From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:23:00 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88ADBA3FE08; Thu, 3 Dec 2015 17:23:00 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F152710AB; Thu, 3 Dec 2015 17:22:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HMxYI075379; Thu, 3 Dec 2015 17:22:59 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HMwmK075374; Thu, 3 Dec 2015 17:22:58 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031722.tB3HMwmK075374@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:22:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291707 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/cms crypto/comp crypto/conf crypto/dh crypto/ds... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:23:00 -0000 Author: jkim Date: Thu Dec 3 17:22:58 2015 New Revision: 291707 URL: https://svnweb.freebsd.org/changeset/base/291707 Log: Import OpenSSL 1.0.2e. Added: vendor-crypto/openssl/dist/CONTRIBUTING vendor-crypto/openssl/dist/appveyor.yml vendor-crypto/openssl/dist/doc/dir-locals.example.el vendor-crypto/openssl/dist/doc/openssl-c-indent.el vendor-crypto/openssl/dist/doc/ssl/SSL_check_chain.pod vendor-crypto/openssl/dist/ssl/clienthellotest.c (contents, props changed) vendor-crypto/openssl/dist/util/toutf8.sh (contents, props changed) Deleted: vendor-crypto/openssl/dist/doc/openssl_button.gif vendor-crypto/openssl/dist/doc/openssl_button.html vendor-crypto/openssl/dist/util/pod2mantest Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FAQ vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/Makefile.org vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/Makefile vendor-crypto/openssl/dist/apps/app_rand.c vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/asn1pars.c vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/ecparam.c vendor-crypto/openssl/dist/apps/engine.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/pkcs12.c vendor-crypto/openssl/dist/apps/s_cb.c vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86.pl vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-ppc.pl vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c vendor-crypto/openssl/dist/crypto/asn1/x_x509.c vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c vendor-crypto/openssl/dist/crypto/bio/b_dump.c vendor-crypto/openssl/dist/crypto/bio/bss_file.c vendor-crypto/openssl/dist/crypto/bn/asm/armv4-gf2m.pl vendor-crypto/openssl/dist/crypto/bn/asm/ia64.S vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl vendor-crypto/openssl/dist/crypto/bn/asm/s390x-gf2m.pl vendor-crypto/openssl/dist/crypto/bn/asm/s390x.S vendor-crypto/openssl/dist/crypto/bn/asm/x86-gf2m.pl vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gf2m.pl vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c vendor-crypto/openssl/dist/crypto/bn/bn_mont.c vendor-crypto/openssl/dist/crypto/bn/bn_recp.c vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c vendor-crypto/openssl/dist/crypto/bn/bntest.c vendor-crypto/openssl/dist/crypto/bn/rsaz_exp.h vendor-crypto/openssl/dist/crypto/buffer/buf_str.c vendor-crypto/openssl/dist/crypto/buffer/buffer.h vendor-crypto/openssl/dist/crypto/cms/cms_enc.c vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c vendor-crypto/openssl/dist/crypto/cms/cms_sd.c vendor-crypto/openssl/dist/crypto/cms/cms_smime.c vendor-crypto/openssl/dist/crypto/comp/c_zlib.c vendor-crypto/openssl/dist/crypto/conf/conf_def.c vendor-crypto/openssl/dist/crypto/conf/conf_sap.c vendor-crypto/openssl/dist/crypto/cryptlib.c vendor-crypto/openssl/dist/crypto/dh/dh.h vendor-crypto/openssl/dist/crypto/dh/dhtest.c vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist/crypto/ec/Makefile vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl vendor-crypto/openssl/dist/crypto/ec/ec.h vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c vendor-crypto/openssl/dist/crypto/ec/ec_key.c vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c vendor-crypto/openssl/dist/crypto/engine/eng_list.c vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha256.c vendor-crypto/openssl/dist/crypto/evp/e_des3.c vendor-crypto/openssl/dist/crypto/evp/encode.c vendor-crypto/openssl/dist/crypto/evp/evp_key.c vendor-crypto/openssl/dist/crypto/evp/evp_lib.c vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist/crypto/evp/p_lib.c vendor-crypto/openssl/dist/crypto/evp/pmeth_gn.c vendor-crypto/openssl/dist/crypto/hmac/hm_ameth.c vendor-crypto/openssl/dist/crypto/jpake/jpake.c vendor-crypto/openssl/dist/crypto/mem_clr.c vendor-crypto/openssl/dist/crypto/modes/asm/aesni-gcm-x86_64.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghash-armv4.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghash-sparcv9.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghashp8-ppc.pl vendor-crypto/openssl/dist/crypto/modes/asm/ghashv8-armx.pl vendor-crypto/openssl/dist/crypto/modes/wrap128.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_prn.c vendor-crypto/openssl/dist/crypto/opensslconf.h vendor-crypto/openssl/dist/crypto/opensslconf.h.in vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/pem/pem_info.c vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c vendor-crypto/openssl/dist/crypto/perlasm/ppc-xlate.pl vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c vendor-crypto/openssl/dist/crypto/ppccap.c vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mb-x86_64.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha256-586.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha256-mb-x86_64.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha512-586.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha512-parisc.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl vendor-crypto/openssl/dist/crypto/sparccpuid.S vendor-crypto/openssl/dist/crypto/sparcv9cap.c vendor-crypto/openssl/dist/crypto/srp/srp_vfy.c vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-mmx.pl vendor-crypto/openssl/dist/crypto/x509/x509_lu.c vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c vendor-crypto/openssl/dist/crypto/x509v3/v3_scts.c vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c vendor-crypto/openssl/dist/doc/HOWTO/keys.txt vendor-crypto/openssl/dist/doc/README vendor-crypto/openssl/dist/doc/apps/dgst.pod vendor-crypto/openssl/dist/doc/apps/genrsa.pod vendor-crypto/openssl/dist/doc/apps/pkcs12.pod vendor-crypto/openssl/dist/doc/apps/req.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/crypto/BIO_read.pod vendor-crypto/openssl/dist/doc/crypto/BN_rand.pod vendor-crypto/openssl/dist/doc/crypto/DSA_generate_parameters.pod vendor-crypto/openssl/dist/doc/crypto/EC_GROUP_copy.pod vendor-crypto/openssl/dist/doc/crypto/EC_KEY_new.pod vendor-crypto/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_SealInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_SignInit.pod vendor-crypto/openssl/dist/doc/crypto/X509_check_host.pod vendor-crypto/openssl/dist/doc/crypto/buffer.pod vendor-crypto/openssl/dist/doc/crypto/d2i_X509_NAME.pod vendor-crypto/openssl/dist/doc/crypto/engine.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_get0_param.pod vendor-crypto/openssl/dist/e_os.h vendor-crypto/openssl/dist/engines/e_chil.c vendor-crypto/openssl/dist/ssl/Makefile vendor-crypto/openssl/dist/ssl/bio_ssl.c vendor-crypto/openssl/dist/ssl/d1_both.c vendor-crypto/openssl/dist/ssl/d1_clnt.c vendor-crypto/openssl/dist/ssl/d1_meth.c vendor-crypto/openssl/dist/ssl/d1_srvr.c vendor-crypto/openssl/dist/ssl/s23_clnt.c vendor-crypto/openssl/dist/ssl/s3_both.c vendor-crypto/openssl/dist/ssl/s3_cbc.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_enc.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl.h vendor-crypto/openssl/dist/ssl/ssl_asn1.c vendor-crypto/openssl/dist/ssl/ssl_cert.c vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_err.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/ssl_rsa.c vendor-crypto/openssl/dist/ssl/ssl_sess.c vendor-crypto/openssl/dist/ssl/ssltest.c vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/tls1.h vendor-crypto/openssl/dist/util/domd vendor-crypto/openssl/dist/util/indent.pro vendor-crypto/openssl/dist/util/mk1mf.pl vendor-crypto/openssl/dist/util/mkrc.pl vendor-crypto/openssl/dist/util/mkstack.pl vendor-crypto/openssl/dist/util/pl/VC-32.pl vendor-crypto/openssl/dist/util/selftest.pl Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Thu Dec 3 17:22:55 2015 (r291706) +++ vendor-crypto/openssl/dist/CHANGES Thu Dec 3 17:22:58 2015 (r291707) @@ -2,6 +2,64 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno Böck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen ] + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] *) Alternate chains certificate forgery @@ -15,8 +73,18 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI @@ -55,9 +123,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno Böck. + independently by Hanno Böck. (CVE-2015-1789) - [Emilia Käsper] + [Emilia Käsper] *) PKCS7 crash with missing EnvelopedContent @@ -71,7 +139,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia Käsper] + [Emilia Käsper] *) CMS verify infinite loop with unknown hash function @@ -201,7 +269,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia Käsper] + [Emilia Käsper] *) DoS via reachable assert in SSLv2 servers fix @@ -209,10 +277,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia Käsper + This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team). (CVE-2015-0293) - [Emilia Käsper] + [Emilia Käsper] *) Empty CKE with client auth and DHE fix @@ -272,6 +340,10 @@ Changes between 1.0.1l and 1.0.2 [22 Jan 2015] + *) Change RSA and DH/DSA key generation apps to generate 2048-bit + keys by default. + [Kurt Roeckx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. So far those who have to target multiple plaforms would compromise @@ -717,12 +789,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia Käsper] + [David Benjamin, Emilia Käsper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia Käsper] + [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -733,7 +805,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia Käsper] + [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -813,10 +885,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gröbert (Google) for discovering and researching this + Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia Käsper] + [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -853,7 +925,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -865,7 +937,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia Käsper, and Steve Henson] + [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -895,22 +967,22 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) - [Jüri Aedla, Steve Henson] + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gröbert, Ivan Fratric, Steve Henson] + [Felix Gröbert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. [mancha ] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. [mancha ] *) Fix some double frees. These are not thought to be exploitable. @@ -982,9 +1054,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia Käsper for the initial patch. + Emilia Käsper for the initial patch. (CVE-2013-0169) - [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -1159,7 +1231,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1435,7 +1507,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1449,7 +1521,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -2258,7 +2330,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zoltán Glózik , The OpenTSA Project] + [Zoltán Glózik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -3426,7 +3498,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf Möller] + [Geoff Thorpe, suggested by Ulf Möller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3445,7 +3517,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf Möller] + [Geoff Thorpe, Nils Larsch, Ulf Möller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3512,7 +3584,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [Götz Babin-Ebell via Richard Levitte] + [Götz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -4227,7 +4299,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf Möller] + [Ulf Möller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -4260,11 +4332,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf Möller] + [Ulf Möller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz Jänicke, resolves #1014] + [Darren Tucker via Lutz Jänicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4726,7 +4798,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [Götz Babin-Ebell ] + [Götz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -6831,7 +6903,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis ] + [Ulf Möller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6991,7 +7063,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Fix OAEP check. - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -7253,10 +7325,10 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf Möller] + [Ulf Möller] *) rand_win.c fix for Borland C. - [Ulf Möller] + [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -7401,14 +7473,14 @@ des-cbc 3624.96k 5258.21k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf Möller] + [Ulf Möller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -7426,7 +7498,7 @@ des-cbc 3624.96k 5258.21k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7692,7 +7764,7 @@ des-cbc 3624.96k 5258.21k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf Möller] + [Ulf Möller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7912,7 +7984,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7944,7 +8016,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf Möller] + [Ulf Möller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -8033,7 +8105,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where + [Ulf Möller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -8134,7 +8206,7 @@ des-cbc 3624.96k 5258.21k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf Möller] + [Ulf Möller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -8153,7 +8225,7 @@ des-cbc 3624.96k 5258.21k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] + [Ulf Möller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -8183,14 +8255,14 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem + [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf Möller] + [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -8223,7 +8295,7 @@ des-cbc 3624.96k 5258.21k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] + [Richard Levitte, Ulf and Bodo Möller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -8274,17 +8346,17 @@ des-cbc 3624.96k 5258.21k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf Möller] + [Ulf Möller] *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] + [Ulf Möller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] + [Ulf Möller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -8292,11 +8364,11 @@ des-cbc 3624.96k 5258.21k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] + [Ulf Möller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf Möller] + [Ulf Möller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -8320,7 +8392,7 @@ des-cbc 3624.96k 5258.21k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -8365,13 +8437,13 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf Möller] + [Ulf Möller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf Möller] + [Ulf Möller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -8381,25 +8453,25 @@ des-cbc 3624.96k 5258.21k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] + [Ulf Möller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf Möller] + [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] + [Ulf Möller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8455,7 +8527,7 @@ des-cbc 3624.96k 5258.21k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf Möller] + [Kris Kennaway , modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8464,7 +8536,7 @@ des-cbc 3624.96k 5258.21k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf Möller] + [Ulf Möller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8494,7 +8566,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] + [Ulf Möller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -9328,7 +9400,7 @@ des-cbc 3624.96k 5258.21k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf Möller] + [Ulf Möller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -9417,7 +9489,7 @@ des-cbc 3624.96k 5258.21k worked. *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington ] + [Ulf Möller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9534,7 +9606,7 @@ des-cbc 3624.96k 5258.21k [Ben Laurie] *) DES library cleanups. - [Ulf Möller] + [Ulf Möller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9577,7 +9649,7 @@ des-cbc 3624.96k 5258.21k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] + [Ulf Möller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9690,7 +9762,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf Möller] + [Ulf Möller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9747,10 +9819,10 @@ des-cbc 3624.96k 5258.21k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf Möller] + [Janez Jere , modified by Ulf Möller] *) Support Mingw32. - [Ulf Möller] + [Ulf Möller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -9759,7 +9831,7 @@ des-cbc 3624.96k 5258.21k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] + [Ulf Möller] *) Update HPUX configuration. [Anonymous] @@ -9792,7 +9864,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf Möller] + [Ulf Möller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9815,21 +9887,21 @@ des-cbc 3624.96k 5258.21k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf Möller] + [Ulf Möller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf Möller] + [Ulf Möller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] + [Ulf Möller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9858,7 +9930,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] + [Ulf Möller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9876,13 +9948,13 @@ des-cbc 3624.96k 5258.21k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf Möller] + [Ulf Möller] *) Fix typos in error codes. - [Martin Kraemer , Ulf Möller] + [Martin Kraemer , Ulf Möller] *) Remove defunct assembler files from Configure. - [Ulf Möller] + [Ulf Möller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -9919,7 +9991,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New Configure option "rsaref". - [Ulf Möller] + [Ulf Möller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9967,7 +10039,7 @@ des-cbc 3624.96k 5258.21k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] + [Ulf Möller] *) Tweaks to Configure [Niels Poppe ] @@ -9977,11 +10049,11 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] + [Ulf Möller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf Möller] + [Ulf Möller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10520,7 +10592,7 @@ des-cbc 3624.96k 5258.21k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf Möller ] + [Ulf Möller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10530,7 +10602,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf Möller ] + [Ulf Möller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -10677,7 +10749,7 @@ des-cbc 3624.96k 5258.21k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller ] + [Ben Laurie - pointed out by Ulf Möller ] *) Autodetect FreeBSD3. [Ben Laurie] Added: vendor-crypto/openssl/dist/CONTRIBUTING ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/openssl/dist/CONTRIBUTING Thu Dec 3 17:22:58 2015 (r291707) @@ -0,0 +1,38 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt@openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt@openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Thu Dec 3 17:22:55 2015 (r291706) +++ vendor-crypto/openssl/dist/Configure Thu Dec 3 17:22:58 2015 (r291707) @@ -416,6 +416,7 @@ my %table=( "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -1646,21 +1647,22 @@ if ($shlib_version_number =~ /(^[0-9]*)\ $shlib_minor=$2; } +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + if ($strict_warnings) { - my $ecc = $cc; - $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } } @@ -1713,6 +1715,7 @@ while () s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; Modified: vendor-crypto/openssl/dist/FAQ ============================================================================== --- vendor-crypto/openssl/dist/FAQ Thu Dec 3 17:22:55 2015 (r291706) +++ vendor-crypto/openssl/dist/FAQ Thu Dec 3 17:22:58 2015 (r291707) @@ -1,1053 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using and I get errors why? -* I've called and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from . -OpenSSL 1.0.1a was released on Apr 19th, 2012. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at , or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in - . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:23:37 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B603A3FE91; Thu, 3 Dec 2015 17:23:37 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D4CD6136C; Thu, 3 Dec 2015 17:23:36 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HNaOu075442; Thu, 3 Dec 2015 17:23:36 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HNaLP075441; Thu, 3 Dec 2015 17:23:36 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031723.tB3HNaLP075441@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:23:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291708 - vendor-crypto/openssl/1.0.2e X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:23:37 -0000 Author: jkim Date: Thu Dec 3 17:23:35 2015 New Revision: 291708 URL: https://svnweb.freebsd.org/changeset/base/291708 Log: Tag OpenSSL 1.0.2e. Added: vendor-crypto/openssl/1.0.2e/ - copied from r291707, vendor-crypto/openssl/dist/ From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:24:18 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3061CA3FEDD; Thu, 3 Dec 2015 17:24:18 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CAEAA151E; Thu, 3 Dec 2015 17:24:17 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HOGW9075513; Thu, 3 Dec 2015 17:24:16 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HOGxe075508; Thu, 3 Dec 2015 17:24:16 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031724.tB3HOGxe075508@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:24:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291709 - in vendor-crypto/openssl/dist-1.0.1: . apps crypto crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/cms crypto/comp crypto/conf crypto/dsa cr... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:24:18 -0000 Author: jkim Date: Thu Dec 3 17:24:16 2015 New Revision: 291709 URL: https://svnweb.freebsd.org/changeset/base/291709 Log: Import OpenSSL 1.0.1q. Added: vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING vendor-crypto/openssl/dist-1.0.1/appveyor.yml vendor-crypto/openssl/dist-1.0.1/doc/dir-locals.example.el vendor-crypto/openssl/dist-1.0.1/doc/openssl-c-indent.el vendor-crypto/openssl/dist-1.0.1/ssl/clienthellotest.c (contents, props changed) vendor-crypto/openssl/dist-1.0.1/util/toutf8.sh (contents, props changed) Deleted: vendor-crypto/openssl/dist-1.0.1/util/pod2mantest Modified: vendor-crypto/openssl/dist-1.0.1/CHANGES vendor-crypto/openssl/dist-1.0.1/Configure vendor-crypto/openssl/dist-1.0.1/FAQ vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade vendor-crypto/openssl/dist-1.0.1/Makefile vendor-crypto/openssl/dist-1.0.1/Makefile.org vendor-crypto/openssl/dist-1.0.1/NEWS vendor-crypto/openssl/dist-1.0.1/README vendor-crypto/openssl/dist-1.0.1/apps/Makefile vendor-crypto/openssl/dist-1.0.1/apps/apps.c vendor-crypto/openssl/dist-1.0.1/apps/asn1pars.c vendor-crypto/openssl/dist-1.0.1/apps/ca.c vendor-crypto/openssl/dist-1.0.1/apps/ecparam.c vendor-crypto/openssl/dist-1.0.1/apps/engine.c vendor-crypto/openssl/dist-1.0.1/apps/ocsp.c vendor-crypto/openssl/dist-1.0.1/apps/pkcs12.c vendor-crypto/openssl/dist-1.0.1/apps/s_client.c vendor-crypto/openssl/dist-1.0.1/apps/s_server.c vendor-crypto/openssl/dist-1.0.1/crypto/aes/asm/aes-586.pl vendor-crypto/openssl/dist-1.0.1/crypto/aes/asm/aesni-x86.pl vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_par.c vendor-crypto/openssl/dist-1.0.1/crypto/asn1/d2i_pr.c vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_bignum.c vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_pubkey.c vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_x509.c vendor-crypto/openssl/dist-1.0.1/crypto/bio/b_dump.c vendor-crypto/openssl/dist-1.0.1/crypto/bio/bss_file.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/armv4-gf2m.pl vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/ia64.S vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/s390x-gf2m.pl vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86-gf2m.pl vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-gcc.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-gf2m.pl vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_exp.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_gcd.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_gf2m.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_mont.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_recp.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_x931p.c vendor-crypto/openssl/dist-1.0.1/crypto/bn/bntest.c vendor-crypto/openssl/dist-1.0.1/crypto/buffer/buf_str.c vendor-crypto/openssl/dist-1.0.1/crypto/buffer/buffer.h vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_enc.c vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_pwri.c vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_smime.c vendor-crypto/openssl/dist-1.0.1/crypto/comp/c_zlib.c vendor-crypto/openssl/dist-1.0.1/crypto/conf/conf_def.c vendor-crypto/openssl/dist-1.0.1/crypto/conf/conf_sap.c vendor-crypto/openssl/dist-1.0.1/crypto/cryptlib.c vendor-crypto/openssl/dist-1.0.1/crypto/dsa/dsa_ameth.c vendor-crypto/openssl/dist-1.0.1/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist-1.0.1/crypto/ec/ec.h vendor-crypto/openssl/dist-1.0.1/crypto/ec/ec_asn1.c vendor-crypto/openssl/dist-1.0.1/crypto/ec/ec_key.c vendor-crypto/openssl/dist-1.0.1/crypto/engine/eng_cryptodev.c vendor-crypto/openssl/dist-1.0.1/crypto/engine/eng_list.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_des3.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/encode.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_key.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_lib.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/p_lib.c vendor-crypto/openssl/dist-1.0.1/crypto/evp/pmeth_gn.c vendor-crypto/openssl/dist-1.0.1/crypto/hmac/hm_ameth.c vendor-crypto/openssl/dist-1.0.1/crypto/jpake/jpake.c vendor-crypto/openssl/dist-1.0.1/crypto/mem_clr.c vendor-crypto/openssl/dist-1.0.1/crypto/modes/asm/ghash-armv4.pl vendor-crypto/openssl/dist-1.0.1/crypto/modes/asm/ghash-x86.pl vendor-crypto/openssl/dist-1.0.1/crypto/ocsp/ocsp_lib.c vendor-crypto/openssl/dist-1.0.1/crypto/ocsp/ocsp_prn.c vendor-crypto/openssl/dist-1.0.1/crypto/opensslconf.h vendor-crypto/openssl/dist-1.0.1/crypto/opensslconf.h.in vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_info.c vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_add.c vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_crpt.c vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_mutl.c vendor-crypto/openssl/dist-1.0.1/crypto/pkcs7/pk7_doit.c vendor-crypto/openssl/dist-1.0.1/crypto/rc4/asm/rc4-x86_64.pl vendor-crypto/openssl/dist-1.0.1/crypto/rsa/rsa_ameth.c vendor-crypto/openssl/dist-1.0.1/crypto/rsa/rsa_gen.c vendor-crypto/openssl/dist-1.0.1/crypto/rsa/rsa_sign.c vendor-crypto/openssl/dist-1.0.1/crypto/rsa/rsa_test.c vendor-crypto/openssl/dist-1.0.1/crypto/sha/asm/sha1-586.pl vendor-crypto/openssl/dist-1.0.1/crypto/sha/asm/sha256-586.pl vendor-crypto/openssl/dist-1.0.1/crypto/sha/asm/sha512-586.pl vendor-crypto/openssl/dist-1.0.1/crypto/sha/asm/sha512-parisc.pl vendor-crypto/openssl/dist-1.0.1/crypto/sparccpuid.S vendor-crypto/openssl/dist-1.0.1/crypto/srp/srp_vfy.c vendor-crypto/openssl/dist-1.0.1/crypto/ts/ts_rsp_verify.c vendor-crypto/openssl/dist-1.0.1/crypto/whrlpool/asm/wp-mmx.pl vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_cmp.c vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_lu.c vendor-crypto/openssl/dist-1.0.1/crypto/x509v3/v3_cpols.c vendor-crypto/openssl/dist-1.0.1/crypto/x509v3/v3_ncons.c vendor-crypto/openssl/dist-1.0.1/crypto/x509v3/v3_pci.c vendor-crypto/openssl/dist-1.0.1/crypto/x509v3/v3_pcia.c vendor-crypto/openssl/dist-1.0.1/doc/apps/ciphers.pod vendor-crypto/openssl/dist-1.0.1/doc/apps/dgst.pod vendor-crypto/openssl/dist-1.0.1/doc/apps/genrsa.pod vendor-crypto/openssl/dist-1.0.1/doc/apps/req.pod vendor-crypto/openssl/dist-1.0.1/doc/apps/x509.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/BIO_read.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/BN_rand.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/DSA_generate_parameters.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/EVP_DigestVerifyInit.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/EVP_SignInit.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/buffer.pod vendor-crypto/openssl/dist-1.0.1/doc/crypto/d2i_X509_NAME.pod vendor-crypto/openssl/dist-1.0.1/doc/ssl/SSL_CTX_add_extra_chain_cert.pod vendor-crypto/openssl/dist-1.0.1/e_os.h vendor-crypto/openssl/dist-1.0.1/engines/e_chil.c vendor-crypto/openssl/dist-1.0.1/ssl/Makefile vendor-crypto/openssl/dist-1.0.1/ssl/bio_ssl.c vendor-crypto/openssl/dist-1.0.1/ssl/d1_both.c vendor-crypto/openssl/dist-1.0.1/ssl/d1_clnt.c vendor-crypto/openssl/dist-1.0.1/ssl/d1_srvr.c vendor-crypto/openssl/dist-1.0.1/ssl/s23_clnt.c vendor-crypto/openssl/dist-1.0.1/ssl/s3_cbc.c vendor-crypto/openssl/dist-1.0.1/ssl/s3_clnt.c vendor-crypto/openssl/dist-1.0.1/ssl/s3_enc.c vendor-crypto/openssl/dist-1.0.1/ssl/s3_lib.c vendor-crypto/openssl/dist-1.0.1/ssl/s3_srvr.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl.h vendor-crypto/openssl/dist-1.0.1/ssl/ssl3.h vendor-crypto/openssl/dist-1.0.1/ssl/ssl_asn1.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_cert.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_ciph.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_err.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_lib.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_locl.h vendor-crypto/openssl/dist-1.0.1/ssl/ssl_rsa.c vendor-crypto/openssl/dist-1.0.1/ssl/ssl_sess.c vendor-crypto/openssl/dist-1.0.1/ssl/ssltest.c vendor-crypto/openssl/dist-1.0.1/ssl/t1_enc.c vendor-crypto/openssl/dist-1.0.1/ssl/t1_lib.c vendor-crypto/openssl/dist-1.0.1/ssl/tls1.h vendor-crypto/openssl/dist-1.0.1/util/indent.pro vendor-crypto/openssl/dist-1.0.1/util/mk1mf.pl vendor-crypto/openssl/dist-1.0.1/util/mkrc.pl vendor-crypto/openssl/dist-1.0.1/util/mkstack.pl vendor-crypto/openssl/dist-1.0.1/util/pl/VC-32.pl vendor-crypto/openssl/dist-1.0.1/util/selftest.pl Modified: vendor-crypto/openssl/dist-1.0.1/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-1.0.1/CHANGES Thu Dec 3 17:23:35 2015 (r291708) +++ vendor-crypto/openssl/dist-1.0.1/CHANGES Thu Dec 3 17:24:16 2015 (r291709) @@ -2,6 +2,45 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1p and 1.0.1q [3 Dec 2015] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen ] + Changes between 1.0.1o and 1.0.1p [9 Jul 2015] *) Alternate chains certificate forgery @@ -15,10 +54,19 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] - Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. @@ -55,9 +103,9 @@ callbacks. This issue was reported to OpenSSL by Robert Swiecki (Google), and - independently by Hanno Böck. + independently by Hanno Böck. (CVE-2015-1789) - [Emilia Käsper] + [Emilia Käsper] *) PKCS7 crash with missing EnvelopedContent @@ -71,7 +119,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-1790) - [Emilia Käsper] + [Emilia Käsper] *) CMS verify infinite loop with unknown hash function @@ -94,6 +142,9 @@ *) Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] + *) dhparam: generate 2048-bit parameters by default. + [Kurt Roeckx and Emilia Kasper] + Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix @@ -132,7 +183,7 @@ This issue was reported to OpenSSL by Michal Zalewski (Google). (CVE-2015-0289) - [Emilia Käsper] + [Emilia Käsper] *) DoS via reachable assert in SSLv2 servers fix @@ -140,10 +191,10 @@ servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. - This issue was discovered by Sean Burford (Google) and Emilia Käsper + This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team). (CVE-2015-0293) - [Emilia Käsper] + [Emilia Käsper] *) Use After Free following d2i_ECPrivatekey error fix @@ -288,12 +339,12 @@ version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable sanity and breaks all known clients. - [David Benjamin, Emilia Käsper] + [David Benjamin, Emilia Käsper] *) Tighten handling of the ChangeCipherSpec (CCS) message: reject early CCS messages during renegotiation. (Note that because renegotiation is encrypted, this early CCS was not exploitable.) - [Emilia Käsper] + [Emilia Käsper] *) Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends @@ -304,7 +355,7 @@ Similarly, ensure that the client requires a session ticket if one was advertised in the ServerHello. Previously, a TLS client would ignore a missing NewSessionTicket message. - [Emilia Käsper] + [Emilia Käsper] Changes between 1.0.1i and 1.0.1j [15 Oct 2014] @@ -384,10 +435,10 @@ with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. - Thanks to Felix Gröbert (Google) for discovering and researching this + Thanks to Felix Gröbert (Google) for discovering and researching this issue. (CVE-2014-3510) - [Emilia Käsper] + [Emilia Käsper] *) By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. @@ -424,7 +475,7 @@ properly negotiated with the client. This can be exploited through a Denial of Service attack. - Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. (CVE-2014-5139) [Steve Henson] @@ -436,7 +487,7 @@ Thanks to Ivan Fratric (Google) for discovering this issue. (CVE-2014-3508) - [Emilia Käsper, and Steve Henson] + [Emilia Käsper, and Steve Henson] *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) for corner cases. (Certain input points at infinity could lead to @@ -466,15 +517,15 @@ client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) - [Jüri Aedla, Steve Henson] + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) - [Felix Gröbert, Ivan Fratric, Steve Henson] + [Felix Gröbert, Ivan Fratric, Steve Henson] *) Harmonize version and its documentation. -f flag is used to display compilation flags. @@ -553,9 +604,9 @@ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia Käsper for the initial patch. + Emilia Käsper for the initial patch. (CVE-2013-0169) - [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode ciphersuites which can be exploited in a denial of service attack. @@ -730,7 +781,7 @@ EC_GROUP_new_by_curve_name() will automatically use these (while EC_GROUP_new_curve_GFp() currently prefers the more flexible implementations). - [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] + [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] *) Use type ossl_ssize_t instad of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public @@ -1006,7 +1057,7 @@ [Adam Langley (Google)] *) Fix spurious failures in ecdsatest.c. - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) Fix the BIO_f_buffer() implementation (which was mixing different interpretations of the '..._len' fields). @@ -1020,7 +1071,7 @@ lock to call BN_BLINDING_invert_ex, and avoids one use of BN_BLINDING_update for each BN_BLINDING structure (previously, the last update always remained unused). - [Emilia Käsper (Google)] + [Emilia Käsper (Google)] *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. [Bob Buckholz (Google)] @@ -1829,7 +1880,7 @@ *) Add RFC 3161 compliant time stamp request creation, response generation and response verification functionality. - [Zoltán Glózik , The OpenTSA Project] + [Zoltán Glózik , The OpenTSA Project] *) Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now @@ -2997,7 +3048,7 @@ *) BN_CTX_get() should return zero-valued bignums, providing the same initialised value as BN_new(). - [Geoff Thorpe, suggested by Ulf Möller] + [Geoff Thorpe, suggested by Ulf Möller] *) Support for inhibitAnyPolicy certificate extension. [Steve Henson] @@ -3016,7 +3067,7 @@ some point, these tighter rules will become openssl's default to improve maintainability, though the assert()s and other overheads will remain only in debugging configurations. See bn.h for more details. - [Geoff Thorpe, Nils Larsch, Ulf Möller] + [Geoff Thorpe, Nils Larsch, Ulf Möller] *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure that can only be obtained through BN_CTX_new() (which implicitly @@ -3083,7 +3134,7 @@ [Douglas Stebila (Sun Microsystems Laboratories)] *) Add the possibility to load symbols globally with DSO. - [Götz Babin-Ebell via Richard Levitte] + [Götz Babin-Ebell via Richard Levitte] *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. @@ -3798,7 +3849,7 @@ [Steve Henson] *) Undo Cygwin change. - [Ulf Möller] + [Ulf Möller] *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, @@ -3831,11 +3882,11 @@ [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. - [Ulf Möller] + [Ulf Möller] *) Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. - [Darren Tucker via Lutz Jänicke, resolves #1014] + [Darren Tucker via Lutz Jänicke, resolves #1014] *) Prompt for pass phrases when appropriate for PKCS12 input format. [Steve Henson] @@ -4297,7 +4348,7 @@ pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. - [Götz Babin-Ebell ] + [Götz Babin-Ebell ] *) Improve diagnostics in file reading and command-line digests. [Ben Laurie aided and abetted by Solar Designer ] @@ -6402,7 +6453,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis ] + [Ulf Möller, reported by Jim Ellis ] *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() @@ -6562,7 +6613,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Fix OAEP check. - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 @@ -6824,10 +6875,10 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Use better test patterns in bntest. - [Ulf Möller] + [Ulf Möller] *) rand_win.c fix for Borland C. - [Ulf Möller] + [Ulf Möller] *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -6972,14 +7023,14 @@ des-cbc 3624.96k 5258.21k *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR BIO_ctrl (for BIO pairs). - [Bodo Möller] + [Bodo Möller] *) Add DSO method for VMS. [Richard Levitte] *) Bug fix: Montgomery multiplication could produce results with the wrong sign. - [Ulf Möller] + [Ulf Möller] *) Add RPM specification openssl.spec and modify it to build three packages. The default package contains applications, application @@ -6997,7 +7048,7 @@ des-cbc 3624.96k 5258.21k *) Don't set the two most significant bits to one when generating a random number < q in the DSA library. - [Ulf Möller] + [Ulf Möller] *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if @@ -7263,7 +7314,7 @@ des-cbc 3624.96k 5258.21k *) Randomness polling function for Win9x, as described in: Peter Gutmann, Software Generation of Practically Strong Random Numbers. - [Ulf Möller] + [Ulf Möller] *) Fix so PRNG is seeded in req if using an already existing DSA key. @@ -7483,7 +7534,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] + [Ulf Möller] *) Fix for SSL server purpose checking. Server checking was rejecting certificates which had extended key usage present @@ -7515,7 +7566,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Bugfix for linux-elf makefile.one. - [Ulf Möller] + [Ulf Möller] *) RSA_get_default_method() will now cause a default RSA_METHOD to be chosen if one doesn't exist already. @@ -7604,7 +7655,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where + [Ulf Möller, using the problem description in krb4-0.9.7, where the solution is attributed to Derrick J Brashear ] *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly @@ -7705,7 +7756,7 @@ des-cbc 3624.96k 5258.21k [Rolf Haberrecker ] *) Assembler module support for Mingw32. - [Ulf Möller] + [Ulf Möller] *) Shared library support for HPUX (in shlib/). [Lutz Jaenicke and Anonymous] @@ -7724,7 +7775,7 @@ des-cbc 3624.96k 5258.21k *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] + [Ulf Möller] *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set @@ -7754,14 +7805,14 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem + [Ulf Möller, using public domain code by Patrick Powell; problem pointed out by David Sacerdote ] *) Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. - [Ulf Möller] + [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. @@ -7794,7 +7845,7 @@ des-cbc 3624.96k 5258.21k #define OPENSSL_ALGORITHM_DEFINES #include defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] + [Richard Levitte, Ulf and Bodo Möller] *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. @@ -7845,17 +7896,17 @@ des-cbc 3624.96k 5258.21k *) Bug fix for BN_div_recp() for numerators with an even number of bits. - [Ulf Möller] + [Ulf Möller] *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] + [Ulf Möller] *) ./config recognizes MacOS X now. [Andy Polyakov] *) Bug fix for BN_div() when the first words of num and divsor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] + [Ulf Möller] *) Add support for various broken PKCS#8 formats, and command line options to produce them. @@ -7863,11 +7914,11 @@ des-cbc 3624.96k 5258.21k *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] + [Ulf Möller] *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() for p == 0. - [Ulf Möller] + [Ulf Möller] *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and include a #define from the old name to the new. The original intent @@ -7891,7 +7942,7 @@ des-cbc 3624.96k 5258.21k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -7936,13 +7987,13 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New function BN_pseudo_rand(). - [Ulf Möller] + [Ulf Möller] *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) bignum version of BN_from_montgomery() with the working code from SSLeay 0.9.0 (the word based version is faster anyway), and clean up the comments. - [Ulf Möller] + [Ulf Möller] *) Avoid a race condition in s2_clnt.c (function get_server_hello) that made it impossible to use the same SSL_SESSION data structure in @@ -7952,25 +8003,25 @@ des-cbc 3624.96k 5258.21k *) The return value of RAND_load_file() no longer counts bytes obtained by stat(). RAND_load_file(..., -1) is new and uses the complete file to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] + [Ulf Möller, Bodo Möller] *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes used (char *) instead of (void *) and had casts all over the place. [Steve Henson] *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] + [Ulf Möller] *) Retain source code compatibility for BN_prime_checks macro: BN_is_prime(..., BN_prime_checks, ...) now uses BN_prime_checks_for_size to determine the appropriate number of Rabin-Miller iterations. - [Ulf Möller] + [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to DH_CHECK_P_NOT_SAFE_PRIME. (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] + [Ulf Möller] *) Merge the functionality of "dh" and "gendh" programs into a new program "dhparam". The old programs are retained for now but will handle DH keys @@ -8026,7 +8077,7 @@ des-cbc 3624.96k 5258.21k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf Möller] + [Kris Kennaway , modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data @@ -8035,7 +8086,7 @@ des-cbc 3624.96k 5258.21k guaranteed to be unique but not unpredictable. RAND_add is like RAND_seed, but takes an extra argument for an entropy estimate (RAND_seed always assumes full entropy). - [Ulf Möller] + [Ulf Möller] *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes @@ -8065,7 +8116,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] + [Ulf Möller] *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from @@ -8899,7 +8950,7 @@ des-cbc 3624.96k 5258.21k *) More DES library cleanups: remove references to srand/rand and delete an unused file. - [Ulf Möller] + [Ulf Möller] *) Add support for the the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. @@ -8988,7 +9039,7 @@ des-cbc 3624.96k 5258.21k worked. *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington ] + [Ulf Möller, pointed out by Brian Wellington ] *) New functions RSA_get_default_method(), RSA_set_method() and RSA_get_method(). These allows replacement of RSA_METHODs without having @@ -9105,7 +9156,7 @@ des-cbc 3624.96k 5258.21k [Ben Laurie] *) DES library cleanups. - [Ulf Möller] + [Ulf Möller] *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit @@ -9148,7 +9199,7 @@ des-cbc 3624.96k 5258.21k [Christian Forster ] *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] + [Ulf Möller] *) Support the EBCDIC character set (work in progress). File ebcdic.c not yet included because it has a different license. @@ -9261,7 +9312,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) Move openssl.cnf out of lib/. - [Ulf Möller] + [Ulf Möller] *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes @@ -9318,10 +9369,10 @@ des-cbc 3624.96k 5258.21k [Ben Laurie] *) Support Borland C++ builder. - [Janez Jere , modified by Ulf Möller] + [Janez Jere , modified by Ulf Möller] *) Support Mingw32. - [Ulf Möller] + [Ulf Möller] *) SHA-1 cleanups and performance enhancements. [Andy Polyakov ] @@ -9330,7 +9381,7 @@ des-cbc 3624.96k 5258.21k [Andy Polyakov ] *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] + [Ulf Möller] *) Update HPUX configuration. [Anonymous] @@ -9363,7 +9414,7 @@ des-cbc 3624.96k 5258.21k [Bodo Moeller] *) OAEP decoding bug fix. - [Ulf Möller] + [Ulf Möller] *) Support INSTALL_PREFIX for package builders, as proposed by David Harris. @@ -9386,21 +9437,21 @@ des-cbc 3624.96k 5258.21k [Niels Poppe ] *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf Möller] + [Ulf Möller] *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for extension adding in x509 utility. [Steve Henson] *) Remove NOPROTO sections and error code comments. - [Ulf Möller] + [Ulf Möller] *) Partial rewrite of the DEF file generator to now parse the ANSI prototypes. [Steve Henson] *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] + [Ulf Möller] *) Complete rewrite of the error code script(s). It is all now handled by one script at the top level which handles error code gathering, @@ -9429,7 +9480,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] + [Ulf Möller] *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of 8 of keying material. Merlin has also confirmed interop with this fix @@ -9447,13 +9498,13 @@ des-cbc 3624.96k 5258.21k [Andy Polyakov ] *) Change functions to ANSI C. - [Ulf Möller] + [Ulf Möller] *) Fix typos in error codes. - [Martin Kraemer , Ulf Möller] + [Martin Kraemer , Ulf Möller] *) Remove defunct assembler files from Configure. - [Ulf Möller] + [Ulf Möller] *) SPARC v8 assembler BIGNUM implementation. [Andy Polyakov ] @@ -9490,7 +9541,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New Configure option "rsaref". - [Ulf Möller] + [Ulf Möller] *) Don't auto-generate pem.h. [Bodo Moeller] @@ -9538,7 +9589,7 @@ des-cbc 3624.96k 5258.21k *) New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] + [Ulf Möller] *) Tweaks to Configure [Niels Poppe ] @@ -9548,11 +9599,11 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] + [Ulf Möller] *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. - [Ulf Möller] + [Ulf Möller] *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the @@ -10091,7 +10142,7 @@ des-cbc 3624.96k 5258.21k Hagino ] *) File was opened incorrectly in randfile.c. - [Ulf Möller ] + [Ulf Möller ] *) Beginning of support for GeneralizedTime. d2i, i2d, check and print functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or @@ -10101,7 +10152,7 @@ des-cbc 3624.96k 5258.21k [Steve Henson] *) Correct Linux 1 recognition in config. - [Ulf Möller ] + [Ulf Möller ] *) Remove pointless MD5 hash when using DSA keys in ca. [Anonymous ] @@ -10248,7 +10299,7 @@ des-cbc 3624.96k 5258.21k *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller ] + [Ben Laurie - pointed out by Ulf Möller ] *) Autodetect FreeBSD3. [Ben Laurie] Added: vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING Thu Dec 3 17:24:16 2015 (r291709) @@ -0,0 +1,38 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt@openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt@openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch Modified: vendor-crypto/openssl/dist-1.0.1/Configure ============================================================================== --- vendor-crypto/openssl/dist-1.0.1/Configure Thu Dec 3 17:23:35 2015 (r291708) +++ vendor-crypto/openssl/dist-1.0.1/Configure Thu Dec 3 17:24:16 2015 (r291709) @@ -105,6 +105,8 @@ my $usage="Usage: Configure [no- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -197,6 +199,7 @@ my %table=( "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -361,6 +364,7 @@ my %table=( "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see @@ -1574,11 +1578,20 @@ if ($shlib_version_number =~ /(^[0-9]*)\ if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } } } Modified: vendor-crypto/openssl/dist-1.0.1/FAQ ============================================================================== --- vendor-crypto/openssl/dist-1.0.1/FAQ Thu Dec 3 17:23:35 2015 (r291708) +++ vendor-crypto/openssl/dist-1.0.1/FAQ Thu Dec 3 17:24:16 2015 (r291709) @@ -1,1039 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using and I get errors why? -* I've called and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from . -OpenSSL 1.0.1e was released on Feb 11th, 2013. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at , or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in - . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - -* How do I check the authenticity of the OpenSSL distribution? - -We provide MD5 digests and ASC signatures of each tarball. *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:25:00 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72426A3FF2F; Thu, 3 Dec 2015 17:25:00 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2904917A1; Thu, 3 Dec 2015 17:25:00 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HOxnt075576; Thu, 3 Dec 2015 17:24:59 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HOxQ2075575; Thu, 3 Dec 2015 17:24:59 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031724.tB3HOxQ2075575@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:24:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291710 - vendor-crypto/openssl/1.0.1q X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:25:00 -0000 Author: jkim Date: Thu Dec 3 17:24:59 2015 New Revision: 291710 URL: https://svnweb.freebsd.org/changeset/base/291710 Log: Tag OpenSSL 1.0.1q. Added: vendor-crypto/openssl/1.0.1q/ - copied from r291709, vendor-crypto/openssl/dist-1.0.1/ From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:25:28 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 387B5A3FFA3; Thu, 3 Dec 2015 17:25:28 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0FB419FF; Thu, 3 Dec 2015 17:25:27 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HPRYC075754; Thu, 3 Dec 2015 17:25:27 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HPQn0075751; Thu, 3 Dec 2015 17:25:26 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031725.tB3HPQn0075751@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:25:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291711 - in vendor-crypto/openssl/dist-0.9.8: . apps crypto crypto/asn1 crypto/des/t crypto/evp doc doc/crypto ssl test util X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:25:28 -0000 Author: jkim Date: Thu Dec 3 17:25:26 2015 New Revision: 291711 URL: https://svnweb.freebsd.org/changeset/base/291711 Log: Import OpenSSL 0.9.8zh. Added: vendor-crypto/openssl/dist-0.9.8/doc/dir-locals.example.el vendor-crypto/openssl/dist-0.9.8/doc/openssl-c-indent.el Deleted: vendor-crypto/openssl/dist-0.9.8/crypto/des/t/test vendor-crypto/openssl/dist-0.9.8/test/bctest vendor-crypto/openssl/dist-0.9.8/util/pod2mantest Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES vendor-crypto/openssl/dist-0.9.8/FAQ vendor-crypto/openssl/dist-0.9.8/FREEBSD-Xlist vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade vendor-crypto/openssl/dist-0.9.8/Makefile vendor-crypto/openssl/dist-0.9.8/Makefile.org vendor-crypto/openssl/dist-0.9.8/NEWS vendor-crypto/openssl/dist-0.9.8/README vendor-crypto/openssl/dist-0.9.8/apps/asn1pars.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_par.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist-0.9.8/crypto/evp/e_des3.c vendor-crypto/openssl/dist-0.9.8/crypto/mem_clr.c vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h vendor-crypto/openssl/dist-0.9.8/doc/crypto/X509_NAME_get_index_by_NID.pod vendor-crypto/openssl/dist-0.9.8/openssl.spec vendor-crypto/openssl/dist-0.9.8/ssl/ssl_sess.c vendor-crypto/openssl/dist-0.9.8/ssl/ssltest.c Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Dec 3 17:24:59 2015 (r291710) +++ vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Dec 3 17:25:26 2015 (r291711) @@ -2,6 +2,20 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] *) Malformed ECParameters causes infinite loop Modified: vendor-crypto/openssl/dist-0.9.8/FAQ ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FAQ Thu Dec 3 17:24:59 2015 (r291710) +++ vendor-crypto/openssl/dist-0.9.8/FAQ Thu Dec 3 17:25:26 2015 (r291711) @@ -1,1039 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using and I get errors why? -* I've called and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from . -OpenSSL 1.0.1d was released on Feb 5th, 2013. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at , or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in - . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - -* How do I check the authenticity of the OpenSSL distribution? - -We provide MD5 digests and ASC signatures of each tarball. -Use MD5 to check that a tarball from a mirror site is identical: - - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 - -You can check authenticity using pgp or gpg. You need the OpenSSL team -member public key used to sign it (download it from a key server, see a -list of keys at ). Then -just do: - - pgp TARBALL.asc - -* How does the versioning scheme work? - -After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter -releases (e.g. 1.0.1a) can only contain bug and security fixes and no -new features. Minor releases change the last number (e.g. 1.0.2) and -can contain new features that retain binary compatibility. Changes to -the middle number are considered major releases and neither source nor -binary compatibility is guaranteed. - -Therefore the answer to the common question "when will feature X be -backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear -in the next minor release. - -[LEGAL] ======================================================================= - -* Do I need patent licenses to use OpenSSL? - -The patents section of the README file lists patents that may apply to -you if you want to use OpenSSL. For information on intellectual -property rights, please consult a lawyer. The OpenSSL team does not -offer legal advice. - -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using - ./config no-idea no-mdc2 no-rc5 - - -* Can I use OpenSSL with GPL software? - -On many systems including the major Linux and BSD distributions, yes (the -GPL does not place restrictions on using libraries that are part of the -normal operating system distribution). - -On other systems, the situation is less clear. Some GPL software copyright -holders claim that you infringe on their rights if you use OpenSSL with -their software on operating systems that don't normally include OpenSSL. - -If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitly that -"This program is released under the GPL with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed." If you are using -GPL software developed by others, you may want to ask the copyright holder -for permission to use their software with OpenSSL. - - -[USER] ======================================================================== - -* Why do I get a "PRNG not seeded" error message? - -Cryptographic software needs a source of unpredictable data to work -correctly. Many open source operating systems provide a "randomness -device" (/dev/urandom or /dev/random) that serves this purpose. -All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not -available. - -On other systems, applications have to call the RAND_add() or -RAND_seed() function with appropriate data before generating keys or -performing public key encryption. (These functions initialize the -pseudo-random number generator, PRNG.) Some broken applications do -not do this. As of version 0.9.5, the OpenSSL functions that need -randomness report an error if the random number generator has not been -seeded with at least 128 bits of randomness. If this error occurs and -is not discussed in the documentation of the application you are -using, please contact the author of that application; it is likely -that it never worked correctly. OpenSSL 0.9.5 and later make the -error visible by refusing to perform potentially insecure encryption. - -If you are using Solaris 8, you can add /dev/urandom and /dev/random -devices by installing patch 112438 (Sparc) or 112439 (x86), which are -available via the Patchfinder at -(Solaris 9 includes these devices by default). For /dev/random support -for earlier Solaris versions, see Sun's statement at - -(the SUNWski package is available in patch 105710). - -On systems without /dev/urandom and /dev/random, it is a good idea to -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for -details. Starting with version 0.9.7, OpenSSL will automatically look -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and -/etc/entropy. - -Most components of the openssl command line utility automatically try -to seed the random number generator from a file. The name of the -default seeding file is determined as follows: If environment variable -RANDFILE is set, then it names the seeding file. Otherwise if -environment variable HOME is set, then the seeding file is $HOME/.rnd. -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will -use file .rnd in the current directory while OpenSSL 0.9.6a uses no -default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:\" for HOME on -Windows systems if the environment variable has not been set. - -If the default seeding file does not exist or is too short, the "PRNG -not seeded" error message may occur. - -The openssl command line utility will write back a new state to the -default seeding file (and create this file if necessary) unless -there was no sufficient seeding. - -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. -Use the "-rand" option of the OpenSSL command line tools instead. -The $RANDFILE environment variable and $HOME/.rnd are only used by the -OpenSSL command line tools. Applications using the OpenSSL library -provide their own configuration options to specify the entropy source, -please check out the documentation coming the with application. - - -* Why do I get an "unable to write 'random state'" error message? - - -Sometimes the openssl command line utility does not abort with -a "PRNG not seeded" error message, but complains that it is -"unable to write 'random state'". This message refers to the -default seeding file (see previous answer). A possible reason -is that no default filename is known because neither RANDFILE -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the -current directory in this case, but this has changed with 0.9.6a.) - - -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (in ca(1), req(1), x509v3_config(5) ) - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - -* Why can't I use OpenSSL certificates with SSL client authentication? - -What will typically happen is that when a server requests authentication -it will either not include your certificate or tell you that you have -no client certificates (Netscape) or present you with an empty list box -(MSIE). The reason for this is that when a server requests a client -certificate it includes a list of CAs names which it will accept. Browsers -will only let you select certificates from the list on the grounds that -there is little point presenting a certificate which the server will -reject. - -The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server software in uses. You can -print out the servers list of acceptable CAs using the OpenSSL s_client tool: - -openssl s_client -connect www.some.host:443 -prexit - -If your server only requests certificates on certain URLs then you may need -to manually issue an HTTP GET command to get the list when s_client connects: - -GET /some/page/needing/a/certificate.html - -If your CA does not appear in the list then this confirms the problem. - - -* Why does my browser give a warning about a mismatched hostname? - -Browsers expect the server's hostname to match the value in the commonName -(CN) field of the certificate. If it does not then you get a warning. - - -* How do I install a CA certificate into a browser? - -The usual way is to send the DER encoded certificate to the browser as -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate -link. On MSIE certain extensions such as .der or .cacert may also work, or you -can import the certificate using the certificate import wizard. - -You can convert a certificate to DER form using the command: - -openssl x509 -in ca.pem -outform DER -out ca.der - -Occasionally someone suggests using a command such as: - -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem - -DO NOT DO THIS! This command will give away your CAs private key and -reduces its security to zero: allowing anyone to forge certificates in -whatever name they choose. - -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -The ways to print out the oneline format of the DN (Distinguished Name) have -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() -interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour -has however been left as default for the sake of compatibility. - -* What is a "128 bit certificate"? Can I create one with OpenSSL? - -The term "128 bit certificate" is a highly misleading marketing term. It does -*not* refer to the size of the public key in the certificate! A certificate -containing a 128 bit RSA key would have negligible security. - -There were various other names such as "magic certificates", "SGC -certificates", "step up certificates" etc. - -You can't generally create such a certificate using OpenSSL but there is no -need to any more. Nowadays web browsers using unrestricted strong encryption -are generally available. - -When there were tight restrictions on the export of strong encryption -software from the US only weak encryption algorithms could be freely exported -(initially 40 bit and then 56 bit). It was widely recognised that this was -inadequate. A relaxation of the rules allowed the use of strong encryption but -only to an authorised server. - -Two slighly different techniques were developed to support this, one used by -Netscape was called "step up", the other used by MSIE was called "Server Gated -Cryptography" (SGC). When a browser initially connected to a server it would -check to see if the certificate contained certain extensions and was issued by -an authorised authority. If these test succeeded it would reconnect using -strong encryption. - -Only certain (initially one) certificate authorities could issue the -certificates and they generally cost more than ordinary certificates. - -Although OpenSSL can create certificates containing the appropriate extensions -the certificate would not come from a permitted authority and so would not -be recognized. - -The export laws were later changed to allow almost unrestricted use of strong -encryption so these certificates are now obsolete. - - -* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? - -It doesn't: this extension is often the cause of confusion. - -Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose -certificate C contains AKID. - -The purpose of this extension is to identify the authority certificate B. This -can be done either by including the subject key identifier of B or its issuer -name and serial number. - -In this latter case because it is identifying certifcate B it must contain the -issuer name and serial number of B. - -It is often wrongly assumed that it should contain the subject name of B. If it -did this would be redundant information because it would duplicate the issuer -name of C. - - -* How can I set up a bundle of commercial root CA certificates? - -The OpenSSL software is shipped without any root CA certificate as the -OpenSSL project does not have any policy on including or excluding -any specific CA and does not intend to set up such a policy. Deciding -about which CAs to support is up to application developers or -administrators. - -Other projects do have other policies so you can for example extract the CA -bundle used by Mozilla and/or modssl as described in this article: - - - - -[BUILD] ======================================================================= - -* Why does the linker complain about undefined symbols? - -Maybe the compilation was interrupted, and make doesn't notice that -something is missing. Run "make clean; make". - -If you used ./Configure instead of ./config, make sure that you -selected the right target. File formats may differ slightly between -OS versions (for example sparcv8/sparcv9, or a.out/elf). - -In case you get errors about the following symbols, use the config -option "no-asm", as described in INSTALL: - - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order - -If none of these helps, you may want to try using the current snapshot. -If the problem persists, please submit a bug report. - - -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered -when you run the test suite (using "make test"). The message returned is -"bc: 1 not implemented". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL test fail with "bc: stack empty"? - -On some DG/ux versions, bc seems to have a too small stack for calculations -that the OpenSSL bntest throws at it. This gets triggered when you run the -test suite (using "make test"). The message returned is "bc: stack empty". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? - -On some Alpha installations running Tru64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). - -There are three options to solve this problem: - -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. - -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: - ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - -3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It -should not be used and is not used in SSL/TLS nor any other recognized -protocol in either case. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem for VC++ versions up to 6, one should run -VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ -installation directory (somewhere under 'Program Files'). For VC++ -version 7 (and up?), which is also called VS.NET, the file is called -VSVARS32.BAT instead. -This needs to be done prior to running NMAKE, and the changes are only -valid for the current DOS session. - - -* What is special about OpenSSL on Redhat? - -Red Hat Linux (release 7.0 and later) include a preinstalled limited -version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 -is disabled in this version. The same may apply to other Linux distributions. -Users may therefore wish to install more or all of the features left out. - -To do this you MUST ensure that you do not overwrite the openssl that is in -/usr/bin on your Red Hat machine. Several packages depend on this file, -including sendmail and ssh. /usr/local/bin is a good alternative choice. The -libraries that come with Red Hat 7.0 onwards have different names and so are -not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and -/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and -/lib/libcrypto.so.2 respectively). - -Please note that we have been advised by Red Hat attempting to recompile the -openssl rpm with all the cryptography enabled will not work. All other -packages depend on the original Red Hat supplied openssl package. It is also -worth noting that due to the way Red Hat supplies its packages, updates to -openssl on each distribution never change the package version, only the -build number. For example, on Red Hat 7.1, the latest openssl package has -version number 0.9.6 and build number 9 even though it contains all the -relevant updates in packages up to and including 0.9.6b. - -A possible way around this is to persuade Red Hat to produce a non-US -version of Red Hat Linux. - -FYI: Patent numbers and expiry dates of US patents: -MDC-2: 4,908,861 13/03/2007 -IDEA: 5,214,703 25/05/2010 -RC5: 5,724,428 03/03/2015 - - -* Why does the OpenSSL compilation fail on MacOS X? - -If the failure happens when trying to build the "openssl" binary, with -a large number of undefined symbols, it's very probable that you have -OpenSSL 0.9.6b delivered with the operating system (you can find out by -running '/usr/bin/openssl version') and that you were trying to build -OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in -MacOS X has a misfeature that's quite difficult to go around. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - - -* Why does the OpenSSL test suite fail on MacOS X? - -If the failure happens when running 'make test' and the RC4 test fails, -it's very probable that you have OpenSSL 0.9.6b delivered with the -operating system (you can find out by running '/usr/bin/openssl version') -and that you were trying to build OpenSSL 0.9.6d. The problem is that -the loader ('ld') in MacOS X has a misfeature that's quite difficult to -go around and has linked the programs "openssl" and the test programs -with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the -libraries you just built. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? - -Failure in BN_sqr test is most likely caused by a failure to configure the -toolkit for current platform or lack of support for the platform in question. -Run './config -t' and './apps/openssl version -p'. Do these platform -identifiers match? If they don't, then you most likely failed to run -./config and you're hereby advised to do so before filing a bug report. -If ./config itself fails to run, then it's most likely problem with your -local environment and you should turn to your system administrator (or -similar). If identifiers match (and/or no alternative identifier is -suggested by ./config script), then the platform is unsupported. There might -or might not be a workaround. Most notably on SPARC64 platforms with GNU -C compiler you should be able to produce a working build by running -'./config -m32'. I understand that -m32 might not be what you want/need, -but the build should be operational. For further details turn to -. - -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? - -As of 0.9.7 assembler routines were overhauled for position independence -of the machine code, which is essential for shared library support. For -some reason OpenBSD is equipped with an out-of-date GNU assembler which -finds the new code offensive. To work around the problem, configure with -no-asm (and sacrifice a great deal of performance) or patch your assembler -according to . -For your convenience a pre-compiled replacement binary is provided at -. -Reportedly elder *BSD a.out platforms also suffer from this problem and -remedy should be same. Provided binary is statically linked and should be -working across wider range of *BSD branches, not just OpenBSD. - -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? - -If the test program in question fails withs SIGILL, Illegal Instruction -exception, then you more than likely to run SSE2-capable CPU, such as -Intel P4, under control of kernel which does not support SSE2 -instruction extentions. See accompanying INSTALL file and -OPENSSL_ia32cap(3) documentation page for further information. - -* Why does compiler fail to compile sha512.c? - -OpenSSL SHA-512 implementation depends on compiler support for 64-bit -integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a -couple] lack support for this and therefore are incapable of compiling -the module in question. The recommendation is to disable SHA-512 by -adding no-sha512 to ./config [or ./Configure] command line. Another -possible alternative might be to switch to GCC. - -* Test suite still fails, what to do? - -Another common reason for failure to complete some particular test is -simply bad code generated by a buggy component in toolchain or deficiency -in run-time environment. There are few cases documented in PROBLEMS file, -consult it for possible workaround before you beat the drum. Even if you -don't find solution or even mention there, do reserve for possibility of -a compiler bug. Compiler bugs might appear in rather bizarre ways, they -never make sense, and tend to emerge when you least expect them. In order -to identify one, drop optimization level, e.g. by editing CFLAG line in -top-level Makefile, recompile and re-run the test. - -* I think I've found a bug, what should I do? - -If you are a new user then it is quite likely you haven't found a bug and -something is happening you aren't familiar with. Check this FAQ, the associated -documentation and the mailing lists for similar queries. If you are still -unsure whether it is a bug or not submit a query to the openssl-users mailing -list. - - -* I'm SURE I've found a bug, how do I report it? - -Bug reports with no security implications should be sent to the request -tracker. This can be done by mailing the report to (or its -alias ), please note that messages sent to the -request tracker also appear in the public openssl-dev mailing list. - -The report should be in plain text. Any patches should be sent as -plain text attachments because some mailers corrupt patches sent inline. -If your issue affects multiple versions of OpenSSL check any patches apply -cleanly and, if possible include patches to each affected version. - -The report should be given a meaningful subject line briefly summarising the -issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. - -By sending reports to the request tracker the bug can then be given a priority -and assigned to the appropriate maintainer. The history of discussions can be -accessed and if the issue has been addressed or a reason why not. If patches -are only sent to openssl-dev they can be mislaid if a team member has to -wade through months of old messages to review the discussion. - -See also - - -* I've found a security issue, how do I report it? - -If you think your bug has security implications then please send it to -openssl-security@openssl.org if you don't get a prompt reply at least -acknowledging receipt then resend or mail it directly to one of the -more active team members (e.g. Steve). - -Note that bugs only present in the openssl utility are not in general -considered to be security issues. - -[PROG] ======================================================================== - -* Is OpenSSL thread-safe? - -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. - -* I've compiled a program under Windows and it crashes: why? - -This is usually because you've missed the comment in INSTALL.W32. -Your application must link against the same version of the Win32 -C-Runtime against which your openssl libraries were linked. The -default version for OpenSSL is /MD - "Multithreaded DLL". - -If you are using Microsoft Visual C++'s IDE (Visual Studio), in -many cases, your new project most likely defaulted to "Debug -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your -program will crash, typically on the first BIO related read or write -operation. - -For each of the six possible link stage configurations within Win32, -your application must link against the same by which OpenSSL was -built. If you are using MS Visual C++ (Studio) this can be changed -by: - - 1. Select Settings... from the Project Menu. - 2. Select the C/C++ Tab. - 3. Select "Code Generation from the "Category" drop down list box - 4. Select the Appropriate library (see table below) from the "Use - run-time library" drop down list box. Perform this step for both - your debug and release versions of your application (look at the - top left of the settings panel to change between the two) - - Single Threaded /ML - MS VC++ often defaults to - this for the release - version of a new project. - Debug Single Threaded /MLd - MS VC++ often defaults to - this for the debug version - of a new project. - Multithreaded /MT - Debug Multithreaded /MTd - Multithreaded DLL /MD - OpenSSL defaults to this. - Debug Multithreaded DLL /MDd - -Note that debug and release libraries are NOT interchangeable. If you -built OpenSSL with /MD your application must use /MD and cannot use /MDd. - -As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL -.DLLs compiled with some specific run-time option [we insist on the -default /MD] can be deployed with application compiled with different -option or even different compiler. But there is a catch! Instead of -re-compiling OpenSSL toolkit, as you would have to with prior versions, -you have to compile small C snippet with compiler and/or options of -your choice. The snippet gets installed as -/include/openssl/applink.c and should be either added to -your application project or simply #include-d in one [and only one] -of your application source files. Failure to link this shim module -into your application manifests itself as fatal "no OPENSSL_Applink" -run-time error. An explicit reminder is due that in this situation -[mixing compiler options] it is as important to add CRYPTO_malloc_init -prior first call to OpenSSL. - -* How do I read or write a DER encoded buffer using the ASN1 functions? - -You have two options. You can either use a memory BIO in conjunction -with the i2d_*_bio() or d2i_*_bio() functions or you can use the -i2d_*(), d2i_*() functions directly. Since these are often the -cause of grief here are some code fragments using PKCS7 as an example: - - unsigned char *buf, *p; - int len; - - len = i2d_PKCS7(p7, NULL); - buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ - p = buf; - i2d_PKCS7(p7, &p); - -At this point buf contains the len bytes of the DER encoding of -p7. - -The opposite assumes we already have len bytes in buf: - - unsigned char *p; - p = buf; - p7 = d2i_PKCS7(NULL, &p, len); - -At this point p7 contains a valid PKCS7 structure of NULL if an error -occurred. If an error occurred ERR_print_errors(bio) should give more -information. - -The reason for the temporary variable 'p' is that the ASN1 functions -increment the passed pointer so it is ready to read or write the next -structure. This is often a cause of problems: without the temporary -variable the buffer pointer is changed to point just after the data -that has been read or written. This may well be uninitialized data -and attempts to free the buffer will have unpredictable results -because it no longer points to the same address. - - -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? - -The short answer is yes, because DER is a special case of BER and OpenSSL -ASN1 decoders can process BER. - -The longer answer is that ASN1 structures can be encoded in a number of -different ways. One set of ways is the Basic Encoding Rules (BER) with various -permissible encodings. A restriction of BER is the Distinguished Encoding -Rules (DER): these uniquely specify how a given structure is encoded. - -Therefore, because DER is a special case of BER, DER is an acceptable encoding -for BER. - - -* I've tried using and I get errors why? - -This usually happens when you try compiling something using the PKCS#12 -macros with a C++ compiler. There is hardly ever any need to use the -PKCS#12 macros in a program, it is much easier to parse and create -PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions -documented in doc/openssl.txt and with examples in demos/pkcs12. The -'pkcs12' application has to use the macros because it prints out -debugging information. - - -* I've called and it fails, why? - -Before submitting a report or asking in one of the mailing lists, you -should try to determine the cause. In particular, you should call -ERR_print_errors() or ERR_print_errors_fp() after the failed call -and see if the message helps. Note that the problem may occur earlier -than you think -- you should check for errors after every call where -it is possible, otherwise the actual problem may be hidden because -some OpenSSL functions clear the error state. - - -* I just get a load of numbers for the error output, what do they mean? - -The actual format is described in the ERR_print_errors() manual page. -You should call the function ERR_load_crypto_strings() before hand and -the message will be output in text form. If you can't do this (for example -it is a pre-compiled binary) you can use the errstr utility on the error -code itself (the hex digits after the second colon). - - -* Why do I get errors about unknown algorithms? - -The cause is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. This -can cause several problems such as being unable to read in an encrypted -PEM file, unable to decrypt a PKCS#12 file or signature failure when -verifying certificates. - -* Why can't the OpenSSH configure script detect OpenSSL? - -Several reasons for problems with the automatic detection exist. -OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. -Sometimes the distribution has installed an older version in the system -locations that is detected instead of a new one installed. The OpenSSL -library might have been compiled for another CPU or another mode (32/64 bits). -Permissions might be wrong. - -The general answer is to check the config.log file generated when running -the OpenSSH configure script. It should contain the detailed information -on why the OpenSSL library was not detected or considered incompatible. - - -* Can I use OpenSSL's SSL library with non-blocking I/O? - -Yes; make sure to read the SSL_get_error(3) manual page! - -A pitfall to avoid: Don't assume that SSL_read() will just read from -the underlying transport or that SSL_write() will just write to it -- -it is also possible that SSL_write() cannot do any useful work until -there is data to read, or that SSL_read() cannot do anything until it -is possible to send data. One reason for this is that the peer may -request a new TLS/SSL handshake at any time during the protocol, -requiring a bi-directional message exchange; both SSL_read() and -SSL_write() will try to continue any pending handshake. - - -* Why doesn't my server application receive a client certificate? - -Due to the TLS protocol definition, a client will only send a certificate, -if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the -SSL_CTX_set_verify() function to enable the use of client certificates. - - -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? - -For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier -versions, uniqueIdentifier was incorrectly used for X.509 certificates. -The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. -Change your code to use the new name when compiling against OpenSSL 0.9.7. - - -* I think I've detected a memory leak, is this a bug? *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Thu Dec 3 17:26:01 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20ABBA3FFE2; Thu, 3 Dec 2015 17:26:01 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C81561B3C; Thu, 3 Dec 2015 17:26:00 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tB3HPxvi075818; Thu, 3 Dec 2015 17:25:59 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tB3HPxpg075817; Thu, 3 Dec 2015 17:25:59 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201512031725.tB3HPxpg075817@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 3 Dec 2015 17:25:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r291712 - vendor-crypto/openssl/0.9.8zh X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2015 17:26:01 -0000 Author: jkim Date: Thu Dec 3 17:25:59 2015 New Revision: 291712 URL: https://svnweb.freebsd.org/changeset/base/291712 Log: Tag OpenSSL 0.9.8zh. Added: vendor-crypto/openssl/0.9.8zh/ - copied from r291711, vendor-crypto/openssl/dist-0.9.8/