ports/core
4
3
Fork 0
Code Issues Pull Requests Activity

openssl: updated to 0.9.8f.

Browse Source
This commit is contained in:
Tilman Sauerbeck 2007-10-12 11:29:41 +02:00
parent a46afd4652
commit 4837a9ce39
6 changed files with 4 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssl/.footprint
View File

@ -1118,5 +1118,4 @@ drwxr-xr-x root/root usr/man/man5/
-rw-r--r-- root/root usr/man/man5/config.5ssl.gz
-rw-r--r-- root/root usr/man/man5/x509v3_config.5ssl.gz
drwxr-xr-x root/root usr/man/man7/
lrwxrwxrwx root/root usr/man/man7/Modes_of_DES.7ssl.gz -> des_modes.7ssl.gz
-rw-r--r-- root/root usr/man/man7/des_modes.7ssl.gz

5
openssl/.md5sum
View File

@ -1,6 +1,3 @@
30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch
21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch
9d0df57845af8acd1027a7df5c18d017 mksslcert.sh
3cbccf8f5d7ce488a306fb9029512b80 openssl-0.9.8-gcc42.patch
58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch
3a7ff24f6ea5cd711984722ad654b927 openssl-0.9.8e.tar.gz
114bf908eb1b293d11d3e6b18a09269f openssl-0.9.8f.tar.gz

126
openssl/CVE-2007-3108.patch
View File

@ -1,126 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200
+++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200
@@ -176,7 +176,6 @@
max=(nl+al+1); /* allow for overflow (no?) XXX */
if (bn_wexpand(r,max) == NULL) goto err;
- - if (bn_wexpand(ret,max) == NULL) goto err;
r->neg=a->neg^n->neg;
np=n->d;
@@ -228,19 +227,70 @@
}
bn_correct_top(r);
- - /* mont->ri will be a multiple of the word size */
- -#if 0
- - BN_rshift(ret,r,mont->ri);
- -#else
- - ret->neg = r->neg;
- - x=ri;
+ /* mont->ri will be a multiple of the word size and below code
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
+ if (r->top <= ri)
+ {
+ ret->top=0;
+ retn=1;
+ goto err;
+ }
+ al=r->top-ri;
+
+# define BRANCH_FREE 1
+# if BRANCH_FREE
+ if (bn_wexpand(ret,ri) == NULL) goto err;
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
+ ret->neg=r->neg;
+
rp=ret->d;
- - ap= &(r->d[x]);
- - if (r->top < x)
- - al=0;
- - else
- - al=r->top-x;
+ ap=&(r->d[ri]);
+
+ {
+ size_t m1,m2;
+
+ v=bn_sub_words(rp,ap,np,ri);
+ /* this ----------------^^ works even in al<ri case
+ * thanks to zealous zeroing of top of the vector in the
+ * beginning. */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /* in other words if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
+ m1|=m2; /* (al!=ri) */
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+ }
+
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
+ * though it results in redundant copy in al<ri case. */
+ for (i=0,ri-=4; i<ri; i+=4)
+ {
+ BN_ULONG t1,t2,t3,t4;
+
+ t1=nrp[i+0];
+ t2=nrp[i+1];
+ t3=nrp[i+2]; ap[i+0]=0;
+ t4=nrp[i+3]; ap[i+1]=0;
+ rp[i+0]=t1; ap[i+2]=0;
+ rp[i+1]=t2; ap[i+3]=0;
+ rp[i+2]=t3;
+ rp[i+3]=t4;
+ }
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
+# else
+ if (bn_wexpand(ret,al) == NULL) goto err;
ret->top=al;
+ ret->neg=r->neg;
+
+ rp=ret->d;
+ ap=&(r->d[ri]);
al-=4;
for (i=0; i<al; i+=4)
{
@@ -258,7 +308,7 @@
al+=4;
for (; i<al; i++)
rp[i]=ap[i];
- -#endif
+# endif
#else /* !MONT_WORD */
BIGNUM *t1,*t2;
@@ -278,10 +328,12 @@
if (!BN_rshift(ret,t2,mont->ri)) goto err;
#endif /* MONT_WORD */
+#if !defined(BRANCH_FREE) || BRANCH_FREE==0
if (BN_ucmp(ret, &(mont->N)) >= 0)
{
if (!BN_usub(ret,ret,&(mont->N))) goto err;
}
+#endif
retn=1;
bn_check_top(ret);
err:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA
7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj
zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz
iBDdynBpa+s=
=aquq
-----END PGP SIGNATURE-----

46
openssl/CVE-2007-5135.patch
View File

@ -1,46 +0,0 @@
openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10
--- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9
+++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10
@@ -1210,7 +1210,6 @@
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
{
char *p;
- const char *cp;
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int i;
@@ -1223,20 +1222,21 @@
sk=s->session->ciphers;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- /* Decrement for either the ':' or a '\0' */
- len--;
+ int n;
+
c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
+ n=strlen(c->name);
+ if (n+1 > len)
{
- if (len-- <= 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
+ if (p != buf)
+ --p;
+ *p='\0';
+ return buf;
}
+ strcpy(p,c->name);
+ p+=n;
*(p++)=':';
+ len-=n+1;
}
p[-1]='\0';
return(buf);

11
openssl/Pkgfile
View File

@ -3,19 +3,14 @@
# Maintainer: CRUX System Team, core-ports at crux dot nu
name=openssl
version=0.9.8e
release=3
version=0.9.8f
release=1
source=(http://www.openssl.org/source/$name-$version.tar.gz \
mksslcert.sh openssl-0.9.8b-parallel-build.patch \
CVE-2007-3108.patch CVE-2007-5135.patch \
openssl-0.9.8-gcc42.patch)
mksslcert.sh openssl-0.9.8b-parallel-build.patch)
build() {
cd $name-$version
patch -p1 -i $SRC/CVE-2007-3108.patch
patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch
patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch
patch -p0 -i $SRC/openssl-0.9.8-gcc42.patch
./config --prefix=/usr --openssldir=/etc/ssl shared
make
make INSTALL_PREFIX=$PKG MANDIR=/usr/man MANSUFFIX=ssl install

261
openssl/openssl-0.9.8-gcc42.patch
View File

@ -1,261 +0,0 @@
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429740
--- crypto/asn1/asn1.h~ 2007-04-14 19:00:19.000000000 +0100
+++ crypto/asn1/asn1.h 2007-05-16 14:48:27.000000000 +0100
@@ -329,6 +329,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
#define I2D_OF(type) int (*)(type *,unsigned char **)
#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+#define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+
#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
@@ -914,23 +925,41 @@ int ASN1_object_size(int constructed, in
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
#define ASN1_dup_of(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_dup_of_const(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
#ifndef OPENSSL_NO_FP_API
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
#define ASN1_i2d_fp_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
@@ -939,14 +968,26 @@ int ASN1_STRING_to_UTF8(unsigned char **
#ifndef OPENSSL_NO_BIO
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
#define ASN1_i2d_bio_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
@@ -983,8 +1024,12 @@ void *ASN1_unpack_string(ASN1_STRING *oc
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
ASN1_OCTET_STRING **oct);
+
#define ASN1_pack_string_of(type,obj,i2d,oct) \
- ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct)
+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+ CHECKED_I2D_OF(type, i2d), \
+ oct))
+
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask);
--- crypto/pem/pem.h~ 2007-04-05 18:00:52.000000000 +0100
+++ crypto/pem/pem.h 2007-05-16 14:48:42.000000000 +0100
@@ -221,19 +221,28 @@ typedef struct pem_ctx_st
#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
{ \
-return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \
+ return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, fp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
}
#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, type *x) \
{ \
-return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
int PEM_write_##name(FILE *fp, const type *x) \
{ \
-return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -241,7 +250,10 @@ int PEM_write_##name(FILE *fp, type *x,
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
- return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@@ -249,7 +261,10 @@ int PEM_write_##name(FILE *fp, type *x,
unsigned char *kstr, int klen, pem_password_cb *cb, \
void *u) \
{ \
- return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
}
#endif
@@ -257,33 +272,48 @@ int PEM_write_##name(FILE *fp, type *x,
#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
{ \
-return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \
+ return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
}
#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x) \
{ \
-return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, const type *x) \
{ \
-return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
}
#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
- return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
{ \
- return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
}
#define IMPLEMENT_PEM_write(name, type, str, asn1) \
@@ -414,13 +444,22 @@ int PEM_bytes_read_bio(unsigned char **p
pem_password_cb *cb, void *u);
void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
void **x, pem_password_cb *cb, void *u);
+
#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
-((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u)
+ ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
+ name, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u))
+
int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
const EVP_CIPHER *enc,unsigned char *kstr,int klen,
pem_password_cb *cb, void *u);
+
#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
- ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u)
+ (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
+ name, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u))
STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
--- crypto/ocsp/ocsp.h
+++ crypto/ocsp/ocsp.h
@@ -469,7 +469,7 @@
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
void *data, STACK_OF(ASN1_OBJECT) *sk);
#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk)
+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);