svn commit: r284283 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf crypto/openssl/crypto/bio crypt...
Jung-uk Kim
jkim at FreeBSD.org
Thu Jun 11 19:41:16 UTC 2015
Author: jkim
Date: Thu Jun 11 19:00:55 2015
New Revision: 284283
URL: https://svnweb.freebsd.org/changeset/base/284283
Log:
Merge OpenSSL 1.0.1n.
Modified:
head/crypto/openssl/CHANGES
head/crypto/openssl/Configure
head/crypto/openssl/Makefile
head/crypto/openssl/Makefile.org
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/Makefile
head/crypto/openssl/apps/apps.c
head/crypto/openssl/apps/asn1pars.c
head/crypto/openssl/apps/ca.c
head/crypto/openssl/apps/cms.c
head/crypto/openssl/apps/dhparam.c
head/crypto/openssl/apps/enc.c
head/crypto/openssl/apps/gendh.c
head/crypto/openssl/apps/ocsp.c
head/crypto/openssl/apps/s_cb.c
head/crypto/openssl/apps/s_client.c
head/crypto/openssl/apps/s_server.c
head/crypto/openssl/apps/s_time.c
head/crypto/openssl/apps/smime.c
head/crypto/openssl/apps/srp.c
head/crypto/openssl/apps/verify.c
head/crypto/openssl/crypto/Makefile
head/crypto/openssl/crypto/aes/Makefile
head/crypto/openssl/crypto/asn1/Makefile
head/crypto/openssl/crypto/asn1/a_int.c
head/crypto/openssl/crypto/asn1/asn1_gen.c
head/crypto/openssl/crypto/asn1/asn_mime.c
head/crypto/openssl/crypto/asn1/bio_ndef.c
head/crypto/openssl/crypto/asn1/tasn_new.c
head/crypto/openssl/crypto/asn1/tasn_prn.c
head/crypto/openssl/crypto/asn1/x_x509.c
head/crypto/openssl/crypto/bf/Makefile
head/crypto/openssl/crypto/bio/Makefile
head/crypto/openssl/crypto/bio/b_print.c
head/crypto/openssl/crypto/bio/bf_nbio.c
head/crypto/openssl/crypto/bio/bio_lib.c
head/crypto/openssl/crypto/bio/bss_dgram.c
head/crypto/openssl/crypto/bn/Makefile
head/crypto/openssl/crypto/bn/bn.h
head/crypto/openssl/crypto/bn/bn_err.c
head/crypto/openssl/crypto/bn/bn_gf2m.c
head/crypto/openssl/crypto/bn/bn_lcl.h
head/crypto/openssl/crypto/bn/bn_print.c
head/crypto/openssl/crypto/bn/bn_rand.c
head/crypto/openssl/crypto/bn/bn_shift.c
head/crypto/openssl/crypto/buffer/Makefile
head/crypto/openssl/crypto/buffer/buffer.c
head/crypto/openssl/crypto/camellia/Makefile
head/crypto/openssl/crypto/cast/Makefile
head/crypto/openssl/crypto/cmac/Makefile
head/crypto/openssl/crypto/cmac/cmac.c
head/crypto/openssl/crypto/cms/Makefile
head/crypto/openssl/crypto/cms/cms_pwri.c
head/crypto/openssl/crypto/cms/cms_smime.c
head/crypto/openssl/crypto/comp/Makefile
head/crypto/openssl/crypto/conf/Makefile
head/crypto/openssl/crypto/cryptlib.c
head/crypto/openssl/crypto/des/Makefile
head/crypto/openssl/crypto/des/des.c
head/crypto/openssl/crypto/des/enc_writ.c
head/crypto/openssl/crypto/dh/Makefile
head/crypto/openssl/crypto/dh/dh_ameth.c
head/crypto/openssl/crypto/dsa/Makefile
head/crypto/openssl/crypto/dsa/dsa_gen.c
head/crypto/openssl/crypto/dsa/dsa_ossl.c
head/crypto/openssl/crypto/dso/Makefile
head/crypto/openssl/crypto/dso/dso_lib.c
head/crypto/openssl/crypto/ec/Makefile
head/crypto/openssl/crypto/ec/ec2_oct.c
head/crypto/openssl/crypto/ec/ec_asn1.c
head/crypto/openssl/crypto/ec/ec_check.c
head/crypto/openssl/crypto/ec/ec_key.c
head/crypto/openssl/crypto/ec/ec_lcl.h
head/crypto/openssl/crypto/ec/ec_lib.c
head/crypto/openssl/crypto/ec/eck_prn.c
head/crypto/openssl/crypto/ec/ecp_oct.c
head/crypto/openssl/crypto/ec/ectest.c
head/crypto/openssl/crypto/ecdh/Makefile
head/crypto/openssl/crypto/ecdsa/Makefile
head/crypto/openssl/crypto/ecdsa/ecdsatest.c
head/crypto/openssl/crypto/engine/Makefile
head/crypto/openssl/crypto/engine/eng_table.c
head/crypto/openssl/crypto/err/Makefile
head/crypto/openssl/crypto/evp/Makefile
head/crypto/openssl/crypto/evp/bio_ok.c
head/crypto/openssl/crypto/evp/e_aes.c
head/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
head/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
head/crypto/openssl/crypto/evp/encode.c
head/crypto/openssl/crypto/evp/evp.h
head/crypto/openssl/crypto/evp/p_seal.c
head/crypto/openssl/crypto/hmac/Makefile
head/crypto/openssl/crypto/hmac/hmac.c
head/crypto/openssl/crypto/hmac/hmac.h
head/crypto/openssl/crypto/hmac/hmactest.c
head/crypto/openssl/crypto/idea/Makefile
head/crypto/openssl/crypto/jpake/Makefile
head/crypto/openssl/crypto/krb5/Makefile
head/crypto/openssl/crypto/lhash/Makefile
head/crypto/openssl/crypto/md2/Makefile
head/crypto/openssl/crypto/md32_common.h
head/crypto/openssl/crypto/md4/Makefile
head/crypto/openssl/crypto/md5/Makefile
head/crypto/openssl/crypto/mdc2/Makefile
head/crypto/openssl/crypto/mem.c
head/crypto/openssl/crypto/modes/Makefile
head/crypto/openssl/crypto/modes/gcm128.c
head/crypto/openssl/crypto/objects/Makefile
head/crypto/openssl/crypto/objects/o_names.c
head/crypto/openssl/crypto/objects/obj_dat.c
head/crypto/openssl/crypto/objects/objects.README
head/crypto/openssl/crypto/objects/objects.pl
head/crypto/openssl/crypto/ocsp/Makefile
head/crypto/openssl/crypto/ocsp/ocsp_ext.c
head/crypto/openssl/crypto/ocsp/ocsp_vfy.c
head/crypto/openssl/crypto/opensslv.h
head/crypto/openssl/crypto/pem/Makefile
head/crypto/openssl/crypto/pem/pem_lib.c
head/crypto/openssl/crypto/pem/pem_pk8.c
head/crypto/openssl/crypto/pkcs12/Makefile
head/crypto/openssl/crypto/pkcs12/p12_mutl.c
head/crypto/openssl/crypto/pkcs7/Makefile
head/crypto/openssl/crypto/pkcs7/pk7_doit.c
head/crypto/openssl/crypto/pqueue/Makefile
head/crypto/openssl/crypto/rand/Makefile
head/crypto/openssl/crypto/rc2/Makefile
head/crypto/openssl/crypto/rc4/Makefile
head/crypto/openssl/crypto/rc5/Makefile
head/crypto/openssl/crypto/ripemd/Makefile
head/crypto/openssl/crypto/rsa/Makefile
head/crypto/openssl/crypto/rsa/rsa_pmeth.c
head/crypto/openssl/crypto/seed/Makefile
head/crypto/openssl/crypto/sha/Makefile
head/crypto/openssl/crypto/srp/Makefile
head/crypto/openssl/crypto/srp/srp_vfy.c
head/crypto/openssl/crypto/stack/Makefile
head/crypto/openssl/crypto/store/Makefile
head/crypto/openssl/crypto/threads/th-lock.c
head/crypto/openssl/crypto/ts/Makefile
head/crypto/openssl/crypto/txt_db/Makefile
head/crypto/openssl/crypto/ui/Makefile
head/crypto/openssl/crypto/whrlpool/Makefile
head/crypto/openssl/crypto/x509/Makefile
head/crypto/openssl/crypto/x509/x509_lu.c
head/crypto/openssl/crypto/x509/x509_vfy.c
head/crypto/openssl/crypto/x509/x509_vfy.h
head/crypto/openssl/crypto/x509/x509_vpm.c
head/crypto/openssl/crypto/x509/x509type.c
head/crypto/openssl/crypto/x509v3/Makefile
head/crypto/openssl/crypto/x509v3/v3_alt.c
head/crypto/openssl/crypto/x509v3/v3_cpols.c
head/crypto/openssl/crypto/x509v3/v3_utl.c
head/crypto/openssl/doc/apps/cms.pod
head/crypto/openssl/doc/apps/config.pod
head/crypto/openssl/doc/apps/dhparam.pod
head/crypto/openssl/doc/apps/ocsp.pod
head/crypto/openssl/doc/apps/s_client.pod
head/crypto/openssl/doc/apps/s_server.pod
head/crypto/openssl/doc/apps/smime.pod
head/crypto/openssl/doc/apps/verify.pod
head/crypto/openssl/doc/crypto/BN_rand.pod
head/crypto/openssl/doc/crypto/BN_set_bit.pod
head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
head/crypto/openssl/doc/crypto/pem.pod
head/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
head/crypto/openssl/e_os2.h
head/crypto/openssl/engines/Makefile
head/crypto/openssl/engines/ccgost/Makefile
head/crypto/openssl/engines/ccgost/e_gost_err.c
head/crypto/openssl/engines/ccgost/e_gost_err.h
head/crypto/openssl/engines/ccgost/gost2001.c
head/crypto/openssl/engines/ccgost/gost94_keyx.c
head/crypto/openssl/engines/ccgost/gost_ameth.c
head/crypto/openssl/engines/ccgost/gost_pmeth.c
head/crypto/openssl/engines/ccgost/gost_sign.c
head/crypto/openssl/engines/e_sureware.c
head/crypto/openssl/ssl/Makefile
head/crypto/openssl/ssl/d1_both.c
head/crypto/openssl/ssl/d1_clnt.c
head/crypto/openssl/ssl/d1_lib.c
head/crypto/openssl/ssl/d1_pkt.c
head/crypto/openssl/ssl/d1_srvr.c
head/crypto/openssl/ssl/s2_pkt.c
head/crypto/openssl/ssl/s2_srvr.c
head/crypto/openssl/ssl/s3_both.c
head/crypto/openssl/ssl/s3_cbc.c
head/crypto/openssl/ssl/s3_clnt.c
head/crypto/openssl/ssl/s3_pkt.c
head/crypto/openssl/ssl/s3_srvr.c
head/crypto/openssl/ssl/ssl.h
head/crypto/openssl/ssl/ssl_err.c
head/crypto/openssl/ssl/ssl_lib.c
head/crypto/openssl/ssl/ssl_locl.h
head/crypto/openssl/ssl/ssl_sess.c
head/crypto/openssl/ssl/ssl_stat.c
head/crypto/openssl/ssl/ssltest.c
head/crypto/openssl/ssl/t1_enc.c
head/crypto/openssl/ssl/t1_lib.c
head/crypto/openssl/ssl/tls_srp.c
head/crypto/openssl/util/mk1mf.pl
head/crypto/openssl/util/mkerr.pl
head/crypto/openssl/util/pl/BC-32.pl
head/crypto/openssl/util/pl/VC-32.pl
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/BIO_ctrl.3
head/secure/lib/libcrypto/man/BIO_f_base64.3
head/secure/lib/libcrypto/man/BIO_f_buffer.3
head/secure/lib/libcrypto/man/BIO_f_cipher.3
head/secure/lib/libcrypto/man/BIO_f_md.3
head/secure/lib/libcrypto/man/BIO_f_null.3
head/secure/lib/libcrypto/man/BIO_f_ssl.3
head/secure/lib/libcrypto/man/BIO_find_type.3
head/secure/lib/libcrypto/man/BIO_new.3
head/secure/lib/libcrypto/man/BIO_new_CMS.3
head/secure/lib/libcrypto/man/BIO_push.3
head/secure/lib/libcrypto/man/BIO_read.3
head/secure/lib/libcrypto/man/BIO_s_accept.3
head/secure/lib/libcrypto/man/BIO_s_bio.3
head/secure/lib/libcrypto/man/BIO_s_connect.3
head/secure/lib/libcrypto/man/BIO_s_fd.3
head/secure/lib/libcrypto/man/BIO_s_file.3
head/secure/lib/libcrypto/man/BIO_s_mem.3
head/secure/lib/libcrypto/man/BIO_s_null.3
head/secure/lib/libcrypto/man/BIO_s_socket.3
head/secure/lib/libcrypto/man/BIO_set_callback.3
head/secure/lib/libcrypto/man/BIO_should_retry.3
head/secure/lib/libcrypto/man/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/BN_CTX_new.3
head/secure/lib/libcrypto/man/BN_CTX_start.3
head/secure/lib/libcrypto/man/BN_add.3
head/secure/lib/libcrypto/man/BN_add_word.3
head/secure/lib/libcrypto/man/BN_bn2bin.3
head/secure/lib/libcrypto/man/BN_cmp.3
head/secure/lib/libcrypto/man/BN_copy.3
head/secure/lib/libcrypto/man/BN_generate_prime.3
head/secure/lib/libcrypto/man/BN_mod_inverse.3
head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/BN_new.3
head/secure/lib/libcrypto/man/BN_num_bytes.3
head/secure/lib/libcrypto/man/BN_rand.3
head/secure/lib/libcrypto/man/BN_set_bit.3
head/secure/lib/libcrypto/man/BN_swap.3
head/secure/lib/libcrypto/man/BN_zero.3
head/secure/lib/libcrypto/man/CMS_add0_cert.3
head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/CMS_add1_signer.3
head/secure/lib/libcrypto/man/CMS_compress.3
head/secure/lib/libcrypto/man/CMS_decrypt.3
head/secure/lib/libcrypto/man/CMS_encrypt.3
head/secure/lib/libcrypto/man/CMS_final.3
head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/CMS_get0_type.3
head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/CMS_sign.3
head/secure/lib/libcrypto/man/CMS_sign_receipt.3
head/secure/lib/libcrypto/man/CMS_uncompress.3
head/secure/lib/libcrypto/man/CMS_verify.3
head/secure/lib/libcrypto/man/CMS_verify_receipt.3
head/secure/lib/libcrypto/man/CONF_modules_free.3
head/secure/lib/libcrypto/man/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
head/secure/lib/libcrypto/man/DH_generate_key.3
head/secure/lib/libcrypto/man/DH_generate_parameters.3
head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
head/secure/lib/libcrypto/man/DH_new.3
head/secure/lib/libcrypto/man/DH_set_method.3
head/secure/lib/libcrypto/man/DH_size.3
head/secure/lib/libcrypto/man/DSA_SIG_new.3
head/secure/lib/libcrypto/man/DSA_do_sign.3
head/secure/lib/libcrypto/man/DSA_dup_DH.3
head/secure/lib/libcrypto/man/DSA_generate_key.3
head/secure/lib/libcrypto/man/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/DSA_new.3
head/secure/lib/libcrypto/man/DSA_set_method.3
head/secure/lib/libcrypto/man/DSA_sign.3
head/secure/lib/libcrypto/man/DSA_size.3
head/secure/lib/libcrypto/man/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/ERR_clear_error.3
head/secure/lib/libcrypto/man/ERR_error_string.3
head/secure/lib/libcrypto/man/ERR_get_error.3
head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/ERR_load_strings.3
head/secure/lib/libcrypto/man/ERR_print_errors.3
head/secure/lib/libcrypto/man/ERR_put_error.3
head/secure/lib/libcrypto/man/ERR_remove_state.3
head/secure/lib/libcrypto/man/ERR_set_mark.3
head/secure/lib/libcrypto/man/EVP_BytesToKey.3
head/secure/lib/libcrypto/man/EVP_DigestInit.3
head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/EVP_OpenInit.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/EVP_SealInit.3
head/secure/lib/libcrypto/man/EVP_SignInit.3
head/secure/lib/libcrypto/man/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/OPENSSL_Applink.3
head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/OPENSSL_config.3
head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
head/secure/lib/libcrypto/man/PKCS12_create.3
head/secure/lib/libcrypto/man/PKCS12_parse.3
head/secure/lib/libcrypto/man/PKCS7_decrypt.3
head/secure/lib/libcrypto/man/PKCS7_encrypt.3
head/secure/lib/libcrypto/man/PKCS7_sign.3
head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
head/secure/lib/libcrypto/man/PKCS7_verify.3
head/secure/lib/libcrypto/man/RAND_add.3
head/secure/lib/libcrypto/man/RAND_bytes.3
head/secure/lib/libcrypto/man/RAND_cleanup.3
head/secure/lib/libcrypto/man/RAND_egd.3
head/secure/lib/libcrypto/man/RAND_load_file.3
head/secure/lib/libcrypto/man/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/RSA_blinding_on.3
head/secure/lib/libcrypto/man/RSA_check_key.3
head/secure/lib/libcrypto/man/RSA_generate_key.3
head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/RSA_new.3
head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/RSA_print.3
head/secure/lib/libcrypto/man/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/RSA_set_method.3
head/secure/lib/libcrypto/man/RSA_sign.3
head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/RSA_size.3
head/secure/lib/libcrypto/man/SMIME_read_CMS.3
head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
head/secure/lib/libcrypto/man/SMIME_write_CMS.3
head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/X509_new.3
head/secure/lib/libcrypto/man/X509_verify_cert.3
head/secure/lib/libcrypto/man/bio.3
head/secure/lib/libcrypto/man/blowfish.3
head/secure/lib/libcrypto/man/bn.3
head/secure/lib/libcrypto/man/bn_internal.3
head/secure/lib/libcrypto/man/buffer.3
head/secure/lib/libcrypto/man/crypto.3
head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
head/secure/lib/libcrypto/man/d2i_DHparams.3
head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_X509.3
head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
head/secure/lib/libcrypto/man/d2i_X509_CRL.3
head/secure/lib/libcrypto/man/d2i_X509_NAME.3
head/secure/lib/libcrypto/man/d2i_X509_REQ.3
head/secure/lib/libcrypto/man/d2i_X509_SIG.3
head/secure/lib/libcrypto/man/des.3
head/secure/lib/libcrypto/man/dh.3
head/secure/lib/libcrypto/man/dsa.3
head/secure/lib/libcrypto/man/ecdsa.3
head/secure/lib/libcrypto/man/engine.3
head/secure/lib/libcrypto/man/err.3
head/secure/lib/libcrypto/man/evp.3
head/secure/lib/libcrypto/man/hmac.3
head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
head/secure/lib/libcrypto/man/lh_stats.3
head/secure/lib/libcrypto/man/lhash.3
head/secure/lib/libcrypto/man/md5.3
head/secure/lib/libcrypto/man/mdc2.3
head/secure/lib/libcrypto/man/pem.3
head/secure/lib/libcrypto/man/rand.3
head/secure/lib/libcrypto/man/rc4.3
head/secure/lib/libcrypto/man/ripemd.3
head/secure/lib/libcrypto/man/rsa.3
head/secure/lib/libcrypto/man/sha.3
head/secure/lib/libcrypto/man/threads.3
head/secure/lib/libcrypto/man/ui.3
head/secure/lib/libcrypto/man/ui_compat.3
head/secure/lib/libcrypto/man/x509.3
head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_session.3
head/secure/lib/libssl/man/SSL_CTX_ctrl.3
head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
head/secure/lib/libssl/man/SSL_CTX_free.3
head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
head/secure/lib/libssl/man/SSL_CTX_new.3
head/secure/lib/libssl/man/SSL_CTX_sess_number.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libssl/man/SSL_CTX_sessions.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
head/secure/lib/libssl/man/SSL_CTX_set_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_options.3
head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_verify.3
head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libssl/man/SSL_SESSION_free.3
head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_SESSION_get_time.3
head/secure/lib/libssl/man/SSL_accept.3
head/secure/lib/libssl/man/SSL_alert_type_string.3
head/secure/lib/libssl/man/SSL_clear.3
head/secure/lib/libssl/man/SSL_connect.3
head/secure/lib/libssl/man/SSL_do_handshake.3
head/secure/lib/libssl/man/SSL_free.3
head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
head/secure/lib/libssl/man/SSL_get_ciphers.3
head/secure/lib/libssl/man/SSL_get_client_CA_list.3
head/secure/lib/libssl/man/SSL_get_current_cipher.3
head/secure/lib/libssl/man/SSL_get_default_timeout.3
head/secure/lib/libssl/man/SSL_get_error.3
head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
head/secure/lib/libssl/man/SSL_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_get_fd.3
head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
head/secure/lib/libssl/man/SSL_get_peer_certificate.3
head/secure/lib/libssl/man/SSL_get_psk_identity.3
head/secure/lib/libssl/man/SSL_get_rbio.3
head/secure/lib/libssl/man/SSL_get_session.3
head/secure/lib/libssl/man/SSL_get_verify_result.3
head/secure/lib/libssl/man/SSL_get_version.3
head/secure/lib/libssl/man/SSL_library_init.3
head/secure/lib/libssl/man/SSL_load_client_CA_file.3
head/secure/lib/libssl/man/SSL_new.3
head/secure/lib/libssl/man/SSL_pending.3
head/secure/lib/libssl/man/SSL_read.3
head/secure/lib/libssl/man/SSL_rstate_string.3
head/secure/lib/libssl/man/SSL_session_reused.3
head/secure/lib/libssl/man/SSL_set_bio.3
head/secure/lib/libssl/man/SSL_set_connect_state.3
head/secure/lib/libssl/man/SSL_set_fd.3
head/secure/lib/libssl/man/SSL_set_session.3
head/secure/lib/libssl/man/SSL_set_shutdown.3
head/secure/lib/libssl/man/SSL_set_verify_result.3
head/secure/lib/libssl/man/SSL_shutdown.3
head/secure/lib/libssl/man/SSL_state_string.3
head/secure/lib/libssl/man/SSL_want.3
head/secure/lib/libssl/man/SSL_write.3
head/secure/lib/libssl/man/d2i_SSL_SESSION.3
head/secure/lib/libssl/man/ssl.3
head/secure/usr.bin/openssl/man/CA.pl.1
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/c_rehash.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/openssl.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/CHANGES Thu Jun 11 19:00:55 2015 (r284283)
@@ -2,6 +2,77 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+
+ *) Malformed ECParameters causes infinite loop
+
+ When processing an ECParameters structure OpenSSL enters an infinite loop
+ if the curve specified is over a specially malformed binary polynomial
+ field.
+
+ This can be used to perform denial of service against any
+ system which processes public keys, certificate requests or
+ certificates. This includes TLS clients and TLS servers with
+ client authentication enabled.
+
+ This issue was reported to OpenSSL by Joseph Barr-Pixton.
+ (CVE-2015-1788)
+ [Andy Polyakov]
+
+ *) Exploitable out-of-bounds read in X509_cmp_time
+
+ X509_cmp_time does not properly check the length of the ASN1_TIME
+ string and can read a few bytes out of bounds. In addition,
+ X509_cmp_time accepts an arbitrary number of fractional seconds in the
+ time string.
+
+ An attacker can use this to craft malformed certificates and CRLs of
+ various sizes and potentially cause a segmentation fault, resulting in
+ a DoS on applications that verify certificates or CRLs. TLS clients
+ that verify CRLs are affected. TLS clients and servers with client
+ authentication enabled may be affected if they use custom verification
+ callbacks.
+
+ This issue was reported to OpenSSL by Robert Swiecki (Google), and
+ independently by Hanno Böck.
+ (CVE-2015-1789)
+ [Emilia Käsper]
+
+ *) PKCS7 crash with missing EnvelopedContent
+
+ The PKCS#7 parsing code does not handle missing inner EncryptedContent
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+ with missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+ structures from untrusted sources are affected. OpenSSL clients and
+ servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-1790)
+ [Emilia Käsper]
+
+ *) CMS verify infinite loop with unknown hash function
+
+ When verifying a signedData message the CMS code can enter an infinite loop
+ if presented with an unknown hash function OID. This can be used to perform
+ denial of service against any system which verifies signedData messages using
+ the CMS code.
+ This issue was reported to OpenSSL by Johannes Bauer.
+ (CVE-2015-1792)
+ [Stephen Henson]
+
+ *) Race condition handling NewSessionTicket
+
+ If a NewSessionTicket is received by a multi-threaded client when attempting to
+ reuse a previous ticket then a race condition can occur potentially leading to
+ a double free of the ticket data.
+ (CVE-2015-1791)
+ [Matt Caswell]
+
+ *) Reject DH handshakes with parameters shorter than 768 bits.
+ [Kurt Roeckx and Emilia Kasper]
+
Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
*) Segmentation fault in ASN1_TYPE_cmp fix
Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/Configure Thu Jun 11 19:00:55 2015 (r284283)
@@ -230,12 +230,12 @@ my %table=(
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups
@@ -252,7 +252,7 @@ my %table=(
#### SunOS configs, assuming sparc for the gcc one.
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
@@ -379,7 +379,7 @@ my %table=(
#### SPARC Linux setups
# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -413,7 +413,7 @@ my %table=(
"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/Makefile Thu Jun 11 19:00:55 2015 (r284283)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1m
+VERSION=1.0.1n
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -186,7 +186,7 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -272,7 +272,10 @@ reflect:
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -461,6 +464,9 @@ tests: rehash
report:
@$(PERL) util/selftest.pl
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -485,26 +491,10 @@ util/libeay.num::
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
Modified: head/crypto/openssl/Makefile.org
==============================================================================
--- head/crypto/openssl/Makefile.org Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/Makefile.org Thu Jun 11 19:00:55 2015 (r284283)
@@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,7 +270,10 @@ reflect:
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -459,6 +462,9 @@ tests: rehash
report:
@$(PERL) util/selftest.pl
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -483,26 +489,10 @@ util/libeay.num::
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/NEWS Thu Jun 11 19:00:55 2015 (r284283)
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
+
+ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ o Race condition handling NewSessionTicket (CVE-2015-1791)
+
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/README Thu Jun 11 19:00:55 2015 (r284283)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1m 19 Mar 2015
+ OpenSSL 1.0.1n 11 Jun 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: head/crypto/openssl/apps/Makefile
==============================================================================
--- head/crypto/openssl/apps/Makefile Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/Makefile Thu Jun 11 19:00:55 2015 (r284283)
@@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+openssl-vms.cnf: openssl.cnf
+ $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -127,12 +130,12 @@ links:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
- fi
+update: openssl-vms.cnf local_depend
+
+depend: local_depend
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -144,10 +147,10 @@ clean:
rm -f req
$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
+ (cd ..; $(MAKE) build_libssl)
$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
+ (cd ..; $(MAKE) build_libcrypto)
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
Modified: head/crypto/openssl/apps/apps.c
==============================================================================
--- head/crypto/openssl/apps/apps.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/apps.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -572,7 +572,7 @@ int password_callback(char *buf, int buf
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
- if(!prompt) {
+ if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
return 0;
@@ -586,7 +586,7 @@ int password_callback(char *buf, int buf
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = (char *)OPENSSL_malloc(bufsiz);
- if(!buff) {
+ if (!buff) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
OPENSSL_free(prompt);
@@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *parg
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else
return 0;
Modified: head/crypto/openssl/apps/asn1pars.c
==============================================================================
--- head/crypto/openssl/apps/asn1pars.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/asn1pars.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *g
{
CONF *cnf = NULL;
int len;
- long errline;
+ long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
Modified: head/crypto/openssl/apps/ca.c
==============================================================================
--- head/crypto/openssl/apps/ca.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/ca.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -558,7 +558,7 @@ int MAIN(int argc, char **argv)
#ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
#else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, i
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);
- if(!tmp) {
+ if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
@@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, i
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
- if(!*prevtm) {
+ if (!*prevtm) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
@@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, i
goto err;
}
comp_time = ASN1_GENERALIZEDTIME_new();
- if(!comp_time) {
+ if (!comp_time) {
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
Modified: head/crypto/openssl/apps/cms.c
==============================================================================
--- head/crypto/openssl/apps/cms.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/cms.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -581,6 +581,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
Modified: head/crypto/openssl/apps/dhparam.c
==============================================================================
--- head/crypto/openssl/apps/dhparam.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/dhparam.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -130,7 +130,7 @@
# undef PROG
# define PROG dhparam_main
-# define DEFBITS 512
+# define DEFBITS 2048
/*-
* -inform arg - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err,
- " numbits number of bits in to generate (default 512)\n");
+ " numbits number of bits in to generate (default 2048)\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
Modified: head/crypto/openssl/apps/enc.c
==============================================================================
--- head/crypto/openssl/apps/enc.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/enc.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
else
OPENSSL_cleanse(str, strlen(str));
}
- if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
- BIO_printf(bio_err, "invalid hex iv value\n");
- goto end;
+ if (hiv != NULL) {
+ int siz = EVP_CIPHER_iv_length(cipher);
+ if (siz == 0) {
+ BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+ } else if (!set_hex(hiv, iv, sizeof iv)) {
+ BIO_printf(bio_err, "invalid hex iv value\n");
+ goto end;
+ }
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
@@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+ if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
Modified: head/crypto/openssl/apps/gendh.c
==============================================================================
--- head/crypto/openssl/apps/gendh.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/gendh.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -80,7 +80,7 @@
# include <openssl/x509.h>
# include <openssl/pem.h>
-# define DEFBITS 512
+# define DEFBITS 2048
# undef PROG
# define PROG gendh_main
Modified: head/crypto/openssl/apps/ocsp.c
==============================================================================
--- head/crypto/openssl/apps/ocsp.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/ocsp.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -519,6 +519,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-VAfile file validator certificates file\n");
BIO_printf(bio_err,
"-validity_period n maximum validity discrepancy in seconds\n");
Modified: head/crypto/openssl/apps/s_cb.c
==============================================================================
--- head/crypto/openssl/apps/s_cb.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/s_cb.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -111,6 +111,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h> /* for memcpy() */
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
@@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
Modified: head/crypto/openssl/apps/s_client.c
==============================================================================
--- head/crypto/openssl/apps/s_client.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/s_client.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -323,6 +323,8 @@ static void sc_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
+ " -no_alt_chains - only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err,
" -pause - sleep(1) after each read(2) and write(2) system call\n");
@@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_cl
PW_CB_DATA cb_tmp;
int l;
- if(!pass) {
+ if (!pass) {
BIO_printf(bio_err, "Malloc failure\n");
return NULL;
}
@@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv)
if (!set_cert_key_stuff(ctx, cert, key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
- */
+ if ((CAfile || CApath)
+ && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
- /* goto end; */
}
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) {
Modified: head/crypto/openssl/apps/s_server.c
==============================================================================
--- head/crypto/openssl/apps/s_server.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/s_server.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -219,7 +219,7 @@ static int generate_session_id(const SSL
unsigned int *id_len);
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
+static DH *get_dh2048(void);
#endif
#ifdef MONOLITH
@@ -227,30 +227,48 @@ static void s_server_init(void);
#endif
#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[] = {
- 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
- 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
- 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
- 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
- 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
- 0x47, 0x74, 0xE8, 0x33,
+static unsigned char dh2048_p[] = {
+ 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+ 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+ 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+ 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+ 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+ 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+ 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+ 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+ 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+ 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+ 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+ 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+ 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+ 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+ 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+ 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+ 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+ 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+ 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+ 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+ 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+ 0xE9,0x32,0x0B,0x3B,
};
-static unsigned char dh512_g[] = {
+static unsigned char dh2048_g[] = {
0x02,
};
-static DH *get_dh512(void)
+DH *get_dh2048()
{
- DH *dh = NULL;
+ DH *dh;
if ((dh = DH_new()) == NULL)
- return (NULL);
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return (NULL);
- return (dh);
+ return NULL;
+ dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if (dh->p == NULL || dh->g == NULL) {
+ DH_free(dh);
+ return NULL;
+ }
+ return dh;
}
#endif
@@ -523,6 +541,8 @@ static void sv_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
+ " -no_alt_chains - only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
" -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err,
" -cipher arg - play with 'openssl ciphers' to see what goes here\n");
@@ -720,7 +740,7 @@ static int ebcdic_write(BIO *b, const ch
num = inl;
wbuf =
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
- if(!wbuf)
+ if (!wbuf)
return 0;
OPENSSL_free(b->ptr);
@@ -998,7 +1018,7 @@ int MAIN(int argc, char *argv[])
int off = 0;
int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
#ifndef OPENSSL_NO_ECDH
- int no_ecdhe;
+ int no_ecdhe = 0;
#endif
int state = 0;
const SSL_METHOD *meth = NULL;
@@ -1654,7 +1674,11 @@ int MAIN(int argc, char *argv[])
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
} else {
BIO_printf(bio_s_out, "Using default temp DH parameters\n");
- dh = get_dh512();
+ dh = get_dh2048();
+ if (dh == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
(void)BIO_flush(bio_s_out);
@@ -2251,8 +2275,10 @@ static int sv_body(char *hostname, int s
ret = 1;
goto err;
}
- l += k;
- i -= k;
+ if (k > 0) {
+ l += k;
+ i -= k;
+ }
if (i <= 0)
break;
}
@@ -2916,7 +2942,8 @@ static int generate_session_id(const SSL
{
unsigned int count = 0;
do {
- RAND_pseudo_bytes(id, *id_len);
+ if (RAND_pseudo_bytes(id, *id_len) < 0)
+ return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix
* is too long, clip it - but there will be worse effects anyway, eg.
Modified: head/crypto/openssl/apps/s_time.c
==============================================================================
--- head/crypto/openssl/apps/s_time.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/s_time.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -302,7 +302,7 @@ static int parseArgs(int argc, char **ar
if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv));
- if(maxTime <= 0) {
+ if (maxTime <= 0) {
BIO_printf(bio_err, "time must be > 0\n");
badop = 1;
}
Modified: head/crypto/openssl/apps/smime.c
==============================================================================
--- head/crypto/openssl/apps/smime.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/smime.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
Modified: head/crypto/openssl/apps/srp.c
==============================================================================
--- head/crypto/openssl/apps/srp.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/srp.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
# ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
# else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
Modified: head/crypto/openssl/apps/verify.c
==============================================================================
--- head/crypto/openssl/apps/verify.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/apps/verify.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err, " [-attime timestamp]");
+ BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]");
#endif
Modified: head/crypto/openssl/crypto/Makefile
==============================================================================
--- head/crypto/openssl/crypto/Makefile Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/Makefile Thu Jun 11 19:00:55 2015 (r284283)
@@ -126,12 +126,17 @@ install:
lint:
@target=lint; $(RECURSIVE_MAKE)
-depend:
+update: local_depend
+ @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+depend: local_depend
+ @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
- @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean:
rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
Modified: head/crypto/openssl/crypto/aes/Makefile
==============================================================================
--- head/crypto/openssl/crypto/aes/Makefile Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/aes/Makefile Thu Jun 11 19:00:55 2015 (r284283)
@@ -106,6 +106,8 @@ tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
+update: depend
+
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
Modified: head/crypto/openssl/crypto/asn1/Makefile
==============================================================================
--- head/crypto/openssl/crypto/asn1/Makefile Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/Makefile Thu Jun 11 19:00:55 2015 (r284283)
@@ -93,6 +93,8 @@ tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
+update: depend
+
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
Modified: head/crypto/openssl/crypto/asn1/a_int.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
else {
ret = a->length;
i = a->data[0];
+ if (ret == 1 && i == 0)
+ neg = 0;
if (!neg && (i > 127)) {
pad = 1;
pb = 0;
@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
p += a->length - 1;
i = a->length;
/* Copy zeros to destination as long as source is zero */
- while (!*n) {
+ while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const B
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
- if (BN_is_negative(bn))
+ if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER;
else
ret->type = V_ASN1_INTEGER;
Modified: head/crypto/openssl/crypto/asn1/asn1_gen.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/asn1_gen.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/asn1_gen.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -74,6 +74,8 @@
#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
#define ASN1_FLAG_EXP_MAX 20
+/* Maximum number of nested sequences */
+#define ASN1_GEN_SEQ_MAX_DEPTH 50
/* Input formats */
@@ -110,13 +112,16 @@ typedef struct {
int exp_count;
} tag_exp_arg;
+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+ int *perr);
static int bitstr_cb(const char *elem, int len, void *bitstr);
static int asn1_cb(const char *elem, int len, void *bitstr);
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
int exp_constructed, int exp_pad, int imp_ok);
static int parse_tagging(const char *vstart, int vlen, int *ptag,
int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+ int depth, int *perr);
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
static int asn1_str2tag(const char *tagstr, int len);
@@ -133,6 +138,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
{
+ int err = 0;
+ ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+ if (err)
+ ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
+ return ret;
+}
+
+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+ int *perr)
+{
ASN1_TYPE *ret;
tag_exp_arg asn1_tags;
tag_exp_type *etmp;
@@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X
asn1_tags.imp_class = -1;
asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
asn1_tags.exp_count = 0;
- if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+ *perr = ASN1_R_UNKNOWN_TAG;
return NULL;
+ }
if ((asn1_tags.utype == V_ASN1_SEQUENCE)
|| (asn1_tags.utype == V_ASN1_SET)) {
if (!cnf) {
- ASN1err(ASN1_F_ASN1_GENERATE_V3,
- ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+ *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
return NULL;
}
- ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+ if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
+ *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
+ return NULL;
+ }
+ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
} else
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
@@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int
int tmp_tag, tmp_class;
if (elem == NULL)
- return 0;
+ return -1;
for (i = 0, p = elem; i < len; p++, i++) {
/* Look for the ':' in name value pairs */
@@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int
break;
case ASN1_GEN_FLAG_FORMAT:
- if(!vstart) {
+ if (!vstart) {
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
return -1;
}
@@ -435,7 +455,8 @@ static int parse_tagging(const char *vst
/* Handle multiple types: SET and SEQUENCE */
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+ int depth, int *perr)
{
ASN1_TYPE *ret = NULL;
STACK_OF(ASN1_TYPE) *sk = NULL;
@@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype,
goto bad;
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
ASN1_TYPE *typ =
- ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+ generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
+ depth + 1, perr);
if (!typ)
goto bad;
if (!sk_ASN1_TYPE_push(sk, typ))
Modified: head/crypto/openssl/crypto/asn1/asn_mime.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/asn_mime.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/asn_mime.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALU
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- RAND_pseudo_bytes((unsigned char *)bound, 32);
+ if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
+ return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
if (c < 10)
Modified: head/crypto/openssl/crypto/asn1/bio_ndef.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/bio_ndef.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/bio_ndef.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen);
- if(!p)
+ if (!p)
return 0;
ndef_aux->derbuf = p;
@@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen);
- if(!p)
+ if (!p)
return 0;
ndef_aux->derbuf = p;
Modified: head/crypto/openssl/crypto/asn1/tasn_new.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1
else
asn1_cb = 0;
- if (!combine)
- *pval = NULL;
-
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_push_info(it->sname);
Modified: head/crypto/openssl/crypto/asn1/tasn_prn.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_prn.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/tasn_prn.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out,
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(fld, tt, 1);
- if(!seqtt)
+ if (!seqtt)
return 0;
tmpfld = asn1_get_field_ptr(fld, seqtt);
if (!asn1_template_print_ctx(out, tmpfld,
Modified: head/crypto/openssl/crypto/asn1/x_x509.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 18:04:49 2015 (r284282)
+++ head/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 19:00:55 2015 (r284283)
@@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
/* Save start position */
q = *pp;
- if(!a || *a == NULL) {
+ if (!a || *a == NULL) {
freeret = 1;
}
ret = d2i_X509(a, pp, length);
@@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
goto err;
return ret;
err:
- if(freeret) {
+ if (freeret) {
X509_free(ret);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list