Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src merge openssl 1.0.1i
details: https://anonhg.NetBSD.org/src/rev/bdb4dcdf2742
branches: trunk
changeset: 331385:bdb4dcdf2742
user: spz <spz%NetBSD.org@localhost>
date: Sun Aug 10 08:07:48 2014 +0000
description:
merge openssl 1.0.1i
diffstat:
crypto/external/bsd/openssl/dist/Configure | 3 +-
crypto/external/bsd/openssl/dist/Makefile | 2 +-
crypto/external/bsd/openssl/dist/apps/ca.c | 5 +
crypto/external/bsd/openssl/dist/apps/ocsp.c | 2 +-
crypto/external/bsd/openssl/dist/apps/s_client.c | 2 +
crypto/external/bsd/openssl/dist/apps/s_server.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c | 2 +
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c | 1 +
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c | 9 +
crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c | 35 +-
crypto/external/bsd/openssl/dist/crypto/ec/ectest.c | 39 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 68 +-
crypto/external/bsd/openssl/dist/crypto/idea/ideatest.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/opensslconf.h | 6 +
crypto/external/bsd/openssl/dist/crypto/opensslv.h | 11 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_ber.c | 466 ----------
crypto/external/bsd/openssl/dist/crypto/pkcs7/dec.c | 248 -----
crypto/external/bsd/openssl/dist/crypto/pkcs7/des.pem | 15 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/doc | 24 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/enc.c | 174 ---
crypto/external/bsd/openssl/dist/crypto/pkcs7/es1.pem | 66 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/example.c | 329 -------
crypto/external/bsd/openssl/dist/crypto/pkcs7/example.h | 57 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/info.pem | 57 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/infokey.pem | 9 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a1 | 2 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/p7/a2 | 1 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/server.pem | 24 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/sign.c | 154 ---
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3des.pem | 16 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/3dess.pem | 32 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/c.pem | 48 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/ff | 32 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e | 20 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-e.pem | 22 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01 | 62 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-01.pem | 66 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02 | 90 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-enc-02.pem | 106 --
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e | 91 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/msie-s-a-e.pem | 106 --
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/nav-smime | 157 ---
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/s.pem | 57 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/t/server.pem | 57 -
crypto/external/bsd/openssl/dist/crypto/pkcs7/verify.c | 263 -----
crypto/external/bsd/openssl/dist/crypto/ppccap.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl | 6 +-
crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c | 24 +-
crypto/external/bsd/openssl/dist/crypto/rand/randfile.c | 1 +
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_eay.c | 2 +-
crypto/external/bsd/openssl/dist/demos/eay/Makefile | 24 -
crypto/external/bsd/openssl/dist/demos/eay/base64.c | 49 -
crypto/external/bsd/openssl/dist/demos/eay/conn.c | 105 --
crypto/external/bsd/openssl/dist/demos/eay/loadrsa.c | 53 -
crypto/external/bsd/openssl/dist/demos/maurice/Makefile | 59 -
crypto/external/bsd/openssl/dist/demos/maurice/README | 34 -
crypto/external/bsd/openssl/dist/demos/maurice/cert.pem | 77 -
crypto/external/bsd/openssl/dist/demos/maurice/example1.c | 198 ----
crypto/external/bsd/openssl/dist/demos/maurice/example2.c | 75 -
crypto/external/bsd/openssl/dist/demos/maurice/example3.c | 87 -
crypto/external/bsd/openssl/dist/demos/maurice/example4.c | 123 --
crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.c | 72 -
crypto/external/bsd/openssl/dist/demos/maurice/loadkeys.h | 19 -
crypto/external/bsd/openssl/dist/demos/maurice/privkey.pem | 27 -
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod | 2 +-
crypto/external/bsd/openssl/dist/ssl/d1_srvr.c | 10 +-
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c | 24 +
crypto/external/bsd/openssl/dist/ssl/s3_enc.c | 12 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 40 +-
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 2 +-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 9 +-
crypto/external/bsd/openssl/dist/ssl/ssl.h | 6 +
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c | 40 +-
crypto/external/bsd/openssl/dist/ssl/ssl_err.c | 1 +
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 25 +-
crypto/external/bsd/openssl/dist/ssl/t1_enc.c | 2 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 59 +-
crypto/external/bsd/openssl/dist/ssl/tls_srp.c | 2 +-
crypto/external/bsd/openssl/dist/test/heartbeat_test.c | 466 ++++++++++
crypto/external/bsd/openssl/lib/libcrypto/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libssl/shlib_version | 4 +-
crypto/external/bsd/openssl/lib/libssl/ssl.diff | 19 -
crypto/external/bsd/openssl/lib/libssl/ssl.inc | 4 +-
distrib/sets/lists/base/ad.arm | 6 +-
distrib/sets/lists/base/ad.mips | 10 +-
distrib/sets/lists/base/ad.powerpc | 6 +-
distrib/sets/lists/base/md.amd64 | 6 +-
distrib/sets/lists/base/md.sparc64 | 6 +-
distrib/sets/lists/base/shl.mi | 8 +-
distrib/sets/lists/debug/ad.arm | 6 +-
distrib/sets/lists/debug/ad.mips | 10 +-
distrib/sets/lists/debug/ad.powerpc | 6 +-
distrib/sets/lists/debug/md.amd64 | 6 +-
distrib/sets/lists/debug/md.sparc64 | 6 +-
distrib/sets/lists/debug/shl.mi | 8 +-
98 files changed, 859 insertions(+), 4059 deletions(-)
diffs (truncated from 6392 to 300 lines):
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure Sun Aug 10 08:07:48 2014 +0000
@@ -720,6 +720,7 @@
"sctp" => "default",
"shared" => "default",
"store" => "experimental",
+ "unit-test" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
@@ -727,7 +728,7 @@
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE
-DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/Makefile
--- a/crypto/external/bsd/openssl/dist/Makefile Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile Sun Aug 10 08:07:48 2014 +0000
@@ -69,7 +69,7 @@
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
NM= nm
-PERL= /usr/bin/perl
+PERL= /usr/pkg/bin/perl
TAR= tar
TARFLAGS= --no-recursion --record-size=10240
MAKEDEPPROG=makedepend
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/apps/ca.c
--- a/crypto/external/bsd/openssl/dist/apps/ca.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/ca.c Sun Aug 10 08:07:48 2014 +0000
@@ -1620,12 +1620,14 @@
{
ok=0;
BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
goto err;
}
if (i == 0)
{
ok=0;
BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
goto err;
}
else
@@ -2777,6 +2779,9 @@
revtm = X509_gmtime_adj(NULL, 0);
+ if (!revtm)
+ return NULL;
+
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/apps/ocsp.c
--- a/crypto/external/bsd/openssl/dist/apps/ocsp.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/ocsp.c Sun Aug 10 08:07:48 2014 +0000
@@ -1419,7 +1419,7 @@
}
resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
end:
if (cbio)
BIO_free_all(cbio);
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/apps/s_client.c
--- a/crypto/external/bsd/openssl/dist/apps/s_client.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_client.c Sun Aug 10 08:07:48 2014 +0000
@@ -290,6 +290,7 @@
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
@@ -300,6 +301,7 @@
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
#ifdef WATT32
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/apps/s_server.c
--- a/crypto/external/bsd/openssl/dist/apps/s_server.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_server.c Sun Aug 10 08:07:48 2014 +0000
@@ -463,6 +463,7 @@
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
@@ -534,6 +535,7 @@
BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err," -hack - workaround for early Netscape code\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
@@ -562,6 +564,10 @@
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+ BIO_printf(bio_err," -status - respond to certificate status requests\n");
+ BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");
+ BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
+ BIO_printf(bio_err," -status_url URL - status request fallback URL\n");
}
static int local_argc=0;
@@ -739,7 +745,7 @@
if (servername)
{
- if (strcmp(servername,p->servername))
+ if (strcasecmp(servername,p->servername))
return p->extension_error;
if (ctx2)
{
@@ -1356,6 +1362,14 @@
sv_usage();
goto end;
}
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM)
+ {
+ BIO_printf(bio_err,
+ "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c Sun Aug 10 08:07:48 2014 +0000
@@ -667,6 +667,8 @@
int len, state, save_state = 0;
headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ if (!headers)
+ return NULL;
while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
/* If whitespace at line start then continuation line */
if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c Sun Aug 10 08:07:48 2014 +0000
@@ -463,6 +463,7 @@
}
}
}
+ }
/* If not sorting just output each item */
if (!do_sort)
{
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
--- a/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Sun Aug 10 08:07:48 2014 +0000
@@ -684,7 +684,7 @@
/* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size... */
- if (window==5)
+ if (window==5 && top>1)
{
void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
const void *table,const BN_ULONG *np,
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
--- a/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c Sun Aug 10 08:07:48 2014 +0000
@@ -320,6 +320,15 @@
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
return(NULL);
}
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c
--- a/crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c Sun Aug 10 08:07:48 2014 +0000
@@ -93,9 +93,10 @@
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
+
env = cms_get0_enveloped(cms);
if (!env)
- goto err;
+ return NULL;
if (wrap_nid <= 0)
wrap_nid = NID_id_alg_PWRI_KEK;
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c
--- a/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c Sun Aug 10 08:07:48 2014 +0000
@@ -321,7 +321,7 @@
p=eat_ws(conf, end);
if (*p != ']')
{
- if (*p != '\0')
+ if (*p != '\0' && ss != p)
{
ss=p;
goto again;
diff -r 5f9d8b266551 -r bdb4dcdf2742 crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c
--- a/crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c Sun Aug 10 07:40:49 2014 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c Sun Aug 10 08:07:48 2014 +0000
@@ -1200,7 +1200,7 @@
tmp = BN_CTX_get(ctx);
tmp_Z = BN_CTX_get(ctx);
if (tmp == NULL || tmp_Z == NULL) goto err;
-
+
prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
if (prod_Z == NULL) goto err;
for (i = 0; i < num; i++)
@@ -1208,25 +1208,25 @@
prod_Z[i] = BN_new();
if (prod_Z[i] == NULL) goto err;
}
-
+
/* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
* skipping any zero-valued inputs (pretend that they're 1). */
if (!BN_is_zero(&points[0]->Z))
- {
+ {
if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
- }
- else
- {
+ }
+ else
+ {
if (group->meth->field_set_to_one != 0)
- {
+ {
if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
- }
- else
- {
+ }
+ else
+ {
if (!BN_one(prod_Z[0])) goto err;
- }
- }
+ }
+ }
for (i = 1; i < num; i++)
{
@@ -1244,10 +1244,9 @@
* non-zero points[i]->Z by its inverse. */
if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
- goto err;
- }
+ {
+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
+ }
if (group->meth->field_encode != 0)
{
/* In the Montgomery case, we just turned R*H (representing H)
@@ -1271,7 +1270,7 @@
/* Replace points[i]->Z by its inverse. */
if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
}
- }
+ }
if (!BN_is_zero(&points[0]->Z))
{
@@ -1294,7 +1293,7 @@
Home |
Main Index |
Thread Index |
Old Index