202
++    unsigned char ip[16];
203
++# else
204
+     unsigned char ip[4];
205
++# endif
206
+ 
207
+-    memset(ip, '\0', sizeof ip);
208
+-    if (!host_ip(host, &(ip[0])))
209
+-        return 0;
210
+-    return init_client_ip(sock, ip, port, type);
211
+-}
212
+-
213
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
214
+-{
215
+-    unsigned long addr;
216
++    if (use_ipv4)
217
++	if (host_ip(host, ip, AF_INET))
218
++	    return(init_client_ip(sock, ip, port, type, AF_INET));
219
++# if OPENSSL_USE_IPV6
220
++    if (use_ipv6)
221
++	if (host_ip(host, ip, AF_INET6))
222
++	    return(init_client_ip(sock, ip, port, type, AF_INET6));
223
++# endif
224
++    return 0;
225
++}
226
++
227
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
228
++{
229
++# if OPENSSL_USE_IPV6
230
++    struct sockaddr_storage them;
231
++    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
232
++    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
233
++# else
234
+     struct sockaddr_in them;
235
++    struct sockaddr_in *them_in = &them;
236
++# endif
237
++    socklen_t addr_len;
238
+     int s, i;
239
+ 
240
+     if (!ssl_sock_init())
241
+         return (0);
242
+ 
243
+     memset((char *)&them, 0, sizeof(them));
244
+-    them.sin_family = AF_INET;
245
+-    them.sin_port = htons((unsigned short)port);
246
+-    addr = (unsigned long)
247
+-        ((unsigned long)ip[0] << 24L) |
248
+-        ((unsigned long)ip[1] << 16L) |
249
+-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
250
+-    them.sin_addr.s_addr = htonl(addr);
251
++    if (domain == AF_INET) {
252
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
253
++	them_in->sin_family=AF_INET;
254
++	them_in->sin_port=htons((unsigned short)port);
255
++# ifndef BIT_FIELD_LIMITS
256
++	memcpy(&them_in->sin_addr.s_addr, ip, 4);
257
++# else
258
++	memcpy(&them_in->sin_addr, ip, 4);
259
++# endif
260
++    }
261
++    else
262
++# if OPENSSL_USE_IPV6
263
++    {
264
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
265
++	them_in6->sin6_family=AF_INET6;
266
++	them_in6->sin6_port=htons((unsigned short)port);
267
++	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
268
++    }
269
++# else
270
++	return(0);
271
++# endif
272
+ 
273
+     if (type == SOCK_STREAM)
274
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
275
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
276
+     else                        /* ( type == SOCK_DGRAM) */
277
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
278
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
279
+ 
280
+     if (s == INVALID_SOCKET) {
281
+         perror("socket");
282
+@@ -280,7 +310,7 @@
283
+     }
284
+ # endif
285
+ 
286
+-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
287
++    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
288
+         closesocket(s);
289
+         perror("connect");
290
+         return (0);
291
+@@ -292,14 +322,14 @@
292
+ int do_server(int port, int type, int *ret,
293
+               int (*cb) (char *hostname, int s, int stype,
294
+                          unsigned char *context), unsigned char *context,
295
+-              int naccept)
296
++              int naccept, int use_ipv4, int use_ipv6)
297
+ {
298
+     int sock;
299
+     char *name = NULL;
300
+     int accept_socket = 0;
301
+     int i;
302
+ 
303
+-    if (!init_server(&accept_socket, port, type))
304
++    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
305
+         return (0);
306
+ 
307
+     if (ret != NULL) {
308
+@@ -328,32 +358,41 @@
309
+     }
310
+ }
311
+ 
312
+-static int init_server_long(int *sock, int port, char *ip, int type)
313
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
314
+ {
315
+     int ret = 0;
316
++    int domain;
317
++# if OPENSSL_USE_IPV6
318
++    struct sockaddr_storage server;
319
++    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
320
++    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
321
++# else
322
+     struct sockaddr_in server;
323
++    struct sockaddr_in *server_in = &server;
324
++# endif
325
++    socklen_t addr_len;
326
+     int s = -1;
327
+ 
328
++    if (!use_ipv4 && !use_ipv6)
329
++	goto err;
330
++# if OPENSSL_USE_IPV6
331
++    /* we are fine here */
332
++# else
333
++    if (use_ipv6)
334
++	goto err;
335
++# endif
336
+     if (!ssl_sock_init())
337
+         return (0);
338
+ 
339
+-    memset((char *)&server, 0, sizeof(server));
340
+-    server.sin_family = AF_INET;
341
+-    server.sin_port = htons((unsigned short)port);
342
+-    if (ip == NULL)
343
+-        server.sin_addr.s_addr = INADDR_ANY;
344
+-    else
345
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
346
+-# ifndef BIT_FIELD_LIMITS
347
+-        memcpy(&server.sin_addr.s_addr, ip, 4);
348
++#if OPENSSL_USE_IPV6
349
++    domain = use_ipv6 ? AF_INET6 : AF_INET;
350
+ # else
351
+-        memcpy(&server.sin_addr, ip, 4);
352
++    domain = AF_INET;
353
+ # endif
354
+-
355
+     if (type == SOCK_STREAM)
356
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
357
+-    else                        /* type == SOCK_DGRAM */
358
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
359
++	s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
360
++    else /* type == SOCK_DGRAM */
361
++	s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
362
+ 
363
+     if (s == INVALID_SOCKET)
364
+         goto err;
365
+@@ -363,7 +402,42 @@
366
+         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
367
+     }
368
+ # endif
369
+-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
370
++# if OPENSSL_USE_IPV6
371
++    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
372
++	const int on = 1;
373
++
374
++	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
375
++		    (const void *) &on, sizeof(int));
376
++    }
377
++# endif
378
++    if (domain == AF_INET) {
379
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
380
++	memset(server_in, 0, sizeof(struct sockaddr_in));
381
++	server_in->sin_family=AF_INET;
382
++	server_in->sin_port = htons((unsigned short)port);
383
++	if (ip == NULL)
384
++	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
385
++	else
386
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
387
++# ifndef BIT_FIELD_LIMITS
388
++	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
389
++# else
390
++	    memcpy(&server_in->sin_addr, ip, 4);
391
++# endif
392
++    }
393
++# if OPENSSL_USE_IPV6
394
++    else {
395
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
396
++	memset(server_in6, 0, sizeof(struct sockaddr_in6));
397
++	server_in6->sin6_family = AF_INET6;
398
++	server_in6->sin6_port = htons((unsigned short)port);
399
++	if (ip == NULL)
400
++	    server_in6->sin6_addr = in6addr_any;
401
++	else
402
++	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
403
++    }
404
++# endif
405
++    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
406
+ # ifndef OPENSSL_SYS_WINDOWS
407
+         perror("bind");
408
+ # endif
409
+@@ -381,16 +455,23 @@
410
+     return (ret);
411
+ }
412
+ 
413
+-static int init_server(int *sock, int port, int type)
414
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
415
+ {
416
+-    return (init_server_long(sock, port, NULL, type));
417
++    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
418
+ }
419
+ 
420
+ static int do_accept(int acc_sock, int *sock, char **host)
421
+ {
422
+     int ret;
423
+     struct hostent *h1, *h2;
424
+-    static struct sockaddr_in from;
425
++#if OPENSSL_USE_IPV6
426
++    struct sockaddr_storage from;
427
++    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
428
++    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
429
++#else
430
++    struct sockaddr_in from;
431
++    struct sockaddr_in *from_in = &from;
432
++#endif
433
+     int len;
434
+ /*      struct linger ling; */
435
+ 
436
+@@ -440,14 +521,25 @@
437
+ 
438
+     if (host == NULL)
439
+         goto end;
440
++# if OPENSSL_USE_IPV6
441
++    if (from.ss_family == AF_INET)
442
++# else
443
++    if (from.sin_family == AF_INET)
444
++# endif
445
+ # ifndef BIT_FIELD_LIMITS
446
+-    /* I should use WSAAsyncGetHostByName() under windows */
447
+-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
448
+-                       sizeof(from.sin_addr.s_addr), AF_INET);
449
++	/* I should use WSAAsyncGetHostByName() under windows */
450
++	h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
451
++                	    sizeof(from_in->sin_addr.s_addr), AF_INET);
452
+ # else
453
+-    h1 = gethostbyaddr((char *)&from.sin_addr,
454
+-                       sizeof(struct in_addr), AF_INET);
455
++	h1 = gethostbyaddr((char *)&from_in->sin_addr,
456
++            		    sizeof(struct in_addr), AF_INET);
457
++# endif
458
++# if OPENSSL_USE_IPV6
459
++    else
460
++	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
461
++			    sizeof(struct in6_addr), AF_INET6);
462
+ # endif
463
++	    
464
+     if (h1 == NULL) {
465
+         BIO_printf(bio_err, "bad gethostbyaddr\n");
466
+         *host = NULL;
467
+@@ -460,14 +552,22 @@
468
+         }
469
+         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
470
+ 
471
+-        h2 = GetHostByName(*host);
472
++# if OPENSSL_USE_IPV6
473
++	h2=GetHostByName(*host, from.ss_family);
474
++# else
475
++	h2=GetHostByName(*host, from.sin_family);
476
++# endif
477
+         if (h2 == NULL) {
478
+             BIO_printf(bio_err, "gethostbyname failure\n");
479
+             closesocket(ret);
480
+             return (0);
481
+         }
482
+-        if (h2->h_addrtype != AF_INET) {
483
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
484
++# if OPENSSL_USE_IPV6
485
++	if (h2->h_addrtype != from.ss_family) {
486
++# else
487
++	if (h2->h_addrtype != from.sin_family) {
488
++# endif
489
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
490
+             closesocket(ret);
491
+             return (0);
492
+         }
493
+@@ -483,14 +583,14 @@
494
+     char *h, *p;
495
+ 
496
+     h = str;
497
+-    p = strchr(str, ':');
498
++    p = strrchr(str, ':');
499
+     if (p == NULL) {
500
+         BIO_printf(bio_err, "no port defined\n");
501
+         return (0);
502
+     }
503
+     *(p++) = '\0';
504
+ 
505
+-    if ((ip != NULL) && !host_ip(str, ip))
506
++    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
507
+         goto err;
508
+     if (host_ptr != NULL)
509
+         *host_ptr = h;
510
+@@ -502,44 +602,51 @@
511
+     return (0);
512
+ }
513
+ 
514
+-static int host_ip(char *str, unsigned char ip[4])
515
++static int host_ip(char *str, unsigned char *ip, int domain)
516
+ {
517
+     unsigned int in[4];
518
++    unsigned long l;
519
+     int i;
520
+ 
521
+-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
522
+-        4) {
523
++    if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
524
+         for (i = 0; i < 4; i++)
525
+             if (in[i] > 255) {
526
+                 BIO_printf(bio_err, "invalid IP address\n");
527
+                 goto err;
528
+             }
529
+-        ip[0] = in[0];
530
+-        ip[1] = in[1];
531
+-        ip[2] = in[2];
532
+-        ip[3] = in[3];
533
+-    } else {                    /* do a gethostbyname */
534
++	l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
535
++	memcpy(ip, &l, 4);
536
++	return 1;
537
++    }
538
++# if OPENSSL_USE_IPV6
539
++    else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
540
++	return 1;
541
++# endif
542
++    else {                    /* do a gethostbyname */
543
+         struct hostent *he;
544
+ 
545
+         if (!ssl_sock_init())
546
+             return (0);
547
+ 
548
+-        he = GetHostByName(str);
549
++        he = GetHostByName(str, domain);
550
+         if (he == NULL) {
551
+             BIO_printf(bio_err, "gethostbyname failure\n");
552
+             goto err;
553
+         }
554
+         /* cast to short because of win16 winsock definition */
555
+-        if ((short)he->h_addrtype != AF_INET) {
556
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
557
++        if ((short)he->h_addrtype != domain) {
558
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
559
+             return (0);
560
+         }
561
+-        ip[0] = he->h_addr_list[0][0];
562
+-        ip[1] = he->h_addr_list[0][1];
563
+-        ip[2] = he->h_addr_list[0][2];
564
+-        ip[3] = he->h_addr_list[0][3];
565
++	if (domain == AF_INET)
566
++	    memset(ip, 0, 4);
567
++# if OPENSSL_USE_IPV6
568
++	else
569
++	    memset(ip, 0, 16);
570
++# endif
571
++	memcpy(ip, he->h_addr_list[0], he->h_length);
572
++	return 1;
573
+     }
574
+-    return (1);
575
+  err:
576
+     return (0);
577
+ }
578
+@@ -573,7 +680,7 @@
579
+ static unsigned long ghbn_hits = 0L;
580
+ static unsigned long ghbn_miss = 0L;
581
+ 
582
+-static struct hostent *GetHostByName(char *name)
583
++static struct hostent *GetHostByName(char *name, int domain)
584
+ {
585
+     struct hostent *ret;
586
+     int i, lowi = 0;
587
+@@ -585,13 +692,18 @@
588
+             lowi = i;
589
+         }
590
+         if (ghbn_cache[i].order > 0) {
591
+-            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
592
++            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
593
+                 break;
594
+         }
595
+     }
596
+     if (i == GHBN_NUM) {        /* no hit */
597
+         ghbn_miss++;
598
+-        ret = gethostbyname(name);
599
++        if (domain == AF_INET)
600
++    	    ret = gethostbyname(name);
601
++# if OPENSSL_USE_IPV6
602
++	else
603
++	    ret = gethostbyname2(name, AF_INET6);
604
++# endif
605
+         if (ret == NULL)
606
+             return (NULL);
607
+         /* else add to cache */
0 608
new file mode 100644
... ...
@@ -0,0 +1,354 @@
1
+http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
2
+
3
+--- a/Makefile.org
4
+@@ -247,17 +247,17 @@
5
+ build_libs: build_crypto build_ssl build_engines
6
+ 
7
+ build_crypto:
8
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
9
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
10
+-build_ssl:
11
++build_ssl: build_crypto
12
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
13
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
14
+-build_engines:
15
++build_engines: build_crypto
16
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
17
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
18
+-build_apps:
19
++build_apps: build_libs
20
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
21
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
22
+-build_tests:
23
++build_tests: build_libs
24
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
25
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
26
+-build_tools:
27
++build_tools: build_libs
28
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
29
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
30
+ 
31
+ all_testapps: build_libs build_testapps
32
+ build_testapps:
33
+@@ -497,9 +497,9 @@
34
+ dist_pem_h:
35
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
36
+ 
37
+-install: all install_docs install_sw
38
++install: install_docs install_sw
39
+ 
40
+-install_sw:
41
++install_dirs:
42
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
43
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
44
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
45
+@@ -508,6 +508,13 @@
46
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
47
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
48
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
49
++	@$(PERL) $(TOP)/util/mkdir-p.pl \
50
++		$(INSTALL_PREFIX)$(MANDIR)/man1 \
51
++		$(INSTALL_PREFIX)$(MANDIR)/man3 \
52
++		$(INSTALL_PREFIX)$(MANDIR)/man5 \
53
++		$(INSTALL_PREFIX)$(MANDIR)/man7
54
++
55
++install_sw: install_dirs
56
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
57
+ 	do \
58
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
59
+@@ -511,7 +511,7 @@
60
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
61
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
62
+ 	done;
63
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
64
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
65
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
66
+ 	do \
67
+ 		if [ -f "$$i" ]; then \
68
+@@ -593,12 +600,7 @@
69
+ 		done; \
70
+ 	done
71
+ 
72
+-install_docs:
73
+-	@$(PERL) $(TOP)/util/mkdir-p.pl \
74
+-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
75
+-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
76
+-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
77
+-		$(INSTALL_PREFIX)$(MANDIR)/man7
78
++install_docs: install_dirs
79
+ 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
80
+ 	here="`pwd`"; \
81
+ 	filecase=; \
82
+--- a/Makefile.shared
83
+@@ -105,6 +105,7 @@ LINK_SO=	\
84
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
85
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
86
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
87
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
88
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
89
+     $${SHAREDCMD} $${SHAREDFLAGS} \
90
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
91
+@@ -122,6 +124,7 @@ SYMLINK_SO=	\
92
+ 			done; \
93
+ 		fi; \
94
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
95
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
96
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
97
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
98
+ 		fi; \
99
+--- a/crypto/Makefile
100
+@@ -85,11 +85,11 @@
101
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
102
+ 
103
+ subdirs:
104
+-	@target=all; $(RECURSIVE_MAKE)
105
++	+@target=all; $(RECURSIVE_MAKE)
106
+ 
107
+ files:
108
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
109
+-	@target=files; $(RECURSIVE_MAKE)
110
++	+@target=files; $(RECURSIVE_MAKE)
111
+ 
112
+ links:
113
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
114
+@@ -100,7 +100,7 @@
115
+ # lib: $(LIB): are splitted to avoid end-less loop
116
+ lib:	$(LIB)
117
+ 	@touch lib
118
+-$(LIB):	$(LIBOBJ)
119
++$(LIB):	$(LIBOBJ) | subdirs
120
+ 	$(AR) $(LIB) $(LIBOBJ)
121
+ 	$(RANLIB) $(LIB) || echo Never mind.
122
+ 
123
+@@ -110,7 +110,7 @@
124
+ 	fi
125
+ 
126
+ libs:
127
+-	@target=lib; $(RECURSIVE_MAKE)
128
++	+@target=lib; $(RECURSIVE_MAKE)
129
+ 
130
+ install:
131
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
132
+@@ -119,7 +119,7 @@
133
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
134
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
135
+ 	done;
136
+-	@target=install; $(RECURSIVE_MAKE)
137
++	+@target=install; $(RECURSIVE_MAKE)
138
+ 
139
+ lint:
140
+ 	@target=lint; $(RECURSIVE_MAKE)
141
+--- a/engines/Makefile
142
+@@ -72,7 +72,7 @@
143
+ 
144
+ all:	lib subdirs
145
+ 
146
+-lib:	$(LIBOBJ)
147
++lib:	$(LIBOBJ) | subdirs
148
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
149
+ 		set -e; \
150
+ 		for l in $(LIBNAMES); do \
151
+@@ -89,7 +89,7 @@
152
+ 
153
+ subdirs:
154
+ 	echo $(EDIRS)
155
+-	@target=all; $(RECURSIVE_MAKE)
156
++	+@target=all; $(RECURSIVE_MAKE)
157
+ 
158
+ files:
159
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
160
+@@ -128,7 +128,7 @@
161
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
162
+ 		done; \
163
+ 	fi
164
+-	@target=install; $(RECURSIVE_MAKE)
165
++	+@target=install; $(RECURSIVE_MAKE)
166
+ 
167
+ tags:
168
+ 	ctags $(SRC)
169
+--- a/test/Makefile
170
+@@ -123,7 +123,7 @@
171
+ tags:
172
+ 	ctags $(SRC)
173
+ 
174
+-tests:	exe apps $(TESTS)
175
++tests:	exe $(TESTS)
176
+ 
177
+ apps:
178
+ 	@(cd ..; $(MAKE) DIRS=apps all)
179
+@@ -365,109 +365,109 @@
180
+ 		link_app.$${shlib_target}
181
+ 
182
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
183
+-	@target=$(RSATEST); $(BUILD_CMD)
184
++	+@target=$(RSATEST); $(BUILD_CMD)
185
+ 
186
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
187
+-	@target=$(BNTEST); $(BUILD_CMD)
188
++	+@target=$(BNTEST); $(BUILD_CMD)
189
+ 
190
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
191
+-	@target=$(ECTEST); $(BUILD_CMD)
192
++	+@target=$(ECTEST); $(BUILD_CMD)
193
+ 
194
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
195
+-	@target=$(EXPTEST); $(BUILD_CMD)
196
++	+@target=$(EXPTEST); $(BUILD_CMD)
197
+ 
198
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
199
+-	@target=$(IDEATEST); $(BUILD_CMD)
200
++	+@target=$(IDEATEST); $(BUILD_CMD)
201
+ 
202
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
203
+-	@target=$(MD2TEST); $(BUILD_CMD)
204
++	+@target=$(MD2TEST); $(BUILD_CMD)
205
+ 
206
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
207
+-	@target=$(SHATEST); $(BUILD_CMD)
208
++	+@target=$(SHATEST); $(BUILD_CMD)
209
+ 
210
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
211
+-	@target=$(SHA1TEST); $(BUILD_CMD)
212
++	+@target=$(SHA1TEST); $(BUILD_CMD)
213
+ 
214
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
215
+-	@target=$(SHA256TEST); $(BUILD_CMD)
216
++	+@target=$(SHA256TEST); $(BUILD_CMD)
217
+ 
218
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
219
+-	@target=$(SHA512TEST); $(BUILD_CMD)
220
++	+@target=$(SHA512TEST); $(BUILD_CMD)
221
+ 
222
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
223
+-	@target=$(RMDTEST); $(BUILD_CMD)
224
++	+@target=$(RMDTEST); $(BUILD_CMD)
225
+ 
226
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
227
+-	@target=$(MDC2TEST); $(BUILD_CMD)
228
++	+@target=$(MDC2TEST); $(BUILD_CMD)
229
+ 
230
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
231
+-	@target=$(MD4TEST); $(BUILD_CMD)
232
++	+@target=$(MD4TEST); $(BUILD_CMD)
233
+ 
234
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
235
+-	@target=$(MD5TEST); $(BUILD_CMD)
236
++	+@target=$(MD5TEST); $(BUILD_CMD)
237
+ 
238
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
239
+-	@target=$(HMACTEST); $(BUILD_CMD)
240
++	+@target=$(HMACTEST); $(BUILD_CMD)
241
+ 
242
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
243
+-	@target=$(WPTEST); $(BUILD_CMD)
244
++	+@target=$(WPTEST); $(BUILD_CMD)
245
+ 
246
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
247
+-	@target=$(RC2TEST); $(BUILD_CMD)
248
++	+@target=$(RC2TEST); $(BUILD_CMD)
249
+ 
250
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
251
+-	@target=$(BFTEST); $(BUILD_CMD)
252
++	+@target=$(BFTEST); $(BUILD_CMD)
253
+ 
254
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
255
+-	@target=$(CASTTEST); $(BUILD_CMD)
256
++	+@target=$(CASTTEST); $(BUILD_CMD)
257
+ 
258
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
259
+-	@target=$(RC4TEST); $(BUILD_CMD)
260
++	+@target=$(RC4TEST); $(BUILD_CMD)
261
+ 
262
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
263
+-	@target=$(RC5TEST); $(BUILD_CMD)
264
++	+@target=$(RC5TEST); $(BUILD_CMD)
265
+ 
266
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
267
+-	@target=$(DESTEST); $(BUILD_CMD)
268
++	+@target=$(DESTEST); $(BUILD_CMD)
269
+ 
270
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
271
+-	@target=$(RANDTEST); $(BUILD_CMD)
272
++	+@target=$(RANDTEST); $(BUILD_CMD)
273
+ 
274
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
275
+-	@target=$(DHTEST); $(BUILD_CMD)
276
++	+@target=$(DHTEST); $(BUILD_CMD)
277
+ 
278
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
279
+-	@target=$(DSATEST); $(BUILD_CMD)
280
++	+@target=$(DSATEST); $(BUILD_CMD)
281
+ 
282
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
283
+-	@target=$(METHTEST); $(BUILD_CMD)
284
++	+@target=$(METHTEST); $(BUILD_CMD)
285
+ 
286
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
287
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
288
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
289
+ 
290
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
291
+-	@target=$(ENGINETEST); $(BUILD_CMD)
292
++	+@target=$(ENGINETEST); $(BUILD_CMD)
293
+ 
294
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
295
+-	@target=$(EVPTEST); $(BUILD_CMD)
296
++	+@target=$(EVPTEST); $(BUILD_CMD)
297
+ 
298
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
299
+-	@target=$(ECDSATEST); $(BUILD_CMD)
300
++	+@target=$(ECDSATEST); $(BUILD_CMD)
301
+ 
302
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
303
+-	@target=$(ECDHTEST); $(BUILD_CMD)
304
++	+@target=$(ECDHTEST); $(BUILD_CMD)
305
+ 
306
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
307
+-	@target=$(IGETEST); $(BUILD_CMD)
308
++	+@target=$(IGETEST); $(BUILD_CMD)
309
+ 
310
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
311
+-	@target=$(JPAKETEST); $(BUILD_CMD)
312
++	+@target=$(JPAKETEST); $(BUILD_CMD)
313
+ 
314
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
315
+-	@target=$(ASN1TEST); $(BUILD_CMD)
316
++	+@target=$(ASN1TEST); $(BUILD_CMD)
317
+ 
318
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
319
+-	@target=$(SRPTEST); $(BUILD_CMD)
320
++	+@target=$(SRPTEST); $(BUILD_CMD)
321
+ 
322
+ #$(AESTEST).o: $(AESTEST).c
323
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
324
+@@ -480,7 +480,7 @@
325
+ #	fi
326
+ 
327
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
328
+-	@target=dummytest; $(BUILD_CMD)
329
++	+@target=dummytest; $(BUILD_CMD)
330
+ 
331
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
332
+ 
333
+--- a/crypto/objects/Makefile
334
+@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
335
+ # objects.pl both reads and writes obj_mac.num
336
+ obj_mac.h: objects.pl objects.txt obj_mac.num
337
+ 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
338
+-	@sleep 1; touch obj_mac.h; sleep 1
339
+ 
340
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
341
++# This doesn't really need obj_mac.h, but since that rule reads & writes
342
++# obj_mac.num, we can't run in parallel with it.
343
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
344
+ 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
345
+-	@sleep 1; touch obj_xref.h; sleep 1
346
+ 
347
+ files:
348
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
0 349
new file mode 100644
... ...
@@ -0,0 +1,17 @@
1
+https://bugs.gentoo.org/472584
2
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
3
+
4
+fix verification handling in s_client.  when loading paths, make sure
5
+we properly fallback to setting the default paths.
6
+
7
+--- openssl-1.0.2/apps/s_client.c
8
+@@ -1337,7 +1337,7 @@
9
+ 
10
+     SSL_CTX_set_verify(ctx, verify, verify_callback);
11
+ 
12
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
13
++    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
14
+         (!SSL_CTX_set_default_verify_paths(ctx))) {
15
+         /*
16
+          * BIO_printf(bio_err,"error setting default verify locations\n");