Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Jun 2015 18:03:38 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r284281 - in vendor-crypto/openssl/dist-0.9.8: . crypto crypto/asn1 crypto/bn crypto/cms crypto/dsa crypto/dso crypto/ec crypto/objects crypto/ocsp crypto/pem crypto/pkcs7 crypto/x509 d...
Message-ID:  <201506111803.t5BI3cOQ008536@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Thu Jun 11 18:03:37 2015
New Revision: 284281
URL: https://svnweb.freebsd.org/changeset/base/284281

Log:
  Import OpenSSL 0.9.8zg.

Modified:
  vendor-crypto/openssl/dist-0.9.8/CHANGES
  vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade
  vendor-crypto/openssl/dist-0.9.8/Makefile
  vendor-crypto/openssl/dist-0.9.8/NEWS
  vendor-crypto/openssl/dist-0.9.8/README
  vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c
  vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c
  vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c
  vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h
  vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c
  vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c
  vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c
  vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c
  vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c
  vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c
  vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c
  vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c
  vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c
  vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h
  vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c
  vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c
  vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c
  vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod
  vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod
  vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod
  vendor-crypto/openssl/dist-0.9.8/e_os2.h
  vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c
  vendor-crypto/openssl/dist-0.9.8/openssl.spec
  vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c
  vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c
  vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c
  vendor-crypto/openssl/dist-0.9.8/ssl/ssl.h
  vendor-crypto/openssl/dist-0.9.8/ssl/ssl_err.c
  vendor-crypto/openssl/dist-0.9.8/ssl/ssl_locl.h
  vendor-crypto/openssl/dist-0.9.8/ssl/ssl_sess.c
  vendor-crypto/openssl/dist-0.9.8/util/mkerr.pl

Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/CHANGES	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/CHANGES	Thu Jun 11 18:03:37 2015	(r284281)
@@ -2,6 +2,74 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
  Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
 
   *) Segmentation fault in ASN1_TYPE_cmp fix

Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade	Thu Jun 11 18:03:37 2015	(r284281)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
 # Xlist
 setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
 setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 0.9.8zf
-# OSSLTAG format: v0_9_8zf
+setenv OSSLVER 0.9.8zg
+# OSSLTAG format: v0_9_8zg
 
 ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
 

Modified: vendor-crypto/openssl/dist-0.9.8/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/Makefile	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/Makefile	Thu Jun 11 18:03:37 2015	(r284281)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.8zf
+VERSION=0.9.8zg
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8

Modified: vendor-crypto/openssl/dist-0.9.8/NEWS
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/NEWS	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/NEWS	Thu Jun 11 18:03:37 2015	(r284281)
@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
   Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
 
       o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)

Modified: vendor-crypto/openssl/dist-0.9.8/README
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/README	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/README	Thu Jun 11 18:03:37 2015	(r284281)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8zf 19 Mar 2015
+ OpenSSL 0.9.8zg 11 Jun 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
     else {
         ret = a->length;
         i = a->data[0];
+        if (ret == 1 && i == 0)
+            neg = 0;
         if (!neg && (i > 127)) {
             pad = 1;
             pb = 0;
@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
         p += a->length - 1;
         i = a->length;
         /* Copy zeros to destination as long as source is zero */
-        while (!*n) {
+        while (!*n && i > 1) {
             *(p--) = 0;
             n--;
             i--;
@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM 
         ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
         goto err;
     }
-    if (BN_is_negative(bn))
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
         ret->type = V_ASN1_NEG_INTEGER;
     else
         ret->type = V_ASN1_INTEGER;

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1
     else
         asn1_cb = 0;
 
-    if (!combine)
-        *pval = NULL;
-
 #ifdef CRYPTO_MDEBUG
     if (it->sname)
         CRYPTO_push_info(it->sname);

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -184,7 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
     /* Save start position */
     q = *pp;
 
-    if(!a || *a == NULL) {
+    if (!a || *a == NULL) {
         freeret = 1;
     }
     ret = d2i_X509(a, pp, length);
@@ -199,7 +199,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
         goto err;
     return ret;
  err:
-    if(freeret) {
+    if (freeret) {
         X509_free(ret);
         if (a)
             *a = NULL;

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h	Thu Jun 11 18:03:37 2015	(r284281)
@@ -871,6 +871,7 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
 # define BN_F_BN_GF2M_MOD_SQR                             136
 # define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
 # define BN_F_BN_MOD_EXP2_MONT                            118
 # define BN_F_BN_MOD_EXP_MONT                             109
 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
@@ -886,12 +887,14 @@ void ERR_load_BN_strings(void);
 # define BN_F_BN_NEW                                      113
 # define BN_F_BN_RAND                                     114
 # define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RSHIFT                                   146
 # define BN_F_BN_USUB                                     115
 
 /* Reason codes. */
 # define BN_R_ARG2_LT_ARG3                                100
 # define BN_R_BAD_RECIPROCAL                              101
 # define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
 # define BN_R_CALLED_WITH_EVEN_MODULUS                    102
 # define BN_R_DIV_BY_ZERO                                 103
 # define BN_R_ENCODING_ERROR                              104
@@ -899,6 +902,7 @@ void ERR_load_BN_strings(void);
 # define BN_R_INPUT_NOT_REDUCED                           110
 # define BN_R_INVALID_LENGTH                              106
 # define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
 # define BN_R_NOT_A_SQUARE                                111
 # define BN_R_NOT_INITIALIZED                             107
 # define BN_R_NO_INVERSE                                  108

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -1,6 +1,6 @@
 /* crypto/bn/bn_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] =
     {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
     {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
     {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+    {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
     {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
     {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
     {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] =
     {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
     {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
     {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+    {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
     {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
     {0, NULL}
 };
@@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] 
     {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
     {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
     {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
     {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
     {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
     {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] 
     {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
     {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
     {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
     {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
     {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
     {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
     char *buf;
     char *p;
 
-    buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (a->neg && BN_is_zero(a)) {
+        /* "-0" == 3 bytes including NULL terminator */
+        buf = OPENSSL_malloc(3);
+    } else {
+        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    }
     if (buf == NULL) {
         BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
         goto err;

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM
     int ret = 0, bit, bytes, mask;
     time_t tim;
 
+    if (bits < 0 || (bits == 1 && top > 0)) {
+        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
     if (bits == 0) {
         BN_zero(rnd);
         return 1;
@@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM
     }
 #endif
 
-    if (top != -1) {
+    if (top >= 0) {
         if (top) {
             if (bit == 0) {
                 buf[0] = 1;

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a
     bn_check_top(r);
     bn_check_top(a);
 
+    if (n < 0) {
+        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
     r->neg = a->neg;
     nw = n / BN_BITS2;
     if (bn_wexpand(r, a->top + nw + 1) == NULL)
@@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a
     bn_check_top(r);
     bn_check_top(a);
 
+    if (n < 0) {
+        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
     nw = n / BN_BITS2;
     rb = n % BN_BITS2;
     lb = BN_BITS2 - rb;

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *up
             BIO_free(f);
             f = tbio;
         }
-        while (f != upto);
+        while (f && f != upto);
     } else
         BIO_free_all(f);
 }

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -107,23 +107,23 @@ static DSA_METHOD openssl_dsa_meth = {
 # define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
         do { \
         int _tmp_res53; \
-        if((dsa)->meth->dsa_mod_exp) \
+        if ((dsa)->meth->dsa_mod_exp) \
                 _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
                                 (a2), (p2), (m), (ctx), (in_mont)); \
         else \
                 _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
                                 (m), (ctx), (in_mont)); \
-        if(!_tmp_res53) err_instr; \
+        if (!_tmp_res53) err_instr; \
         } while(0)
 # define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
         do { \
         int _tmp_res53; \
-        if((dsa)->meth->bn_mod_exp) \
+        if ((dsa)->meth->bn_mod_exp) \
                 _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
                                 (m), (ctx), (m_ctx)); \
         else \
                 _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if(!_tmp_res53) err_instr; \
+        if (!_tmp_res53) err_instr; \
         } while(0)
 
 const DSA_METHOD *DSA_OpenSSL(void)

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, co
  * honest. For one thing, I think I have to return a negative value for any
  * error because possible DSO_ctrl() commands may return values such as
  * "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
  * times. I'd prefer "output" values to be passed by reference and the return
  * value as success/failure like usual ... but we conform when we must... :-)
  */

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GR
     }
 
     /* test required by X9.62 */
-    if (!EC_POINT_is_on_curve(group, point, ctx)) {
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
         ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
         goto err;
     }
-    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
         ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey
         goto err;
 
     /* testing whether the pub_key is on the elliptic curve */
-    if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
         ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GRO
     return group->meth->is_at_infinity(group, point);
 }
 
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ *  1: The point is on the curve
+ *  0: The point is not on the curve
+ * -1: An error occurred
+ */
 int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
                          BN_CTX *ctx)
 {

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GRO
     }
 
     /* test required by X9.62 */
-    if (!EC_POINT_is_on_curve(group, point, ctx)) {
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
         ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -303,7 +303,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
         if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
             ABORT;
         fprintf(stderr, "Point is not on curve: x = 0x");
@@ -436,7 +436,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
         ABORT;
@@ -501,7 +501,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
         ABORT;
@@ -572,7 +572,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn
         (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
@@ -649,7 +649,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
                    "84F3B9CAC2FC632551"))
@@ -723,7 +723,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
                    "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
@@ -800,7 +800,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
                    "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
@@ -862,7 +862,7 @@ void prime_field_tests()
         ABORT;
     if (!EC_POINT_dbl(group, P, P, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!EC_POINT_invert(group, Q, ctx))
         ABORT;                  /* P = -2Q */
@@ -1004,7 +1004,7 @@ void prime_field_tests()
 #  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
         if (!BN_hex2bn(&x, _x)) ABORT; \
         if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
         if (!BN_hex2bn(&z, _order)) ABORT; \
         if (!BN_hex2bn(&cof, _cof)) ABORT; \
         if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1022,7 +1022,7 @@ void prime_field_tests()
         if (!BN_hex2bn(&x, _x)) ABORT; \
         if (!BN_hex2bn(&y, _y)) ABORT; \
         if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
         if (!BN_hex2bn(&z, _order)) ABORT; \
         if (!BN_hex2bn(&cof, _cof)) ABORT; \
         if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1161,7 +1161,7 @@ void char2_field_tests()
     if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
         ABORT;
 # endif
-    if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
 /* Change test based on whether binary point compression is enabled or not. */
 # ifdef OPENSSL_EC_BIN_PT_COMP
         if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
@@ -1382,7 +1382,7 @@ void char2_field_tests()
         ABORT;
     if (!EC_POINT_dbl(group, P, P, ctx))
         ABORT;
-    if (!EC_POINT_is_on_curve(group, P, ctx))
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
         ABORT;
     if (!EC_POINT_invert(group, Q, ctx))
         ABORT;                  /* P = -2Q */

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
     if (a->nid != 0)
         return (a->nid);
 
+    if (a->length == 0)
+        return NID_undef;
+
     if (added != NULL) {
         ad.type = ADDED_DATA;
         ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
 {
     X509 *signer, *x;
     STACK_OF(X509) *chain = NULL;
+    STACK_OF(X509) *untrusted = NULL;
     X509_STORE_CTX ctx;
     int i, ret = 0;
     ret = ocsp_find_signer(&signer, bs, certs, st, flags);
@@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
     }
     if (!(flags & OCSP_NOVERIFY)) {
         int init_res;
-        if (flags & OCSP_NOCHAIN)
-            init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
-        else
-            init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+        if (flags & OCSP_NOCHAIN) {
+            untrusted = NULL;
+        } else if (bs->certs && certs) {
+            untrusted = sk_X509_dup(bs->certs);
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+                    goto end;
+                }
+            }
+        } else {
+            untrusted = bs->certs;
+        }
+        init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
         if (!init_res) {
             ret = -1;
             OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
@@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
  end:
     if (chain)
         sk_X509_pop_free(chain, X509_free);
+    if (bs->certs && certs)
+        sk_X509_free(untrusted);
     return ret;
 }
 

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h	Thu Jun 11 18:03:37 2015	(r284281)
@@ -26,11 +26,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x009081ffL
+# define OPENSSL_VERSION_NUMBER  0x0090820fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf-fips 19 Mar 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zg-fips 11 Jun 2015"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zf 19 Mar 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8zg 11 Jun 2015"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY 
         if (kstr == buf)
             OPENSSL_cleanse(buf, klen);
         PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if (p8 == NULL)
+            return 0;
         if (isder)
             ret = i2d_PKCS8_bio(bp, p8);
         else

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -359,12 +359,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
 
     switch (i) {
     case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
         data_body = PKCS7_get_octet_string(p7->d.sign->contents);
         md_sk = p7->d.sign->md_algs;
         break;
     case NID_pkcs7_signedAndEnveloped:
         rsk = p7->d.signed_and_enveloped->recipientinfo;
         md_sk = p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
         data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
         enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
         evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -377,6 +384,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
     case NID_pkcs7_enveloped:
         rsk = p7->d.enveloped->recipientinfo;
         enc_alg = p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
         data_body = p7->d.enveloped->enc_data->enc_data;
         evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
         if (evp_cipher == NULL) {
@@ -390,6 +398,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
         goto err;
     }
 
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
     /* We will be checking the signature */
     if (md_sk != NULL) {
         for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
@@ -557,7 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
         etmp = NULL;
     }
 #if 1
-    if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+    if (in_bio != NULL) {
         bio = in_bio;
     } else {
 # if 0

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void)
 
 static void cleanup(X509_OBJECT *a)
 {
+    if (!a)
+        return;
     if (a->type == X509_LU_X509) {
         X509_free(a->data.x509);
     } else if (a->type == X509_LU_CRL) {

Modified: vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -1007,47 +1007,84 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t
     ASN1_TIME atm;
     long offset;
     char buff1[24], buff2[24], *p;
-    int i, j;
+    int i, j, remaining;
 
     p = buff1;
-    i = ctm->length;
+    remaining = ctm->length;
     str = (char *)ctm->data;
+    /*
+     * Note that the following (historical) code allows much more slack in the
+     * time format than RFC5280. In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     */
     if (ctm->type == V_ASN1_UTCTIME) {
-        if ((i < 11) || (i > 17))
+        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+        int min_length = sizeof("YYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
             return 0;
         memcpy(p, str, 10);
         p += 10;
         str += 10;
+        remaining -= 10;
     } else {
-        if (i < 13)
+        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
             return 0;
         memcpy(p, str, 12);
         p += 12;
         str += 12;
+        remaining -= 12;
     }
 
     if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
         *(p++) = '0';
         *(p++) = '0';
     } else {
+        /* SS (seconds) */
+        if (remaining < 2)
+            return 0;
         *(p++) = *(str++);
         *(p++) = *(str++);
-        /* Skip any fractional seconds... */
-        if (*str == '.') {
+        remaining -= 2;
+        /*
+         * Skip any (up to three) fractional seconds...
+         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+         * Can we just kill them altogether?
+         */
+        if (remaining && *str == '.') {
             str++;
-            while ((*str >= '0') && (*str <= '9'))
-                str++;
+            remaining--;
+            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+                if (*str < '0' || *str > '9')
+                    break;
+            }
         }
 
     }
     *(p++) = 'Z';
     *(p++) = '\0';
 
-    if (*str == 'Z')
+    /* We now need either a terminating 'Z' or an offset. */
+    if (!remaining)
+        return 0;
+    if (*str == 'Z') {
+        if (remaining != 1)
+            return 0;
         offset = 0;
-    else {
+    } else {
+        /* (+-)HHMM */
         if ((*str != '+') && (*str != '-'))
             return 0;
+        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+        if (remaining != 5)
+            return 0;
+        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+            return 0;
         offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
         offset += (str[3] - '0') * 10 + (str[4] - '0');
         if (*str == '-')
@@ -1304,6 +1341,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
+    if (!ctx)
+        return;
     X509_STORE_CTX_cleanup(ctx);
     OPENSSL_free(ctx);
 }

Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod	Thu Jun 11 18:03:37 2015	(r284281)
@@ -24,7 +24,8 @@ most significant bit of the random numbe
 it is set to 1, and if B<top> is 1, the two most significant bits of
 the number will be set to 1, so that the product of two such random
 numbers will always have 2*B<bits> length.  If B<bottom> is true, the
-number will be odd.
+number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
+1 then B<top> cannot also be 1.
 
 BN_pseudo_rand() does the same, but pseudo-random numbers generated by
 this function are not necessarily unpredictable. They can be used for

Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod	Thu Jun 11 18:03:37 2015	(r284281)
@@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n>
 shorter than B<n> bits.
 
 BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
-the result in B<r> (C<r=2*a>).
+B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
+B<a> left by one and places the result in B<r> (C<r=2*a>).
 
 BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
-the result in B<r> (C<r=a/2>).
+B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
+B<a> right by one and places the result in B<r> (C<r=a/2>).
 
 For the shift functions, B<r> and B<a> may be the same variable.
 

Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod	Thu Jun 11 18:03:37 2015	(r284281)
@@ -2,7 +2,29 @@
 
 =head1 NAME
 
-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509,
  PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
+PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
+PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
+PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
+PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
+PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
+PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
+PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
+PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
+PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
+PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
+PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
+PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
+PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
+PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
+PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
+PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
+PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
+PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
+PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
 
 =head1 SYNOPSIS
 
@@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an er
 key is not DSA.
 
 The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
+structure. The parameters are encoded using a Dss-Parms structure
+as defined in RFC2459.
 
 The B<DHparams> functions process DH parameters using a DH
 structure. The parameters are encoded using a PKCS#3 DHparameter

Modified: vendor-crypto/openssl/dist-0.9.8/e_os2.h
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/e_os2.h	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/e_os2.h	Thu Jun 11 18:03:37 2015	(r284281)
@@ -109,6 +109,12 @@ extern "C" {
 #    undef OPENSSL_SYS_UNIX
 #    define OPENSSL_SYS_WIN32
 #   endif
+#   if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN64)
+#     define OPENSSL_SYS_WIN64
+#    endif
+#   endif
 #   if defined(OPENSSL_SYSNAME_WINNT)
 #    undef OPENSSL_SYS_UNIX
 #    define OPENSSL_SYS_WINNT
@@ -121,7 +127,7 @@ extern "C" {
 # endif
 
 /* Anything that tries to look like Microsoft is "Windows" */
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_WINDOWS
 #  ifndef OPENSSL_SYS_MSDOS

Modified: vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -158,7 +158,7 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
  * RSA_FLAG_CACHE_PRIVATE, goto err);
  */
 # define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
-        if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
+        if ((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
                         !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
                                 CRYPTO_LOCK_RSA, \
                                 (rsa)->m, (ctx))) \

Modified: vendor-crypto/openssl/dist-0.9.8/openssl.spec
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/openssl.spec	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/openssl.spec	Thu Jun 11 18:03:37 2015	(r284281)
@@ -6,7 +6,7 @@ Release: 1
 
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-Version: 0.9.8zf
+Version: 0.9.8zg
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 License: OpenSSL
 Group: System Environment/Libraries

Modified: vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr
 {
     int ret;
 
+    /* Ensure there is no state left over from a previous invocation */
+    SSL_clear(s);
+
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
     s->d1->listen = 1;
 

Modified: vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s)
     }
 
     p = d = (unsigned char *)s->init_msg;
+
+    if (s->session->session_id_length > 0) {
+        int i = s->session_ctx->session_cache_mode;
+        SSL_SESSION *new_sess;
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if (i & SSL_SESS_CACHE_CLIENT) {
+            /*
+             * Remove the old session from the cache
+             */
+            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+                if (s->session_ctx->remove_session_cb != NULL)
+                    s->session_ctx->remove_session_cb(s->session_ctx,
+                                                      s->session);
+            } else {
+                /* We carry on if this fails */
+                SSL_CTX_remove_session(s->session_ctx, s->session);
+            }
+        }
+
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
     n2l(p, s->session->tlsext_tick_lifetime_hint);
     n2s(p, ticklen);
     /* ticket_lifetime_hint + ticket_length + ticket */

Modified: vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c
==============================================================================
--- vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c	Thu Jun 11 17:57:47 2015	(r284280)
+++ vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c	Thu Jun 11 18:03:37 2015	(r284281)
@@ -779,6 +779,16 @@ int ssl3_get_client_hello(SSL *s)
     d = p = (unsigned char *)s->init_msg;
 
     /*
+     * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
+     * for session id length
+     */
+    if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+        goto f_err;
+    }
+
+    /*
      * use version from inside client hello, not from record header (may
      * differ: see RFC 2246, Appendix E, second paragraph)
      */
@@ -808,6 +818,12 @@ int ssl3_get_client_hello(SSL *s)
         unsigned int session_length, cookie_length;
 
         session_length = *(p + SSL3_RANDOM_SIZE);
+

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506111803.t5BI3cOQ008536>