Date: Thu, 11 Jun 2015 18:03:38 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r284281 - in vendor-crypto/openssl/dist-0.9.8: . crypto crypto/asn1 crypto/bn crypto/cms crypto/dsa crypto/dso crypto/ec crypto/objects crypto/ocsp crypto/pem crypto/pkcs7 crypto/x509 d... Message-ID: <201506111803.t5BI3cOQ008536@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Thu Jun 11 18:03:37 2015 New Revision: 284281 URL: https://svnweb.freebsd.org/changeset/base/284281 Log: Import OpenSSL 0.9.8zg. Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade vendor-crypto/openssl/dist-0.9.8/Makefile vendor-crypto/openssl/dist-0.9.8/NEWS vendor-crypto/openssl/dist-0.9.8/README vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod vendor-crypto/openssl/dist-0.9.8/e_os2.h vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c vendor-crypto/openssl/dist-0.9.8/openssl.spec vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl.h vendor-crypto/openssl/dist-0.9.8/ssl/ssl_err.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl_locl.h vendor-crypto/openssl/dist-0.9.8/ssl/ssl_sess.c vendor-crypto/openssl/dist-0.9.8/util/mkerr.pl Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Jun 11 18:03:37 2015 (r284281) @@ -2,6 +2,74 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Böck. + (CVE-2015-1789) + [Emilia Käsper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Käsper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Jun 11 18:03:37 2015 (r284281) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 0.9.8zf -# OSSLTAG format: v0_9_8zf +setenv OSSLVER 0.9.8zg +# OSSLTAG format: v0_9_8zg ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist-0.9.8/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Makefile Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/Makefile Thu Jun 11 18:03:37 2015 (r284281) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8zf +VERSION=0.9.8zg MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: vendor-crypto/openssl/dist-0.9.8/NEWS ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/NEWS Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/NEWS Thu Jun 11 18:03:37 2015 (r284281) @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015] o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) Modified: vendor-crypto/openssl/dist-0.9.8/README ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/README Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/README Thu Jun 11 18:03:37 2015 (r284281) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8zf 19 Mar 2015 + OpenSSL 0.9.8zg 11 Jun 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c Thu Jun 11 18:03:37 2015 (r284281) @@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un else { ret = a->length; i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad = 1; pb = 0; @@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while (!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type = V_ASN1_INTEGER; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_new.c Thu Jun 11 18:03:37 2015 (r284281) @@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1 else asn1_cb = 0; - if (!combine) - *pval = NULL; - #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_push_info(it->sname); Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/x_x509.c Thu Jun 11 18:03:37 2015 (r284281) @@ -184,7 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig /* Save start position */ q = *pp; - if(!a || *a == NULL) { + if (!a || *a == NULL) { freeret = 1; } ret = d2i_X509(a, pp, length); @@ -199,7 +199,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig goto err; return ret; err: - if(freeret) { + if (freeret) { X509_free(ret); if (a) *a = NULL; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h Thu Jun 11 18:03:37 2015 (r284281) @@ -871,6 +871,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -886,12 +887,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -899,6 +902,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_err.c Thu Jun 11 18:03:37 2015 (r284281) @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, @@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_print.c Thu Jun 11 18:03:37 2015 (r284281) @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_rand.c Thu Jun 11 18:03:37 2015 (r284281) @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_shift.c Thu Jun 11 18:03:37 2015 (r284281) @@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c Thu Jun 11 18:03:37 2015 (r284281) @@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *up BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/dsa/dsa_ossl.c Thu Jun 11 18:03:37 2015 (r284281) @@ -107,23 +107,23 @@ static DSA_METHOD openssl_dsa_meth = { # define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ do { \ int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ + if ((dsa)->meth->dsa_mod_exp) \ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ (a2), (p2), (m), (ctx), (in_mont)); \ else \ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ (m), (ctx), (in_mont)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) # define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ do { \ int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ + if ((dsa)->meth->bn_mod_exp) \ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ (m), (ctx), (m_ctx)); \ else \ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) const DSA_METHOD *DSA_OpenSSL(void) Modified: vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/dso/dso_lib.c Thu Jun 11 18:03:37 2015 (r284281) @@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, co * honest. For one thing, I think I have to return a negative value for any * error because possible DSO_ctrl() commands may return values such as * "size"s that can legitimately be zero (making the standard - * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd + * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd * times. I'd prefer "output" values to be passed by reference and the return * value as success/failure like usual ... but we conform when we must... :-) */ Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_smpl.c Thu Jun 11 18:03:37 2015 (r284281) @@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GR } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_check.c Thu Jun 11 18:03:37 2015 (r284281) @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_key.c Thu Jun 11 18:03:37 2015 (r284281) @@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c Thu Jun 11 18:03:37 2015 (r284281) @@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GRO return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c Thu Jun 11 18:03:37 2015 (r284281) @@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GRO } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ectest.c Thu Jun 11 18:03:37 2015 (r284281) @@ -303,7 +303,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -436,7 +436,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -501,7 +501,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -572,7 +572,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -649,7 +649,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -723,7 +723,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -800,7 +800,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -862,7 +862,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1004,7 +1004,7 @@ void prime_field_tests() # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1022,7 +1022,7 @@ void prime_field_tests() if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1161,7 +1161,7 @@ void char2_field_tests() if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1382,7 +1382,7 @@ void char2_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ Modified: vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c Thu Jun 11 18:03:37 2015 (r284281) @@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_vfy.c Thu Jun 11 18:03:37 2015 (r284281) @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h Thu Jun 11 18:03:37 2015 (r284281) @@ -26,11 +26,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x009081ffL +# define OPENSSL_VERSION_NUMBER 0x0090820fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-fips 11 Jun 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg 11 Jun 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/pem/pem_pk8.c Thu Jun 11 18:03:37 2015 (r284281) @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else Modified: vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/pk7_doit.c Thu Jun 11 18:03:37 2015 (r284281) @@ -359,12 +359,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -377,6 +384,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -390,6 +398,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -557,7 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE etmp = NULL; } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { # if 0 Modified: vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_lu.c Thu Jun 11 18:03:37 2015 (r284281) @@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { Modified: vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/crypto/x509/x509_vfy.c Thu Jun 11 18:03:37 2015 (r284281) @@ -1007,47 +1007,84 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') @@ -1304,6 +1341,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_rand.pod Thu Jun 11 18:03:37 2015 (r284281) @@ -24,7 +24,8 @@ most significant bit of the random numbe it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B<bits> length. If B<bottom> is true, the -number will be odd. +number will be odd. The value of B<bits> must be zero or greater. If B<bits> is +1 then B<top> cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/BN_set_bit.pod Thu Jun 11 18:03:37 2015 (r284281) @@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n> shorter than B<n> bits. BN_lshift() shifts B<a> left by B<n> bits and places the result in -B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places -the result in B<r> (C<r=2*a>). +B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts +B<a> left by one and places the result in B<r> (C<r=2*a>). BN_rshift() shifts B<a> right by B<n> bits and places the result in -B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places -the result in B<r> (C<r=a/2>). +B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts +B<a> right by one and places the result in B<r> (C<r=a/2>). For the shift functions, B<r> and B<a> may be the same variable. Modified: vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod Thu Jun 11 18:03:37 2015 (r284281) @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an er key is not DSA. The B<DSAparams> functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B<DHparams> functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter Modified: vendor-crypto/openssl/dist-0.9.8/e_os2.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/e_os2.h Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/e_os2.h Thu Jun 11 18:03:37 2015 (r284281) @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS Modified: vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/fips/rsa/fips_rsa_eay.c Thu Jun 11 18:03:37 2015 (r284281) @@ -158,7 +158,7 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) * RSA_FLAG_CACHE_PRIVATE, goto err); */ # define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ - if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ + if ((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ CRYPTO_LOCK_RSA, \ (rsa)->m, (ctx))) \ Modified: vendor-crypto/openssl/dist-0.9.8/openssl.spec ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/openssl.spec Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/openssl.spec Thu Jun 11 18:03:37 2015 (r284281) @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8zf +Version: 0.9.8zg Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries Modified: vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c Thu Jun 11 18:03:37 2015 (r284281) @@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; Modified: vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c Thu Jun 11 18:03:37 2015 (r284281) @@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ Modified: vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c Thu Jun 11 17:57:47 2015 (r284280) +++ vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c Thu Jun 11 18:03:37 2015 (r284281) @@ -779,6 +779,16 @@ int ssl3_get_client_hello(SSL *s) d = p = (unsigned char *)s->init_msg; /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + /* * use version from inside client hello, not from record header (may * differ: see RFC 2246, Appendix E, second paragraph) */ @@ -808,6 +818,12 @@ int ssl3_get_client_hello(SSL *s) unsigned int session_length, cookie_length; session_length = *(p + SSL3_RANDOM_SIZE); + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506111803.t5BI3cOQ008536>