From owner-svn-src-all@freebsd.org Thu May 25 19:38:44 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6988FD824AD; Thu, 25 May 2017 19:38:44 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 21006138B; Thu, 25 May 2017 19:38:44 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4PJchQo083565; Thu, 25 May 2017 19:38:43 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4PJccxA083522; Thu, 25 May 2017 19:38:38 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201705251938.v4PJccxA083522@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 25 May 2017 19:38:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r318897 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/comp crypto/conf crypto/des crypto/dh crypto/ec cr... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2017 19:38:44 -0000 Author: jkim Date: Thu May 25 19:38:38 2017 New Revision: 318897 URL: https://svnweb.freebsd.org/changeset/base/318897 Log: Import OpenSSL 1.0.2l. Added: vendor-crypto/openssl/dist/doc/man3/ vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FREEBSD-Xlist vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/LICENSE vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/Makefile.org vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/dhparam.c vendor-crypto/openssl/dist/apps/enc.c vendor-crypto/openssl/dist/apps/engine.c vendor-crypto/openssl/dist/apps/pkeyutl.c vendor-crypto/openssl/dist/apps/prime.c vendor-crypto/openssl/dist/apps/progs.h vendor-crypto/openssl/dist/apps/progs.pl vendor-crypto/openssl/dist/apps/req.c vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/apps/srp.c vendor-crypto/openssl/dist/appveyor.yml vendor-crypto/openssl/dist/config vendor-crypto/openssl/dist/crypto/aes/Makefile vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c vendor-crypto/openssl/dist/crypto/asn1/a_digest.c vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c vendor-crypto/openssl/dist/crypto/asn1/a_time.c vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c vendor-crypto/openssl/dist/crypto/asn1/f_enum.c vendor-crypto/openssl/dist/crypto/asn1/f_int.c vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c vendor-crypto/openssl/dist/crypto/asn1/x_long.c vendor-crypto/openssl/dist/crypto/asn1/x_name.c vendor-crypto/openssl/dist/crypto/bio/b_print.c vendor-crypto/openssl/dist/crypto/bio/bio_cb.c vendor-crypto/openssl/dist/crypto/bio/bss_file.c vendor-crypto/openssl/dist/crypto/bn/Makefile vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-mont.pl vendor-crypto/openssl/dist/crypto/bn/bn_prime.c vendor-crypto/openssl/dist/crypto/bn/bn_prime.h vendor-crypto/openssl/dist/crypto/bn/bn_prime.pl vendor-crypto/openssl/dist/crypto/bn/bn_print.c vendor-crypto/openssl/dist/crypto/comp/c_rle.c vendor-crypto/openssl/dist/crypto/conf/conf.h vendor-crypto/openssl/dist/crypto/conf/conf_def.c vendor-crypto/openssl/dist/crypto/conf/conf_err.c vendor-crypto/openssl/dist/crypto/des/Makefile vendor-crypto/openssl/dist/crypto/des/set_key.c vendor-crypto/openssl/dist/crypto/dh/dh.h vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c vendor-crypto/openssl/dist/crypto/ec/ec_mult.c vendor-crypto/openssl/dist/crypto/ec/eck_prn.c vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c vendor-crypto/openssl/dist/crypto/err/err.c vendor-crypto/openssl/dist/crypto/err/err.h vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha256.c vendor-crypto/openssl/dist/crypto/evp/e_des3.c vendor-crypto/openssl/dist/crypto/evp/evp_enc.c vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c vendor-crypto/openssl/dist/crypto/ex_data.c vendor-crypto/openssl/dist/crypto/hmac/hm_pmeth.c vendor-crypto/openssl/dist/crypto/md5/Makefile vendor-crypto/openssl/dist/crypto/mem.c vendor-crypto/openssl/dist/crypto/modes/Makefile vendor-crypto/openssl/dist/crypto/o_dir.c vendor-crypto/openssl/dist/crypto/o_time.c vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c vendor-crypto/openssl/dist/crypto/ppccap.c vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/rc4/Makefile vendor-crypto/openssl/dist/crypto/rsa/rsa_pmeth.c vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c vendor-crypto/openssl/dist/crypto/sha/Makefile vendor-crypto/openssl/dist/crypto/srp/srp_vfy.c vendor-crypto/openssl/dist/crypto/txt_db/txt_db.c vendor-crypto/openssl/dist/crypto/ui/ui_lib.c vendor-crypto/openssl/dist/crypto/x509/x509_lu.c vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl vendor-crypto/openssl/dist/crypto/x86cpuid.pl vendor-crypto/openssl/dist/doc/apps/ciphers.pod vendor-crypto/openssl/dist/doc/apps/config.pod vendor-crypto/openssl/dist/doc/apps/genrsa.pod vendor-crypto/openssl/dist/doc/apps/req.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/s_server.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/RSA_private_encrypt.pod vendor-crypto/openssl/dist/doc/crypto/RSA_public_encrypt.pod vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_new.pod vendor-crypto/openssl/dist/doc/crypto/des.pod vendor-crypto/openssl/dist/ssl/d1_both.c vendor-crypto/openssl/dist/ssl/d1_clnt.c vendor-crypto/openssl/dist/ssl/d1_pkt.c vendor-crypto/openssl/dist/ssl/d1_srvr.c vendor-crypto/openssl/dist/ssl/s23_clnt.c vendor-crypto/openssl/dist/ssl/s23_srvr.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_enc.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl_cert.c vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/ssl_rsa.c vendor-crypto/openssl/dist/ssl/ssl_sess.c vendor-crypto/openssl/dist/ssl/ssltest.c vendor-crypto/openssl/dist/ssl/t1_ext.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/util/domd vendor-crypto/openssl/dist/util/mk1mf.pl Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/CHANGES Thu May 25 19:38:38 2017 (r318897) @@ -2,6 +2,12 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2k and 1.0.2l [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/Configure Thu May 25 19:38:38 2017 (r318897) @@ -109,7 +109,7 @@ my $usage="Usage: Configure [no- # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; # TODO(openssl-team): fix problems and investigate if (at least) the following # warnings can also be enabled: @@ -2041,12 +2041,13 @@ EOF close(OUT); } else { my $make_command = "$make PERL=\'$perl\'"; - my $make_targets = ""; - $make_targets .= " links" if $symlink; - $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; - $make_targets .= " gentests" if $symlink; - (system $make_command.$make_targets) == 0 or exit $? - if $make_targets ne ""; + my @make_targets = (); + push @make_targets, "links" if $symlink; + push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend; + push @make_targets, "gentests" if $symlink; + foreach my $make_target (@make_targets) { + (system "$make_command $make_target") == 0 or exit $?; + } if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); @@ -2056,8 +2057,8 @@ EOF &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { - $warn_make_depend++; - } + $warn_make_depend++; + } } # create the ms/version32.rc file if needed Modified: vendor-crypto/openssl/dist/FREEBSD-Xlist ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-Xlist Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/FREEBSD-Xlist Thu May 25 19:38:38 2017 (r318897) @@ -57,9 +57,11 @@ openssl-*/crypto/rand/rand_vms.c openssl-*/crypto/rand/rand_win.c openssl-*/crypto/threads/solaris.sh openssl-*/demos +openssl-*/doc-nits openssl-*/engines/*.ec openssl-*/engines/*.opt openssl-*/engines/ccgost/e_gost_err.proto +openssl-*/fuzz openssl-*/include openssl-*/ms openssl-*/op Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Thu May 25 19:38:38 2017 (r318897) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://repo.freebsd.org/base" -setenv OSSLVER 1.0.2j -# OSSLTAG format: v1_0_2j +setenv OSSLVER 1.0.2l +# OSSLTAG format: v1_0_2l ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist/LICENSE ============================================================================== --- vendor-crypto/openssl/dist/LICENSE Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/LICENSE Thu May 25 19:38:38 2017 (r318897) @@ -2,7 +2,7 @@ LICENSE ISSUES ============== - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + The OpenSSL toolkit stays under a double license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/Makefile Thu May 25 19:38:38 2017 (r318897) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2k +VERSION=1.0.2l MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -426,6 +426,14 @@ clean: libclean rm -fr $$i/*; \ done +distclean: clean + -$(RM) `find . -name .git -prune -o -type l -print` + $(RM) apps/CA.pl + $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem + $(RM) tools/c_rehash + $(RM) crypto/opensslconf.h + $(RM) Makefile Makefile.bak + makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ sh util/do_ms.sh Modified: vendor-crypto/openssl/dist/Makefile.org ============================================================================== --- vendor-crypto/openssl/dist/Makefile.org Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/Makefile.org Thu May 25 19:38:38 2017 (r318897) @@ -424,6 +424,14 @@ clean: libclean rm -fr $$i/*; \ done +distclean: clean + -$(RM) `find . -name .git -prune -o -type l -print` + $(RM) apps/CA.pl + $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem + $(RM) tools/c_rehash + $(RM) crypto/opensslconf.h + $(RM) Makefile Makefile.bak + makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ sh util/do_ms.sh Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/NEWS Thu May 25 19:38:38 2017 (r318897) @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] + + o config now recognises 64-bit mingw and chooses mingw64 instead of mingw + Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/README Thu May 25 19:38:38 2017 (r318897) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2k 26 Jan 2017 + OpenSSL 1.0.2l 25 May 2017 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/ca.c Thu May 25 19:38:38 2017 (r318897) @@ -2126,10 +2126,8 @@ static int do_body(X509 **xret, EVP_PKEY goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -2137,11 +2135,14 @@ static int do_body(X509 **xret, EVP_PKEY BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto err; } + irow = NULL; ok = 1; err: - for (i = 0; i < DB_NUMBER; i++) - if (row[i] != NULL) + if (irow != NULL) { + for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); + OPENSSL_free(irow); + } if (CAname != NULL) X509_NAME_free(CAname); @@ -2396,18 +2397,20 @@ static int do_revoke(X509 *x509, CA_DB * goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { BIO_printf(bio_err, "failed to update database\n"); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); + OPENSSL_free(irow); goto err; } + for (i = 0; i < DB_NUMBER; i++) + row[i] = NULL; + /* Revoke Certificate */ if (type == -1) ok = 1; Modified: vendor-crypto/openssl/dist/apps/dhparam.c ============================================================================== --- vendor-crypto/openssl/dist/apps/dhparam.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/dhparam.c Thu May 25 19:38:38 2017 (r318897) @@ -381,10 +381,19 @@ int MAIN(int argc, char **argv) } else # endif { - if (informat == FORMAT_ASN1) + if (informat == FORMAT_ASN1) { + /* + * We have no PEM header to determine what type of DH params it + * is. We'll just try both. + */ dh = d2i_DHparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + /* BIO_reset() returns 0 for success for file BIOs only!!! */ + if (dh == NULL && BIO_reset(in) == 0) + dh = d2i_DHxparams_bio(in, NULL); + } else { + /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); + } if (dh == NULL) { BIO_printf(bio_err, "unable to load DH parameters\n"); @@ -484,10 +493,13 @@ int MAIN(int argc, char **argv) } if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_DHparams_bio(out, dh); - else if (outformat == FORMAT_PEM) { - if (dh->q) + if (outformat == FORMAT_ASN1) { + if (dh->q != NULL) + i = i2d_DHxparams_bio(out, dh); + else + i = i2d_DHparams_bio(out, dh); + } else if (outformat == FORMAT_PEM) { + if (dh->q != NULL) i = PEM_write_bio_DHxparams(out, dh); else i = PEM_write_bio_DHparams(out, dh); Modified: vendor-crypto/openssl/dist/apps/enc.c ============================================================================== --- vendor-crypto/openssl/dist/apps/enc.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/enc.c Thu May 25 19:38:38 2017 (r318897) @@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out #define BSIZE (8*1024) #define PROG enc_main -static void show_ciphers(const OBJ_NAME *name, void *bio_) +struct doall_enc_ciphers { + BIO *bio; + int n; +}; + +static void show_ciphers(const OBJ_NAME *name, void *arg) { - BIO *bio = bio_; - static int n; + struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg; + const EVP_CIPHER *cipher; if (!islower((unsigned char)*name->name)) return; - BIO_printf(bio, "-%-25s", name->name); - if (++n == 3) { - BIO_printf(bio, "\n"); - n = 0; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; } else - BIO_printf(bio, " "); + BIO_printf(dec->bio, " "); } int MAIN(int, char **); @@ -130,6 +142,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; const EVP_MD *dgst = NULL; int non_fips_allow = 0; + struct doall_enc_ciphers dec; apps_startup(); @@ -311,8 +324,10 @@ int MAIN(int argc, char **argv) #endif BIO_printf(bio_err, "Cipher Types\n"); + dec.n = 0; + dec.bio = bio_err; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, bio_err); + show_ciphers, &dec); BIO_printf(bio_err, "\n"); goto end; Modified: vendor-crypto/openssl/dist/apps/engine.c ============================================================================== --- vendor-crypto/openssl/dist/apps/engine.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/engine.c Thu May 25 19:38:38 2017 (r318897) @@ -108,13 +108,16 @@ static int append_buf(char **buf, const } if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { + char *p = *buf; + *size += step; *buf = OPENSSL_realloc(*buf, *size); + if (*buf == NULL) { + OPENSSL_free(p); + return 0; + } } - if (*buf == NULL) - return 0; - if (**buf != '\0') BUF_strlcat(*buf, ", ", *size); BUF_strlcat(*buf, s, *size); Modified: vendor-crypto/openssl/dist/apps/pkeyutl.c ============================================================================== --- vendor-crypto/openssl/dist/apps/pkeyutl.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/pkeyutl.c Thu May 25 19:38:38 2017 (r318897) @@ -322,8 +322,10 @@ int MAIN(int argc, char **argv) buf_in, (size_t)buf_inlen); if (rv == 0) BIO_puts(out, "Signature Verification Failure\n"); - else if (rv == 1) + else if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); + ret = 0; + } if (rv >= 0) goto end; } else { Modified: vendor-crypto/openssl/dist/apps/prime.c ============================================================================== --- vendor-crypto/openssl/dist/apps/prime.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/prime.c Thu May 25 19:38:38 2017 (r318897) @@ -155,5 +155,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "%-14s hex\n", "-hex"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks "); + BIO_printf(bio_err, "%-14s generate prime\n", "-generate"); + BIO_printf(bio_err, "%-14s number of bits\n", "-bits "); + BIO_printf(bio_err, "%-14s safe prime\n", "-safe"); return 1; } Modified: vendor-crypto/openssl/dist/apps/progs.h ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.h Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/progs.h Thu May 25 19:38:38 2017 (r318897) @@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv typedef struct { int type; const char *name; - int (*func) (int argc, char *argv[]); + int (*func)(int argc, char *argv[]); } FUNCTION; DECLARE_LHASH_OF(FUNCTION); Modified: vendor-crypto/openssl/dist/apps/progs.pl ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.pl Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/progs.pl Thu May 25 19:38:38 2017 (r318897) @@ -6,22 +6,22 @@ print "/* automatically generated by pro grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func)(int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) @@ -60,7 +60,7 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n"; } foreach ( @@ -86,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -101,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; Modified: vendor-crypto/openssl/dist/apps/req.c ============================================================================== --- vendor-crypto/openssl/dist/apps/req.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/req.c Thu May 25 19:38:38 2017 (r318897) @@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; Modified: vendor-crypto/openssl/dist/apps/s_client.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_client.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/s_client.c Thu May 25 19:38:38 2017 (r318897) @@ -2132,6 +2132,7 @@ int MAIN(int argc, char **argv) BIO_free(bio_c_msg); bio_c_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } Modified: vendor-crypto/openssl/dist/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_server.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/s_server.c Thu May 25 19:38:38 2017 (r318897) @@ -2132,6 +2132,7 @@ int MAIN(int argc, char *argv[]) BIO_free(bio_s_msg); bio_s_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } Modified: vendor-crypto/openssl/dist/apps/srp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/srp.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/apps/srp.c Thu May 25 19:38:38 2017 (r318897) @@ -183,10 +183,8 @@ static int update_index(CA_DB *db, BIO * return 0; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { Modified: vendor-crypto/openssl/dist/appveyor.yml ============================================================================== --- vendor-crypto/openssl/dist/appveyor.yml Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/appveyor.yml Thu May 25 19:38:38 2017 (r318897) @@ -50,11 +50,3 @@ build_script: test_script: - nmake /f ms\%MAK% test - -notifications: - - provider: Email - to: - - openssl-commits@openssl.org - on_build_success: false - on_build_failure: true - on_build_status_changed: true Modified: vendor-crypto/openssl/dist/config ============================================================================== --- vendor-crypto/openssl/dist/config Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/config Thu May 25 19:38:38 2017 (r318897) @@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "mips-sony-newsos4"; exit 0; ;; + # The following combinations are supported + # MINGW64* on x86_64 => mingw64 + # MINGW32* on x86_64 => mingw + # MINGW32* on i?86 => mingw + # + # MINGW64* on i?86 isn't expected to work... + MINGW64*:*:*:x86_64) + echo "${MACHINE}-whatever-mingw64"; exit 0; + ;; MINGW*) echo "${MACHINE}-whatever-mingw"; exit 0; ;; Modified: vendor-crypto/openssl/dist/crypto/aes/Makefile ============================================================================== --- vendor-crypto/openssl/dist/crypto/aes/Makefile Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/aes/Makefile Thu May 25 19:38:38 2017 (r318897) @@ -133,7 +133,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Thu May 25 19:38:38 2017 (r318897) @@ -1702,6 +1702,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Thu May 25 19:38:38 2017 (r318897) @@ -1299,6 +1299,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization Modified: vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl Thu May 25 19:38:38 2017 (r318897) @@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt: vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[5],@XMM[0] @ and input are preserved bl AES_decrypt - vld1.8 {@XMM[0]}, [$fp,:64] @ load result + vld1.8 {@XMM[0]}, [$fp] @ load result veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV vmov @XMM[15], @XMM[5] @ @XMM[5] holds input vst1.8 {@XMM[0]}, [$rounds] @ write output Modified: vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c Thu May 25 19:38:38 2017 (r318897) @@ -114,10 +114,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); - p += len; - if (len > 0) + if (len > 0) { + memcpy(p, d, len); + p += len; p[-1] &= (0xff << bits); + } *pp = p; return (ret); } Modified: vendor-crypto/openssl/dist/crypto/asn1/a_digest.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_digest.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_digest.c Thu May 25 19:38:38 2017 (r318897) @@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const p = str; i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } @@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it if (!str) return (0); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } Modified: vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c Thu May 25 19:38:38 2017 (r318897) @@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; Modified: vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c Thu May 25 19:38:38 2017 (r318897) @@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_stand {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, Modified: vendor-crypto/openssl/dist/crypto/asn1/a_time.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_time.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_time.c Thu May 25 19:38:38 2017 (r318897) @@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *ret; + ASN1_GENERALIZEDTIME *ret = NULL; char *str; int newlen; @@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_gener if (!out || !*out) { if (!(ret = ASN1_GENERALIZEDTIME_new())) - return NULL; - if (out) - *out = ret; - } else + goto err; + } else { ret = *out; + } /* If already GeneralizedTime just copy across */ if (t->type == V_ASN1_GENERALIZEDTIME) { if (!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; + goto err; + goto done; } /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; + goto err; /* ASN1_STRING_set() allocated 'len + 1' bytes. */ newlen = t->length + 2 + 1; str = (char *)ret->data; @@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_gener BUF_strlcat(str, (char *)t->data, newlen); - return ret; + done: + if (out != NULL && *out == NULL) + *out = ret; + return ret; + + err: + if (out == NULL || *out != ret) + ASN1_GENERALIZEDTIME_free(ret); + return NULL; } + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_TIME t; Modified: vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu May 25 19:38:38 2017 (r318897) @@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, co if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; Modified: vendor-crypto/openssl/dist/crypto/asn1/f_enum.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/f_enum.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/f_enum.c Thu May 25 19:38:38 2017 (r318897) @@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_EN bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } Modified: vendor-crypto/openssl/dist/crypto/asn1/f_int.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/f_int.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/f_int.c Thu May 25 19:38:38 2017 (r318897) @@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c Thu May 25 19:38:38 2017 (r318897) @@ -673,6 +673,7 @@ static int asn1_template_noexp_d2i(ASN1_ } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item)); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); goto err; } Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c Thu May 25 19:38:38 2017 (r318897) @@ -158,7 +158,7 @@ static int asn1_item_ex_combine_new(ASN1 } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -186,10 +186,10 @@ static int asn1_item_ex_combine_new(ASN1 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!ASN1_template_new(pseqval, tt)) - goto memerr; + goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; } #ifdef CRYPTO_MDEBUG @@ -198,6 +198,8 @@ static int asn1_item_ex_combine_new(ASN1 #endif return 1; + memerr2: + ASN1_item_ex_free(pval, it); memerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG @@ -206,9 +208,10 @@ static int asn1_item_ex_combine_new(ASN1 #endif return 0; + auxerr2: + ASN1_item_ex_free(pval, it); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); - ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); Modified: vendor-crypto/openssl/dist/crypto/asn1/x_long.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_long.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/x_long.c Thu May 25 19:38:38 2017 (r318897) @@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, u * set. */ if (ltmp < 0) - utmp = -ltmp - 1; + utmp = 0 - (unsigned long)ltmp - 1; else utmp = ltmp; clen = BN_num_bits_word(utmp); @@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, u static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; + int neg = -1, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; + + if (len) { + /* + * Check possible pad byte. Worst case, we're skipping past actual + * content, but since that's only with 0x00 and 0xff and we set neg + * accordingly, the result will be correct in the end anyway. + */ + switch (cont[0]) { + case 0xff: + cont++; + len--; + neg = 1; + break; + case 0: + cont++; + len--; + neg = 0; + break; + } + } if (len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - neg = 1; - else - neg = 0; + if (neg == -1) { + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + } utmp = 0; for (i = 0; i < len; i++) { utmp <<= 8; @@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, c } ltmp = (long)utmp; if (neg) { - ltmp++; ltmp = -ltmp; + ltmp--; } if (ltmp == it->size) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); Modified: vendor-crypto/openssl/dist/crypto/asn1/x_name.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_name.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/asn1/x_name.c Thu May 25 19:38:38 2017 (r318897) @@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE *pval = NULL; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, @@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE * entry->set = i; if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; + sk_X509_NAME_ENTRY_set(entries, j, NULL); } - sk_X509_NAME_ENTRY_free(entries); } - sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ret = x509_name_canon(nm.x); if (!ret) goto err; + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); nm.x->modified = 0; *val = nm.a; *in = p; @@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE * err: if (nm.x != NULL) X509_NAME_free(nm.x); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_pop_free); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE * return ret; } -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_free(ne); -} - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -} - static int x509_name_encode(X509_NAME *a) { union { @@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto memerr; + } set = entry->set; } if (!sk_X509_NAME_ENTRY_push(entries, entry)) @@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto err; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto err; + } set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); Modified: vendor-crypto/openssl/dist/crypto/bio/b_print.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/b_print.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/bio/b_print.c Thu May 25 19:38:38 2017 (r318897) @@ -502,7 +502,7 @@ fmtint(char **sbuffer, if (!(flags & DP_F_UNSIGNED)) { if (value < 0) { signvalue = '-'; - uvalue = -value; + uvalue = -(unsigned LLONG)value; } else if (flags & DP_F_PLUS) signvalue = '+'; else if (flags & DP_F_SPACE) Modified: vendor-crypto/openssl/dist/crypto/bio/bio_cb.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bio_cb.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/bio/bio_cb.c Thu May 25 19:38:38 2017 (r318897) @@ -78,6 +78,9 @@ long MS_CALLBACK BIO_debug_callback(BIO len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + /* Ignore errors and continue printing the other information. */ + if (len < 0) + len = 0; p = buf + len; p_maxlen = sizeof(buf) - len; Modified: vendor-crypto/openssl/dist/crypto/bio/bss_file.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bss_file.c Thu May 25 19:20:06 2017 (r318896) +++ vendor-crypto/openssl/dist/crypto/bio/bss_file.c Thu May 25 19:38:38 2017 (r318897) @@ -251,7 +251,7 @@ static int MS_CALLBACK file_read(BIO *b, ret = fread(out, 1, (int)outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : - ferror((FILE *)b->ptr)) { + ferror((FILE *)b->ptr)) { SYSerr(SYS_F_FREAD, get_last_sys_error()); BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ret = -1; @@ -287,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b FILE *fp = (FILE *)b->ptr; FILE **fpp; char p[4]; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***