Date: Thu, 7 Aug 2014 16:49:56 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269670 - in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bio crypto/bn crypto/cms crypto/conf crypto/ec crypto/evp crypto/idea crypto/objects crypto/ocsp crypto/pem cry... Message-ID: <53e3ae34.2d9c.69f9d0f4@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Thu Aug 7 16:49:55 2014 New Revision: 269670 URL: http://svnweb.freebsd.org/changeset/base/269670 Log: Import OpenSSL 1.0.1i. Added: vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod vendor-crypto/openssl/dist/ssl/ssl_utst.c (contents, props changed) Deleted: vendor-crypto/openssl/dist/crypto/pkcs7/bio_ber.c vendor-crypto/openssl/dist/crypto/pkcs7/dec.c vendor-crypto/openssl/dist/crypto/pkcs7/des.pem vendor-crypto/openssl/dist/crypto/pkcs7/doc vendor-crypto/openssl/dist/crypto/pkcs7/enc.c vendor-crypto/openssl/dist/crypto/pkcs7/es1.pem vendor-crypto/openssl/dist/crypto/pkcs7/example.c vendor-crypto/openssl/dist/crypto/pkcs7/example.h vendor-crypto/openssl/dist/crypto/pkcs7/info.pem vendor-crypto/openssl/dist/crypto/pkcs7/infokey.pem vendor-crypto/openssl/dist/crypto/pkcs7/p7/ vendor-crypto/openssl/dist/crypto/pkcs7/server.pem vendor-crypto/openssl/dist/crypto/pkcs7/sign.c vendor-crypto/openssl/dist/crypto/pkcs7/t/ vendor-crypto/openssl/dist/crypto/pkcs7/verify.c Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FAQ vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/ciphers.c vendor-crypto/openssl/dist/apps/crl2p7.c vendor-crypto/openssl/dist/apps/enc.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/progs.h vendor-crypto/openssl/dist/apps/progs.pl vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/crypto/asn1/a_object.c vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c vendor-crypto/openssl/dist/crypto/asn1/charmap.pl vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c vendor-crypto/openssl/dist/crypto/asn1/t_x509.c vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c vendor-crypto/openssl/dist/crypto/asn1/x_crl.c vendor-crypto/openssl/dist/crypto/bio/bio_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c vendor-crypto/openssl/dist/crypto/conf/conf_def.c vendor-crypto/openssl/dist/crypto/ec/ec_lib.c vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c vendor-crypto/openssl/dist/crypto/ec/ectest.c vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist/crypto/idea/ideatest.c vendor-crypto/openssl/dist/crypto/objects/obj_dat.c vendor-crypto/openssl/dist/crypto/objects/obj_dat.h vendor-crypto/openssl/dist/crypto/objects/obj_dat.pl vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c vendor-crypto/openssl/dist/crypto/opensslconf.h vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c vendor-crypto/openssl/dist/crypto/pkcs7/Makefile vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h vendor-crypto/openssl/dist/crypto/rand/rand_lib.c vendor-crypto/openssl/dist/crypto/rand/randfile.c vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c vendor-crypto/openssl/dist/crypto/srp/srp_lib.c vendor-crypto/openssl/dist/crypto/ui/ui_lib.c vendor-crypto/openssl/dist/doc/apps/asn1parse.pod vendor-crypto/openssl/dist/doc/apps/ca.pod vendor-crypto/openssl/dist/doc/apps/ciphers.pod vendor-crypto/openssl/dist/doc/apps/cms.pod vendor-crypto/openssl/dist/doc/apps/crl.pod vendor-crypto/openssl/dist/doc/apps/dhparam.pod vendor-crypto/openssl/dist/doc/apps/dsa.pod vendor-crypto/openssl/dist/doc/apps/ecparam.pod vendor-crypto/openssl/dist/doc/apps/gendsa.pod vendor-crypto/openssl/dist/doc/apps/genrsa.pod vendor-crypto/openssl/dist/doc/apps/rsa.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/s_server.pod vendor-crypto/openssl/dist/doc/apps/verify.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/apps/x509v3_config.pod vendor-crypto/openssl/dist/doc/crypto/ASN1_generate_nconf.pod vendor-crypto/openssl/dist/doc/crypto/BIO_f_base64.pod vendor-crypto/openssl/dist/doc/crypto/BIO_push.pod vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_SignInit.pod vendor-crypto/openssl/dist/doc/crypto/RSA_set_method.pod vendor-crypto/openssl/dist/doc/crypto/RSA_sign.pod vendor-crypto/openssl/dist/doc/crypto/des.pod vendor-crypto/openssl/dist/doc/crypto/err.pod vendor-crypto/openssl/dist/doc/crypto/pem.pod vendor-crypto/openssl/dist/doc/crypto/ui.pod vendor-crypto/openssl/dist/doc/fingerprints.txt vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_session.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cipher_list.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_cert_cb.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod vendor-crypto/openssl/dist/doc/ssl/SSL_get_version.pod vendor-crypto/openssl/dist/doc/ssl/d2i_SSL_SESSION.pod vendor-crypto/openssl/dist/ssl/Makefile vendor-crypto/openssl/dist/ssl/d1_both.c vendor-crypto/openssl/dist/ssl/d1_clnt.c vendor-crypto/openssl/dist/ssl/d1_srvr.c vendor-crypto/openssl/dist/ssl/heartbeat_test.c vendor-crypto/openssl/dist/ssl/s23_lib.c vendor-crypto/openssl/dist/ssl/s23_srvr.c vendor-crypto/openssl/dist/ssl/s2_lib.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_enc.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl.h vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_err.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/ssl_stat.c vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/tls_srp.c vendor-crypto/openssl/dist/util/mk1mf.pl vendor-crypto/openssl/dist/util/mkdef.pl vendor-crypto/openssl/dist/util/mkerr.pl vendor-crypto/openssl/dist/util/ssleay.num Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/CHANGES Thu Aug 7 16:49:55 2014 (r269670) @@ -2,6 +2,92 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/Configure Thu Aug 7 16:49:55 2014 (r269670) @@ -720,6 +720,7 @@ my %disabled = ( # "what" => "co "sctp" => "default", "shared" => "default", "store" => "experimental", + "unit-test" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -727,7 +728,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE"; +my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). Modified: vendor-crypto/openssl/dist/FAQ ============================================================================== --- vendor-crypto/openssl/dist/FAQ Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/FAQ Thu Aug 7 16:49:55 2014 (r269670) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Aug 7 16:49:55 2014 (r269670) @@ -11,14 +11,14 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 1.0.1h -# OSSLTAG format: v1_0_1h +setenv OSSLVER 1.0.1i +# OSSLTAG format: v1_0_1i ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` cd /FreeBSD/work/openssl/merge -fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ - http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc +fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ + http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz svn co $FSVN/vendor-crypto/openssl/dist dist @@ -43,13 +43,13 @@ comm -13 ../old ../new | xargs svn --par svn stat svn ci -svn cp $FSVN/vendor-crypto/openssl/dist $FSVN/vendor-crypto/openssl/$OSSLVER +svn cp ^/vendor-crypto/openssl/dist ^/vendor-crypto/openssl/$OSSLVER # Merge to head mkdir ../head cd ../head svn co $FSVN/head/crypto/openssl crypto/openssl -svn merge $FSVN/vendor-crypto/openssl/dist crypto/openssl +svn merge ^/vendor-crypto/openssl/dist crypto/openssl # Resolve conflicts manually Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/Makefile Thu Aug 7 16:49:55 2014 (r269670) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1h +VERSION=1.0.1i MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= EX_LIBS= EXE_EXT= Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/NEWS Thu Aug 7 16:49:55 2014 (r269670) @@ -5,10 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] + + o Fix for CVE-2014-3512 + o Fix for CVE-2014-3511 + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3509 + o Fix for CVE-2014-5139 + o Fix for CVE-2014-3508 + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/README Thu Aug 7 16:49:55 2014 (r269670) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1h 5 Jun 2014 + OpenSSL 1.0.1i 6 Aug 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/apps.c Thu Aug 7 16:49:55 2014 (r269670) @@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; i<arg->count; i++) arg->data[i]=NULL; @@ -1542,6 +1544,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ca.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: vendor-crypto/openssl/dist/apps/ciphers.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ciphers.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ciphers.c Thu Aug 7 16:49:55 2014 (r269670) @@ -96,13 +96,7 @@ int MAIN(int argc, char **argv) char buf[512]; BIO *STDout=NULL; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_server_method(); -#endif apps_startup(); Modified: vendor-crypto/openssl/dist/apps/crl2p7.c ============================================================================== --- vendor-crypto/openssl/dist/apps/crl2p7.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/crl2p7.c Thu Aug 7 16:49:55 2014 (r269670) @@ -141,7 +141,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_OPENSSL_STRING_push(certflst,*(++argv))) + { + sk_OPENSSL_STRING_free(certflst); + goto end; + } } else { Modified: vendor-crypto/openssl/dist/apps/enc.c ============================================================================== --- vendor-crypto/openssl/dist/apps/enc.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/enc.c Thu Aug 7 16:49:55 2014 (r269670) @@ -67,7 +67,9 @@ #include <openssl/x509.h> #include <openssl/rand.h> #include <openssl/pem.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <ctype.h> int set_hex(char *in,unsigned char *out,int size); @@ -337,6 +339,12 @@ bad: goto end; } + if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) + { + BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n"); + goto end; + } + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); Modified: vendor-crypto/openssl/dist/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ocsp.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ocsp.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (cbio) BIO_free_all(cbio); Modified: vendor-crypto/openssl/dist/apps/progs.h ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.h Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/progs.h Thu Aug 7 16:49:55 2014 (r269670) @@ -107,16 +107,16 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif #ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, @@ -126,7 +126,7 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif {FUNC_TYPE_GENERAL,"nseq",nseq_main}, Modified: vendor-crypto/openssl/dist/apps/progs.pl ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.pl Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/progs.pl Thu Aug 7 16:49:55 2014 (r269670) @@ -32,7 +32,7 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) Modified: vendor-crypto/openssl/dist/apps/s_client.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_client.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/s_client.c Thu Aug 7 16:49:55 2014 (r269670) @@ -290,6 +290,7 @@ static void sc_usage(void) BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); @@ -300,6 +301,7 @@ static void sc_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); #ifdef WATT32 Modified: vendor-crypto/openssl/dist/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_server.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/s_server.c Thu Aug 7 16:49:55 2014 (r269670) @@ -463,6 +463,7 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ @@ -534,6 +535,7 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); @@ -562,6 +564,10 @@ static void sv_usage(void) #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + BIO_printf(bio_err," -status - respond to certificate status requests\n"); + BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); + BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); + BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); } static int local_argc=0; @@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1356,6 +1362,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) Modified: vendor-crypto/openssl/dist/crypto/asn1/a_object.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_object.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/a_object.c Thu Aug 7 16:49:55 2014 (r269670) @@ -283,17 +283,29 @@ err: ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT data = (unsigned char *)ret->data; ret->data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret->length < len)) + if ((data == NULL) || (ret->length < length)) { ret->length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret->data =data; - ret->length=(int)len; + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Modified: vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu Aug 7 16:49:55 2014 (r269670) @@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT struct tm *ts; struct tm data; size_t len = 20; + int free_s = 0; if (s == NULL) + { + free_s = 1; s=M_ASN1_UTCTIME_new(); + } if (s == NULL) - return(NULL); + goto err; + ts=OPENSSL_gmtime(&t, &data); if (ts == NULL) - return(NULL); + goto err; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; + goto err; } if((ts->tm_year < 50) || (ts->tm_year >= 150)) - return NULL; + goto err; p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) @@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT if (p == NULL) { ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE); - return(NULL); + goto err; } if (s->data != NULL) OPENSSL_free(s->data); @@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT ebcdic2ascii(s->data, s->data, s->length); #endif return(s); + err: + if (free_s && s) + M_ASN1_UTCTIME_free(s); + return NULL; } @@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_U t -= offset*60; /* FIXME: may overflow in extreme cases */ tm = OPENSSL_gmtime(&t, &data); + /* NB: -1, 0, 1 already valid return values so use -2 to + * indicate error. + */ + if (tm == NULL) + return -2; #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); Modified: vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int if (!ameth) return 0; ameth->pkey_base_id = to; - return EVP_PKEY_asn1_add0(ameth); + if (!EVP_PKEY_asn1_add0(ameth)) + { + EVP_PKEY_asn1_free(ameth); + return 0; + } + return 1; } int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, Modified: vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Modified: vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c Thu Aug 7 16:49:55 2014 (r269670) @@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Modified: vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c Thu Aug 7 16:49:55 2014 (r269670) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Modified: vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c Thu Aug 7 16:49:55 2014 (r269670) @@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b) if (!ctx) return 0; if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) + { + OPENSSL_free(ctx); return 0; + } b->init = 1; b->ptr = (char *)ctx; b->flags = 0; Modified: vendor-crypto/openssl/dist/crypto/asn1/charmap.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/charmap.pl Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/charmap.pl Thu Aug 7 16:49:55 2014 (r269670) @@ -1,5 +1,8 @@ #!/usr/local/bin/perl -w +# Written by Dr Stephen N Henson (steve@openssl.org). +# Licensed under the terms of the OpenSSL license. + use strict; my ($i, @arr); Modified: vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c Thu Aug 7 16:49:55 2014 (r269670) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Modified: vendor-crypto/openssl/dist/crypto/asn1/t_x509.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/t_x509.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/t_x509.c Thu Aug 7 16:49:55 2014 (r269670) @@ -475,6 +475,8 @@ int X509_NAME_print(BIO *bp, X509_NAME * l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c Thu Aug 7 16:49:55 2014 (r269670) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Modified: vendor-crypto/openssl/dist/crypto/asn1/x_crl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_crl.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/x_crl.c Thu Aug 7 16:49:55 2014 (r269670) @@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VA { /* We handle IDP and deltas */ if ((nid == NID_issuing_distribution_point) + || (nid == NID_authority_key_identifier) || (nid == NID_delta_crl)) break;; crl->flags |= EXFLAG_CRITICAL; Modified: vendor-crypto/openssl/dist/crypto/bio/bio_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Aug 7 16:49:55 2014 (r269670) @@ -680,7 +680,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as * 512-bit RSA is hardly relevant, we omit it to spare size... */ - if (window==5) + if (window==5 && top>1) { void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap, const void *table,const BN_ULONG *np, Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ Modified: vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c Thu Aug 7 16:49:55 2014 (r269670) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Modified: vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c Thu Aug 7 16:49:55 2014 (r269670) @@ -93,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_pa X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; + env = cms_get0_enveloped(cms); if (!env) - goto err; + return NULL; if (wrap_nid <= 0) wrap_nid = NID_id_alg_PWRI_KEK; Modified: vendor-crypto/openssl/dist/crypto/conf/conf_def.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/conf/conf_def.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/conf/conf_def.c Thu Aug 7 16:49:55 2014 (r269670) @@ -321,7 +321,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Modified: vendor-crypto/openssl/dist/crypto/ec/ec_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/ec/ec_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -942,7 +942,7 @@ int EC_POINT_dbl(const EC_GROUP *group, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Modified: vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1181,9 +1181,8 @@ int ec_GFp_simple_make_affine(const EC_G int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1198,124 +1197,104 @@ int ec_GFp_simple_points_make_affine(con } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; - - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; + + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } + + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ + + if (!BN_is_zero(&points[0]->Z)) + { + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; + } + else + { + if (!BN_one(prod_Z[0])) goto err; } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!BN_copy(heap[i], heap[i/2])) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53e3ae34.2d9c.69f9d0f4>