Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl merge conflicts
details: https://anonhg.NetBSD.org/src/rev/4ecdf5f280a5
branches: trunk
changeset: 325925:4ecdf5f280a5
user: christos <christos%NetBSD.org@localhost>
date: Sat Jan 11 18:34:36 2014 +0000
description:
merge conflicts
diffstat:
crypto/external/bsd/openssl/dist/Configure | 2 +-
crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c | 22 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 11 +
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_accept.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_do_handshake.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_shutdown.pod | 10 +-
crypto/external/bsd/openssl/dist/ssl/d1_pkt.c | 7 +
crypto/external/bsd/openssl/dist/ssl/d1_srvr.c | 29 +-
crypto/external/bsd/openssl/dist/ssl/s23_clnt.c | 29 ++-
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c | 7 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 20 +-
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 10 +-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 16 +-
crypto/external/bsd/openssl/dist/ssl/ssl.h | 11 +-
crypto/external/bsd/openssl/dist/ssl/ssl3.h | 9 +
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 3 +
crypto/external/bsd/openssl/dist/ssl/ssltest.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/t1_enc.c | 28 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 104 ++++++++-
crypto/external/bsd/openssl/dist/test/test_aesni | 69 ------
crypto/external/bsd/openssl/lib/libcrypto/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libdes/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libssl/shlib_version | 4 +-
27 files changed, 287 insertions(+), 174 deletions(-)
diffs (truncated from 976 to 300 lines):
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure Sat Jan 11 18:34:36 2014 +0000
@@ -178,7 +178,7 @@
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings
-pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes
-Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c
--- a/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c Sat Jan 11 18:34:36 2014 +0000
@@ -179,14 +179,14 @@
return(len);
}
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
{
size_t i;
if (in)
{
out += size - 1;
for (i = 0; i < size; i++)
- *in++ = *out--;
+ *out-- = *in++;
}
else
{
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
--- a/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Sat Jan 11 18:34:36 2014 +0000
@@ -849,7 +849,10 @@
gctx->ctr = NULL;
break;
}
+ else
#endif
+ (void)0; /* terminate potentially open 'else' */
+
AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
#ifdef AES_CTR_ASM
@@ -1090,14 +1093,17 @@
xctx->xts.block1 = (block128_f)vpaes_decrypt;
}
- vpaes_set_encrypt_key(key + ctx->key_len/2,
+ vpaes_set_encrypt_key(key + ctx->key_len/2,
ctx->key_len * 4, &xctx->ks2);
- xctx->xts.block2 = (block128_f)vpaes_encrypt;
+ xctx->xts.block2 = (block128_f)vpaes_encrypt;
- xctx->xts.key1 = &xctx->ks1;
- break;
- }
+ xctx->xts.key1 = &xctx->ks1;
+ break;
+ }
+ else
#endif
+ (void)0; /* terminate potentially open 'else' */
+
if (enc)
{
AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/crypto/opensslv.h
--- a/crypto/external/bsd/openssl/dist/crypto/opensslv.h Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/opensslv.h Sat Jan 11 18:34:36 2014 +0000
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000105fL
+#define OPENSSL_VERSION_NUMBER 0x1000106fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e-fips 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1e 11 Feb 2013"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
--- a/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c Sat Jan 11 18:34:36 2014 +0000
@@ -378,8 +378,11 @@
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ /* NB: in FIPS mode we are already under a lock */
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -461,7 +464,10 @@
/* before unlocking, we must clear 'crypto_lock_rand' */
crypto_lock_rand = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
{
@@ -513,10 +519,16 @@
MD_Init(&m);
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
MD_Update(&m,md,MD_DIGEST_LENGTH);
MD_Final(&m,md);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
EVP_MD_CTX_cleanup(&m);
if (ok)
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
--- a/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sat Jan 11 18:34:36 2014 +0000
@@ -694,6 +694,7 @@
X509_CRL *crl = NULL, *dcrl = NULL;
X509 *x;
int ok, cnum;
+ unsigned int last_reasons;
cnum = ctx->error_depth;
x = sk_X509_value(ctx->chain, cnum);
ctx->current_cert = x;
@@ -702,6 +703,7 @@
ctx->current_reasons = 0;
while (ctx->current_reasons != CRLDP_ALL_REASONS)
{
+ last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
if (ctx->get_crl)
ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@
X509_CRL_free(dcrl);
crl = NULL;
dcrl = NULL;
+ /* If reasons not updated we wont get anywhere by
+ * another iteration, so exit loop.
+ */
+ if (last_reasons == ctx->current_reasons)
+ {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+ ok = ctx->verify_cb(0, ctx);
+ goto err;
+ }
}
err:
X509_CRL_free(crl);
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod
--- a/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod Sat Jan 11 18:34:36 2014 +0000
@@ -66,16 +66,16 @@
=over 4
-=item Z<>1
-
-The operation succeeded.
-
=item 0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
+=item 1
+
+The operation succeeded.
+
=back
=head1 EXAMPLES
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/doc/ssl/SSL_accept.pod
--- a/crypto/external/bsd/openssl/dist/doc/ssl/SSL_accept.pod Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/doc/ssl/SSL_accept.pod Sat Jan 11 18:34:36 2014 +0000
@@ -44,17 +44,17 @@
=over 4
-=item Z<>1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/doc/ssl/SSL_do_handshake.pod
--- a/crypto/external/bsd/openssl/dist/doc/ssl/SSL_do_handshake.pod Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/doc/ssl/SSL_do_handshake.pod Sat Jan 11 18:34:36 2014 +0000
@@ -45,17 +45,17 @@
=over 4
-=item Z<>1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/doc/ssl/SSL_shutdown.pod
--- a/crypto/external/bsd/openssl/dist/doc/ssl/SSL_shutdown.pod Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/doc/ssl/SSL_shutdown.pod Sat Jan 11 18:34:36 2014 +0000
@@ -92,11 +92,6 @@
=over 4
-=item Z<>1
-
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
=item 0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
@@ -104,6 +99,11 @@
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+=item 1
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
=item -1
The shutdown was not successful because a fatal error occurred either
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/ssl/d1_pkt.c
--- a/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Sat Jan 11 18:34:36 2014 +0000
@@ -847,6 +847,12 @@
}
}
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+ {
+ rr->length = 0;
+ goto start;
+ }
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->d1->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
diff -r 39fb77257fc7 -r 4ecdf5f280a5 crypto/external/bsd/openssl/dist/ssl/d1_srvr.c
--- a/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c Sat Jan 11 18:31:35 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c Sat Jan 11 18:34:36 2014 +0000
Home |
Main Index |
Thread Index |
Old Index