svn commit: r284286 - in stable: 8/crypto/openssl 8/crypto/openssl/crypto 8/crypto/openssl/crypto/asn1 8/crypto/openssl/crypto/bn 8/crypto/openssl/crypto/cms 8/crypto/openssl/crypto/dsa 8/crypto/op...
Jung-uk Kim
jkim at FreeBSD.org
Thu Jun 11 19:39:50 UTC 2015
Author: jkim
Date: Thu Jun 11 19:39:27 2015
New Revision: 284286
URL: https://svnweb.freebsd.org/changeset/base/284286
Log:
Merge OpenSSL 0.9.8zg.
Modified:
stable/9/crypto/openssl/CHANGES
stable/9/crypto/openssl/Makefile
stable/9/crypto/openssl/NEWS
stable/9/crypto/openssl/README
stable/9/crypto/openssl/crypto/asn1/a_int.c
stable/9/crypto/openssl/crypto/asn1/tasn_new.c
stable/9/crypto/openssl/crypto/asn1/x_x509.c
stable/9/crypto/openssl/crypto/bn/bn.h
stable/9/crypto/openssl/crypto/bn/bn_err.c
stable/9/crypto/openssl/crypto/bn/bn_print.c
stable/9/crypto/openssl/crypto/bn/bn_rand.c
stable/9/crypto/openssl/crypto/bn/bn_shift.c
stable/9/crypto/openssl/crypto/cms/cms_smime.c
stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c
stable/9/crypto/openssl/crypto/dso/dso_lib.c
stable/9/crypto/openssl/crypto/ec/ec2_smpl.c
stable/9/crypto/openssl/crypto/ec/ec_check.c
stable/9/crypto/openssl/crypto/ec/ec_key.c
stable/9/crypto/openssl/crypto/ec/ec_lib.c
stable/9/crypto/openssl/crypto/ec/ecp_smpl.c
stable/9/crypto/openssl/crypto/ec/ectest.c
stable/9/crypto/openssl/crypto/objects/obj_dat.c
stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c
stable/9/crypto/openssl/crypto/opensslv.h
stable/9/crypto/openssl/crypto/pem/pem_pk8.c
stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c
stable/9/crypto/openssl/crypto/x509/x509_lu.c
stable/9/crypto/openssl/crypto/x509/x509_vfy.c
stable/9/crypto/openssl/doc/crypto/BN_rand.pod
stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod
stable/9/crypto/openssl/doc/crypto/pem.pod
stable/9/crypto/openssl/e_os2.h
stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c
stable/9/crypto/openssl/openssl.spec
stable/9/crypto/openssl/ssl/d1_lib.c
stable/9/crypto/openssl/ssl/s3_clnt.c
stable/9/crypto/openssl/ssl/s3_srvr.c
stable/9/crypto/openssl/ssl/ssl.h
stable/9/crypto/openssl/ssl/ssl_err.c
stable/9/crypto/openssl/ssl/ssl_locl.h
stable/9/crypto/openssl/ssl/ssl_sess.c
stable/9/crypto/openssl/util/mkerr.pl
stable/9/secure/lib/libcrypto/Makefile.inc
stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/9/secure/lib/libcrypto/man/BIO_ctrl.3
stable/9/secure/lib/libcrypto/man/BIO_f_base64.3
stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/9/secure/lib/libcrypto/man/BIO_f_md.3
stable/9/secure/lib/libcrypto/man/BIO_f_null.3
stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/9/secure/lib/libcrypto/man/BIO_find_type.3
stable/9/secure/lib/libcrypto/man/BIO_new.3
stable/9/secure/lib/libcrypto/man/BIO_push.3
stable/9/secure/lib/libcrypto/man/BIO_read.3
stable/9/secure/lib/libcrypto/man/BIO_s_accept.3
stable/9/secure/lib/libcrypto/man/BIO_s_bio.3
stable/9/secure/lib/libcrypto/man/BIO_s_connect.3
stable/9/secure/lib/libcrypto/man/BIO_s_fd.3
stable/9/secure/lib/libcrypto/man/BIO_s_file.3
stable/9/secure/lib/libcrypto/man/BIO_s_mem.3
stable/9/secure/lib/libcrypto/man/BIO_s_null.3
stable/9/secure/lib/libcrypto/man/BIO_s_socket.3
stable/9/secure/lib/libcrypto/man/BIO_set_callback.3
stable/9/secure/lib/libcrypto/man/BIO_should_retry.3
stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/9/secure/lib/libcrypto/man/BN_CTX_new.3
stable/9/secure/lib/libcrypto/man/BN_CTX_start.3
stable/9/secure/lib/libcrypto/man/BN_add.3
stable/9/secure/lib/libcrypto/man/BN_add_word.3
stable/9/secure/lib/libcrypto/man/BN_bn2bin.3
stable/9/secure/lib/libcrypto/man/BN_cmp.3
stable/9/secure/lib/libcrypto/man/BN_copy.3
stable/9/secure/lib/libcrypto/man/BN_generate_prime.3
stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/9/secure/lib/libcrypto/man/BN_new.3
stable/9/secure/lib/libcrypto/man/BN_num_bytes.3
stable/9/secure/lib/libcrypto/man/BN_rand.3
stable/9/secure/lib/libcrypto/man/BN_set_bit.3
stable/9/secure/lib/libcrypto/man/BN_swap.3
stable/9/secure/lib/libcrypto/man/BN_zero.3
stable/9/secure/lib/libcrypto/man/CONF_modules_free.3
stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
stable/9/secure/lib/libcrypto/man/DH_generate_key.3
stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3
stable/9/secure/lib/libcrypto/man/DH_new.3
stable/9/secure/lib/libcrypto/man/DH_set_method.3
stable/9/secure/lib/libcrypto/man/DH_size.3
stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/9/secure/lib/libcrypto/man/DSA_do_sign.3
stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/9/secure/lib/libcrypto/man/DSA_generate_key.3
stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
stable/9/secure/lib/libcrypto/man/DSA_new.3
stable/9/secure/lib/libcrypto/man/DSA_set_method.3
stable/9/secure/lib/libcrypto/man/DSA_sign.3
stable/9/secure/lib/libcrypto/man/DSA_size.3
stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/9/secure/lib/libcrypto/man/ERR_clear_error.3
stable/9/secure/lib/libcrypto/man/ERR_error_string.3
stable/9/secure/lib/libcrypto/man/ERR_get_error.3
stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/9/secure/lib/libcrypto/man/ERR_load_strings.3
stable/9/secure/lib/libcrypto/man/ERR_print_errors.3
stable/9/secure/lib/libcrypto/man/ERR_put_error.3
stable/9/secure/lib/libcrypto/man/ERR_remove_state.3
stable/9/secure/lib/libcrypto/man/ERR_set_mark.3
stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/9/secure/lib/libcrypto/man/EVP_SealInit.3
stable/9/secure/lib/libcrypto/man/EVP_SignInit.3
stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/9/secure/lib/libcrypto/man/OPENSSL_config.3
stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/9/secure/lib/libcrypto/man/PKCS12_create.3
stable/9/secure/lib/libcrypto/man/PKCS12_parse.3
stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/9/secure/lib/libcrypto/man/PKCS7_sign.3
stable/9/secure/lib/libcrypto/man/PKCS7_verify.3
stable/9/secure/lib/libcrypto/man/RAND_add.3
stable/9/secure/lib/libcrypto/man/RAND_bytes.3
stable/9/secure/lib/libcrypto/man/RAND_cleanup.3
stable/9/secure/lib/libcrypto/man/RAND_egd.3
stable/9/secure/lib/libcrypto/man/RAND_load_file.3
stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/9/secure/lib/libcrypto/man/RSA_check_key.3
stable/9/secure/lib/libcrypto/man/RSA_generate_key.3
stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
stable/9/secure/lib/libcrypto/man/RSA_new.3
stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/9/secure/lib/libcrypto/man/RSA_print.3
stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/9/secure/lib/libcrypto/man/RSA_set_method.3
stable/9/secure/lib/libcrypto/man/RSA_sign.3
stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/9/secure/lib/libcrypto/man/RSA_size.3
stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/9/secure/lib/libcrypto/man/X509_new.3
stable/9/secure/lib/libcrypto/man/bio.3
stable/9/secure/lib/libcrypto/man/blowfish.3
stable/9/secure/lib/libcrypto/man/bn.3
stable/9/secure/lib/libcrypto/man/bn_internal.3
stable/9/secure/lib/libcrypto/man/buffer.3
stable/9/secure/lib/libcrypto/man/crypto.3
stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
stable/9/secure/lib/libcrypto/man/d2i_DHparams.3
stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
stable/9/secure/lib/libcrypto/man/d2i_X509.3
stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3
stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3
stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3
stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3
stable/9/secure/lib/libcrypto/man/des.3
stable/9/secure/lib/libcrypto/man/dh.3
stable/9/secure/lib/libcrypto/man/dsa.3
stable/9/secure/lib/libcrypto/man/ecdsa.3
stable/9/secure/lib/libcrypto/man/engine.3
stable/9/secure/lib/libcrypto/man/err.3
stable/9/secure/lib/libcrypto/man/evp.3
stable/9/secure/lib/libcrypto/man/hmac.3
stable/9/secure/lib/libcrypto/man/lh_stats.3
stable/9/secure/lib/libcrypto/man/lhash.3
stable/9/secure/lib/libcrypto/man/md5.3
stable/9/secure/lib/libcrypto/man/mdc2.3
stable/9/secure/lib/libcrypto/man/pem.3
stable/9/secure/lib/libcrypto/man/rand.3
stable/9/secure/lib/libcrypto/man/rc4.3
stable/9/secure/lib/libcrypto/man/ripemd.3
stable/9/secure/lib/libcrypto/man/rsa.3
stable/9/secure/lib/libcrypto/man/sha.3
stable/9/secure/lib/libcrypto/man/threads.3
stable/9/secure/lib/libcrypto/man/ui.3
stable/9/secure/lib/libcrypto/man/ui_compat.3
stable/9/secure/lib/libcrypto/man/x509.3
stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3
stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3
stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3
stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
stable/9/secure/lib/libssl/man/SSL_CTX_free.3
stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
stable/9/secure/lib/libssl/man/SSL_CTX_new.3
stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3
stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3
stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3
stable/9/secure/lib/libssl/man/SSL_SESSION_free.3
stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3
stable/9/secure/lib/libssl/man/SSL_accept.3
stable/9/secure/lib/libssl/man/SSL_alert_type_string.3
stable/9/secure/lib/libssl/man/SSL_clear.3
stable/9/secure/lib/libssl/man/SSL_connect.3
stable/9/secure/lib/libssl/man/SSL_do_handshake.3
stable/9/secure/lib/libssl/man/SSL_free.3
stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3
stable/9/secure/lib/libssl/man/SSL_get_ciphers.3
stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3
stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3
stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3
stable/9/secure/lib/libssl/man/SSL_get_error.3
stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3
stable/9/secure/lib/libssl/man/SSL_get_fd.3
stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3
stable/9/secure/lib/libssl/man/SSL_get_rbio.3
stable/9/secure/lib/libssl/man/SSL_get_session.3
stable/9/secure/lib/libssl/man/SSL_get_verify_result.3
stable/9/secure/lib/libssl/man/SSL_get_version.3
stable/9/secure/lib/libssl/man/SSL_library_init.3
stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3
stable/9/secure/lib/libssl/man/SSL_new.3
stable/9/secure/lib/libssl/man/SSL_pending.3
stable/9/secure/lib/libssl/man/SSL_read.3
stable/9/secure/lib/libssl/man/SSL_rstate_string.3
stable/9/secure/lib/libssl/man/SSL_session_reused.3
stable/9/secure/lib/libssl/man/SSL_set_bio.3
stable/9/secure/lib/libssl/man/SSL_set_connect_state.3
stable/9/secure/lib/libssl/man/SSL_set_fd.3
stable/9/secure/lib/libssl/man/SSL_set_session.3
stable/9/secure/lib/libssl/man/SSL_set_shutdown.3
stable/9/secure/lib/libssl/man/SSL_set_verify_result.3
stable/9/secure/lib/libssl/man/SSL_shutdown.3
stable/9/secure/lib/libssl/man/SSL_state_string.3
stable/9/secure/lib/libssl/man/SSL_want.3
stable/9/secure/lib/libssl/man/SSL_write.3
stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3
stable/9/secure/lib/libssl/man/ssl.3
stable/9/secure/usr.bin/openssl/man/CA.pl.1
stable/9/secure/usr.bin/openssl/man/asn1parse.1
stable/9/secure/usr.bin/openssl/man/ca.1
stable/9/secure/usr.bin/openssl/man/ciphers.1
stable/9/secure/usr.bin/openssl/man/crl.1
stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/9/secure/usr.bin/openssl/man/dgst.1
stable/9/secure/usr.bin/openssl/man/dhparam.1
stable/9/secure/usr.bin/openssl/man/dsa.1
stable/9/secure/usr.bin/openssl/man/dsaparam.1
stable/9/secure/usr.bin/openssl/man/ec.1
stable/9/secure/usr.bin/openssl/man/ecparam.1
stable/9/secure/usr.bin/openssl/man/enc.1
stable/9/secure/usr.bin/openssl/man/errstr.1
stable/9/secure/usr.bin/openssl/man/gendsa.1
stable/9/secure/usr.bin/openssl/man/genrsa.1
stable/9/secure/usr.bin/openssl/man/nseq.1
stable/9/secure/usr.bin/openssl/man/ocsp.1
stable/9/secure/usr.bin/openssl/man/openssl.1
stable/9/secure/usr.bin/openssl/man/passwd.1
stable/9/secure/usr.bin/openssl/man/pkcs12.1
stable/9/secure/usr.bin/openssl/man/pkcs7.1
stable/9/secure/usr.bin/openssl/man/pkcs8.1
stable/9/secure/usr.bin/openssl/man/rand.1
stable/9/secure/usr.bin/openssl/man/req.1
stable/9/secure/usr.bin/openssl/man/rsa.1
stable/9/secure/usr.bin/openssl/man/rsautl.1
stable/9/secure/usr.bin/openssl/man/s_client.1
stable/9/secure/usr.bin/openssl/man/s_server.1
stable/9/secure/usr.bin/openssl/man/s_time.1
stable/9/secure/usr.bin/openssl/man/sess_id.1
stable/9/secure/usr.bin/openssl/man/smime.1
stable/9/secure/usr.bin/openssl/man/speed.1
stable/9/secure/usr.bin/openssl/man/spkac.1
stable/9/secure/usr.bin/openssl/man/verify.1
stable/9/secure/usr.bin/openssl/man/version.1
stable/9/secure/usr.bin/openssl/man/x509.1
stable/9/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
stable/9/crypto/openssl/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/8/crypto/openssl/CHANGES
stable/8/crypto/openssl/Makefile
stable/8/crypto/openssl/NEWS
stable/8/crypto/openssl/README
stable/8/crypto/openssl/crypto/asn1/a_int.c
stable/8/crypto/openssl/crypto/asn1/tasn_new.c
stable/8/crypto/openssl/crypto/asn1/x_x509.c
stable/8/crypto/openssl/crypto/bn/bn.h
stable/8/crypto/openssl/crypto/bn/bn_err.c
stable/8/crypto/openssl/crypto/bn/bn_print.c
stable/8/crypto/openssl/crypto/bn/bn_rand.c
stable/8/crypto/openssl/crypto/bn/bn_shift.c
stable/8/crypto/openssl/crypto/cms/cms_smime.c
stable/8/crypto/openssl/crypto/dsa/dsa_ossl.c
stable/8/crypto/openssl/crypto/dso/dso_lib.c
stable/8/crypto/openssl/crypto/ec/ec2_smpl.c
stable/8/crypto/openssl/crypto/ec/ec_check.c
stable/8/crypto/openssl/crypto/ec/ec_key.c
stable/8/crypto/openssl/crypto/ec/ec_lib.c
stable/8/crypto/openssl/crypto/ec/ecp_smpl.c
stable/8/crypto/openssl/crypto/ec/ectest.c
stable/8/crypto/openssl/crypto/objects/obj_dat.c
stable/8/crypto/openssl/crypto/ocsp/ocsp_vfy.c
stable/8/crypto/openssl/crypto/opensslv.h
stable/8/crypto/openssl/crypto/pem/pem_pk8.c
stable/8/crypto/openssl/crypto/pkcs7/pk7_doit.c
stable/8/crypto/openssl/crypto/x509/x509_lu.c
stable/8/crypto/openssl/crypto/x509/x509_vfy.c
stable/8/crypto/openssl/doc/crypto/BN_rand.pod
stable/8/crypto/openssl/doc/crypto/BN_set_bit.pod
stable/8/crypto/openssl/doc/crypto/pem.pod
stable/8/crypto/openssl/e_os2.h
stable/8/crypto/openssl/fips/rsa/fips_rsa_eay.c
stable/8/crypto/openssl/openssl.spec
stable/8/crypto/openssl/ssl/d1_lib.c
stable/8/crypto/openssl/ssl/s3_clnt.c
stable/8/crypto/openssl/ssl/s3_srvr.c
stable/8/crypto/openssl/ssl/ssl.h
stable/8/crypto/openssl/ssl/ssl_err.c
stable/8/crypto/openssl/ssl/ssl_locl.h
stable/8/crypto/openssl/ssl/ssl_sess.c
stable/8/crypto/openssl/util/mkerr.pl
stable/8/secure/lib/libcrypto/Makefile.inc
stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/8/secure/lib/libcrypto/man/BIO_ctrl.3
stable/8/secure/lib/libcrypto/man/BIO_f_base64.3
stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/8/secure/lib/libcrypto/man/BIO_f_md.3
stable/8/secure/lib/libcrypto/man/BIO_f_null.3
stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/8/secure/lib/libcrypto/man/BIO_find_type.3
stable/8/secure/lib/libcrypto/man/BIO_new.3
stable/8/secure/lib/libcrypto/man/BIO_push.3
stable/8/secure/lib/libcrypto/man/BIO_read.3
stable/8/secure/lib/libcrypto/man/BIO_s_accept.3
stable/8/secure/lib/libcrypto/man/BIO_s_bio.3
stable/8/secure/lib/libcrypto/man/BIO_s_connect.3
stable/8/secure/lib/libcrypto/man/BIO_s_fd.3
stable/8/secure/lib/libcrypto/man/BIO_s_file.3
stable/8/secure/lib/libcrypto/man/BIO_s_mem.3
stable/8/secure/lib/libcrypto/man/BIO_s_null.3
stable/8/secure/lib/libcrypto/man/BIO_s_socket.3
stable/8/secure/lib/libcrypto/man/BIO_set_callback.3
stable/8/secure/lib/libcrypto/man/BIO_should_retry.3
stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/8/secure/lib/libcrypto/man/BN_CTX_new.3
stable/8/secure/lib/libcrypto/man/BN_CTX_start.3
stable/8/secure/lib/libcrypto/man/BN_add.3
stable/8/secure/lib/libcrypto/man/BN_add_word.3
stable/8/secure/lib/libcrypto/man/BN_bn2bin.3
stable/8/secure/lib/libcrypto/man/BN_cmp.3
stable/8/secure/lib/libcrypto/man/BN_copy.3
stable/8/secure/lib/libcrypto/man/BN_generate_prime.3
stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/8/secure/lib/libcrypto/man/BN_new.3
stable/8/secure/lib/libcrypto/man/BN_num_bytes.3
stable/8/secure/lib/libcrypto/man/BN_rand.3
stable/8/secure/lib/libcrypto/man/BN_set_bit.3
stable/8/secure/lib/libcrypto/man/BN_swap.3
stable/8/secure/lib/libcrypto/man/BN_zero.3
stable/8/secure/lib/libcrypto/man/CONF_modules_free.3
stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
stable/8/secure/lib/libcrypto/man/DH_generate_key.3
stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3
stable/8/secure/lib/libcrypto/man/DH_new.3
stable/8/secure/lib/libcrypto/man/DH_set_method.3
stable/8/secure/lib/libcrypto/man/DH_size.3
stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/8/secure/lib/libcrypto/man/DSA_do_sign.3
stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/8/secure/lib/libcrypto/man/DSA_generate_key.3
stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
stable/8/secure/lib/libcrypto/man/DSA_new.3
stable/8/secure/lib/libcrypto/man/DSA_set_method.3
stable/8/secure/lib/libcrypto/man/DSA_sign.3
stable/8/secure/lib/libcrypto/man/DSA_size.3
stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/8/secure/lib/libcrypto/man/ERR_clear_error.3
stable/8/secure/lib/libcrypto/man/ERR_error_string.3
stable/8/secure/lib/libcrypto/man/ERR_get_error.3
stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/8/secure/lib/libcrypto/man/ERR_load_strings.3
stable/8/secure/lib/libcrypto/man/ERR_print_errors.3
stable/8/secure/lib/libcrypto/man/ERR_put_error.3
stable/8/secure/lib/libcrypto/man/ERR_remove_state.3
stable/8/secure/lib/libcrypto/man/ERR_set_mark.3
stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/8/secure/lib/libcrypto/man/EVP_SealInit.3
stable/8/secure/lib/libcrypto/man/EVP_SignInit.3
stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/8/secure/lib/libcrypto/man/OPENSSL_config.3
stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/8/secure/lib/libcrypto/man/PKCS12_create.3
stable/8/secure/lib/libcrypto/man/PKCS12_parse.3
stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/8/secure/lib/libcrypto/man/PKCS7_sign.3
stable/8/secure/lib/libcrypto/man/PKCS7_verify.3
stable/8/secure/lib/libcrypto/man/RAND_add.3
stable/8/secure/lib/libcrypto/man/RAND_bytes.3
stable/8/secure/lib/libcrypto/man/RAND_cleanup.3
stable/8/secure/lib/libcrypto/man/RAND_egd.3
stable/8/secure/lib/libcrypto/man/RAND_load_file.3
stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/8/secure/lib/libcrypto/man/RSA_check_key.3
stable/8/secure/lib/libcrypto/man/RSA_generate_key.3
stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
stable/8/secure/lib/libcrypto/man/RSA_new.3
stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/8/secure/lib/libcrypto/man/RSA_print.3
stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/8/secure/lib/libcrypto/man/RSA_set_method.3
stable/8/secure/lib/libcrypto/man/RSA_sign.3
stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/8/secure/lib/libcrypto/man/RSA_size.3
stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/8/secure/lib/libcrypto/man/X509_new.3
stable/8/secure/lib/libcrypto/man/bio.3
stable/8/secure/lib/libcrypto/man/blowfish.3
stable/8/secure/lib/libcrypto/man/bn.3
stable/8/secure/lib/libcrypto/man/bn_internal.3
stable/8/secure/lib/libcrypto/man/buffer.3
stable/8/secure/lib/libcrypto/man/crypto.3
stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
stable/8/secure/lib/libcrypto/man/d2i_DHparams.3
stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
stable/8/secure/lib/libcrypto/man/d2i_X509.3
stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3
stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3
stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3
stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3
stable/8/secure/lib/libcrypto/man/des.3
stable/8/secure/lib/libcrypto/man/dh.3
stable/8/secure/lib/libcrypto/man/dsa.3
stable/8/secure/lib/libcrypto/man/ecdsa.3
stable/8/secure/lib/libcrypto/man/engine.3
stable/8/secure/lib/libcrypto/man/err.3
stable/8/secure/lib/libcrypto/man/evp.3
stable/8/secure/lib/libcrypto/man/hmac.3
stable/8/secure/lib/libcrypto/man/lh_stats.3
stable/8/secure/lib/libcrypto/man/lhash.3
stable/8/secure/lib/libcrypto/man/md5.3
stable/8/secure/lib/libcrypto/man/mdc2.3
stable/8/secure/lib/libcrypto/man/pem.3
stable/8/secure/lib/libcrypto/man/rand.3
stable/8/secure/lib/libcrypto/man/rc4.3
stable/8/secure/lib/libcrypto/man/ripemd.3
stable/8/secure/lib/libcrypto/man/rsa.3
stable/8/secure/lib/libcrypto/man/sha.3
stable/8/secure/lib/libcrypto/man/threads.3
stable/8/secure/lib/libcrypto/man/ui.3
stable/8/secure/lib/libcrypto/man/ui_compat.3
stable/8/secure/lib/libcrypto/man/x509.3
stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3
stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3
stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3
stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
stable/8/secure/lib/libssl/man/SSL_CTX_free.3
stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
stable/8/secure/lib/libssl/man/SSL_CTX_new.3
stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3
stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3
stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3
stable/8/secure/lib/libssl/man/SSL_SESSION_free.3
stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3
stable/8/secure/lib/libssl/man/SSL_accept.3
stable/8/secure/lib/libssl/man/SSL_alert_type_string.3
stable/8/secure/lib/libssl/man/SSL_clear.3
stable/8/secure/lib/libssl/man/SSL_connect.3
stable/8/secure/lib/libssl/man/SSL_do_handshake.3
stable/8/secure/lib/libssl/man/SSL_free.3
stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3
stable/8/secure/lib/libssl/man/SSL_get_ciphers.3
stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3
stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3
stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3
stable/8/secure/lib/libssl/man/SSL_get_error.3
stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3
stable/8/secure/lib/libssl/man/SSL_get_fd.3
stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3
stable/8/secure/lib/libssl/man/SSL_get_rbio.3
stable/8/secure/lib/libssl/man/SSL_get_session.3
stable/8/secure/lib/libssl/man/SSL_get_verify_result.3
stable/8/secure/lib/libssl/man/SSL_get_version.3
stable/8/secure/lib/libssl/man/SSL_library_init.3
stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3
stable/8/secure/lib/libssl/man/SSL_new.3
stable/8/secure/lib/libssl/man/SSL_pending.3
stable/8/secure/lib/libssl/man/SSL_read.3
stable/8/secure/lib/libssl/man/SSL_rstate_string.3
stable/8/secure/lib/libssl/man/SSL_session_reused.3
stable/8/secure/lib/libssl/man/SSL_set_bio.3
stable/8/secure/lib/libssl/man/SSL_set_connect_state.3
stable/8/secure/lib/libssl/man/SSL_set_fd.3
stable/8/secure/lib/libssl/man/SSL_set_session.3
stable/8/secure/lib/libssl/man/SSL_set_shutdown.3
stable/8/secure/lib/libssl/man/SSL_set_verify_result.3
stable/8/secure/lib/libssl/man/SSL_shutdown.3
stable/8/secure/lib/libssl/man/SSL_state_string.3
stable/8/secure/lib/libssl/man/SSL_want.3
stable/8/secure/lib/libssl/man/SSL_write.3
stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3
stable/8/secure/lib/libssl/man/ssl.3
stable/8/secure/usr.bin/openssl/man/CA.pl.1
stable/8/secure/usr.bin/openssl/man/asn1parse.1
stable/8/secure/usr.bin/openssl/man/ca.1
stable/8/secure/usr.bin/openssl/man/ciphers.1
stable/8/secure/usr.bin/openssl/man/crl.1
stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/8/secure/usr.bin/openssl/man/dgst.1
stable/8/secure/usr.bin/openssl/man/dhparam.1
stable/8/secure/usr.bin/openssl/man/dsa.1
stable/8/secure/usr.bin/openssl/man/dsaparam.1
stable/8/secure/usr.bin/openssl/man/ec.1
stable/8/secure/usr.bin/openssl/man/ecparam.1
stable/8/secure/usr.bin/openssl/man/enc.1
stable/8/secure/usr.bin/openssl/man/errstr.1
stable/8/secure/usr.bin/openssl/man/gendsa.1
stable/8/secure/usr.bin/openssl/man/genrsa.1
stable/8/secure/usr.bin/openssl/man/nseq.1
stable/8/secure/usr.bin/openssl/man/ocsp.1
stable/8/secure/usr.bin/openssl/man/openssl.1
stable/8/secure/usr.bin/openssl/man/passwd.1
stable/8/secure/usr.bin/openssl/man/pkcs12.1
stable/8/secure/usr.bin/openssl/man/pkcs7.1
stable/8/secure/usr.bin/openssl/man/pkcs8.1
stable/8/secure/usr.bin/openssl/man/rand.1
stable/8/secure/usr.bin/openssl/man/req.1
stable/8/secure/usr.bin/openssl/man/rsa.1
stable/8/secure/usr.bin/openssl/man/rsautl.1
stable/8/secure/usr.bin/openssl/man/s_client.1
stable/8/secure/usr.bin/openssl/man/s_server.1
stable/8/secure/usr.bin/openssl/man/s_time.1
stable/8/secure/usr.bin/openssl/man/sess_id.1
stable/8/secure/usr.bin/openssl/man/smime.1
stable/8/secure/usr.bin/openssl/man/speed.1
stable/8/secure/usr.bin/openssl/man/spkac.1
stable/8/secure/usr.bin/openssl/man/verify.1
stable/8/secure/usr.bin/openssl/man/version.1
stable/8/secure/usr.bin/openssl/man/x509.1
stable/8/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
stable/8/crypto/openssl/ (props changed)
Modified: stable/9/crypto/openssl/CHANGES
==============================================================================
--- stable/9/crypto/openssl/CHANGES Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/CHANGES Thu Jun 11 19:39:27 2015 (r284286)
@@ -2,6 +2,74 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
+
+ *) Malformed ECParameters causes infinite loop
+
+ When processing an ECParameters structure OpenSSL enters an infinite loop
+ if the curve specified is over a specially malformed binary polynomial
+ field.
+
+ This can be used to perform denial of service against any
+ system which processes public keys, certificate requests or
+ certificates. This includes TLS clients and TLS servers with
+ client authentication enabled.
+
+ This issue was reported to OpenSSL by Joseph Barr-Pixton.
+ (CVE-2015-1788)
+ [Andy Polyakov]
+
+ *) Exploitable out-of-bounds read in X509_cmp_time
+
+ X509_cmp_time does not properly check the length of the ASN1_TIME
+ string and can read a few bytes out of bounds. In addition,
+ X509_cmp_time accepts an arbitrary number of fractional seconds in the
+ time string.
+
+ An attacker can use this to craft malformed certificates and CRLs of
+ various sizes and potentially cause a segmentation fault, resulting in
+ a DoS on applications that verify certificates or CRLs. TLS clients
+ that verify CRLs are affected. TLS clients and servers with client
+ authentication enabled may be affected if they use custom verification
+ callbacks.
+
+ This issue was reported to OpenSSL by Robert Swiecki (Google), and
+ independently by Hanno Böck.
+ (CVE-2015-1789)
+ [Emilia Käsper]
+
+ *) PKCS7 crash with missing EnvelopedContent
+
+ The PKCS#7 parsing code does not handle missing inner EncryptedContent
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+ with missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+ structures from untrusted sources are affected. OpenSSL clients and
+ servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-1790)
+ [Emilia Käsper]
+
+ *) CMS verify infinite loop with unknown hash function
+
+ When verifying a signedData message the CMS code can enter an infinite loop
+ if presented with an unknown hash function OID. This can be used to perform
+ denial of service against any system which verifies signedData messages using
+ the CMS code.
+ This issue was reported to OpenSSL by Johannes Bauer.
+ (CVE-2015-1792)
+ [Stephen Henson]
+
+ *) Race condition handling NewSessionTicket
+
+ If a NewSessionTicket is received by a multi-threaded client when attempting to
+ reuse a previous ticket then a race condition can occur potentially leading to
+ a double free of the ticket data.
+ (CVE-2015-1791)
+ [Matt Caswell]
+
Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
*) Segmentation fault in ASN1_TYPE_cmp fix
Modified: stable/9/crypto/openssl/Makefile
==============================================================================
--- stable/9/crypto/openssl/Makefile Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/Makefile Thu Jun 11 19:39:27 2015 (r284286)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8zf
+VERSION=0.9.8zg
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
Modified: stable/9/crypto/openssl/NEWS
==============================================================================
--- stable/9/crypto/openssl/NEWS Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/NEWS Thu Jun 11 19:39:27 2015 (r284286)
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
+
+ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ o Race condition handling NewSessionTicket (CVE-2015-1791)
+
Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
Modified: stable/9/crypto/openssl/README
==============================================================================
--- stable/9/crypto/openssl/README Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/README Thu Jun 11 19:39:27 2015 (r284286)
@@ -1,5 +1,5 @@
- OpenSSL 0.9.8zf 19 Mar 2015
+ OpenSSL 0.9.8zg 11 Jun 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: stable/9/crypto/openssl/crypto/asn1/a_int.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
else {
ret = a->length;
i = a->data[0];
+ if (ret == 1 && i == 0)
+ neg = 0;
if (!neg && (i > 127)) {
pad = 1;
pb = 0;
@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
p += a->length - 1;
i = a->length;
/* Copy zeros to destination as long as source is zero */
- while (!*n) {
+ while (!*n && i > 1) {
*(p--) = 0;
n--;
i--;
@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
- if (BN_is_negative(bn))
+ if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER;
else
ret->type = V_ASN1_INTEGER;
Modified: stable/9/crypto/openssl/crypto/asn1/tasn_new.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1
else
asn1_cb = 0;
- if (!combine)
- *pval = NULL;
-
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_push_info(it->sname);
Modified: stable/9/crypto/openssl/crypto/asn1/x_x509.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -184,7 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
/* Save start position */
q = *pp;
- if(!a || *a == NULL) {
+ if (!a || *a == NULL) {
freeret = 1;
}
ret = d2i_X509(a, pp, length);
@@ -199,7 +199,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
goto err;
return ret;
err:
- if(freeret) {
+ if (freeret) {
X509_free(ret);
if (a)
*a = NULL;
Modified: stable/9/crypto/openssl/crypto/bn/bn.h
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn.h Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/bn/bn.h Thu Jun 11 19:39:27 2015 (r284286)
@@ -871,6 +871,7 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
# define BN_F_BN_GF2M_MOD_SQR 136
# define BN_F_BN_GF2M_MOD_SQRT 137
+# define BN_F_BN_LSHIFT 145
# define BN_F_BN_MOD_EXP2_MONT 118
# define BN_F_BN_MOD_EXP_MONT 109
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
@@ -886,12 +887,14 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_NEW 113
# define BN_F_BN_RAND 114
# define BN_F_BN_RAND_RANGE 122
+# define BN_F_BN_RSHIFT 146
# define BN_F_BN_USUB 115
/* Reason codes. */
# define BN_R_ARG2_LT_ARG3 100
# define BN_R_BAD_RECIPROCAL 101
# define BN_R_BIGNUM_TOO_LONG 114
+# define BN_R_BITS_TOO_SMALL 118
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
# define BN_R_DIV_BY_ZERO 103
# define BN_R_ENCODING_ERROR 104
@@ -899,6 +902,7 @@ void ERR_load_BN_strings(void);
# define BN_R_INPUT_NOT_REDUCED 110
# define BN_R_INVALID_LENGTH 106
# define BN_R_INVALID_RANGE 115
+# define BN_R_INVALID_SHIFT 119
# define BN_R_NOT_A_SQUARE 111
# define BN_R_NOT_INITIALIZED 107
# define BN_R_NO_INVERSE 108
Modified: stable/9/crypto/openssl/crypto/bn/bn_err.c
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn_err.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/bn/bn_err.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -1,6 +1,6 @@
/* crypto/bn/bn_err.c */
/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] =
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] =
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+ {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
{0, NULL}
};
@@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[]
{ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
{ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
{ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+ {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
{ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
{ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[]
{ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
{ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
+ {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
{ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
{ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
{ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
Modified: stable/9/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn_print.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/bn/bn_print.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf;
char *p;
- buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+ if (a->neg && BN_is_zero(a)) {
+ /* "-0" == 3 bytes including NULL terminator */
+ buf = OPENSSL_malloc(3);
+ } else {
+ buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+ }
if (buf == NULL) {
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err;
Modified: stable/9/crypto/openssl/crypto/bn/bn_rand.c
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn_rand.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/bn/bn_rand.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM
int ret = 0, bit, bytes, mask;
time_t tim;
+ if (bits < 0 || (bits == 1 && top > 0)) {
+ BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+ return 0;
+ }
+
if (bits == 0) {
BN_zero(rnd);
return 1;
@@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM
}
#endif
- if (top != -1) {
+ if (top >= 0) {
if (top) {
if (bit == 0) {
buf[0] = 1;
Modified: stable/9/crypto/openssl/crypto/bn/bn_shift.c
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn_shift.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/bn/bn_shift.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a
bn_check_top(r);
bn_check_top(a);
+ if (n < 0) {
+ BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+ return 0;
+ }
+
r->neg = a->neg;
nw = n / BN_BITS2;
if (bn_wexpand(r, a->top + nw + 1) == NULL)
@@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a
bn_check_top(r);
bn_check_top(a);
+ if (n < 0) {
+ BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+ return 0;
+ }
+
nw = n / BN_BITS2;
rb = n % BN_BITS2;
lb = BN_BITS2 - rb;
Modified: stable/9/crypto/openssl/crypto/cms/cms_smime.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_smime.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/cms/cms_smime.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *up
BIO_free(f);
f = tbio;
}
- while (f != upto);
+ while (f && f != upto);
} else
BIO_free_all(f);
}
Modified: stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c
==============================================================================
--- stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -107,23 +107,23 @@ static DSA_METHOD openssl_dsa_meth = {
# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
do { \
int _tmp_res53; \
- if((dsa)->meth->dsa_mod_exp) \
+ if ((dsa)->meth->dsa_mod_exp) \
_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
(a2), (p2), (m), (ctx), (in_mont)); \
else \
_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
(m), (ctx), (in_mont)); \
- if(!_tmp_res53) err_instr; \
+ if (!_tmp_res53) err_instr; \
} while(0)
# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
do { \
int _tmp_res53; \
- if((dsa)->meth->bn_mod_exp) \
+ if ((dsa)->meth->bn_mod_exp) \
_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
(m), (ctx), (m_ctx)); \
else \
_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
- if(!_tmp_res53) err_instr; \
+ if (!_tmp_res53) err_instr; \
} while(0)
const DSA_METHOD *DSA_OpenSSL(void)
Modified: stable/9/crypto/openssl/crypto/dso/dso_lib.c
==============================================================================
--- stable/9/crypto/openssl/crypto/dso/dso_lib.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/dso/dso_lib.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, co
* honest. For one thing, I think I have to return a negative value for any
* error because possible DSO_ctrl() commands may return values such as
* "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
* times. I'd prefer "output" values to be passed by reference and the return
* value as success/failure like usual ... but we conform when we must... :-)
*/
Modified: stable/9/crypto/openssl/crypto/ec/ec2_smpl.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec2_smpl.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ec2_smpl.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GR
}
/* test required by X9.62 */
- if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
Modified: stable/9/crypto/openssl/crypto/ec/ec_check.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec_check.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ec_check.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
goto err;
}
- if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+ if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
Modified: stable/9/crypto/openssl/crypto/ec/ec_key.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec_key.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ec_key.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey
goto err;
/* testing whether the pub_key is on the elliptic curve */
- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+ if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
Modified: stable/9/crypto/openssl/crypto/ec/ec_lib.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec_lib.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ec_lib.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GRO
return group->meth->is_at_infinity(group, point);
}
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ * 1: The point is on the curve
+ * 0: The point is not on the curve
+ * -1: An error occurred
+ */
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx)
{
Modified: stable/9/crypto/openssl/crypto/ec/ecp_smpl.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ecp_smpl.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ecp_smpl.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GRO
}
/* test required by X9.62 */
- if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
Modified: stable/9/crypto/openssl/crypto/ec/ectest.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ectest.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ec/ectest.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -303,7 +303,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
ABORT;
fprintf(stderr, "Point is not on curve: x = 0x");
@@ -436,7 +436,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
ABORT;
@@ -501,7 +501,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
ABORT;
@@ -572,7 +572,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn
(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
@@ -649,7 +649,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
"84F3B9CAC2FC632551"))
@@ -723,7 +723,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
@@ -800,7 +800,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
@@ -862,7 +862,7 @@ void prime_field_tests()
ABORT;
if (!EC_POINT_dbl(group, P, P, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */
@@ -1004,7 +1004,7 @@ void prime_field_tests()
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1022,7 +1022,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!BN_hex2bn(&y, _y)) ABORT; \
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1161,7 +1161,7 @@ void char2_field_tests()
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
ABORT;
# endif
- if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
@@ -1382,7 +1382,7 @@ void char2_field_tests()
ABORT;
if (!EC_POINT_dbl(group, P, P, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */
Modified: stable/9/crypto/openssl/crypto/objects/obj_dat.c
==============================================================================
--- stable/9/crypto/openssl/crypto/objects/obj_dat.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/objects/obj_dat.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
if (a->nid != 0)
return (a->nid);
+ if (a->length == 0)
+ return NID_undef;
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
Modified: stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
{
X509 *signer, *x;
STACK_OF(X509) *chain = NULL;
+ STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
int i, ret = 0;
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
@@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
}
if (!(flags & OCSP_NOVERIFY)) {
int init_res;
- if (flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if (flags & OCSP_NOCHAIN) {
+ untrusted = NULL;
+ } else if (bs->certs && certs) {
+ untrusted = sk_X509_dup(bs->certs);
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ }
+ } else {
+ untrusted = bs->certs;
+ }
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
if (!init_res) {
ret = -1;
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
@@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
end:
if (chain)
sk_X509_pop_free(chain, X509_free);
+ if (bs->certs && certs)
+ sk_X509_free(untrusted);
return ret;
}
Modified: stable/9/crypto/openssl/crypto/opensslv.h
==============================================================================
--- stable/9/crypto/openssl/crypto/opensslv.h Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/opensslv.h Thu Jun 11 19:39:27 2015 (r284286)
@@ -26,11 +26,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x009081ffL
+# define OPENSSL_VERSION_NUMBER 0x0090820fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-fips 11 Jun 2015"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-freebsd 19 Mar 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-freebsd 11 Jun 2015"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: stable/9/crypto/openssl/crypto/pem/pem_pk8.c
==============================================================================
--- stable/9/crypto/openssl/crypto/pem/pem_pk8.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/pem/pem_pk8.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY
if (kstr == buf)
OPENSSL_cleanse(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (p8 == NULL)
+ return 0;
if (isder)
ret = i2d_PKCS8_bio(bp, p8);
else
Modified: stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c
==============================================================================
--- stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -359,12 +359,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
switch (i) {
case NID_pkcs7_signed:
+ /*
+ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+ * field and optional content.
+ * data_body is NULL if that structure has no (=detached) content
+ * or if the contentType is wrong (i.e., not "data").
+ */
data_body = PKCS7_get_octet_string(p7->d.sign->contents);
md_sk = p7->d.sign->md_algs;
break;
case NID_pkcs7_signedAndEnveloped:
rsk = p7->d.signed_and_enveloped->recipientinfo;
md_sk = p7->d.signed_and_enveloped->md_algs;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -377,6 +384,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
case NID_pkcs7_enveloped:
rsk = p7->d.enveloped->recipientinfo;
enc_alg = p7->d.enveloped->enc_data->algorithm;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body = p7->d.enveloped->enc_data->enc_data;
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL) {
@@ -390,6 +398,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
goto err;
}
+ /* Detached content must be supplied via in_bio instead. */
+ if (data_body == NULL && in_bio == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
+
/* We will be checking the signature */
if (md_sk != NULL) {
for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
@@ -557,7 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
etmp = NULL;
}
#if 1
- if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+ if (in_bio != NULL) {
bio = in_bio;
} else {
# if 0
Modified: stable/9/crypto/openssl/crypto/x509/x509_lu.c
==============================================================================
--- stable/9/crypto/openssl/crypto/x509/x509_lu.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/x509/x509_lu.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void)
static void cleanup(X509_OBJECT *a)
{
+ if (!a)
+ return;
if (a->type == X509_LU_X509) {
X509_free(a->data.x509);
} else if (a->type == X509_LU_CRL) {
Modified: stable/9/crypto/openssl/crypto/x509/x509_vfy.c
==============================================================================
--- stable/9/crypto/openssl/crypto/x509/x509_vfy.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/crypto/x509/x509_vfy.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -1007,47 +1007,84 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t
ASN1_TIME atm;
long offset;
char buff1[24], buff2[24], *p;
- int i, j;
+ int i, j, remaining;
p = buff1;
- i = ctm->length;
+ remaining = ctm->length;
str = (char *)ctm->data;
+ /*
+ * Note that the following (historical) code allows much more slack in the
+ * time format than RFC5280. In RFC5280, the representation is fixed:
+ * UTCTime: YYMMDDHHMMSSZ
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
+ */
if (ctm->type == V_ASN1_UTCTIME) {
- if ((i < 11) || (i > 17))
+ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+ int min_length = sizeof("YYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
return 0;
memcpy(p, str, 10);
p += 10;
str += 10;
+ remaining -= 10;
} else {
- if (i < 13)
+ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
return 0;
memcpy(p, str, 12);
p += 12;
str += 12;
+ remaining -= 12;
}
if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
*(p++) = '0';
*(p++) = '0';
} else {
+ /* SS (seconds) */
+ if (remaining < 2)
+ return 0;
*(p++) = *(str++);
*(p++) = *(str++);
- /* Skip any fractional seconds... */
- if (*str == '.') {
+ remaining -= 2;
+ /*
+ * Skip any (up to three) fractional seconds...
+ * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+ * Can we just kill them altogether?
+ */
+ if (remaining && *str == '.') {
str++;
- while ((*str >= '0') && (*str <= '9'))
- str++;
+ remaining--;
+ for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+ if (*str < '0' || *str > '9')
+ break;
+ }
}
}
*(p++) = 'Z';
*(p++) = '\0';
- if (*str == 'Z')
+ /* We now need either a terminating 'Z' or an offset. */
+ if (!remaining)
+ return 0;
+ if (*str == 'Z') {
+ if (remaining != 1)
+ return 0;
offset = 0;
- else {
+ } else {
+ /* (+-)HHMM */
if ((*str != '+') && (*str != '-'))
return 0;
+ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+ if (remaining != 5)
+ return 0;
+ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+ return 0;
offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
offset += (str[3] - '0') * 10 + (str[4] - '0');
if (*str == '-')
@@ -1304,6 +1341,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
+ if (!ctx)
+ return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
Modified: stable/9/crypto/openssl/doc/crypto/BN_rand.pod
==============================================================================
--- stable/9/crypto/openssl/doc/crypto/BN_rand.pod Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/doc/crypto/BN_rand.pod Thu Jun 11 19:39:27 2015 (r284286)
@@ -24,7 +24,8 @@ most significant bit of the random numbe
it is set to 1, and if B<top> is 1, the two most significant bits of
the number will be set to 1, so that the product of two such random
numbers will always have 2*B<bits> length. If B<bottom> is true, the
-number will be odd.
+number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
+1 then B<top> cannot also be 1.
BN_pseudo_rand() does the same, but pseudo-random numbers generated by
this function are not necessarily unpredictable. They can be used for
Modified: stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod
==============================================================================
--- stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod Thu Jun 11 19:39:27 2015 (r284286)
@@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n>
shorter than B<n> bits.
BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
-the result in B<r> (C<r=2*a>).
+B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
+B<a> left by one and places the result in B<r> (C<r=2*a>).
BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
-the result in B<r> (C<r=a/2>).
+B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
+B<a> right by one and places the result in B<r> (C<r=a/2>).
For the shift functions, B<r> and B<a> may be the same variable.
Modified: stable/9/crypto/openssl/doc/crypto/pem.pod
==============================================================================
--- stable/9/crypto/openssl/doc/crypto/pem.pod Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/doc/crypto/pem.pod Thu Jun 11 19:39:27 2015 (r284286)
@@ -2,7 +2,29 @@
=head1 NAME
-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509,
PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
+PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
+PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
+PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
+PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
+PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
+PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
+PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
+PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
+PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
+PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
+PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
+PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
+PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
+PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
+PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
+PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
+PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
+PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
+PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
=head1 SYNOPSIS
@@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an er
key is not DSA.
The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
+structure. The parameters are encoded using a Dss-Parms structure
+as defined in RFC2459.
The B<DHparams> functions process DH parameters using a DH
structure. The parameters are encoded using a PKCS#3 DHparameter
Modified: stable/9/crypto/openssl/e_os2.h
==============================================================================
--- stable/9/crypto/openssl/e_os2.h Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/e_os2.h Thu Jun 11 19:39:27 2015 (r284286)
@@ -109,6 +109,12 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32
# endif
+# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
+# undef OPENSSL_SYS_UNIX
+# if !defined(OPENSSL_SYS_WIN64)
+# define OPENSSL_SYS_WIN64
+# endif
+# endif
# if defined(OPENSSL_SYSNAME_WINNT)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINNT
@@ -121,7 +127,7 @@ extern "C" {
# endif
/* Anything that tries to look like Microsoft is "Windows" */
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINDOWS
# ifndef OPENSSL_SYS_MSDOS
Modified: stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c
==============================================================================
--- stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -158,7 +158,7 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
* RSA_FLAG_CACHE_PRIVATE, goto err);
*/
# define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
- if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
+ if ((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
CRYPTO_LOCK_RSA, \
(rsa)->m, (ctx))) \
Modified: stable/9/crypto/openssl/openssl.spec
==============================================================================
--- stable/9/crypto/openssl/openssl.spec Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/openssl.spec Thu Jun 11 19:39:27 2015 (r284286)
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 0.9.8zf
+Version: 0.9.8zg
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Modified: stable/9/crypto/openssl/ssl/d1_lib.c
==============================================================================
--- stable/9/crypto/openssl/ssl/d1_lib.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/ssl/d1_lib.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr
{
int ret;
+ /* Ensure there is no state left over from a previous invocation */
+ SSL_clear(s);
+
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
Modified: stable/9/crypto/openssl/ssl/s3_clnt.c
==============================================================================
--- stable/9/crypto/openssl/ssl/s3_clnt.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/ssl/s3_clnt.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s)
}
p = d = (unsigned char *)s->init_msg;
+
+ if (s->session->session_id_length > 0) {
+ int i = s->session_ctx->session_cache_mode;
+ SSL_SESSION *new_sess;
+ /*
+ * We reused an existing session, so we need to replace it with a new
+ * one
+ */
+ if (i & SSL_SESS_CACHE_CLIENT) {
+ /*
+ * Remove the old session from the cache
+ */
+ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+ if (s->session_ctx->remove_session_cb != NULL)
+ s->session_ctx->remove_session_cb(s->session_ctx,
+ s->session);
+ } else {
+ /* We carry on if this fails */
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
/* ticket_lifetime_hint + ticket_length + ticket */
Modified: stable/9/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/9/crypto/openssl/ssl/s3_srvr.c Thu Jun 11 19:07:45 2015 (r284285)
+++ stable/9/crypto/openssl/ssl/s3_srvr.c Thu Jun 11 19:39:27 2015 (r284286)
@@ -779,6 +779,16 @@ int ssl3_get_client_hello(SSL *s)
d = p = (unsigned char *)s->init_msg;
/*
+ * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
+ * for session id length
+ */
+ if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ /*
* use version from inside client hello, not from record header (may
* differ: see RFC 2246, Appendix E, second paragraph)
*/
@@ -808,6 +818,12 @@ int ssl3_get_client_hello(SSL *s)
unsigned int session_length, cookie_length;
session_length = *(p + SSL3_RANDOM_SIZE);
+
+ if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
if (cookie_length == 0)
@@ -821,6 +837,12 @@ int ssl3_get_client_hello(SSL *s)
/* get the session-id */
j = *(p++);
+ if (p + j > d + n) {
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable-9
mailing list