From 4837a9ce399d751d3d4a1b4cf23173380fbc0ea2 Mon Sep 17 00:00:00 2001 From: Tilman Sauerbeck Date: Fri, 12 Oct 2007 11:29:41 +0200 Subject: [PATCH] openssl: updated to 0.9.8f. --- openssl/.footprint | 1 - openssl/.md5sum | 5 +- openssl/CVE-2007-3108.patch | 126 --------------- openssl/CVE-2007-5135.patch | 46 ------ openssl/Pkgfile | 11 +- openssl/openssl-0.9.8-gcc42.patch | 261 ------------------------------ 6 files changed, 4 insertions(+), 446 deletions(-) delete mode 100644 openssl/CVE-2007-3108.patch delete mode 100644 openssl/CVE-2007-5135.patch delete mode 100644 openssl/openssl-0.9.8-gcc42.patch diff --git a/openssl/.footprint b/openssl/.footprint index de384e1e..e0b7a389 100644 --- a/openssl/.footprint +++ b/openssl/.footprint @@ -1118,5 +1118,4 @@ drwxr-xr-x root/root usr/man/man5/ -rw-r--r-- root/root usr/man/man5/config.5ssl.gz -rw-r--r-- root/root usr/man/man5/x509v3_config.5ssl.gz drwxr-xr-x root/root usr/man/man7/ -lrwxrwxrwx root/root usr/man/man7/Modes_of_DES.7ssl.gz -> des_modes.7ssl.gz -rw-r--r-- root/root usr/man/man7/des_modes.7ssl.gz diff --git a/openssl/.md5sum b/openssl/.md5sum index e04c40fa..5bb506cc 100644 --- a/openssl/.md5sum +++ b/openssl/.md5sum @@ -1,6 +1,3 @@ -30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch -21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch 9d0df57845af8acd1027a7df5c18d017 mksslcert.sh -3cbccf8f5d7ce488a306fb9029512b80 openssl-0.9.8-gcc42.patch 58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch -3a7ff24f6ea5cd711984722ad654b927 openssl-0.9.8e.tar.gz +114bf908eb1b293d11d3e6b18a09269f openssl-0.9.8f.tar.gz diff --git a/openssl/CVE-2007-3108.patch b/openssl/CVE-2007-3108.patch deleted file mode 100644 index abf01966..00000000 --- a/openssl/CVE-2007-3108.patch +++ /dev/null @@ -1,126 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -- --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200 -+++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200 -@@ -176,7 +176,6 @@ - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; -- - if (bn_wexpand(ret,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; -@@ -228,19 +227,70 @@ - } - bn_correct_top(r); - -- - /* mont->ri will be a multiple of the word size */ -- -#if 0 -- - BN_rshift(ret,r,mont->ri); -- -#else -- - ret->neg = r->neg; -- - x=ri; -+ /* mont->ri will be a multiple of the word size and below code -+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */ -+ if (r->top <= ri) -+ { -+ ret->top=0; -+ retn=1; -+ goto err; -+ } -+ al=r->top-ri; -+ -+# define BRANCH_FREE 1 -+# if BRANCH_FREE -+ if (bn_wexpand(ret,ri) == NULL) goto err; -+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1); -+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ -+ ret->neg=r->neg; -+ - rp=ret->d; -- - ap= &(r->d[x]); -- - if (r->top < x) -- - al=0; -- - else -- - al=r->top-x; -+ ap=&(r->d[ri]); -+ -+ { -+ size_t m1,m2; -+ -+ v=bn_sub_words(rp,ap,np,ri); -+ /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ -+ /* in other words if subtraction result is real, then -+ * trick unconditional memcpy below to perform in-place -+ * "refresh" instead of actual copy. */ -+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ -+ m1|=m2; /* (al!=ri) */ -+ m1|=(0-(size_t)v); /* (al!=ri || v) */ -+ m1&=~m2; /* (al!=ri || v) && !al>ri */ -+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); -+ } -+ -+ /* 'itop=al; -+ ret->neg=r->neg; -+ -+ rp=ret->d; -+ ap=&(r->d[ri]); - al-=4; - for (i=0; iri)) goto err; - #endif /* MONT_WORD */ - -+#if !defined(BRANCH_FREE) || BRANCH_FREE==0 - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - if (!BN_usub(ret,ret,&(mont->N))) goto err; - } -+#endif - retn=1; - bn_check_top(ret); - err: ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.5 (GNU/Linux) - -iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA -7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj -zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz -iBDdynBpa+s= -=aquq ------END PGP SIGNATURE----- diff --git a/openssl/CVE-2007-5135.patch b/openssl/CVE-2007-5135.patch deleted file mode 100644 index ed3b0fd5..00000000 --- a/openssl/CVE-2007-5135.patch +++ /dev/null @@ -1,46 +0,0 @@ -openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10 - ---- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9 -+++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10 -@@ -1210,7 +1210,6 @@ - char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { - char *p; -- const char *cp; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int i; -@@ -1223,20 +1222,21 @@ - sk=s->session->ciphers; - for (i=0; iname; *cp; ) -+ n=strlen(c->name); -+ if (n+1 > len) - { -- if (len-- <= 0) -- { -- *p='\0'; -- return(buf); -- } -- else -- *(p++)= *(cp++); -+ if (p != buf) -+ --p; -+ *p='\0'; -+ return buf; - } -+ strcpy(p,c->name); -+ p+=n; - *(p++)=':'; -+ len-=n+1; - } - p[-1]='\0'; - return(buf); - - diff --git a/openssl/Pkgfile b/openssl/Pkgfile index 26dce352..f072fbda 100644 --- a/openssl/Pkgfile +++ b/openssl/Pkgfile @@ -3,19 +3,14 @@ # Maintainer: CRUX System Team, core-ports at crux dot nu name=openssl -version=0.9.8e -release=3 +version=0.9.8f +release=1 source=(http://www.openssl.org/source/$name-$version.tar.gz \ - mksslcert.sh openssl-0.9.8b-parallel-build.patch \ - CVE-2007-3108.patch CVE-2007-5135.patch \ - openssl-0.9.8-gcc42.patch) + mksslcert.sh openssl-0.9.8b-parallel-build.patch) build() { cd $name-$version - patch -p1 -i $SRC/CVE-2007-3108.patch - patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch - patch -p0 -i $SRC/openssl-0.9.8-gcc42.patch ./config --prefix=/usr --openssldir=/etc/ssl shared make make INSTALL_PREFIX=$PKG MANDIR=/usr/man MANSUFFIX=ssl install diff --git a/openssl/openssl-0.9.8-gcc42.patch b/openssl/openssl-0.9.8-gcc42.patch deleted file mode 100644 index 5691aae2..00000000 --- a/openssl/openssl-0.9.8-gcc42.patch +++ /dev/null @@ -1,261 +0,0 @@ -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429740 - ---- crypto/asn1/asn1.h~ 2007-04-14 19:00:19.000000000 +0100 -+++ crypto/asn1/asn1.h 2007-05-16 14:48:27.000000000 +0100 -@@ -329,6 +329,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; - #define I2D_OF(type) int (*)(type *,unsigned char **) - #define I2D_OF_const(type) int (*)(const type *,unsigned char **) - -+#define CHECKED_D2I_OF(type, d2i) \ -+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) -+#define CHECKED_I2D_OF(type, i2d) \ -+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) -+#define CHECKED_NEW_OF(type, xnew) \ -+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) -+#define CHECKED_PTR_OF(type, p) \ -+ ((void*) (1 ? p : (type*)0)) -+#define CHECKED_PPTR_OF(type, p) \ -+ ((void**) (1 ? p : (type**)0)) -+ - #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) - #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) - #define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) -@@ -914,23 +925,41 @@ int ASN1_object_size(int constructed, in - - /* Used to implement other functions */ - void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); -+ - #define ASN1_dup_of(type,i2d,d2i,x) \ -- ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) -+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_dup_of_const(type,i2d,d2i,x) \ -- ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x) -+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ CHECKED_PTR_OF(const type, x))) - - void *ASN1_item_dup(const ASN1_ITEM *it, void *x); - - #ifndef OPENSSL_NO_FP_API - void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); -+ - #define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ -- ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x) -+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) -+ - void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); - int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); -+ - #define ASN1_i2d_fp_of(type,i2d,out,x) \ -- ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) -+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_i2d_fp_of_const(type,i2d,out,x) \ -- ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x) -+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(const type, x))) -+ - int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); - int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); - #endif -@@ -939,14 +968,26 @@ int ASN1_STRING_to_UTF8(unsigned char ** - - #ifndef OPENSSL_NO_BIO - void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); -+ - #define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ -- ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x) -+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ -+ CHECKED_D2I_OF(type, d2i), \ -+ in, \ -+ CHECKED_PPTR_OF(type, x))) -+ - void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); - int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); -+ - #define ASN1_i2d_bio_of(type,i2d,out,x) \ -- ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) -+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(type, x))) -+ - #define ASN1_i2d_bio_of_const(type,i2d,out,x) \ -- ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x) -+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ -+ out, \ -+ CHECKED_PTR_OF(const type, x))) -+ - int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); - int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); - int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); -@@ -983,8 +1024,12 @@ void *ASN1_unpack_string(ASN1_STRING *oc - void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); - ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, - ASN1_OCTET_STRING **oct); -+ - #define ASN1_pack_string_of(type,obj,i2d,oct) \ -- ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct) -+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ -+ CHECKED_I2D_OF(type, i2d), \ -+ oct)) -+ - ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); - - void ASN1_STRING_set_default_mask(unsigned long mask); ---- crypto/pem/pem.h~ 2007-04-05 18:00:52.000000000 +0100 -+++ crypto/pem/pem.h 2007-05-16 14:48:42.000000000 +0100 -@@ -221,19 +221,28 @@ typedef struct pem_ctx_st - #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ - type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ - { \ --return(((type *(*)(D2I_OF(type),char *,FILE *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read))(d2i_##asn1, str,fp,x,cb,u)); \ -+ return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ -+ str, fp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ - } - - #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, type *x) \ - { \ --return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ - int PEM_write_##name(FILE *fp, const type *x) \ - { \ --return(((int (*)(I2D_OF_const(type),const char *,FILE *, const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ -@@ -241,7 +250,10 @@ int PEM_write_##name(FILE *fp, type *x, - unsigned char *kstr, int klen, pem_password_cb *cb, \ - void *u) \ - { \ -- return(((int (*)(I2D_OF(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ -@@ -249,7 +261,10 @@ int PEM_write_##name(FILE *fp, type *x, - unsigned char *kstr, int klen, pem_password_cb *cb, \ - void *u) \ - { \ -- return(((int (*)(I2D_OF_const(type),const char *,FILE *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write))(i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, fp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #endif -@@ -257,33 +272,48 @@ int PEM_write_##name(FILE *fp, type *x, - #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ - { \ --return(((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i_##asn1, str,bp,x,cb,u)); \ -+ return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ -+ str, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u); \ - } - - #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x) \ - { \ --return(((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, const type *x) \ - { \ --return(((int (*)(I2D_OF_const(type),const char *,BIO *,const type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ NULL, NULL, 0, NULL, NULL); \ - } - - #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ - { \ -- return(((int (*)(I2D_OF(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ - int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ - unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ - { \ -- return(((int (*)(I2D_OF_const(type),const char *,BIO *,type *,const EVP_CIPHER *,unsigned char *,int,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u)); \ -+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ -+ str, bp, \ -+ CHECKED_PTR_OF(const type, x), \ -+ enc, kstr, klen, cb, u); \ - } - - #define IMPLEMENT_PEM_write(name, type, str, asn1) \ -@@ -414,13 +444,22 @@ int PEM_bytes_read_bio(unsigned char **p - pem_password_cb *cb, void *u); - void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, - void **x, pem_password_cb *cb, void *u); -+ - #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ --((type *(*)(D2I_OF(type),const char *,BIO *,type **,pem_password_cb *,void *))openssl_fcast(PEM_ASN1_read_bio))(d2i,name,bp,x,cb,u) -+ ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ -+ name, bp, \ -+ CHECKED_PPTR_OF(type, x), \ -+ cb, u)) -+ - int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *cb, void *u); -+ - #define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ -- ((int (*)(I2D_OF(type),const char *,BIO *,type *, const EVP_CIPHER *,unsigned char *,int, pem_password_cb *,void *))openssl_fcast(PEM_ASN1_write_bio))(i2d,name,bp,x,enc,kstr,klen,cb,u) -+ (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ -+ name, bp, \ -+ CHECKED_PTR_OF(type, x), \ -+ enc, kstr, klen, cb, u)) - - STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); - int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, ---- crypto/ocsp/ocsp.h -+++ crypto/ocsp/ocsp.h -@@ -469,7 +469,7 @@ - ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, - void *data, STACK_OF(ASN1_OBJECT) *sk); - #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ --((ASN1_STRING *(*)(ASN1_STRING *,I2D_OF(type),type *,STACK_OF(ASN1_OBJECT) *))openssl_fcast(ASN1_STRING_encode))(s,i2d,data,sk) -+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) - - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); -