From owner-svn-src-vendor@freebsd.org  Mon Sep 26 14:13:13 2016
Return-Path: <owner-svn-src-vendor@freebsd.org>
Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B868BBE9331;
 Mon, 26 Sep 2016 14:13:13 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 94908E3B;
 Mon, 26 Sep 2016 14:13:13 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8QEDCZm092740;
 Mon, 26 Sep 2016 14:13:12 GMT (envelope-from jkim@FreeBSD.org)
Received: (from jkim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8QEDBK7092731;
 Mon, 26 Sep 2016 14:13:11 GMT (envelope-from jkim@FreeBSD.org)
Message-Id: <201609261413.u8QEDBK7092731@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jkim set sender to
 jkim@FreeBSD.org using -f
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Mon, 26 Sep 2016 14:13:11 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r306340 - in vendor-crypto/openssl/dist: . crypto
 crypto/engine crypto/x509 ssl
X-SVN-Group: vendor-crypto
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 <svn-src-vendor.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-vendor>, 
 <mailto:svn-src-vendor-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-vendor/>
List-Post: <mailto:svn-src-vendor@freebsd.org>
List-Help: <mailto:svn-src-vendor-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-vendor>,
 <mailto:svn-src-vendor-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 14:13:13 -0000

Author: jkim
Date: Mon Sep 26 14:13:11 2016
New Revision: 306340
URL: https://svnweb.freebsd.org/changeset/base/306340

Log:
  Import OpenSSL 1.0.2j.

Modified:
  vendor-crypto/openssl/dist/CHANGES
  vendor-crypto/openssl/dist/FREEBSD-upgrade
  vendor-crypto/openssl/dist/Makefile
  vendor-crypto/openssl/dist/NEWS
  vendor-crypto/openssl/dist/README
  vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
  vendor-crypto/openssl/dist/crypto/opensslv.h
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist/ssl/t1_ext.c

Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/CHANGES	Mon Sep 26 14:13:11 2016	(r306340)
@@ -2,6 +2,18 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
+
+  *) Missing CRL sanity check
+
+     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+     This issue only affects the OpenSSL 1.0.2i
+     (CVE-2016-7052)
+     [Matt Caswell]
+
  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
 
   *) OCSP Status Request extension unbounded memory growth

Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade	Mon Sep 26 14:13:11 2016	(r306340)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
 # Xlist
 setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
 setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.0.2i
-# OSSLTAG format: v1_0_2i
+setenv OSSLVER 1.0.2j
+# OSSLTAG format: v1_0_2j
 
 ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
 

Modified: vendor-crypto/openssl/dist/Makefile
==============================================================================
--- vendor-crypto/openssl/dist/Makefile	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/Makefile	Mon Sep 26 14:13:11 2016	(r306340)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2i
+VERSION=1.0.2j
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0

Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/NEWS	Mon Sep 26 14:13:11 2016	(r306340)
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 
       o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/README	Mon Sep 26 14:13:11 2016	(r306340)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2i 22 Sep 2016
+ OpenSSL 1.0.2j 26 Sep 2016
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c	Mon Sep 26 14:13:11 2016	(r306340)
@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_
     if (fstate->mac_len != 0) {
         if (fstate->mac_data != NULL) {
             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-            if (dstate->ac_data == NULL) {
+            if (dstate->mac_data == NULL) {
                 printf("cryptodev_digest_init: malloc failed\n");
                 return 0;
             }

Modified: vendor-crypto/openssl/dist/crypto/opensslv.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/opensslv.h	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/crypto/opensslv.h	Mon Sep 26 14:13:11 2016	(r306340)
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000209fL
+# define OPENSSL_VERSION_NUMBER  0x100020afL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-fips  22 Sep 2016"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-fips  26 Sep 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i  22 Sep 2016"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j  26 Sep 2016"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 

Modified: vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c	Mon Sep 26 14:13:11 2016	(r306340)
@@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ct
         crl = sk_X509_CRL_value(crls, i);
         reasons = *preasons;
         crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-        if (crl_score < best_score)
+        if (crl_score < best_score || crl_score == 0)
             continue;
         /* If current CRL is equivalent use it if it is newer */
-        if (crl_score == best_score) {
+        if (crl_score == best_score && best_crl != NULL) {
             int day, sec;
             if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
                                X509_CRL_get_lastUpdate(crl)) == 0)

Modified: vendor-crypto/openssl/dist/ssl/t1_ext.c
==============================================================================
--- vendor-crypto/openssl/dist/ssl/t1_ext.c	Mon Sep 26 14:01:41 2016	(r306339)
+++ vendor-crypto/openssl/dist/ssl/t1_ext.c	Mon Sep 26 14:13:11 2016	(r306340)
@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int
     case TLSEXT_TYPE_ec_point_formats:
     case TLSEXT_TYPE_elliptic_curves:
     case TLSEXT_TYPE_heartbeat:
+# ifndef OPENSSL_NO_NEXTPROTONEG
     case TLSEXT_TYPE_next_proto_neg:
+# endif
     case TLSEXT_TYPE_padding:
     case TLSEXT_TYPE_renegotiate:
     case TLSEXT_TYPE_server_name: