svn commit: r296279 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm cr...
Jung-uk Kim
jkim at FreeBSD.org
Tue Mar 1 22:08:31 UTC 2016
Author: jkim
Date: Tue Mar 1 22:08:28 2016
New Revision: 296279
URL: https://svnweb.freebsd.org/changeset/base/296279
Log:
Merge OpenSSL 1.0.2g.
Relnotes: yes
Added:
head/crypto/openssl/ssl/sslv2conftest.c
- copied unchanged from r296273, vendor-crypto/openssl/dist/ssl/sslv2conftest.c
Modified:
head/crypto/openssl/CHANGES
head/crypto/openssl/Configure
head/crypto/openssl/Makefile
head/crypto/openssl/Makefile.shared
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/apps.c
head/crypto/openssl/apps/apps.h
head/crypto/openssl/apps/pkeyutl.c
head/crypto/openssl/apps/req.c
head/crypto/openssl/apps/rsautl.c
head/crypto/openssl/apps/s_client.c
head/crypto/openssl/apps/s_server.c
head/crypto/openssl/config
head/crypto/openssl/crypto/asn1/tasn_dec.c
head/crypto/openssl/crypto/bio/b_print.c
head/crypto/openssl/crypto/bio/bio.h
head/crypto/openssl/crypto/bio/bss_mem.c
head/crypto/openssl/crypto/bn/Makefile
head/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
head/crypto/openssl/crypto/bn/bn.h
head/crypto/openssl/crypto/bn/bn_exp.c
head/crypto/openssl/crypto/bn/bn_print.c
head/crypto/openssl/crypto/bn/bn_recp.c
head/crypto/openssl/crypto/cmac/cmac.c
head/crypto/openssl/crypto/cryptlib.c
head/crypto/openssl/crypto/crypto.h
head/crypto/openssl/crypto/dh/dh.h
head/crypto/openssl/crypto/dh/dh_check.c
head/crypto/openssl/crypto/dsa/dsa_ameth.c
head/crypto/openssl/crypto/dso/dso_lib.c
head/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
head/crypto/openssl/crypto/ec/ecp_nistp224.c
head/crypto/openssl/crypto/ec/ecp_nistp256.c
head/crypto/openssl/crypto/ec/ecp_nistp521.c
head/crypto/openssl/crypto/ec/ectest.c
head/crypto/openssl/crypto/engine/eng_dyn.c
head/crypto/openssl/crypto/evp/e_des.c
head/crypto/openssl/crypto/evp/e_des3.c
head/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
head/crypto/openssl/crypto/modes/ctr128.c
head/crypto/openssl/crypto/opensslconf.h
head/crypto/openssl/crypto/opensslv.h
head/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
head/crypto/openssl/crypto/pkcs7/pk7_smime.c
head/crypto/openssl/crypto/rsa/rsa_sign.c
head/crypto/openssl/crypto/srp/srp.h
head/crypto/openssl/crypto/srp/srp_vfy.c
head/crypto/openssl/crypto/stack/stack.c
head/crypto/openssl/crypto/x509/x509_vfy.c
head/crypto/openssl/doc/apps/ciphers.pod
head/crypto/openssl/doc/apps/pkeyutl.pod
head/crypto/openssl/doc/apps/req.pod
head/crypto/openssl/doc/apps/s_client.pod
head/crypto/openssl/doc/apps/s_server.pod
head/crypto/openssl/doc/crypto/BIO_s_mem.pod
head/crypto/openssl/doc/ssl/SSL_CONF_cmd.pod
head/crypto/openssl/doc/ssl/SSL_CTX_new.pod
head/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
head/crypto/openssl/doc/ssl/ssl.pod
head/crypto/openssl/engines/e_capi.c
head/crypto/openssl/ssl/Makefile
head/crypto/openssl/ssl/s2_lib.c
head/crypto/openssl/ssl/s3_lib.c
head/crypto/openssl/ssl/ssl.h
head/crypto/openssl/ssl/ssl_conf.c
head/crypto/openssl/ssl/ssl_err.c
head/crypto/openssl/ssl/ssl_lib.c
head/crypto/openssl/util/libeay.num
head/crypto/openssl/util/mk1mf.pl
head/crypto/openssl/util/pl/BC-32.pl
head/crypto/openssl/util/pl/Mingw32.pl
head/crypto/openssl/util/pl/OS2-EMX.pl
head/crypto/openssl/util/pl/VC-32.pl
head/crypto/openssl/util/pl/linux.pl
head/crypto/openssl/util/pl/netware.pl
head/crypto/openssl/util/pl/ultrix.pl
head/crypto/openssl/util/pl/unix.pl
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/amd64/aes-x86_64.S
head/secure/lib/libcrypto/amd64/aesni-sha1-x86_64.S
head/secure/lib/libcrypto/amd64/aesni-x86_64.S
head/secure/lib/libcrypto/amd64/bsaes-x86_64.S
head/secure/lib/libcrypto/amd64/cmll-x86_64.S
head/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
head/secure/lib/libcrypto/amd64/ghash-x86_64.S
head/secure/lib/libcrypto/amd64/md5-x86_64.S
head/secure/lib/libcrypto/amd64/rsaz-x86_64.S
head/secure/lib/libcrypto/amd64/sha1-mb-x86_64.S
head/secure/lib/libcrypto/amd64/sha1-x86_64.S
head/secure/lib/libcrypto/amd64/sha256-mb-x86_64.S
head/secure/lib/libcrypto/amd64/sha256-x86_64.S
head/secure/lib/libcrypto/amd64/vpaes-x86_64.S
head/secure/lib/libcrypto/amd64/x86_64-gf2m.S
head/secure/lib/libcrypto/amd64/x86_64-mont.S
head/secure/lib/libcrypto/amd64/x86_64-mont5.S
head/secure/lib/libcrypto/amd64/x86_64cpuid.S
head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/ASN1_TIME_set.3
head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/BIO_ctrl.3
head/secure/lib/libcrypto/man/BIO_f_base64.3
head/secure/lib/libcrypto/man/BIO_f_buffer.3
head/secure/lib/libcrypto/man/BIO_f_cipher.3
head/secure/lib/libcrypto/man/BIO_f_md.3
head/secure/lib/libcrypto/man/BIO_f_null.3
head/secure/lib/libcrypto/man/BIO_f_ssl.3
head/secure/lib/libcrypto/man/BIO_find_type.3
head/secure/lib/libcrypto/man/BIO_new.3
head/secure/lib/libcrypto/man/BIO_new_CMS.3
head/secure/lib/libcrypto/man/BIO_push.3
head/secure/lib/libcrypto/man/BIO_read.3
head/secure/lib/libcrypto/man/BIO_s_accept.3
head/secure/lib/libcrypto/man/BIO_s_bio.3
head/secure/lib/libcrypto/man/BIO_s_connect.3
head/secure/lib/libcrypto/man/BIO_s_fd.3
head/secure/lib/libcrypto/man/BIO_s_file.3
head/secure/lib/libcrypto/man/BIO_s_mem.3
head/secure/lib/libcrypto/man/BIO_s_null.3
head/secure/lib/libcrypto/man/BIO_s_socket.3
head/secure/lib/libcrypto/man/BIO_set_callback.3
head/secure/lib/libcrypto/man/BIO_should_retry.3
head/secure/lib/libcrypto/man/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/BN_CTX_new.3
head/secure/lib/libcrypto/man/BN_CTX_start.3
head/secure/lib/libcrypto/man/BN_add.3
head/secure/lib/libcrypto/man/BN_add_word.3
head/secure/lib/libcrypto/man/BN_bn2bin.3
head/secure/lib/libcrypto/man/BN_cmp.3
head/secure/lib/libcrypto/man/BN_copy.3
head/secure/lib/libcrypto/man/BN_generate_prime.3
head/secure/lib/libcrypto/man/BN_mod_inverse.3
head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/BN_new.3
head/secure/lib/libcrypto/man/BN_num_bytes.3
head/secure/lib/libcrypto/man/BN_rand.3
head/secure/lib/libcrypto/man/BN_set_bit.3
head/secure/lib/libcrypto/man/BN_swap.3
head/secure/lib/libcrypto/man/BN_zero.3
head/secure/lib/libcrypto/man/CMS_add0_cert.3
head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/CMS_add1_signer.3
head/secure/lib/libcrypto/man/CMS_compress.3
head/secure/lib/libcrypto/man/CMS_decrypt.3
head/secure/lib/libcrypto/man/CMS_encrypt.3
head/secure/lib/libcrypto/man/CMS_final.3
head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/CMS_get0_type.3
head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/CMS_sign.3
head/secure/lib/libcrypto/man/CMS_sign_receipt.3
head/secure/lib/libcrypto/man/CMS_uncompress.3
head/secure/lib/libcrypto/man/CMS_verify.3
head/secure/lib/libcrypto/man/CMS_verify_receipt.3
head/secure/lib/libcrypto/man/CONF_modules_free.3
head/secure/lib/libcrypto/man/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
head/secure/lib/libcrypto/man/DH_generate_key.3
head/secure/lib/libcrypto/man/DH_generate_parameters.3
head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
head/secure/lib/libcrypto/man/DH_new.3
head/secure/lib/libcrypto/man/DH_set_method.3
head/secure/lib/libcrypto/man/DH_size.3
head/secure/lib/libcrypto/man/DSA_SIG_new.3
head/secure/lib/libcrypto/man/DSA_do_sign.3
head/secure/lib/libcrypto/man/DSA_dup_DH.3
head/secure/lib/libcrypto/man/DSA_generate_key.3
head/secure/lib/libcrypto/man/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/DSA_new.3
head/secure/lib/libcrypto/man/DSA_set_method.3
head/secure/lib/libcrypto/man/DSA_sign.3
head/secure/lib/libcrypto/man/DSA_size.3
head/secure/lib/libcrypto/man/EC_GFp_simple_method.3
head/secure/lib/libcrypto/man/EC_GROUP_copy.3
head/secure/lib/libcrypto/man/EC_GROUP_new.3
head/secure/lib/libcrypto/man/EC_KEY_new.3
head/secure/lib/libcrypto/man/EC_POINT_add.3
head/secure/lib/libcrypto/man/EC_POINT_new.3
head/secure/lib/libcrypto/man/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/ERR_clear_error.3
head/secure/lib/libcrypto/man/ERR_error_string.3
head/secure/lib/libcrypto/man/ERR_get_error.3
head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/ERR_load_strings.3
head/secure/lib/libcrypto/man/ERR_print_errors.3
head/secure/lib/libcrypto/man/ERR_put_error.3
head/secure/lib/libcrypto/man/ERR_remove_state.3
head/secure/lib/libcrypto/man/ERR_set_mark.3
head/secure/lib/libcrypto/man/EVP_BytesToKey.3
head/secure/lib/libcrypto/man/EVP_DigestInit.3
head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/EVP_OpenInit.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/EVP_SealInit.3
head/secure/lib/libcrypto/man/EVP_SignInit.3
head/secure/lib/libcrypto/man/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/OPENSSL_Applink.3
head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/OPENSSL_config.3
head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
head/secure/lib/libcrypto/man/PKCS12_create.3
head/secure/lib/libcrypto/man/PKCS12_parse.3
head/secure/lib/libcrypto/man/PKCS7_decrypt.3
head/secure/lib/libcrypto/man/PKCS7_encrypt.3
head/secure/lib/libcrypto/man/PKCS7_sign.3
head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
head/secure/lib/libcrypto/man/PKCS7_verify.3
head/secure/lib/libcrypto/man/RAND_add.3
head/secure/lib/libcrypto/man/RAND_bytes.3
head/secure/lib/libcrypto/man/RAND_cleanup.3
head/secure/lib/libcrypto/man/RAND_egd.3
head/secure/lib/libcrypto/man/RAND_load_file.3
head/secure/lib/libcrypto/man/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/RSA_blinding_on.3
head/secure/lib/libcrypto/man/RSA_check_key.3
head/secure/lib/libcrypto/man/RSA_generate_key.3
head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/RSA_new.3
head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/RSA_print.3
head/secure/lib/libcrypto/man/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/RSA_set_method.3
head/secure/lib/libcrypto/man/RSA_sign.3
head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/RSA_size.3
head/secure/lib/libcrypto/man/SMIME_read_CMS.3
head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
head/secure/lib/libcrypto/man/SMIME_write_CMS.3
head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/X509_check_host.3
head/secure/lib/libcrypto/man/X509_new.3
head/secure/lib/libcrypto/man/X509_verify_cert.3
head/secure/lib/libcrypto/man/bio.3
head/secure/lib/libcrypto/man/blowfish.3
head/secure/lib/libcrypto/man/bn.3
head/secure/lib/libcrypto/man/bn_internal.3
head/secure/lib/libcrypto/man/buffer.3
head/secure/lib/libcrypto/man/crypto.3
head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
head/secure/lib/libcrypto/man/d2i_DHparams.3
head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_ECPKParameters.3
head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_X509.3
head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
head/secure/lib/libcrypto/man/d2i_X509_CRL.3
head/secure/lib/libcrypto/man/d2i_X509_NAME.3
head/secure/lib/libcrypto/man/d2i_X509_REQ.3
head/secure/lib/libcrypto/man/d2i_X509_SIG.3
head/secure/lib/libcrypto/man/des.3
head/secure/lib/libcrypto/man/dh.3
head/secure/lib/libcrypto/man/dsa.3
head/secure/lib/libcrypto/man/ec.3
head/secure/lib/libcrypto/man/ecdsa.3
head/secure/lib/libcrypto/man/engine.3
head/secure/lib/libcrypto/man/err.3
head/secure/lib/libcrypto/man/evp.3
head/secure/lib/libcrypto/man/hmac.3
head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
head/secure/lib/libcrypto/man/lh_stats.3
head/secure/lib/libcrypto/man/lhash.3
head/secure/lib/libcrypto/man/md5.3
head/secure/lib/libcrypto/man/mdc2.3
head/secure/lib/libcrypto/man/pem.3
head/secure/lib/libcrypto/man/rand.3
head/secure/lib/libcrypto/man/rc4.3
head/secure/lib/libcrypto/man/ripemd.3
head/secure/lib/libcrypto/man/rsa.3
head/secure/lib/libcrypto/man/sha.3
head/secure/lib/libcrypto/man/threads.3
head/secure/lib/libcrypto/man/ui.3
head/secure/lib/libcrypto/man/ui_compat.3
head/secure/lib/libcrypto/man/x509.3
head/secure/lib/libcrypto/opensslconf-aarch64.h
head/secure/lib/libcrypto/opensslconf-arm.h
head/secure/lib/libcrypto/opensslconf-mips.h
head/secure/lib/libcrypto/opensslconf-powerpc.h
head/secure/lib/libcrypto/opensslconf-riscv.h
head/secure/lib/libcrypto/opensslconf-sparc64.h
head/secure/lib/libcrypto/opensslconf-x86.h
head/secure/lib/libssl/Makefile.man
head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
head/secure/lib/libssl/man/SSL_CONF_CTX_new.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
head/secure/lib/libssl/man/SSL_CONF_cmd.3
head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_session.3
head/secure/lib/libssl/man/SSL_CTX_ctrl.3
head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
head/secure/lib/libssl/man/SSL_CTX_free.3
head/secure/lib/libssl/man/SSL_CTX_get0_param.3
head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
head/secure/lib/libssl/man/SSL_CTX_new.3
head/secure/lib/libssl/man/SSL_CTX_sess_number.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libssl/man/SSL_CTX_sessions.3
head/secure/lib/libssl/man/SSL_CTX_set1_curves.3
head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
head/secure/lib/libssl/man/SSL_CTX_set_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_options.3
head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_verify.3
head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
head/secure/lib/libssl/man/SSL_SESSION_free.3
head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_SESSION_get_time.3
head/secure/lib/libssl/man/SSL_accept.3
head/secure/lib/libssl/man/SSL_alert_type_string.3
head/secure/lib/libssl/man/SSL_check_chain.3
head/secure/lib/libssl/man/SSL_clear.3
head/secure/lib/libssl/man/SSL_connect.3
head/secure/lib/libssl/man/SSL_do_handshake.3
head/secure/lib/libssl/man/SSL_free.3
head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
head/secure/lib/libssl/man/SSL_get_ciphers.3
head/secure/lib/libssl/man/SSL_get_client_CA_list.3
head/secure/lib/libssl/man/SSL_get_current_cipher.3
head/secure/lib/libssl/man/SSL_get_default_timeout.3
head/secure/lib/libssl/man/SSL_get_error.3
head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
head/secure/lib/libssl/man/SSL_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_get_fd.3
head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
head/secure/lib/libssl/man/SSL_get_peer_certificate.3
head/secure/lib/libssl/man/SSL_get_psk_identity.3
head/secure/lib/libssl/man/SSL_get_rbio.3
head/secure/lib/libssl/man/SSL_get_session.3
head/secure/lib/libssl/man/SSL_get_verify_result.3
head/secure/lib/libssl/man/SSL_get_version.3
head/secure/lib/libssl/man/SSL_library_init.3
head/secure/lib/libssl/man/SSL_load_client_CA_file.3
head/secure/lib/libssl/man/SSL_new.3
head/secure/lib/libssl/man/SSL_pending.3
head/secure/lib/libssl/man/SSL_read.3
head/secure/lib/libssl/man/SSL_rstate_string.3
head/secure/lib/libssl/man/SSL_session_reused.3
head/secure/lib/libssl/man/SSL_set_bio.3
head/secure/lib/libssl/man/SSL_set_connect_state.3
head/secure/lib/libssl/man/SSL_set_fd.3
head/secure/lib/libssl/man/SSL_set_session.3
head/secure/lib/libssl/man/SSL_set_shutdown.3
head/secure/lib/libssl/man/SSL_set_verify_result.3
head/secure/lib/libssl/man/SSL_shutdown.3
head/secure/lib/libssl/man/SSL_state_string.3
head/secure/lib/libssl/man/SSL_want.3
head/secure/lib/libssl/man/SSL_write.3
head/secure/lib/libssl/man/d2i_SSL_SESSION.3
head/secure/lib/libssl/man/ssl.3
head/secure/usr.bin/openssl/man/CA.pl.1
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/c_rehash.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/openssl.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/CHANGES Tue Mar 1 22:08:28 2016 (r296279)
@@ -2,6 +2,138 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
+
+ * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+ Builds that are not configured with "enable-weak-ssl-ciphers" will not
+ provide any "EXPORT" or "LOW" strength ciphers.
+ [Viktor Dukhovni]
+
+ * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
+ is by default disabled at build-time. Builds that are not configured with
+ "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
+ users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
+ will need to explicitly call either of:
+
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+ or
+ SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+ as appropriate. Even if either of those is used, or the application
+ explicitly uses the version-specific SSLv2_method() or its client and
+ server variants, SSLv2 ciphers vulnerable to exhaustive search key
+ recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
+ ciphers, and SSLv2 56-bit DES are no longer available.
+ (CVE-2016-0800)
+ [Viktor Dukhovni]
+
+ *) Fix a double-free in DSA code
+
+ A double free bug was discovered when OpenSSL parses malformed DSA private
+ keys and could lead to a DoS attack or memory corruption for applications
+ that receive DSA private keys from untrusted sources. This scenario is
+ considered rare.
+
+ This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2016-0705)
+ [Stephen Henson]
+
+ *) Disable SRP fake user seed to address a server memory leak.
+
+ Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+ SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+ In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+ was changed to ignore the "fake user" SRP seed, even if the seed
+ is configured.
+
+ Users should use SRP_VBASE_get1_by_user instead. Note that in
+ SRP_VBASE_get1_by_user, caller must free the returned value. Note
+ also that even though configuring the SRP seed attempts to hide
+ invalid usernames by continuing the handshake with fake
+ credentials, this behaviour is not constant time and no strong
+ guarantees are made that the handshake is indistinguishable from
+ that of a valid user.
+ (CVE-2016-0798)
+ [Emilia Käsper]
+
+ *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+
+ In the BN_hex2bn function the number of hex digits is calculated using an
+ int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
+ large values of |i| this can result in |bn_expand| not allocating any
+ memory because |i * 4| is negative. This can leave the internal BIGNUM data
+ field as NULL leading to a subsequent NULL ptr deref. For very large values
+ of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
+ In this case memory is allocated to the internal BIGNUM data field, but it
+ is insufficiently sized leading to heap corruption. A similar issue exists
+ in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
+ is ever called by user applications with very large untrusted hex/dec data.
+ This is anticipated to be a rare occurrence.
+
+ All OpenSSL internal usage of these functions use data that is not expected
+ to be untrusted, e.g. config file data or application command line
+ arguments. If user developed applications generate config file data based
+ on untrusted data then it is possible that this could also lead to security
+ consequences. This is also anticipated to be rare.
+
+ This issue was reported to OpenSSL by Guido Vranken.
+ (CVE-2016-0797)
+ [Matt Caswell]
+
+ *) Fix memory issues in BIO_*printf functions
+
+ The internal |fmtstr| function used in processing a "%s" format string in
+ the BIO_*printf functions could overflow while calculating the length of a
+ string and cause an OOB read when printing very long strings.
+
+ Additionally the internal |doapr_outch| function can attempt to write to an
+ OOB memory location (at an offset from the NULL pointer) in the event of a
+ memory allocation failure. In 1.0.2 and below this could be caused where
+ the size of a buffer to be allocated is greater than INT_MAX. E.g. this
+ could be in processing a very long "%s" format string. Memory leaks can
+ also occur.
+
+ The first issue may mask the second issue dependent on compiler behaviour.
+ These problems could enable attacks where large amounts of untrusted data
+ is passed to the BIO_*printf functions. If applications use these functions
+ in this way then they could be vulnerable. OpenSSL itself uses these
+ functions when printing out human-readable dumps of ASN.1 data. Therefore
+ applications that print this data could be vulnerable if the data is from
+ untrusted sources. OpenSSL command line applications could also be
+ vulnerable where they print out ASN.1 data, or if untrusted data is passed
+ as command line arguments.
+
+ Libssl is not considered directly vulnerable. Additionally certificates etc
+ received via remote connections via libssl are also unlikely to be able to
+ trigger these issues because of message size limits enforced within libssl.
+
+ This issue was reported to OpenSSL Guido Vranken.
+ (CVE-2016-0799)
+ [Matt Caswell]
+
+ *) Side channel attack on modular exponentiation
+
+ A side-channel attack was found which makes use of cache-bank conflicts on
+ the Intel Sandy-Bridge microarchitecture which could lead to the recovery
+ of RSA keys. The ability to exploit this issue is limited as it relies on
+ an attacker who has control of code in a thread running on the same
+ hyper-threaded core as the victim thread which is performing decryptions.
+
+ This issue was reported to OpenSSL by Yuval Yarom, The University of
+ Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
+ Nadia Heninger, University of Pennsylvania with more information at
+ http://cachebleed.info.
+ (CVE-2016-0702)
+ [Andy Polyakov]
+
+ *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+ if no keysize is specified with default_bits. This fixes an
+ omission in an earlier change that changed all RSA/DSA key generation
+ apps to use 2048 bits by default.
+ [Emilia Käsper]
+
Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
*) DH small subgroups
@@ -105,7 +237,7 @@
[Emilia Käsper]
*) In DSA_generate_parameters_ex, if the provided seed is too short,
- return an error
+ use a random seed, as already documented.
[Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/Configure Tue Mar 1 22:08:28 2016 (r296279)
@@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher>
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# 386 generate 80386 code
+# enable-weak-ssl-ciphers
+# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
+# default. Note, weak SSLv2 ciphers are unconditionally
+# disabled.
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
@@ -781,11 +785,13 @@ my %disabled = ( # "what" => "co
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
- "sctp" => "default",
+ "sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
+ "ssl2" => "default",
"store" => "experimental",
"unit-test" => "default",
+ "weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/Makefile Tue Mar 1 22:08:28 2016 (r296279)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2f
+VERSION=1.0.2g
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -13,7 +13,7 @@ SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=
PLATFORM=dist
-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
+OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
+DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS=
EXE_EXT=
Modified: head/crypto/openssl/Makefile.shared
==============================================================================
--- head/crypto/openssl/Makefile.shared Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/Makefile.shared Tue Mar 1 22:08:28 2016 (r296279)
@@ -272,7 +272,7 @@ link_o.cygwin:
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-s,-Bsymbolic"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \
$(LINK_SO_O)
#for mingw target if def-file is in use dll-name should match library-name
link_a.cygwin:
@@ -289,7 +289,7 @@ link_a.cygwin:
SHLIB_SOVER=32; \
extras="$(LIBNAME).def"; \
$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
- base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
@@ -297,7 +297,7 @@ link_a.cygwin:
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-s,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
[ -f test/$$dll_name ] && rm test/$$dll_name; \
$(LINK_SO_A) || exit 1; \
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/NEWS Tue Mar 1 22:08:28 2016 (r296279)
@@ -5,6 +5,19 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+
+ o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+ o Disable SSLv2 default build, default negotiation and weak ciphers
+ (CVE-2016-0800)
+ o Fix a double-free in DSA code (CVE-2016-0705)
+ o Disable SRP fake user seed to address a server memory leak
+ (CVE-2016-0798)
+ o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+ (CVE-2016-0797)
+ o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+ o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
o DH small subgroups (CVE-2016-0701)
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/README Tue Mar 1 22:08:28 2016 (r296279)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2f 28 Jan 2016
+ OpenSSL 1.0.2g 1 Mar 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: head/crypto/openssl/apps/apps.c
==============================================================================
--- head/crypto/openssl/apps/apps.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/apps.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -2442,7 +2442,11 @@ int bio_to_mem(unsigned char **out, int
else
len = 1024;
len = BIO_read(in, tbuf, len);
- if (len <= 0)
+ if (len < 0) {
+ BIO_free(mem);
+ return -1;
+ }
+ if (len == 0)
break;
if (BIO_write(mem, tbuf, len) != len) {
BIO_free(mem);
@@ -2459,7 +2463,7 @@ int bio_to_mem(unsigned char **out, int
return ret;
}
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
{
int rv;
char *stmp, *vtmp = NULL;
Modified: head/crypto/openssl/apps/apps.h
==============================================================================
--- head/crypto/openssl/apps/apps.h Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/apps.h Tue Mar 1 22:08:28 2016 (r296279)
@@ -321,7 +321,7 @@ int args_verify(char ***pargs, int *parg
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
Modified: head/crypto/openssl/apps/pkeyutl.c
==============================================================================
--- head/crypto/openssl/apps/pkeyutl.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/pkeyutl.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -73,7 +73,7 @@ static void usage(void);
#define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
- char *keyfile, int keyform, int key_type,
+ const char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e,
int impl);
@@ -99,10 +99,12 @@ int MAIN(int argc, char **argv)
char *passargin = NULL;
int keysize = -1;
int engine_impl = 0;
-
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
- size_t buf_outlen;
+ size_t buf_outlen = 0;
int buf_inlen = 0, siglen = -1;
+ const char *inkey = NULL;
+ const char *peerkey = NULL;
+ STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
int ret = 1, rv = -1;
@@ -136,21 +138,13 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-inkey")) {
if (--argc < 1)
badarg = 1;
- else {
- ctx = init_ctx(&keysize,
- *(++argv), keyform, key_type,
- passargin, pkey_op, e, engine_impl);
- if (!ctx) {
- BIO_puts(bio_err, "Error initializing context\n");
- ERR_print_errors(bio_err);
- badarg = 1;
- }
- }
+ else
+ inkey = *++argv;
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
- badarg = 1;
+ else
+ peerkey = *++argv;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
badarg = 1;
@@ -191,23 +185,21 @@ int MAIN(int argc, char **argv)
pkey_op = EVP_PKEY_OP_VERIFY;
else if (!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
- else if (!strcmp(*argv, "-rev"))
- rev = 1;
else if (!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT;
else if (!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT;
else if (!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE;
+ else if (!strcmp(*argv, "-rev"))
+ rev = 1;
else if (strcmp(*argv, "-pkeyopt") == 0) {
if (--argc < 1)
badarg = 1;
- else if (!ctx) {
- BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
- badarg = 1;
- } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
- BIO_puts(bio_err, "parameter setting error\n");
- ERR_print_errors(bio_err);
+ else if ((pkeyopts == NULL &&
+ (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
+ sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) {
+ BIO_puts(bio_err, "out of memory\n");
goto end;
}
} else
@@ -220,10 +212,37 @@ int MAIN(int argc, char **argv)
argv++;
}
- if (!ctx) {
+ if (inkey == NULL ||
+ (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {
usage();
goto end;
}
+ ctx = init_ctx(&keysize, inkey, keyform, key_type,
+ passargin, pkey_op, e, engine_impl);
+ if (!ctx) {
+ BIO_puts(bio_err, "Error initializing context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (peerkey != NULL && !setup_peer(bio_err, ctx, peerform, peerkey, e)) {
+ BIO_puts(bio_err, "Error setting up peer key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (pkeyopts != NULL) {
+ int num = sk_OPENSSL_STRING_num(pkeyopts);
+ int i;
+
+ for (i = 0; i < num; ++i) {
+ const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
+
+ if (pkey_ctrl_string(ctx, opt) <= 0) {
+ BIO_puts(bio_err, "parameter setting error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ }
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_puts(bio_err, "Signature file specified for non verify\n");
@@ -273,7 +292,7 @@ int MAIN(int argc, char **argv)
}
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
- if (siglen <= 0) {
+ if (siglen < 0) {
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
@@ -282,7 +301,7 @@ int MAIN(int argc, char **argv)
if (in) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
- if (buf_inlen <= 0) {
+ if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
@@ -310,7 +329,7 @@ int MAIN(int argc, char **argv)
} else {
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
- if (rv > 0) {
+ if (rv > 0 && buf_outlen != 0) {
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
@@ -340,12 +359,14 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX_free(ctx);
BIO_free(in);
BIO_free_all(out);
- if (buf_in)
+ if (buf_in != NULL)
OPENSSL_free(buf_in);
- if (buf_out)
+ if (buf_out != NULL)
OPENSSL_free(buf_out);
- if (sig)
+ if (sig != NULL)
OPENSSL_free(sig);
+ if (pkeyopts != NULL)
+ sk_OPENSSL_STRING_free(pkeyopts);
return ret;
}
@@ -380,7 +401,7 @@ static void usage()
}
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
- char *keyfile, int keyform, int key_type,
+ const char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e,
int engine_impl)
{
@@ -484,14 +505,9 @@ static int setup_peer(BIO *err, EVP_PKEY
EVP_PKEY *peer = NULL;
ENGINE* engine = NULL;
int ret;
- if (!ctx) {
- BIO_puts(err, "-peerkey command before -inkey\n");
- return 0;
- }
if (peerform == FORMAT_ENGINE)
- engine = e;
-
+ engine = e;
peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
Modified: head/crypto/openssl/apps/req.c
==============================================================================
--- head/crypto/openssl/apps/req.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/req.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -101,8 +101,8 @@
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define DEFAULT_KEY_LENGTH 512
-#define MIN_KEY_LENGTH 384
+#define DEFAULT_KEY_LENGTH 2048
+#define MIN_KEY_LENGTH 512
#undef PROG
#define PROG req_main
Modified: head/crypto/openssl/apps/rsautl.c
==============================================================================
--- head/crypto/openssl/apps/rsautl.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/rsautl.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -250,7 +250,7 @@ int MAIN(int argc, char **argv)
if (outfile) {
if (!(out = BIO_new_file(outfile, "wb"))) {
- BIO_printf(bio_err, "Error Reading Output File\n");
+ BIO_printf(bio_err, "Error Writing Output File\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -276,7 +276,7 @@ int MAIN(int argc, char **argv)
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
- if (rsa_inlen <= 0) {
+ if (rsa_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
@@ -311,7 +311,7 @@ int MAIN(int argc, char **argv)
}
- if (rsa_outlen <= 0) {
+ if (rsa_outlen < 0) {
BIO_printf(bio_err, "RSA operation error\n");
ERR_print_errors(bio_err);
goto end;
Modified: head/crypto/openssl/apps/s_client.c
==============================================================================
--- head/crypto/openssl/apps/s_client.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/s_client.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -391,8 +391,6 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -bugs - Switch on all SSL implementation bug workarounds\n");
BIO_printf(bio_err,
- " -serverpref - Use server's cipher preferences (only SSLv2)\n");
- BIO_printf(bio_err,
" -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err,
" command to see what is available\n");
Modified: head/crypto/openssl/apps/s_server.c
==============================================================================
--- head/crypto/openssl/apps/s_server.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/apps/s_server.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -429,6 +429,8 @@ typedef struct srpsrvparm_st {
static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
{
srpsrvparm *p = (srpsrvparm *) arg;
+ int ret = SSL3_AL_FATAL;
+
if (p->login == NULL && p->user == NULL) {
p->login = SSL_get_srp_username(s);
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
@@ -437,21 +439,25 @@ static int MS_CALLBACK ssl_srp_server_pa
if (p->user == NULL) {
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
- return SSL3_AL_FATAL;
+ goto err;
}
+
if (SSL_set_srp_server_param
(s, p->user->N, p->user->g, p->user->s, p->user->v,
p->user->info) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
- return SSL3_AL_FATAL;
+ goto err;
}
BIO_printf(bio_err,
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
p->login, p->user->info);
- /* need to check whether there are memory leaks */
+ ret = SSL_ERROR_NONE;
+
+err:
+ SRP_user_pwd_free(p->user);
p->user = NULL;
p->login = NULL;
- return SSL_ERROR_NONE;
+ return ret;
}
#endif
@@ -2452,9 +2458,10 @@ static int sv_body(char *hostname, int s
#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -2508,9 +2515,10 @@ static int sv_body(char *hostname, int s
#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -2605,9 +2613,10 @@ static int init_ssl_connection(SSL *con)
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
srp_callback_parm.login);
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -2849,9 +2858,10 @@ static int www_body(char *hostname, int
&& SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
srp_callback_parm.login);
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -2891,9 +2901,10 @@ static int www_body(char *hostname, int
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -3236,9 +3247,10 @@ static int rev_body(char *hostname, int
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
@@ -3264,9 +3276,10 @@ static int rev_body(char *hostname, int
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
Modified: head/crypto/openssl/config
==============================================================================
--- head/crypto/openssl/config Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/config Tue Mar 1 22:08:28 2016 (r296279)
@@ -852,7 +852,8 @@ case "$GUESSOS" in
# *-dgux) OUT="dgux" ;;
mips-sony-newsos4) OUT="newsos4-gcc" ;;
*-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
- *-*-cygwin) OUT="Cygwin" ;;
+ i[3456]86-*-cygwin) OUT="Cygwin" ;;
+ *-*-cygwin) OUT="Cygwin-${MACHINE}" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
nsr-tandem-nsk) OUT="tandem-c89" ;;
Modified: head/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_dec.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/crypto/asn1/tasn_dec.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -717,7 +717,7 @@ static int asn1_d2i_ex_primitive(ASN1_VA
long plen;
char cst, inf, free_cont = 0;
const unsigned char *p;
- BUF_MEM buf;
+ BUF_MEM buf = { 0, NULL, 0 };
const unsigned char *cont = NULL;
long len;
if (!pval) {
@@ -793,7 +793,6 @@ static int asn1_d2i_ex_primitive(ASN1_VA
} else {
len = p - cont + plen;
p += plen;
- buf.data = NULL;
}
} else if (cst) {
if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
@@ -802,9 +801,9 @@ static int asn1_d2i_ex_primitive(ASN1_VA
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
return 0;
}
- buf.length = 0;
- buf.max = 0;
- buf.data = NULL;
+
+ /* Free any returned 'buf' content */
+ free_cont = 1;
/*
* Should really check the internal tags are correct but some things
* may get this wrong. The relevant specs say that constructed string
@@ -812,18 +811,16 @@ static int asn1_d2i_ex_primitive(ASN1_VA
* So instead just check for UNIVERSAL class and ignore the tag.
*/
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
- free_cont = 1;
goto err;
}
len = buf.length;
/* Append a final null to string */
if (!BUF_MEM_grow_clean(&buf, len + 1)) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
buf.data[len] = 0;
cont = (const unsigned char *)buf.data;
- free_cont = 1;
} else {
cont = p;
len = plen;
@@ -831,6 +828,7 @@ static int asn1_d2i_ex_primitive(ASN1_VA
}
/* We now have content length and type: translate into a structure */
+ /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
goto err;
Modified: head/crypto/openssl/crypto/bio/b_print.c
==============================================================================
--- head/crypto/openssl/crypto/bio/b_print.c Tue Mar 1 19:15:34 2016 (r296278)
+++ head/crypto/openssl/crypto/bio/b_print.c Tue Mar 1 22:08:28 2016 (r296279)
@@ -125,16 +125,16 @@
# define LLONG long
#endif
-static void fmtstr(char **, char **, size_t *, size_t *,
- const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
- LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
- LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
- size_t *maxlen, size_t *retlen, int *truncated,
- const char *format, va_list args);
+static int fmtstr(char **, char **, size_t *, size_t *,
+ const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+ LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
/* format read states */
#define DP_S_DEFAULT 0
@@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char *
#define char_to_int(p) (p - '0')
#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static void
+static int
_dopr(char **sbuffer,
char **buffer,
size_t *maxlen,
@@ -196,7 +196,8 @@ _dopr(char **sbuffer,
if (ch == '%')
state = DP_S_FLAGS;
else
- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+ return 0;
ch = *format++;
break;
case DP_S_FLAGS:
@@ -302,8 +303,9 @@ _dopr(char **sbuffer,
value = va_arg(args, int);
break;
}
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 10, min, max, flags);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+ max, flags))
+ return 0;
break;
case 'X':
flags |= DP_F_UP;
@@ -326,17 +328,19 @@ _dopr(char **sbuffer,
value = (LLONG) va_arg(args, unsigned int);
break;
}
- fmtint(sbuffer, buffer, &currlen, maxlen, value,
- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
- min, max, flags);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+ min, max, flags))
+ return 0;
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
else
fvalue = va_arg(args, double);
- fmtfp(sbuffer, buffer, &currlen, maxlen,
- fvalue, min, max, flags);
+ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+ flags))
+ return 0;
break;
case 'E':
flags |= DP_F_UP;
@@ -355,8 +359,9 @@ _dopr(char **sbuffer,
fvalue = va_arg(args, double);
break;
case 'c':
- doapr_outch(sbuffer, buffer, &currlen, maxlen,
- va_arg(args, int));
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+ va_arg(args, int)))
+ return 0;
break;
case 's':
strvalue = va_arg(args, char *);
@@ -366,13 +371,15 @@ _dopr(char **sbuffer,
else
max = *maxlen;
}
- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
- flags, min, max);
+ if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+ flags, min, max))
+ return 0;
break;
case 'p':
value = (long)va_arg(args, void *);
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 16, min, max, flags | DP_F_NUM);
+ if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 16, min, max, flags | DP_F_NUM))
+ return 0;
break;
case 'n': /* XXX */
if (cflags == DP_C_SHORT) {
@@ -394,7 +401,8 @@ _dopr(char **sbuffer,
}
break;
case '%':
- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+ return 0;
break;
case 'w':
/* not supported yet, treat as next char */
@@ -418,46 +426,56 @@ _dopr(char **sbuffer,
*truncated = (currlen > *maxlen - 1);
if (*truncated)
currlen = *maxlen - 1;
- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+ return 0;
*retlen = currlen - 1;
- return;
+ return 1;
}
-static void
+static int
fmtstr(char **sbuffer,
char **buffer,
size_t *currlen,
size_t *maxlen, const char *value, int flags, int min, int max)
{
- int padlen, strln;
+ int padlen;
+ size_t strln;
int cnt = 0;
if (value == 0)
value = "<NULL>";
- for (strln = 0; value[strln]; ++strln) ;
+
+ strln = strlen(value);
+ if (strln > INT_MAX)
+ strln = INT_MAX;
+
padlen = min - strln;
- if (padlen < 0)
+ if (min < 0 || padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen;
while ((padlen > 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
--padlen;
++cnt;
}
while (*value && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+ return 0;
++cnt;
}
while ((padlen < 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
++padlen;
++cnt;
}
+ return 1;
}
-static void
+static int
fmtint(char **sbuffer,
char **buffer,
size_t *currlen,
@@ -517,37 +535,44 @@ fmtint(char **sbuffer,
/* spaces */
while (spadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
--spadlen;
}
/* sign */
if (signvalue)
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+ return 0;
/* prefix */
while (*prefix) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+ return 0;
prefix++;
}
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+ return 0;
--zpadlen;
}
}
/* digits */
- while (place > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+ while (place > 0) {
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+ return 0;
+ }
/* left justified spaces */
while (spadlen < 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+ return 0;
++spadlen;
}
- return;
+ return 1;
}
static LDOUBLE abs_val(LDOUBLE value)
@@ -578,7 +603,7 @@ static long roundv(LDOUBLE value)
return intpart;
}
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list