New upstream version 5.6.2

12 files changed, 28 insertions, 22 deletions

diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c
index ebcc5dbdf..f9591c1a4 100644
--- a/src/libstrongswan/plugins/blowfish/bf_enc.c
+++ b/src/libstrongswan/plugins/blowfish/bf_enc.c
@@ -7,7 +7,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -32,7 +32,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h
index 1375a0aa9..e5f49280b 100644
--- a/src/libstrongswan/plugins/blowfish/bf_locl.h
+++ b/src/libstrongswan/plugins/blowfish/bf_locl.h
@@ -7,7 +7,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -32,7 +32,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h
index 79d23db6c..86c2ef366 100644
--- a/src/libstrongswan/plugins/blowfish/bf_pi.h
+++ b/src/libstrongswan/plugins/blowfish/bf_pi.h
@@ -7,7 +7,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -32,7 +32,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c
index ceec3b8d4..52a051890 100644
--- a/src/libstrongswan/plugins/blowfish/bf_skey.c
+++ b/src/libstrongswan/plugins/blowfish/bf_skey.c
@@ -7,7 +7,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -32,7 +32,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h
index 9aa30df4b..3c8f77a0f 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish.h
@@ -7,7 +7,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -32,7 +32,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index 1708e078d..6d8d1d709 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -6,7 +6,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -31,7 +31,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index d236bd429..cb5064d90 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -13,7 +13,7 @@
  * The implementation was written so as to conform with Netscapes SSL.
  *
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.
+ * the following conditions are adhered to.
  *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
@@ -34,7 +34,7 @@
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
@@ -309,7 +309,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 
 /* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * compiler and the architecture.  gcc2 always seems to do well :-).
  * Inspired by Dana How <how@isl.stanford.edu>
  * DO NOT use the alternative version on machines with 8 byte longs.
  * It does not seem to work on the Alpha, even when DES_LONG is 4
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index aca232c86..241ef7d3b 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -936,7 +936,12 @@ static bool calculate_pq(private_gmp_rsa_private_key_t *this)
 	bool success = FALSE;
 
 	gmp_randinit_default(rstate);
-	mpz_inits(k, r, g, y, n1, x, NULL);
+	mpz_init(k);
+	mpz_init(r);
+	mpz_init(g);
+	mpz_init(y);
+	mpz_init(n1);
+	mpz_init(x);
 	/* k = (d * e) - 1 */
 	mpz_mul(k, *this->d, this->e);
 	mpz_sub_ui(k, k, 1);
@@ -956,7 +961,7 @@ static bool calculate_pq(private_gmp_rsa_private_key_t *this)
 	{	/* generate random integer g in [0, n-1] */
 		mpz_urandomm(g, rstate, this->n);
 		/* y = g^r mod n */
-		mpz_powm_sec(y, g, r, this->n);
+		mpz_powm(y, g, r, this->n);
 		/* try again if y == 1 or y == n-1 */
 		if (mpz_cmp_ui(y, 1) == 0 || mpz_cmp(y, n1) == 0)
 		{
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c
index 28956d5fb..72b7e034c 100644
--- a/src/libstrongswan/plugins/newhope/newhope_ke.c
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@@ -246,7 +246,7 @@ static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b)
 }
 
 /**
- * Pack four 2-bit coefficents into one byte
+ * Pack four 2-bit coefficients into one byte
  */
 static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r)
 {
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
index ca6899786..efcd2b30a 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
@@ -202,7 +202,7 @@ pkcs7_attributes_t *pkcs7_attributes_create(void)
 }
 
 /**
- * ASN.1 definition of the X.501 atttribute type
+ * ASN.1 definition of the X.501 attribute type
  */
 static const asn1Object_t attributesObjects[] = {
 	{ 0, "attributes",		ASN1_SET,		ASN1_LOOP }, /* 0 */
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index 92a860615..156bd8656 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -76,7 +76,7 @@ struct plugin_loader_t {
 	 * If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to
 	 * load are determined via a load option in their respective plugin config
 	 * section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>.
-	 * The oder is determined by the configured priority.  If two plugins have
+	 * The order is determined by the configured priority.  If two plugins have
 	 * the same priority the order as seen in list is preserved.  Plugins not
 	 * found in list are loaded first, in alphabetical order.
 	 *
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 16ee0ecc7..1b68320df 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -444,7 +444,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 	enumerator_t *enumerator;
 	time_t revocation;
 	crl_reason_t reason;
-	chunk_t serial;
+	chunk_t subject_serial, serial;
 	crl_t *crl = (crl_t*)cand;
 
 	if (base)
@@ -473,10 +473,11 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 		return best;
 	}
 
+	subject_serial = chunk_skip_zero(subject->get_serial(subject));
 	enumerator = crl->create_enumerator(crl);
 	while (enumerator->enumerate(enumerator, &serial, &revocation, &reason))
 	{
-		if (chunk_equals(serial, subject->get_serial(subject)))
+		if (chunk_equals(subject_serial, chunk_skip_zero(serial)))
 		{
 			if (reason != CRL_REASON_CERTIFICATE_HOLD)
 			{