Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 8 Apr 2014 20:15:18 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r264271 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/cms crypto/ec crypto/engine crypto/evp crypto/modes crypto/rand crypto/x509...
Message-ID:  <201404082015.s38KFIrB094682@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue Apr  8 20:15:18 2014
New Revision: 264271
URL: http://svnweb.freebsd.org/changeset/base/264271

Log:
  Import OpenSSL 1.0.1g.
  
  Approved by:	benl (maintainer)

Modified:
  vendor-crypto/openssl/dist/CHANGES
  vendor-crypto/openssl/dist/Configure
  vendor-crypto/openssl/dist/FAQ
  vendor-crypto/openssl/dist/FREEBSD-upgrade
  vendor-crypto/openssl/dist/Makefile
  vendor-crypto/openssl/dist/Makefile.org
  vendor-crypto/openssl/dist/NEWS
  vendor-crypto/openssl/dist/README
  vendor-crypto/openssl/dist/apps/apps.c
  vendor-crypto/openssl/dist/apps/crl.c
  vendor-crypto/openssl/dist/apps/dgst.c
  vendor-crypto/openssl/dist/apps/ecparam.c
  vendor-crypto/openssl/dist/apps/req.c
  vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
  vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
  vendor-crypto/openssl/dist/crypto/bio/bss_log.c
  vendor-crypto/openssl/dist/crypto/bn/bn.h
  vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
  vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
  vendor-crypto/openssl/dist/crypto/cryptlib.c
  vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
  vendor-crypto/openssl/dist/crypto/engine/eng_list.c
  vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
  vendor-crypto/openssl/dist/crypto/modes/gcm128.c
  vendor-crypto/openssl/dist/crypto/opensslv.h
  vendor-crypto/openssl/dist/crypto/rand/md_rand.c
  vendor-crypto/openssl/dist/crypto/symhacks.h
  vendor-crypto/openssl/dist/crypto/x509/by_dir.c
  vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist/doc/apps/config.pod
  vendor-crypto/openssl/dist/doc/apps/crl.pod
  vendor-crypto/openssl/dist/doc/apps/ec.pod
  vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
  vendor-crypto/openssl/dist/doc/apps/req.pod
  vendor-crypto/openssl/dist/doc/apps/s_client.pod
  vendor-crypto/openssl/dist/doc/apps/s_server.pod
  vendor-crypto/openssl/dist/doc/apps/ts.pod
  vendor-crypto/openssl/dist/doc/apps/tsget.pod
  vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
  vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod
  vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
  vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
  vendor-crypto/openssl/dist/doc/crypto/pem.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod
  vendor-crypto/openssl/dist/doc/ssl/SSL_set_shutdown.pod
  vendor-crypto/openssl/dist/e_os.h
  vendor-crypto/openssl/dist/engines/ccgost/gosthash.c
  vendor-crypto/openssl/dist/ssl/d1_both.c
  vendor-crypto/openssl/dist/ssl/kssl.h
  vendor-crypto/openssl/dist/ssl/s23_clnt.c
  vendor-crypto/openssl/dist/ssl/s3_srvr.c
  vendor-crypto/openssl/dist/ssl/ssl.h
  vendor-crypto/openssl/dist/ssl/t1_enc.c
  vendor-crypto/openssl/dist/ssl/t1_lib.c
  vendor-crypto/openssl/dist/ssl/tls1.h
  vendor-crypto/openssl/dist/util/libeay.num
  vendor-crypto/openssl/dist/util/pl/BC-32.pl
  vendor-crypto/openssl/dist/util/pl/VC-32.pl

Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/CHANGES	Tue Apr  8 20:15:18 2014	(r264271)
@@ -2,6 +2,35 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
  Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
 
   *) Fix for TLS record tampering bug. A carefully crafted invalid 

Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/Configure	Tue Apr  8 20:15:18 2014	(r264271)
@@ -526,7 +526,7 @@ my %table=(
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
 "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 # Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
 
 # Borland C++ 4.5

Modified: vendor-crypto/openssl/dist/FAQ
==============================================================================
--- vendor-crypto/openssl/dist/FAQ	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/FAQ	Tue Apr  8 20:15:18 2014	(r264271)
@@ -768,6 +768,9 @@ openssl-security@openssl.org if you don'
 acknowledging receipt then resend or mail it directly to one of the
 more active team members (e.g. Steve).
 
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues. 
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?

Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade	Tue Apr  8 20:15:18 2014	(r264271)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
 # Xlist
 setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
 setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 1.0.1f
-# OSSLTAG format: v1_0_1f
+setenv OSSLVER 1.0.1g
+# OSSLTAG format: v1_0_1g
 
 ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
 

Modified: vendor-crypto/openssl/dist/Makefile
==============================================================================
--- vendor-crypto/openssl/dist/Makefile	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/Makefile	Tue Apr  8 20:15:18 2014	(r264271)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1f
+VERSION=1.0.1g
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
 			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
 			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC=$${CC:-$(CC)} build-shared; \
-		touch -c fips_premain_dso$(EXE_EXT); \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \

Modified: vendor-crypto/openssl/dist/Makefile.org
==============================================================================
--- vendor-crypto/openssl/dist/Makefile.org	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/Makefile.org	Tue Apr  8 20:15:18 2014	(r264271)
@@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
 			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
 			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC=$${CC:-$(CC)} build-shared; \
-		touch -c fips_premain_dso$(EXE_EXT); \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \

Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/NEWS	Tue Apr  8 20:15:18 2014	(r264271)
@@ -5,8 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
   Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
 
+      o Don't include gmt_unix_time in TLS server and client random values
       o Fix for TLS record tampering bug CVE-2013-4353
       o Fix for TLS version checking bug CVE-2013-6449
       o Fix for DTLS retransmission bug CVE-2013-6450

Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/README	Tue Apr  8 20:15:18 2014	(r264271)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1f 6 Jan 2014
+ OpenSSL 1.0.1g 7 Apr 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: vendor-crypto/openssl/dist/apps/apps.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/apps.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/apps/apps.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -586,12 +586,12 @@ int password_callback(char *buf, int buf
 
 		if (ok >= 0)
 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-				PW_MIN_LENGTH,BUFSIZ-1);
+				PW_MIN_LENGTH,bufsiz-1);
 		if (ok >= 0 && verify)
 			{
 			buff = (char *)OPENSSL_malloc(bufsiz);
 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-				PW_MIN_LENGTH,BUFSIZ-1, buf);
+				PW_MIN_LENGTH,bufsiz-1, buf);
 			}
 		if (ok >= 0)
 			do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert
 
 	if (proc==NULL)
 		{
-		if (GetVersion() < 0x80000000)
+		if (check_winnt())
 			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
 						GetCurrentProcessId());
 		if (proc==NULL) proc = (HANDLE)-1;

Modified: vendor-crypto/openssl/dist/apps/crl.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/crl.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/apps/crl.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
 	int fingerprint = 0, crlnumber = 0;
 	const char **pp;
 	X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-hash_old") == 0)
+			hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
+#ifndef OPENSSL_NO_MD5
+			if (hash_old == i)
+				{
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash_old(
+						X509_CRL_get_issuer(x)));
+				}
+#endif
 			if (lastupdate == i)
 				{
 				BIO_printf(bio_out,"lastUpdate=");

Modified: vendor-crypto/openssl/dist/apps/dgst.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dgst.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/apps/dgst.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
 			goto end;
 			}
 		if (do_verify)
-			r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+			r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
 		else
-			r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+			r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
 		if (!r)
 			{
 			BIO_printf(bio_err, "Error setting context\n");

Modified: vendor-crypto/openssl/dist/apps/ecparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/apps/ecparam.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -105,7 +105,7 @@
  *                    in the asn1 der encoding
  *                    possible values: named_curve (default)
  *                                     explicit
- * -no_seed         - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed         - if 'explicit' parameters are chosen do not use the seed
  * -genkey          - generate ec key
  * -rand file       - files to use for random number input
  * -engine e        - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
 		BIO_printf(bio_err, "                                   "
 				" explicit\n");
 		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-				" parameters are choosen do not"
+				" parameters are chosen do not"
 				" use the seed\n");
 		BIO_printf(bio_err, " -genkey           generate ec"
 				" key\n");

Modified: vendor-crypto/openssl/dist/apps/req.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/req.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/apps/req.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -644,6 +644,11 @@ bad:
 		if (inrand)
 			app_RAND_load_files(inrand);
 
+		if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+			{
+			newkey=DEFAULT_KEY_LENGTH;
+			}
+
 		if (keyalg)
 			{
 			genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
 				goto end;
 			}
 	
-		if (newkey <= 0)
-			{
-			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-				newkey=DEFAULT_KEY_LENGTH;
-			}
-
 		if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO 
 				keylen = atol(p + 1);
 				*pkeylen = keylen;
 				}
+			else
+				keylen = *pkeylen;
 			}
 		else if (p)
 			paramfile = p + 1;

Modified: vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl	Tue Apr  8 20:15:18 2014	(r264271)
@@ -1060,7 +1060,7 @@ _vpaes_consts:
 .Lk_dsbo:	# decryption sbox final output
 	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz	"Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz	"Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
 .align	64
 .size	_vpaes_consts,.-_vpaes_consts
 ___

Modified: vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},

Modified: vendor-crypto/openssl/dist/crypto/bio/bss_log.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_log.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_log.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp,
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-	if (GetVersion() < 0x80000000)
+	if (check_winnt())
 		bp->ptr = RegisterEventSourceA(NULL,name);
 	else
 		bp->ptr = NULL;

Modified: vendor-crypto/openssl/dist/crypto/bn/bn.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.h	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/bn/bn.h	Tue Apr  8 20:15:18 2014	(r264271)
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf
 
 #define bn_fix_top(a)		bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+	do { \
+		const BIGNUM *_bnum2 = (bn); \
+		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+	} while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)		bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 

Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a,
 		}
 	return bn_cmp_words(a,b,cl);
 	}
+
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+	{
+	BN_ULONG t;
+	int i;
+
+	bn_wcheck_size(a, nwords);
+	bn_wcheck_size(b, nwords);
+
+	assert(a != b);
+	assert((condition & (condition - 1)) == 0);
+	assert(sizeof(BN_ULONG) >= sizeof(int));
+
+	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+	t = (a->top^b->top) & condition;
+	a->top ^= t;
+	b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+	do { \
+		t = (a->d[ind] ^ b->d[ind]) & condition; \
+		a->d[ind] ^= t; \
+		b->d[ind] ^= t; \
+	} while (0)
+
+
+	switch (nwords) {
+	default:
+		for (i = 10; i < nwords; i++) 
+			BN_CONSTTIME_SWAP(i);
+		/* Fallthrough */
+	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+	case 1: BN_CONSTTIME_SWAP(0);
+	}
+#undef BN_CONSTTIME_SWAP
+}

Modified: vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_lib.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/cms/cms_lib.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, 
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return 0;
-	if (!pcerts)
-		return 0;
 	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
 		{
 		cch = sk_CMS_CertificateChoices_value(*pcerts, i);

Modified: vendor-crypto/openssl/dist/crypto/cryptlib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/cryptlib.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/cryptlib.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+    if (check_winnt() && OPENSSL_isservice() > 0)
     {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
 	const TCHAR *pmsg=buf;
 	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);

Modified: vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *grou
 	return ret;
 	}
 
+
 /* Computes scalar*point and stores the result in r.
  * point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
  */
 static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_mult
 	x2 = &r->X;
 	z2 = &r->Y;
 
+	bn_wexpand(x1, group->field.top);
+	bn_wexpand(z1, group->field.top);
+	bn_wexpand(x2, group->field.top);
+	bn_wexpand(z2, group->field.top);
+
 	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
 	if (!BN_one(z1)) goto err; /* z1 = 1 */
 	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_mult
 		word = scalar->d[i];
 		while (mask)
 			{
-			if (word & mask)
-				{
-				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
-				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
-				}
-			else
-				{
-				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-				}
+			BN_consttime_swap(word & mask, x1, x2, group->field.top);
+			BN_consttime_swap(word & mask, z1, z2, group->field.top);
+			if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+			if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+			BN_consttime_swap(word & mask, x1, x2, group->field.top);
+			BN_consttime_swap(word & mask, z1, z2, group->field.top);
 			mask >>= 1;
 			}
 		mask = BN_TBIT;

Modified: vendor-crypto/openssl/dist/crypto/engine/eng_list.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_list.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/engine/eng_list.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
 				!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
 				!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
 					load_dir, 0) ||
+				!ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
 				!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
 				goto notfound;
 		return iterator;

Modified: vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_b64.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/evp/bio_b64.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, i
 				}
 
 			/* we fell off the end without starting */
-			if (j == i)
+			if ((j == i) && (num == 0))
 				{
 				/* Is this is one long chunk?, if so, keep on
 				 * reading until a new line. */

Modified: vendor-crypto/openssl/dist/crypto/modes/gcm128.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/modes/gcm128.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/modes/gcm128.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT 
 		GCM_MUL(ctx,Yi);
 
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 			ctr = GETU32(ctx->Yi.c+12);
+#endif
 		else
 			ctr = ctx->Yi.d[3];
 	}
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT 
 	(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
 	++ctr;
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 		PUTU32(ctx->Yi.c+12,ctr);
+#endif
 	else
 		ctx->Yi.d[3] = ctr;
 }
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			while (len--) {
@@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 		}
@@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i) {
@@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			while (len--) {
@@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 		}
@@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		GHASH(ctx,out,GHASH_CHUNK);
@@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		in  += i;
@@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		while (len--) {
@@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		out += GHASH_CHUNK;
@@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		out += i;
@@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		while (len--) {

Modified: vendor-crypto/openssl/dist/crypto/opensslv.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/opensslv.h	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/opensslv.h	Tue Apr  8 20:15:18 2014	(r264271)
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000106fL
+#define OPENSSL_VERSION_NUMBER	0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

Modified: vendor-crypto/openssl/dist/crypto/rand/md_rand.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/rand/md_rand.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/rand/md_rand.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *
 	EVP_MD_CTX m;
 	int do_not_lock;
 
+	if (!num)
+		return;
+
 	/*
 	 * (Based on the rand(3) manpage)
 	 *

Modified: vendor-crypto/openssl/dist/crypto/symhacks.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/symhacks.h	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/symhacks.h	Tue Apr  8 20:15:18 2014	(r264271)
@@ -204,6 +204,12 @@
 #define SSL_CTX_set_next_protos_advertised_cb	SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
 #define SSL_CTX_set_next_proto_select_cb	SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt

Modified: vendor-crypto/openssl/dist/crypto/x509/by_dir.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/x509/by_dir.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/x509/by_dir.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, con
 
 	s=dir;
 	p=s;
-	for (;;p++)
+	do
 		{
 		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
 			{
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, con
 				return 0;
 				}
 			}
-		if (*p == '\0')
-			break;
-		}
+		} while (*p++ != '\0');
 	return 1;
 	}
 

Modified: vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c	Tue Apr  8 20:15:18 2014	(r264271)
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx,
 	 * a certificate was revoked. This has since been changed since 
 	 * critical extension can change the meaning of CRL entries.
 	 */
-	if (crl->flags & EXFLAG_CRITICAL)
+	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+		&& (crl->flags & EXFLAG_CRITICAL))
 		{
-		if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-			return 1;
 		ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
 		ok = ctx->verify_cb(0, ctx);
 		if(!ok)

Modified: vendor-crypto/openssl/dist/doc/apps/config.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/config.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/config.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -119,7 +119,7 @@ variable points to a section containing 
 information.
 
 The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
+B<engine_id> below) and further sections containing configuration information
 specific to each ENGINE.
 
 Each ENGINE specific section is used to set default algorithms, load

Modified: vendor-crypto/openssl/dist/doc/apps/crl.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/crl.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/crl.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -62,6 +62,11 @@ don't output the encoded version of the 
 output a hash of the issuer name. This can be use to lookup CRLs in
 a directory by issuer name.
 
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
 =item B<-issuer>
 
 output the issuer name.

Modified: vendor-crypto/openssl/dist/doc/apps/ec.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/ec.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/ec.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs
 
 This specifies the input format. The B<DER> option with a private key uses
 an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
 The B<PEM> form is the default format: it consists of the B<DER> format base64
 encoded with additional header and footer lines. In the case of a private key
 PKCS#8 format is also accepted.

Modified: vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/pkcs12.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/pkcs12.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -67,7 +67,7 @@ by default.
 The filename to write certificates and private keys to, standard output by
 default.  They are all written in PEM format.
 
-=item B<-pass arg>, B<-passin arg>
+=item B<-passin arg>
 
 the PKCS#12 file (i.e. input file) password source. For more information about
 the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
@@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
 
 =item B<-passout arg>
 
-pass phrase source to encrypt any outputed private keys with. For more
+pass phrase source to encrypt any outputted private keys with. For more
 information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
 in L<openssl(1)|openssl(1)>.
 
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
 =item B<-noout>
 
 this option inhibits output of the keys and certificates to the output file

Modified: vendor-crypto/openssl/dist/doc/apps/req.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/req.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/req.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
 
 =item B<-newhdr>
 
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
 request. Some software (Netscape certificate server) and some CAs need this.
 
 =item B<-batch>

Modified: vendor-crypto/openssl/dist/doc/apps/s_client.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_client.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/s_client.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -10,6 +10,7 @@ s_client - SSL/TLS client program
 B<openssl> B<s_client>
 [B<-connect host:port>]
 [B<-verify depth>]
+[B<-verify_return_error>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key filename>]
@@ -90,6 +91,11 @@ Currently the verify operation continues
 with a certificate chain can be seen. As a side effect the connection
 will never fail due to a server certificate verify failure.
 
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
 =item B<-CApath directory>
 
 The directory to use for server certificate verification. This directory
@@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot inc
 these will only be supported if its use is disabled, for example by using the
 B<-no_sslv2> option.
 
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
@@ -293,9 +306,6 @@ the techniques used are rather old, the 
 hard to read and not a model of how things should be done. A typical
 SSL client program would be much simpler.
 
-The B<-verify> option should really exit if the server verification
-fails.
-
 The B<-prexit> option is a bit of a hack. We should really report
 information whenever a session is renegotiated.
 

Modified: vendor-crypto/openssl/dist/doc/apps/s_server.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_server.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/s_server.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -111,7 +111,7 @@ by using an appropriate certificate.
 
 =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
 
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
 
 =item B<-nocert>
 

Modified: vendor-crypto/openssl/dist/doc/apps/ts.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/ts.pod	Tue Apr  8 20:10:57 2014	(r264270)
+++ vendor-crypto/openssl/dist/doc/apps/ts.pod	Tue Apr  8 20:15:18 2014	(r264271)
@@ -352,7 +352,7 @@ switch always overrides the settings in 
 
 This is the main section and it specifies the name of another section
 that contains all the options for the B<-reply> command. This default
-section can be overriden with the B<-section> command line switch. (Optional)
+section can be overridden with the B<-section> command line switch. (Optional)
 
 =item B<oid_file>
 
@@ -453,7 +453,7 @@ included. Default is no. (Optional)
 =head1 ENVIRONMENT VARIABLES
 
 B<OPENSSL_CONF> contains the path of the configuration file and can be
-overriden by the B<-config> command line option.
+overridden by the B<-config> command line option.
 
 =head1 EXAMPLES
 

Modified: vendor-crypto/openssl/dist/doc/apps/tsget.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/tsget.pod	Tue Apr  8 20:10:57 2014	(r264270)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404082015.s38KFIrB094682>