Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist import 1.0.1d for http://ww...
details: https://anonhg.NetBSD.org/src/rev/53183bdf46ba
branches: trunk
changeset: 784682:53183bdf46ba
user: christos <christos%NetBSD.org@localhost>
date: Tue Feb 05 19:04:09 2013 +0000
description:
import 1.0.1d for http://www.openssl.org/news/secadv_20130204.txt
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 43 +
crypto/external/bsd/openssl/dist/FAQ | 2 +-
crypto/external/bsd/openssl/dist/Makefile | 4 +-
crypto/external/bsd/openssl/dist/Makefile.org | 2 +-
crypto/external/bsd/openssl/dist/NEWS | 8 +
crypto/external/bsd/openssl/dist/PROBLEMS | 14 +
crypto/external/bsd/openssl/dist/README | 2 +-
crypto/external/bsd/openssl/dist/apps/apps.c | 5 +-
crypto/external/bsd/openssl/dist/apps/cms.c | 4 +
crypto/external/bsd/openssl/dist/apps/dgst.c | 4 +-
crypto/external/bsd/openssl/dist/apps/dhparam.c | 1 -
crypto/external/bsd/openssl/dist/apps/dsaparam.c | 9 +-
crypto/external/bsd/openssl/dist/apps/genrsa.c | 2 +-
crypto/external/bsd/openssl/dist/apps/s_cb.c | 6 +-
crypto/external/bsd/openssl/dist/apps/srp.c | 30 +-
crypto/external/bsd/openssl/dist/apps/verify.c | 27 +-
crypto/external/bsd/openssl/dist/apps/x509.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-mips.pl | 20 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-s390x.pl | 95 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/bsaes-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c | 1 +
crypto/external/bsd/openssl/dist/crypto/asn1/a_verify.c | 6 +
crypto/external/bsd/openssl/dist/crypto/asn1/x_pubkey.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c | 85 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/modexp512-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gf2m.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_div.c | 2 +
crypto/external/bsd/openssl/dist/crypto/bn/bn_gcd.c | 1 +
crypto/external/bsd/openssl/dist/crypto/bn/bn_word.c | 25 +-
crypto/external/bsd/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_cd.c | 2 +
crypto/external/bsd/openssl/dist/crypto/cms/cms_enc.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_lib.c | 2 -
crypto/external/bsd/openssl/dist/crypto/conf/conf_mall.c | 1 +
crypto/external/bsd/openssl/dist/crypto/crypto-lib.com | 2 +-
crypto/external/bsd/openssl/dist/crypto/des/set_key.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/des/str2key.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec.h | 28 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c | 13 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_pmeth.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_mont.c | 1 -
crypto/external/bsd/openssl/dist/crypto/ecdh/Makefile | 17 +-
crypto/external/bsd/openssl/dist/crypto/ecdh/ech_key.c | 3 -
crypto/external/bsd/openssl/dist/crypto/ecdh/ech_lib.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_lib.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/err/err_all.c | 19 +-
crypto/external/bsd/openssl/dist/crypto/evp/Makefile | 55 +-
crypto/external/bsd/openssl/dist/crypto/evp/digest.c | 1 +
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c | 213 ++-
crypto/external/bsd/openssl/dist/crypto/evp/evp.h | 15 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_cnf.c | 125 +
crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c | 6 +
crypto/external/bsd/openssl/dist/crypto/evp/m_dss.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/evp/m_dss1.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/evp/p_sign.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/evp/p_verify.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/md4/md4_locl.h | 8 +-
crypto/external/bsd/openssl/dist/crypto/md5/asm/md5-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/mdc2/mdc2dgst.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/modes/asm/ghash-x86.pl | 6 +-
crypto/external/bsd/openssl/dist/crypto/modes/asm/ghash-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_vfy.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem_all.c | 161 ++
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c | 27 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem_seal.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/perlasm/cbc.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/perlasm/x86masm.pl | 1 +
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_key.c | 24 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/bio_pk7.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/rc4/asm/rc4-md5-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-armv4-large.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-ia64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-sparcv9a.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha512-586.pl | 16 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha512-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/sha/sha1_one.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/sha/sha1dgst.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/sha/sha_dgst.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/srp/srp_vfy.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/symhacks.h | 14 +-
crypto/external/bsd/openssl/dist/crypto/whrlpool/asm/wp-mmx.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/whrlpool/asm/wp-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c | 15 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_purp.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/x86_64cpuid.pl | 3 +-
crypto/external/bsd/openssl/dist/crypto/x86cpuid.pl | 4 +-
crypto/external/bsd/openssl/dist/doc/apps/CA.pl.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/apps/verify.pod | 60 +-
crypto/external/bsd/openssl/dist/doc/apps/x509.pod | 5 +
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_decrypt.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_derive.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_encrypt.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_get_default_digest.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_keygen.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_sign.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_verify.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_verify_recover.pod | 103 +
crypto/external/bsd/openssl/dist/engines/ccgost/gost89.c | 14 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gost_crypt.c | 29 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gost_lcl.h | 4 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gosthash.c | 2 +-
crypto/external/bsd/openssl/dist/engines/e_capi.c | 5 +-
crypto/external/bsd/openssl/dist/ms/uplink-x86_64.pl | 3 +-
crypto/external/bsd/openssl/dist/openssl.spec | 2 +-
crypto/external/bsd/openssl/dist/ssl/Makefile | 24 +-
crypto/external/bsd/openssl/dist/ssl/dtls1.h | 8 +-
crypto/external/bsd/openssl/dist/ssl/s2_clnt.c | 14 +-
crypto/external/bsd/openssl/dist/ssl/s2_pkt.c | 3 +-
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c | 16 +-
crypto/external/bsd/openssl/dist/ssl/s3_both.c | 14 +-
crypto/external/bsd/openssl/dist/ssl/s3_cbc.c | 770 ++++++++++
crypto/external/bsd/openssl/dist/ssl/ssl_algs.c | 1 +
crypto/external/bsd/openssl/dist/ssl/ssl_cert.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 24 +-
crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c | 14 +-
crypto/external/bsd/openssl/dist/ssl/tls_srp.c | 3 +-
crypto/external/bsd/openssl/dist/test/Makefile | 2 +-
crypto/external/bsd/openssl/dist/util/libeay.num | 3 +-
crypto/external/bsd/openssl/dist/util/pl/VC-32.pl | 2 +-
134 files changed, 2055 insertions(+), 444 deletions(-)
diffs (truncated from 4946 to 300 lines):
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Tue Feb 05 19:04:09 2013 +0000
@@ -2,6 +2,49 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia Käsper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+ ciphersuites which can be exploited in a denial of service attack.
+ Thanks go to and to Adam Langley <agl%chromium.org@localhost> for discovering
+ and detecting this bug and to Wolfgang Ettlinger
+ <wolfgang.ettlinger%gmail.com@localhost> for independently discovering this issue.
+ (CVE-2012-2686)
+ [Adam Langley]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Make openssl verify return errors.
+ [Chris Palmer <palmer%google.com@localhost> and Ben Laurie]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ [Rob Stradling <rob.stradling%comodo.com@localhost>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ *) Don't use TLS 1.0 record version number in initial client hello
+ if renegotiating.
+ [Steve Henson]
+
Changes between 1.0.1b and 1.0.1c [10 May 2012]
*) Sanity check record length before skipping explicit IV in TLS
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/FAQ
--- a/crypto/external/bsd/openssl/dist/FAQ Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/FAQ Tue Feb 05 19:04:09 2013 +0000
@@ -83,7 +83,7 @@
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1c was released on May 10th, 2012.
+OpenSSL 1.0.1d was released on Feb 5th, 2013.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/Makefile
--- a/crypto/external/bsd/openssl/dist/Makefile Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile Tue Feb 05 19:04:09 2013 +0000
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1c
+VERSION=1.0.1d
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -446,7 +446,7 @@
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs) && \
+ $(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/Makefile.org
--- a/crypto/external/bsd/openssl/dist/Makefile.org Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile.org Tue Feb 05 19:04:09 2013 +0000
@@ -444,7 +444,7 @@
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs) && \
+ $(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS Tue Feb 05 19:04:09 2013 +0000
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
+
+ o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+ o Include the fips configuration module.
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
o Fix TLS/DTLS record length checking bug CVE-2012-2333
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/PROBLEMS
--- a/crypto/external/bsd/openssl/dist/PROBLEMS Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/PROBLEMS Tue Feb 05 19:04:09 2013 +0000
@@ -197,3 +197,17 @@
We don't have framework to associate -ldl with no-dso, therefore the only
way is to edit Makefile right after ./config no-dso and remove -ldl from
EX_LIBS line.
+
+* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
+
+Compiler bug, presumably at particular patch level. Remaining
+hpux*-parisc*-cc configurations can be affected too. Drop optimization
+level to +O2 when compiling bn_nist.o.
+
+* solaris64-sparcv9-cc link failure
+
+Solaris 8 ar can fail to maintain symbol table in .a, which results in
+link failures. Apply 109147-09 or later or modify Makefile generated
+by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
+
+ RANLIB= /usr/ccs/bin/ar rs
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/README
--- a/crypto/external/bsd/openssl/dist/README Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/README Tue Feb 05 19:04:09 2013 +0000
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1c 10 May 2012
+ OpenSSL 1.0.1d 5 Feb 2013
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/apps.c
--- a/crypto/external/bsd/openssl/dist/apps/apps.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/apps.c Tue Feb 05 19:04:09 2013 +0000
@@ -2132,7 +2132,7 @@
X509_NAME *n = NULL;
int nid;
- if (!buf || !ne_types || !ne_values)
+ if (!buf || !ne_types || !ne_values || !mval)
{
BIO_printf(bio_err, "malloc error\n");
goto error;
@@ -2236,6 +2236,7 @@
OPENSSL_free(ne_values);
OPENSSL_free(ne_types);
OPENSSL_free(buf);
+ OPENSSL_free(mval);
return n;
error:
@@ -2244,6 +2245,8 @@
OPENSSL_free(ne_values);
if (ne_types)
OPENSSL_free(ne_types);
+ if (mval)
+ OPENSSL_free(mval);
if (buf)
OPENSSL_free(buf);
return NULL;
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/cms.c
--- a/crypto/external/bsd/openssl/dist/apps/cms.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/cms.c Tue Feb 05 19:04:09 2013 +0000
@@ -233,6 +233,8 @@
else if (!strcmp(*args,"-camellia256"))
cipher = EVP_camellia_256_cbc();
#endif
+ else if (!strcmp (*args, "-debug_decrypt"))
+ flags |= CMS_DEBUG_DECRYPT;
else if (!strcmp (*args, "-text"))
flags |= CMS_TEXT;
else if (!strcmp (*args, "-nointern"))
@@ -1039,6 +1041,8 @@
ret = 4;
if (operation == SMIME_DECRYPT)
{
+ if (flags & CMS_DEBUG_DECRYPT)
+ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
if (secret_key)
{
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/dgst.c
--- a/crypto/external/bsd/openssl/dist/apps/dgst.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/dgst.c Tue Feb 05 19:04:09 2013 +0000
@@ -216,10 +216,10 @@
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
+ else if (!strcmp(*argv,"-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow=1;
- else if (!strcmp(*argv,"-fips-fingerprint"))
- hmac_key = "etaonrishdlcupfm";
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/dhparam.c
--- a/crypto/external/bsd/openssl/dist/apps/dhparam.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/dhparam.c Tue Feb 05 19:04:09 2013 +0000
@@ -332,7 +332,6 @@
BIO_printf(bio_err,"This is going to take a long time\n");
if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
{
- if(dh) DH_free(dh);
ERR_print_errors(bio_err);
goto end;
}
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/dsaparam.c
--- a/crypto/external/bsd/openssl/dist/apps/dsaparam.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/dsaparam.c Tue Feb 05 19:04:09 2013 +0000
@@ -326,6 +326,7 @@
goto end;
}
#endif
+ ERR_print_errors(bio_err);
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
@@ -429,13 +430,19 @@
assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
+ if (!DSA_generate_key(dsakey))
+ {
+ ERR_print_errors(bio_err);
+ DSA_free(dsakey);
+ goto end;
+ }
if (outformat == FORMAT_ASN1)
i=i2d_DSAPrivateKey_bio(out,dsakey);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
+ DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/genrsa.c
--- a/crypto/external/bsd/openssl/dist/apps/genrsa.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/genrsa.c Tue Feb 05 19:04:09 2013 +0000
@@ -78,7 +78,7 @@
#include <openssl/pem.h>
#include <openssl/rand.h>
-#define DEFBITS 512
+#define DEFBITS 1024
#undef PROG
#define PROG genrsa_main
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/s_cb.c
--- a/crypto/external/bsd/openssl/dist/apps/s_cb.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_cb.c Tue Feb 05 19:04:09 2013 +0000
@@ -237,8 +237,8 @@
/* If we are using DSA, we can copy the parameters from
* the private key */
-
-
+
+
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx))
@@ -436,6 +436,8 @@
if (version == SSL3_VERSION ||
version == TLS1_VERSION ||
+ version == TLS1_1_VERSION ||
+ version == TLS1_2_VERSION ||
version == DTLS1_VERSION ||
version == DTLS1_BAD_VER)
{
diff -r e9fbd0efc01d -r 53183bdf46ba crypto/external/bsd/openssl/dist/apps/srp.c
--- a/crypto/external/bsd/openssl/dist/apps/srp.c Tue Feb 05 18:17:05 2013 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/srp.c Tue Feb 05 19:04:09 2013 +0000
@@ -125,13 +125,13 @@
if (type == DB_SRP_INDEX)
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
{
- pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
- if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid]))
Home |
Main Index |
Thread Index |
Old Index