From f398f615b6df385aec2b3553310cc237b29e068a Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 4 Jan 2020 20:08:32 -0700 Subject: * The feature that stopped alpine from saving passwords in the password file prevented users from actually saving their passwords in Windows and MAC OS. Fix the code so that passwords will be saved. Also, update the documentation of this feature. * Fix a buffer overflow bug in the XOAUTH2 code (off by one error). * Update PC-Alpine to work with Libressl version 3.0.2 instead of version 2.5.5 (update build.bat and lib files from the LibreSSL build). * Erase SSLXXXXXX file. * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c. The file ssl_libressl.c is the file ssl_unix.c from the unix osdep directory. The file ssl_win.c is the native SSL windows code. The Unix side provides S/MIME support for Alpine and the latest encryption protocols support for Alpine when connecting to a secure server, while the windows side provide TLSv1_3 support for Alpine, but not S/MIME support. In order to provide unix code for TLSv1_3 (once LibreSSL supports it) edit the file os_nt.c and remove the comments on the #ifdef section. This would provide both TLSv1_3 and S/MIME support with unix code. On the other hand, when we provide TLSv1_3 with the Windows code we need to undefine DF_ENCRYPTION_RANGE, and this is done in the file include/config.wnt.h. The way this is done as of this moment is by commenting an #else directive that preceedes this #undefine. * Update makefile.nt and friends in the windows side to account for the addition of XOAUTH2, and the use of only ssl_nt.c when dealing with Alpine. * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these certificates be considered while checking a digital S/MIME signature. * Improvements to the SMARTTIME24 token to account for changes in year. --- libressl/include/openssl/ts.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'libressl/include/openssl/ts.h') diff --git a/libressl/include/openssl/ts.h b/libressl/include/openssl/ts.h index a8d2281b..fa8eb949 100644 --- a/libressl/include/openssl/ts.h +++ b/libressl/include/openssl/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.8 2016/12/27 16:05:57 jsing Exp $ */ +/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -365,7 +365,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); -int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); @@ -378,7 +378,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); void TS_REQ_ext_free(TS_REQ *a); int TS_REQ_get_ext_count(TS_REQ *a); int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); -int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); @@ -439,7 +439,8 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); void TS_TST_INFO_ext_free(TS_TST_INFO *a); int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); -int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); @@ -524,14 +525,14 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); /* This parameter must be set. */ -int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); /* No additional certs are included in the response by default. */ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); /* Adds a new acceptable policy, only the default policy is accepted by default. */ -int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); /* Adds a new acceptable message digest. Note that no message digests are accepted by default. The md argument is shared with the caller. */ -- cgit v1.2.3-70-g09d2