[Midnightbsd-cvs] src [11620] trunk/crypto/openssl: fix merge issues
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jul 8 12:40:18 EDT 2018
Revision: 11620
http://svnweb.midnightbsd.org/src/?rev=11620
Author: laffer1
Date: 2018-07-08 12:40:18 -0400 (Sun, 08 Jul 2018)
Log Message:
-----------
fix merge issues
Modified Paths:
--------------
trunk/crypto/openssl/CHANGES
trunk/crypto/openssl/Configure
trunk/crypto/openssl/FAQ
trunk/crypto/openssl/Makefile
trunk/crypto/openssl/Makefile.org
trunk/crypto/openssl/README
trunk/crypto/openssl/apps/Makefile
trunk/crypto/openssl/apps/apps.c
trunk/crypto/openssl/apps/asn1pars.c
trunk/crypto/openssl/apps/ca.c
trunk/crypto/openssl/apps/ecparam.c
trunk/crypto/openssl/apps/engine.c
trunk/crypto/openssl/apps/ocsp.c
trunk/crypto/openssl/apps/openssl.cnf
trunk/crypto/openssl/apps/pkcs12.c
trunk/crypto/openssl/apps/s_client.c
trunk/crypto/openssl/crypto/aes/asm/aes-586.pl
trunk/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
trunk/crypto/openssl/crypto/aes/asm/aesni-x86.pl
trunk/crypto/openssl/crypto/asn1/asn1_par.c
trunk/crypto/openssl/crypto/asn1/d2i_pr.c
trunk/crypto/openssl/crypto/asn1/tasn_dec.c
trunk/crypto/openssl/crypto/asn1/x_bignum.c
trunk/crypto/openssl/crypto/asn1/x_pubkey.c
trunk/crypto/openssl/crypto/asn1/x_x509.c
trunk/crypto/openssl/crypto/bio/b_dump.c
trunk/crypto/openssl/crypto/bio/bio.h
trunk/crypto/openssl/crypto/bio/bss_file.c
trunk/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl
trunk/crypto/openssl/crypto/bn/asm/ia64.S
trunk/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl
trunk/crypto/openssl/crypto/bn/asm/x86-gf2m.pl
trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
trunk/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
trunk/crypto/openssl/crypto/bn/bn_exp.c
trunk/crypto/openssl/crypto/bn/bn_gcd.c
trunk/crypto/openssl/crypto/bn/bn_gf2m.c
trunk/crypto/openssl/crypto/bn/bn_mont.c
trunk/crypto/openssl/crypto/bn/bn_recp.c
trunk/crypto/openssl/crypto/bn/bn_x931p.c
trunk/crypto/openssl/crypto/bn/bntest.c
trunk/crypto/openssl/crypto/buffer/buf_str.c
trunk/crypto/openssl/crypto/buffer/buffer.h
trunk/crypto/openssl/crypto/cms/cms_enc.c
trunk/crypto/openssl/crypto/cms/cms_pwri.c
trunk/crypto/openssl/crypto/cms/cms_smime.c
trunk/crypto/openssl/crypto/comp/c_zlib.c
trunk/crypto/openssl/crypto/conf/conf_def.c
trunk/crypto/openssl/crypto/conf/conf_sap.c
trunk/crypto/openssl/crypto/cryptlib.c
trunk/crypto/openssl/crypto/dsa/dsa_ameth.c
trunk/crypto/openssl/crypto/dsa/dsa_gen.c
trunk/crypto/openssl/crypto/ec/ec.h
trunk/crypto/openssl/crypto/ec/ec_asn1.c
trunk/crypto/openssl/crypto/ec/ec_key.c
trunk/crypto/openssl/crypto/engine/eng_cryptodev.c
trunk/crypto/openssl/crypto/engine/eng_list.c
trunk/crypto/openssl/crypto/evp/e_aes.c
trunk/crypto/openssl/crypto/evp/e_des3.c
trunk/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
trunk/crypto/openssl/crypto/evp/encode.c
trunk/crypto/openssl/crypto/evp/evp_key.c
trunk/crypto/openssl/crypto/evp/evp_lib.c
trunk/crypto/openssl/crypto/evp/evp_pbe.c
trunk/crypto/openssl/crypto/evp/p_lib.c
trunk/crypto/openssl/crypto/evp/pmeth_gn.c
trunk/crypto/openssl/crypto/hmac/hm_ameth.c
trunk/crypto/openssl/crypto/jpake/jpake.c
trunk/crypto/openssl/crypto/mem_clr.c
trunk/crypto/openssl/crypto/modes/asm/ghash-armv4.pl
trunk/crypto/openssl/crypto/modes/asm/ghash-x86.pl
trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c
trunk/crypto/openssl/crypto/opensslconf.h
trunk/crypto/openssl/crypto/opensslconf.h.in
trunk/crypto/openssl/crypto/opensslv.h
trunk/crypto/openssl/crypto/pem/pem_info.c
trunk/crypto/openssl/crypto/pem/pvkfmt.c
trunk/crypto/openssl/crypto/perlasm/x86asm.pl
trunk/crypto/openssl/crypto/perlasm/x86gas.pl
trunk/crypto/openssl/crypto/pkcs12/p12_add.c
trunk/crypto/openssl/crypto/pkcs12/p12_crpt.c
trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c
trunk/crypto/openssl/crypto/pkcs12/p12_mutl.c
trunk/crypto/openssl/crypto/pkcs7/pk7_doit.c
trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
trunk/crypto/openssl/crypto/rsa/rsa_gen.c
trunk/crypto/openssl/crypto/rsa/rsa_sign.c
trunk/crypto/openssl/crypto/rsa/rsa_test.c
trunk/crypto/openssl/crypto/sha/asm/sha1-586.pl
trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
trunk/crypto/openssl/crypto/sha/asm/sha256-586.pl
trunk/crypto/openssl/crypto/sha/asm/sha512-586.pl
trunk/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
trunk/crypto/openssl/crypto/sparccpuid.S
trunk/crypto/openssl/crypto/srp/srp_vfy.c
trunk/crypto/openssl/crypto/threads/mttest.c
trunk/crypto/openssl/crypto/threads/pthread2.sh
trunk/crypto/openssl/crypto/ts/ts_rsp_verify.c
trunk/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl
trunk/crypto/openssl/crypto/x509/Makefile
trunk/crypto/openssl/crypto/x509/x509_cmp.c
trunk/crypto/openssl/crypto/x509/x509_lu.c
trunk/crypto/openssl/crypto/x509/x509_vfy.c
trunk/crypto/openssl/crypto/x509v3/v3_addr.c
trunk/crypto/openssl/crypto/x509v3/v3_cpols.c
trunk/crypto/openssl/crypto/x509v3/v3_ncons.c
trunk/crypto/openssl/crypto/x509v3/v3_pci.c
trunk/crypto/openssl/crypto/x509v3/v3_pcia.c
trunk/crypto/openssl/crypto/x86cpuid.pl
trunk/crypto/openssl/doc/apps/ciphers.pod
trunk/crypto/openssl/doc/apps/dgst.pod
trunk/crypto/openssl/doc/apps/genrsa.pod
trunk/crypto/openssl/doc/apps/req.pod
trunk/crypto/openssl/doc/apps/x509.pod
trunk/crypto/openssl/doc/crypto/BIO_read.pod
trunk/crypto/openssl/doc/crypto/BN_rand.pod
trunk/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
trunk/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
trunk/crypto/openssl/doc/crypto/EVP_SignInit.pod
trunk/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
trunk/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod
trunk/crypto/openssl/doc/crypto/buffer.pod
trunk/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
trunk/crypto/openssl/e_os.h
trunk/crypto/openssl/engines/e_chil.c
trunk/crypto/openssl/ssl/Makefile
trunk/crypto/openssl/ssl/bio_ssl.c
trunk/crypto/openssl/ssl/d1_both.c
trunk/crypto/openssl/ssl/d1_clnt.c
trunk/crypto/openssl/ssl/d1_srvr.c
trunk/crypto/openssl/ssl/s23_clnt.c
trunk/crypto/openssl/ssl/s3_cbc.c
trunk/crypto/openssl/ssl/s3_clnt.c
trunk/crypto/openssl/ssl/s3_enc.c
trunk/crypto/openssl/ssl/s3_lib.c
trunk/crypto/openssl/ssl/s3_srvr.c
trunk/crypto/openssl/ssl/srtp.h
trunk/crypto/openssl/ssl/ssl.h
trunk/crypto/openssl/ssl/ssl3.h
trunk/crypto/openssl/ssl/ssl_asn1.c
trunk/crypto/openssl/ssl/ssl_cert.c
trunk/crypto/openssl/ssl/ssl_ciph.c
trunk/crypto/openssl/ssl/ssl_err.c
trunk/crypto/openssl/ssl/ssl_lib.c
trunk/crypto/openssl/ssl/ssl_locl.h
trunk/crypto/openssl/ssl/ssl_rsa.c
trunk/crypto/openssl/ssl/ssl_sess.c
trunk/crypto/openssl/ssl/ssltest.c
trunk/crypto/openssl/ssl/t1_enc.c
trunk/crypto/openssl/ssl/t1_lib.c
trunk/crypto/openssl/ssl/tls1.h
trunk/crypto/openssl/util/indent.pro
trunk/crypto/openssl/util/mk1mf.pl
trunk/crypto/openssl/util/mkrc.pl
trunk/crypto/openssl/util/mkstack.pl
trunk/crypto/openssl/util/pl/VC-32.pl
trunk/crypto/openssl/util/selftest.pl
Removed Paths:
-------------
trunk/crypto/openssl/apps/demoCA/
trunk/crypto/openssl/apps/demoSRP/
trunk/crypto/openssl/apps/install-apps.com
trunk/crypto/openssl/apps/md4.c
trunk/crypto/openssl/apps/vms_decc_init.c
trunk/crypto/openssl/apps/winrand.c
Modified: trunk/crypto/openssl/CHANGES
===================================================================
--- trunk/crypto/openssl/CHANGES 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/CHANGES 2018-07-08 16:40:18 UTC (rev 11620)
@@ -516,9 +516,9 @@
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
- independently by Hanno B\xF6ck.
+ independently by Hanno Böck.
(CVE-2015-1789)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) PKCS7 crash with missing EnvelopedContent
@@ -532,7 +532,7 @@
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) CMS verify infinite loop with unknown hash function
@@ -555,6 +555,9 @@
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
+ *) dhparam: generate 2048-bit parameters by default.
+ [Kurt Roeckx and Emilia Kasper]
+
Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
*) Segmentation fault in ASN1_TYPE_cmp fix
@@ -593,7 +596,7 @@
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-0289)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) DoS via reachable assert in SSLv2 servers fix
@@ -601,10 +604,10 @@
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
- This issue was discovered by Sean Burford (Google) and Emilia K\xE4sper
+ This issue was discovered by Sean Burford (Google) and Emilia Käsper
(OpenSSL development team).
(CVE-2015-0293)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) Use After Free following d2i_ECPrivatekey error fix
@@ -749,12 +752,12 @@
version does not match the session's version. Resuming with a different
version, while not strictly forbidden by the RFC, is of questionable
sanity and breaks all known clients.
- [David Benjamin, Emilia K\xE4sper]
+ [David Benjamin, Emilia Käsper]
*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
early CCS messages during renegotiation. (Note that because
renegotiation is encrypted, this early CCS was not exploitable.)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
@@ -765,7 +768,7 @@
Similarly, ensure that the client requires a session ticket if one
was advertised in the ServerHello. Previously, a TLS client would
ignore a missing NewSessionTicket message.
- [Emilia K\xE4sper]
+ [Emilia Käsper]
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
@@ -845,10 +848,10 @@
with a null pointer dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake messages.
- Thanks to Felix Gr\xF6bert (Google) for discovering and researching this
+ Thanks to Felix Gröbert (Google) for discovering and researching this
issue.
(CVE-2014-3510)
- [Emilia K\xE4sper]
+ [Emilia Käsper]
*) By sending carefully crafted DTLS packets an attacker could cause openssl
to leak memory. This can be exploited through a Denial of Service attack.
@@ -885,7 +888,7 @@
properly negotiated with the client. This can be exploited through a
Denial of Service attack.
- Thanks to Joonas Kuorilehto and Riku Hietam\xE4ki (Codenomicon) for
+ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
discovering and researching this issue.
(CVE-2014-5139)
[Steve Henson]
@@ -897,7 +900,7 @@
Thanks to Ivan Fratric (Google) for discovering this issue.
(CVE-2014-3508)
- [Emilia K\xE4sper, and Steve Henson]
+ [Emilia Käsper, and Steve Henson]
*) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
for corner cases. (Certain input points at infinity could lead to
@@ -927,15 +930,15 @@
client or server. This is potentially exploitable to run arbitrary
code on a vulnerable client or server.
- Thanks to J\xFCri Aedla for reporting this issue. (CVE-2014-0195)
- [J\xFCri Aedla, Steve Henson]
+ Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+ [Jüri Aedla, Steve Henson]
*) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
are subject to a denial of service attack.
- Thanks to Felix Gr\xF6bert and Ivan Fratric at Google for discovering
+ Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
this issue. (CVE-2014-3470)
- [Felix Gr\xF6bert, Ivan Fratric, Steve Henson]
+ [Felix Gröbert, Ivan Fratric, Steve Henson]
*) Harmonize version and its documentation. -f flag is used to display
compilation flags.
@@ -1014,9 +1017,9 @@
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia K\xE4sper for the initial patch.
+ Emilia Käsper for the initial patch.
(CVE-2013-0169)
- [Emilia K\xE4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
ciphersuites which can be exploited in a denial of service attack.
@@ -1191,7 +1194,7 @@
EC_GROUP_new_by_curve_name() will automatically use these (while
EC_GROUP_new_curve_GFp() currently prefers the more flexible
implementations).
- [Emilia K\xE4sper, Adam Langley, Bodo Moeller (Google)]
+ [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
*) Use type ossl_ssize_t instad of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public
@@ -1467,7 +1470,7 @@
[Adam Langley (Google)]
*) Fix spurious failures in ecdsatest.c.
- [Emilia K\xE4sper (Google)]
+ [Emilia Käsper (Google)]
*) Fix the BIO_f_buffer() implementation (which was mixing different
interpretations of the '..._len' fields).
@@ -1481,7 +1484,7 @@
lock to call BN_BLINDING_invert_ex, and avoids one use of
BN_BLINDING_update for each BN_BLINDING structure (previously,
the last update always remained unused).
- [Emilia K\xE4sper (Google)]
+ [Emilia Käsper (Google)]
*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
[Bob Buckholz (Google)]
@@ -2290,7 +2293,7 @@
*) Add RFC 3161 compliant time stamp request creation, response generation
and response verification functionality.
- [Zolt\xE1n Gl\xF3zik <zglozik at opentsa.org>, The OpenTSA Project]
+ [Zoltán Glózik <zglozik at opentsa.org>, The OpenTSA Project]
*) Add initial support for TLS extensions, specifically for the server_name
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
@@ -3458,7 +3461,7 @@
*) BN_CTX_get() should return zero-valued bignums, providing the same
initialised value as BN_new().
- [Geoff Thorpe, suggested by Ulf M\xF6ller]
+ [Geoff Thorpe, suggested by Ulf Möller]
*) Support for inhibitAnyPolicy certificate extension.
[Steve Henson]
@@ -3477,7 +3480,7 @@
some point, these tighter rules will become openssl's default to improve
maintainability, though the assert()s and other overheads will remain only
in debugging configurations. See bn.h for more details.
- [Geoff Thorpe, Nils Larsch, Ulf M\xF6ller]
+ [Geoff Thorpe, Nils Larsch, Ulf Möller]
*) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
that can only be obtained through BN_CTX_new() (which implicitly
@@ -3544,7 +3547,7 @@
[Douglas Stebila (Sun Microsystems Laboratories)]
*) Add the possibility to load symbols globally with DSO.
- [G\xF6tz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
+ [Götz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
*) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
control of the error stack.
@@ -4259,7 +4262,7 @@
[Steve Henson]
*) Undo Cygwin change.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Added support for proxy certificates according to RFC 3820.
Because they may be a security thread to unaware applications,
@@ -4292,11 +4295,11 @@
[Stephen Henson, reported by UK NISCC]
*) Use Windows randomness collection on Cygwin.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
- [Darren Tucker <dtucker at zip.com.au> via Lutz J\xE4nicke, resolves #1014]
+ [Darren Tucker <dtucker at zip.com.au> via Lutz Jänicke, resolves #1014]
*) Prompt for pass phrases when appropriate for PKCS12 input format.
[Steve Henson]
@@ -4758,7 +4761,7 @@
pointers passed to them whenever necessary. Otherwise it is possible
the caller may have overwritten (or deallocated) the original string
data when a later ENGINE operation tries to use the stored values.
- [G\xF6tz Babin-Ebell <babinebell at trustcenter.de>]
+ [Götz Babin-Ebell <babinebell at trustcenter.de>]
*) Improve diagnostics in file reading and command-line digests.
[Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
@@ -6863,7 +6866,7 @@
[Bodo Moeller]
*) BN_sqr() bug fix.
- [Ulf M\xF6ller, reported by Jim Ellis <jim.ellis at cavium.com>]
+ [Ulf Möller, reported by Jim Ellis <jim.ellis at cavium.com>]
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
@@ -7023,7 +7026,7 @@
[Bodo Moeller]
*) Fix OAEP check.
- [Ulf M\xF6ller, Bodo M\xF6ller]
+ [Ulf Möller, Bodo Möller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
@@ -7285,10 +7288,10 @@
[Bodo Moeller]
*) Use better test patterns in bntest.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) rand_win.c fix for Borland C.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) BN_rshift bugfix for n == 0.
[Bodo Moeller]
@@ -7433,7 +7436,7 @@
*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
BIO_ctrl (for BIO pairs).
- [Bodo M\xF6ller]
+ [Bodo Möller]
*) Add DSO method for VMS.
[Richard Levitte]
@@ -7440,7 +7443,7 @@
*) Bug fix: Montgomery multiplication could produce results with the
wrong sign.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add RPM specification openssl.spec and modify it to build three
packages. The default package contains applications, application
@@ -7458,7 +7461,7 @@
*) Don't set the two most significant bits to one when generating a
random number < q in the DSA library.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
@@ -7724,7 +7727,7 @@
*) Randomness polling function for Win9x, as described in:
Peter Gutmann, Software Generation of Practically Strong
Random Numbers.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix so PRNG is seeded in req if using an already existing
DSA key.
@@ -7944,7 +7947,7 @@
[Steve Henson]
*) Eliminate non-ANSI declarations in crypto.h and stack.h.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix for SSL server purpose checking. Server checking was
rejecting certificates which had extended key usage present
@@ -7976,7 +7979,7 @@
[Bodo Moeller]
*) Bugfix for linux-elf makefile.one.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) RSA_get_default_method() will now cause a default
RSA_METHOD to be chosen if one doesn't exist already.
@@ -8065,7 +8068,7 @@
[Steve Henson]
*) des_quad_cksum() byte order bug fix.
- [Ulf M\xF6ller, using the problem description in krb4-0.9.7, where
+ [Ulf Möller, using the problem description in krb4-0.9.7, where
the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
*) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
@@ -8166,7 +8169,7 @@
[Rolf Haberrecker <rolf at suse.de>]
*) Assembler module support for Mingw32.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Shared library support for HPUX (in shlib/).
[Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
@@ -8185,7 +8188,7 @@
*) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
case was implemented. This caused BN_div_recp() to fail occasionally.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add an optional second argument to the set_label() in the perl
assembly language builder. If this argument exists and is set
@@ -8215,7 +8218,7 @@
[Steve Henson]
*) Fix potential buffer overrun problem in BIO_printf().
- [Ulf M\xF6ller, using public domain code by Patrick Powell; problem
+ [Ulf Möller, using public domain code by Patrick Powell; problem
pointed out by David Sacerdote <das33 at cornell.edu>]
*) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
@@ -8222,7 +8225,7 @@
RAND_egd() and RAND_status(). In the command line application,
the EGD socket can be specified like a seed file using RANDFILE
or -rand.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
Some CAs (e.g. Verisign) distribute certificates in this form.
@@ -8255,7 +8258,7 @@
#define OPENSSL_ALGORITHM_DEFINES
#include <openssl/opensslconf.h>
defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
- [Richard Levitte, Ulf and Bodo M\xF6ller]
+ [Richard Levitte, Ulf and Bodo Möller]
*) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
record layer.
@@ -8306,10 +8309,10 @@
*) Bug fix for BN_div_recp() for numerators with an even number of
bits.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) More tests in bntest.c, and changed test_bn output.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) ./config recognizes MacOS X now.
[Andy Polyakov]
@@ -8316,7 +8319,7 @@
*) Bug fix for BN_div() when the first words of num and divsor are
equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add support for various broken PKCS#8 formats, and command line
options to produce them.
@@ -8324,11 +8327,11 @@
*) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
get temporary BIGNUMs from a BN_CTX.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
for p == 0.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
include a #define from the old name to the new. The original intent
@@ -8352,7 +8355,7 @@
*) Source code cleanups: use const where appropriate, eliminate casts,
use void * instead of char * in lhash.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Bugfix: ssl3_send_server_key_exchange was not restartable
(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
@@ -8397,13 +8400,13 @@
[Steve Henson]
*) New function BN_pseudo_rand().
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
bignum version of BN_from_montgomery() with the working code from
SSLeay 0.9.0 (the word based version is faster anyway), and clean up
the comments.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Avoid a race condition in s2_clnt.c (function get_server_hello) that
made it impossible to use the same SSL_SESSION data structure in
@@ -8413,7 +8416,7 @@
*) The return value of RAND_load_file() no longer counts bytes obtained
by stat(). RAND_load_file(..., -1) is new and uses the complete file
to seed the PRNG (previously an explicit byte count was required).
- [Ulf M\xF6ller, Bodo M\xF6ller]
+ [Ulf Möller, Bodo Möller]
*) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
used (char *) instead of (void *) and had casts all over the place.
@@ -8420,18 +8423,18 @@
[Steve Henson]
*) Make BN_generate_prime() return NULL on error if ret!=NULL.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Retain source code compatibility for BN_prime_checks macro:
BN_is_prime(..., BN_prime_checks, ...) now uses
BN_prime_checks_for_size to determine the appropriate number of
Rabin-Miller iterations.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
DH_CHECK_P_NOT_SAFE_PRIME.
(Check if this is true? OpenPGP calls them "strong".)
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Merge the functionality of "dh" and "gendh" programs into a new program
"dhparam". The old programs are retained for now but will handle DH keys
@@ -8487,7 +8490,7 @@
*) Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
- [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf M\xF6ller]
+ [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf Möller]
*) Precautions against using the PRNG uninitialized: RAND_bytes() now
has a return value which indicates the quality of the random data
@@ -8496,7 +8499,7 @@
guaranteed to be unique but not unpredictable. RAND_add is like
RAND_seed, but takes an extra argument for an entropy estimate
(RAND_seed always assumes full entropy).
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
@@ -8526,7 +8529,7 @@
[Steve Henson]
*) Honor the no-xxx Configure options when creating .DEF files.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add PKCS#10 attributes to field table: challengePassword,
unstructuredName and unstructuredAddress. These are taken from
@@ -9360,7 +9363,7 @@
*) More DES library cleanups: remove references to srand/rand and
delete an unused file.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add support for the the free Netwide assembler (NASM) under Win32,
since not many people have MASM (ml) and it can be hard to obtain.
@@ -9449,7 +9452,7 @@
worked.
*) Fix problems with no-hmac etc.
- [Ulf M\xF6ller, pointed out by Brian Wellington <bwelling at tislabs.com>]
+ [Ulf Möller, pointed out by Brian Wellington <bwelling at tislabs.com>]
*) New functions RSA_get_default_method(), RSA_set_method() and
RSA_get_method(). These allows replacement of RSA_METHODs without having
@@ -9566,7 +9569,7 @@
[Ben Laurie]
*) DES library cleanups.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
@@ -9609,7 +9612,7 @@
[Christian Forster <fo at hawo.stw.uni-erlangen.de>]
*) config now generates no-xxx options for missing ciphers.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Support the EBCDIC character set (work in progress).
File ebcdic.c not yet included because it has a different license.
@@ -9722,7 +9725,7 @@
[Bodo Moeller]
*) Move openssl.cnf out of lib/.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
-Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
@@ -9779,10 +9782,10 @@
[Ben Laurie]
*) Support Borland C++ builder.
- [Janez Jere <jj at void.si>, modified by Ulf M\xF6ller]
+ [Janez Jere <jj at void.si>, modified by Ulf Möller]
*) Support Mingw32.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) SHA-1 cleanups and performance enhancements.
[Andy Polyakov <appro at fy.chalmers.se>]
@@ -9791,7 +9794,7 @@
[Andy Polyakov <appro at fy.chalmers.se>]
*) Accept any -xxx and +xxx compiler options in Configure.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Update HPUX configuration.
[Anonymous]
@@ -9824,7 +9827,7 @@
[Bodo Moeller]
*) OAEP decoding bug fix.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Support INSTALL_PREFIX for package builders, as proposed by
David Harris.
@@ -9847,7 +9850,7 @@
[Niels Poppe <niels at netbox.org>]
*) New Configure option no-<cipher> (rsa, idea, rc5, ...).
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
extension adding in x509 utility.
@@ -9854,7 +9857,7 @@
[Steve Henson]
*) Remove NOPROTO sections and error code comments.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Partial rewrite of the DEF file generator to now parse the ANSI
prototypes.
@@ -9861,7 +9864,7 @@
[Steve Henson]
*) New Configure options --prefix=DIR and --openssldir=DIR.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Complete rewrite of the error code script(s). It is all now handled
by one script at the top level which handles error code gathering,
@@ -9890,7 +9893,7 @@
[Steve Henson]
*) Move the autogenerated header file parts to crypto/opensslconf.h.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
8 of keying material. Merlin has also confirmed interop with this fix
@@ -9908,13 +9911,13 @@
[Andy Polyakov <appro at fy.chalmers.se>]
*) Change functions to ANSI C.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Fix typos in error codes.
- [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf M\xF6ller]
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf Möller]
*) Remove defunct assembler files from Configure.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) SPARC v8 assembler BIGNUM implementation.
[Andy Polyakov <appro at fy.chalmers.se>]
@@ -9951,7 +9954,7 @@
[Steve Henson]
*) New Configure option "rsaref".
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Don't auto-generate pem.h.
[Bodo Moeller]
@@ -9999,7 +10002,7 @@
*) New functions DSA_do_sign and DSA_do_verify to provide access to
the raw DSA values prior to ASN.1 encoding.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Tweaks to Configure
[Niels Poppe <niels at netbox.org>]
@@ -10009,11 +10012,11 @@
[Steve Henson]
*) New variables $(RANLIB) and $(PERL) in the Makefiles.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) New config option to avoid instructions that are illegal on the 80386.
The default code is faster, but requires at least a 486.
- [Ulf M\xF6ller]
+ [Ulf Möller]
*) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
SSL2_SERVER_VERSION (not used at all) macros, which are now the
@@ -10552,7 +10555,7 @@
Hagino <itojun at kame.net>]
*) File was opened incorrectly in randfile.c.
- [Ulf M\xF6ller <ulf at fitug.de>]
+ [Ulf Möller <ulf at fitug.de>]
*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
@@ -10562,7 +10565,7 @@
[Steve Henson]
*) Correct Linux 1 recognition in config.
- [Ulf M\xF6ller <ulf at fitug.de>]
+ [Ulf Möller <ulf at fitug.de>]
*) Remove pointless MD5 hash when using DSA keys in ca.
[Anonymous <nobody at replay.com>]
@@ -10709,7 +10712,7 @@
*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
was already fixed by Eric for 0.9.1 it seems.
- [Ben Laurie - pointed out by Ulf M\xF6ller <ulf at fitug.de>]
+ [Ben Laurie - pointed out by Ulf Möller <ulf at fitug.de>]
*) Autodetect FreeBSD3.
[Ben Laurie]
Modified: trunk/crypto/openssl/Configure
===================================================================
--- trunk/crypto/openssl/Configure 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/Configure 2018-07-08 16:40:18 UTC (rev 11620)
@@ -206,6 +206,7 @@
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
# Basic configs that should work on any (32 and less bit) box
@@ -370,6 +371,7 @@
"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -1585,12 +1587,21 @@
if ($strict_warnings)
{
+ my $ecc = $cc;
+ $ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my $wopt;
- die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
- $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
+ if ($ecc eq "clang")
+ {
+ foreach $wopt (split /\s+/, $clang_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ }
+ }
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
Modified: trunk/crypto/openssl/FAQ
===================================================================
--- trunk/crypto/openssl/FAQ 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/FAQ 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,1039 +1,2 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1e was released on Feb 11th, 2013.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/related/binaries.html> .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
- pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL. For information on intellectual
-property rights, please consult a lawyer. The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
- <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA: 5,214,703 25/05/2010
-RC5: 5,724,428 03/03/2015
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<openssl-dev at openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <rt at openssl.org> (or its
-alias <openssl-bugs at openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.
-
-See also <URL: http://www.openssl.org/support/rt.html>
-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-security at openssl.org if you don't get a prompt reply at least
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads). On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries. If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
-and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
-and friends. This is described in the threads(3) manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
- Single Threaded /ML - MS VC++ often defaults to
- this for the release
- version of a new project.
- Debug Single Threaded /MLd - MS VC++ often defaults to
- this for the debug version
- of a new project.
- Multithreaded /MT
- Debug Multithreaded /MTd
- Multithreaded DLL /MD - OpenSSL defaults to this.
- Debug Multithreaded DLL /MDd
-
-Note that debug and release libraries are NOT interchangeable. If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we insist on the
-default /MD] can be deployed with application compiled with different
-option or even different compiler. But there is a catch! Instead of
-re-compiling OpenSSL toolkit, as you would have to with prior versions,
-you have to compile small C snippet with compiler and/or options of
-your choice. The snippet gets installed as
-<install-root>/include/openssl/applink.c and should be either added to
-your application project or simply #include-d in one [and only one]
-of your application source files. Failure to link this shim module
-into your application manifests itself as fatal "no OPENSSL_Applink"
-run-time error. An explicit reminder is due that in this situation
-[mixing compiler options] it is as important to add CRYPTO_malloc_init
-prior first call to OpenSSL.
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
- unsigned char *buf, *p;
- int len;
-
- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
- unsigned char *p;
- p = buf;
- p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure of NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-The cause is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information. This
-can cause several problems such as being unable to read in an encrypted
-PEM file, unable to decrypt a PKCS#12 file or signature failure when
-verifying certificates.
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data. One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-
-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
-versions, uniqueIdentifier was incorrectly used for X.509 certificates.
-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
-Change your code to use the new name when compiling against OpenSSL 0.9.7.
-
-
-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions. Currently these include following:
-
-Thread-local cleanup functions:
-
- ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
- ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
-* Why does Valgrind complain about the use of uninitialized data?
-
-When OpenSSL's PRNG routines are called to generate random numbers the supplied
-buffer contents are mixed into the entropy pool: so it technically does not
-matter whether the buffer is initialized at this point or not. Valgrind (and
-other test tools) will complain about this. When using Valgrind, make sure the
-OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
-to get rid of these warnings.
-
-
-* Why doesn't a memory BIO work when a file does?
-
-This can occur in several cases for example reading an S/MIME email message.
-The reason is that a memory BIO can do one of two things when all the data
-has been read from it.
-
-The default behaviour is to indicate that no more data is available and that
-the call should be retried, this is to allow the application to fill up the BIO
-again if necessary.
-
-Alternatively it can indicate that no more data is available and that EOF has
-been reached.
-
-If a memory BIO is to behave in the same way as a file this second behaviour
-is needed. This must be done by calling:
-
- BIO_set_mem_eof_return(bio, 0);
-
-See the manual pages for more details.
-
-
-* Where are the declarations and implementations of d2i_X509() etc?
-
-These are defined and implemented by macros of the form:
-
-
- DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
-
-The implementation passes an ASN1 "template" defining the structure into an
-ASN1 interpreter using generalised functions such as ASN1_item_d2i().
-
-
-===============================================================================
+The FAQ is now maintained on the web:
+ https://www.openssl.org/docs/faq.html
Modified: trunk/crypto/openssl/Makefile
===================================================================
--- trunk/crypto/openssl/Makefile 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/Makefile 2018-07-08 16:40:18 UTC (rev 11620)
@@ -269,6 +269,7 @@
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
+
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
@@ -278,15 +279,15 @@
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
Modified: trunk/crypto/openssl/Makefile.org
===================================================================
--- trunk/crypto/openssl/Makefile.org 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/Makefile.org 2018-07-08 16:40:18 UTC (rev 11620)
@@ -267,6 +267,7 @@
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
+
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
@@ -276,15 +277,15 @@
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
Modified: trunk/crypto/openssl/README
===================================================================
--- trunk/crypto/openssl/README 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/README 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,7 +1,7 @@
OpenSSL 1.0.1u 22 Sep 2016
- Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -10,17 +10,17 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
+ well as a full-strength general purpose cryptograpic library. The project is
+ managed by a worldwide community of volunteers that use the Internet to
+ communicate, plan, and develop the OpenSSL toolkit and its related
+ documentation.
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
- that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
OVERVIEW
--------
@@ -28,116 +28,39 @@
The OpenSSL toolkit includes:
libssl.a:
- Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server and client.
+ Provides the client and server-side implementations for SSLv3 and TLS.
libcrypto.a:
- General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
- actually logically part of it. It includes routines for the following:
+ Provides general cryptographic and X.509 support needed by SSL/TLS but
+ not logically part of it.
- Ciphers
- libdes - EAY's libdes DES encryption package which was floating
- around the net for a few years, and was then relicensed by
- him as part of SSLeay. It includes 15 'modes/variations'
- of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
- pcbc and a more general form of cfb and ofb) including desx
- in cbc mode, a fast crypt(3), and routines to read
- passwords from the keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
-
- Digests
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is popular on smart cards.
-
- Public Key
- RSA encryption/decryption/generation.
- There is no limit on the number of bits.
- DSA encryption/decryption/generation.
- There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
- There is no limit on the number of bits.
-
- X.509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ASCII-binary encoding which supports encryption with a
- private key. Program to generate RSA and DSA certificate
- requests and to generate RSA and DSA certificates.
-
- Systems
- The normal digital envelope routines and base64 encoding. Higher
- level access to ciphers and digests by name. New ciphers can be
- loaded at run time. The BIO io system which is a simple non-blocking
- IO abstraction. Current methods supported are file descriptors,
- sockets, socket accept, socket connect, memory buffer, buffering, SSL
- client/server, file pointer, encryption, digest, non-blocking testing
- and null.
-
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
-
openssl:
A command line tool that can be used for:
- Creation of RSA, DH and DSA key parameters
+ Creation of key parameters
Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
+ Calculation of message digests
+ Encryption and decryption
+ SSL/TLS client and server tests
Handling of S/MIME signed or encrypted mail
+ And more...
-
- PATENTS
- -------
-
- Various companies hold various patents for various algorithms in various
- locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legal by checking if there are any patents in your
- country. The file contains some of the patents that we know about or are
- rumored to exist. This is not a definitive list.
-
- RSA Security holds software patents on the RC5 algorithm. If you
- intend to use this cipher, you must contact RSA Security for
- licensing conditions. Their web page is http://www.rsasecurity.com/.
-
- RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
-
- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
- should be contacted if that algorithm is to be used; their web page is
- http://www.ascom.ch/.
-
- NTT and Mitsubishi have patents and pending patents on the Camellia
- algorithm, but allow use at no charge without requiring an explicit
- licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
-
INSTALLATION
------------
- To install this package under a Unix derivative, read the INSTALL file. For
- a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
- INSTALL.VMS.
+ See the appropriate file:
+ INSTALL Linux, Unix, etc.
+ INSTALL.DJGPP DOS platform with DJGPP
+ INSTALL.NW Netware
+ INSTALL.OS2 OS/2
+ INSTALL.VMS VMS
+ INSTALL.W32 Windows (32bit)
+ INSTALL.W64 Windows (64bit)
+ INSTALL.WCE Windows CE
- Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
-
- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author. We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
-
SUPPORT
-------
- See the OpenSSL website www.openssl.org for details of how to obtain
+ See the OpenSSL website www.openssl.org for details on how to obtain
commercial technical support.
If you have any problems with OpenSSL then please take the following steps
@@ -161,10 +84,9 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt.html) by mail to:
+ Email the report to:
- openssl-bugs at openssl.org
+ rt at openssl.org
In order to avoid spam, this is a moderated mailing list, and it might
take a day for the ticket to show up. (We also scan posts to make sure
@@ -175,49 +97,23 @@
may be sent to openssl-security at openssl.org (PGP key available from the
key servers).
- Note that mail to openssl-bugs at openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-security at openssl.org
- (PGP key available from the key servers).
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL.
+ You can also make GitHub pull requests. If you do this, please also send
+ mail to rt at openssl.org with a link to the PR so that we can more easily
+ keep track of it.
+
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
- Development is coordinated on the openssl-dev mailing list (see
- http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-bugs at openssl.org with
- the string "[PATCH]" in the subject. Please be sure to include a
- textual explanation of what your patch does.
+ See CONTRIBUTING
- If you are unsure as to whether a feature will be useful for the general
- OpenSSL community please discuss it on the openssl-dev mailing list first.
- Someone may be already working on the same thing or there may be a good
- reason as to why that feature isn't implemented.
+ LEGALITIES
+ ----------
- Patches should be as up to date as possible, preferably relative to the
- current Git or the last snapshot. They should follow the coding style of
- OpenSSL and compile without warnings. Some of the core team developer targets
- can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
- compiles on many varied platforms: try to ensure you only use portable
- features.
-
- Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
- http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and
- http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
-
- Our preferred format for changes is "diff -u" output. You might
- generate it like this:
-
- # cd openssl-work
- # [your changes]
- # ./Configure dist; make clean
- # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
-
+ A number of nations, in particular the U.S., restrict the use or export
+ of cryptography. If you are potentially subject to such restrictions
+ you should seek competent professional legal advice before attempting to
+ develop or distribute cryptographic code.
Modified: trunk/crypto/openssl/apps/Makefile
===================================================================
--- trunk/crypto/openssl/apps/Makefile 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/Makefile 2018-07-08 16:40:18 UTC (rev 11620)
@@ -135,7 +135,7 @@
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
Modified: trunk/crypto/openssl/apps/apps.c
===================================================================
--- trunk/crypto/openssl/apps/apps.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/apps.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -119,9 +119,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
@@ -1247,7 +1244,11 @@
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
- return set_multi_opts(flags, arg, ex_tbl);
+ if (set_multi_opts(flags, arg, ex_tbl) == 0)
+ return 0;
+ if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ *flags |= XN_FLAG_SEP_CPLUS_SPC;
+ return 1;
}
int set_ext_copy(int *copy_type, const char *arg)
Modified: trunk/crypto/openssl/apps/asn1pars.c
===================================================================
--- trunk/crypto/openssl/apps/asn1pars.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/asn1pars.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -313,9 +313,9 @@
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
Modified: trunk/crypto/openssl/apps/ca.c
===================================================================
--- trunk/crypto/openssl/apps/ca.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/ca.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -99,25 +99,19 @@
#undef PROG
#define PROG ca_main
-#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
+#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
@@ -2520,6 +2514,8 @@
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
Modified: trunk/crypto/openssl/apps/ecparam.c
===================================================================
--- trunk/crypto/openssl/apps/ecparam.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/ecparam.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -413,14 +413,13 @@
}
if (check) {
- if (group == NULL)
- BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
- } else
- BIO_printf(bio_err, "ok\n");
+ goto end;
+ }
+ BIO_printf(bio_err, "ok\n");
}
Modified: trunk/crypto/openssl/apps/engine.c
===================================================================
--- trunk/crypto/openssl/apps/engine.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/engine.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -99,8 +99,6 @@
static int append_buf(char **buf, const char *s, int *size, int step)
{
- int l = strlen(s);
-
if (*buf == NULL) {
*size = step;
*buf = OPENSSL_malloc(*size);
@@ -109,9 +107,6 @@
**buf = '\0';
}
- if (**buf != '\0')
- l += 2; /* ", " */
-
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
Deleted: trunk/crypto/openssl/apps/install-apps.com
===================================================================
--- trunk/crypto/openssl/apps/install-apps.com 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/install-apps.com 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,107 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard at levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1 root of the directory tree
-$! P2 "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
- f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$ write sys$output "First argument missing."
-$ write sys$output -
- "It should be the directory where you want things installed."
-$ exit
-$ endif
-$!
-$ if (f$getsyi("cpu") .lt. 128)
-$ then
-$ arch = "VAX"
-$ else
-$ arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$ if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$!
-$ if (p2 .nes. "")
-$ then
-$ if (p2 .eqs. "64")
-$ then
-$ archd = arch+ "_64"
-$ else
-$ if (p2 .nes. "32")
-$ then
-$ write sys$output "Second argument invalid."
-$ write sys$output "It should be "32", "64", or nothing."
-$ exit
-$ endif
-$ endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse(root,,,"device","syntax_only")
-$ root_dir = f$parse(root,,,"directory","syntax_only") - -
- "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
- create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslxexe:") .eqs. "" then -
- create /directory /log wrk_sslxexe:
-$!
-$ exe := openssl
-$!
-$ exe_dir := [-.'archd'.exe.apps]
-$!
-$! Executables.
-$!
-$ i = 0
-$ loop_exe:
-$ e = f$edit(f$element( i, ",", exe), "trim")
-$ i = i + 1
-$ if e .eqs. "," then goto loop_exe_end
-$ set noon
-$ file = exe_dir+ e+ ".exe"
-$ if f$search( file) .nes. ""
-$ then
-$ copy /protection = w:re 'file' wrk_sslxexe: /log
-$ endif
-$ set on
-$ goto loop_exe
-$ loop_exe_end:
-$!
-$! Miscellaneous.
-$!
-$ set noon
-$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log
-$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log
-$ set on
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslxexe
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$ deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
Deleted: trunk/crypto/openssl/apps/md4.c
===================================================================
--- trunk/crypto/openssl/apps/md4.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/md4.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1 +0,0 @@
-link ../crypto/md4/md4.c
\ No newline at end of file
Modified: trunk/crypto/openssl/apps/ocsp.c
===================================================================
--- trunk/crypto/openssl/apps/ocsp.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/ocsp.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1220,8 +1220,8 @@
return NULL;
}
- if (BIO_get_fd(cbio, &fd) <= 0) {
- BIO_puts(err, "Can't get connection fd\n");
+ if (BIO_get_fd(cbio, &fd) < 0) {
+ BIO_puts(bio_err, "Can't get connection fd\n");
goto err;
}
Modified: trunk/crypto/openssl/apps/openssl.cnf
===================================================================
--- trunk/crypto/openssl/apps/openssl.cnf 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/openssl.cnf 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,4 +1,4 @@
-# $MidnightBSD: trunk/crypto/openssl/apps/openssl.cnf 7185 2015-07-28 11:03:45Z laffer1 $
+# $FreeBSD: stable/10/crypto/openssl/apps/openssl.cnf 238405 2012-07-12 19:30:53Z jkim $
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
Modified: trunk/crypto/openssl/apps/pkcs12.c
===================================================================
--- trunk/crypto/openssl/apps/pkcs12.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/pkcs12.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -135,6 +135,13 @@
apps_startup();
+ enc = EVP_des_ede3_cbc();
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -142,13 +149,6 @@
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
- enc = EVP_des_ede3_cbc();
- if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
args = argv + 1;
while (*args) {
Modified: trunk/crypto/openssl/apps/s_client.c
===================================================================
--- trunk/crypto/openssl/apps/s_client.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/s_client.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1884,6 +1884,9 @@
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+ OPENSSL_free(srp_arg.srppassin);
+#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cbuf != NULL) {
Deleted: trunk/crypto/openssl/apps/vms_decc_init.c
===================================================================
--- trunk/crypto/openssl/apps/vms_decc_init.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/vms_decc_init.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,172 +0,0 @@
-#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
- defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
-# define USE_DECC_INIT 1
-#endif
-
-#ifdef USE_DECC_INIT
-
-/*-
- * 2010-04-26 SMS.
- *
- *----------------------------------------------------------------------
- *
- * decc_init()
- *
- * On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
- * RTL features without using the DECC$* logical name method.
- *
- *----------------------------------------------------------------------
- */
-
-# include <stdio.h>
-# include <stdlib.h>
-# include <unixlib.h>
-
-/* Global storage. */
-
-/* Flag to sense if decc_init() was called. */
-
-int decc_init_done = -1;
-
-/* Structure to hold a DECC$* feature name and its desired value. */
-
-typedef struct {
- char *name;
- int value;
-} decc_feat_t;
-
-/*
- * Array of DECC$* feature names and their desired values. Note:
- * DECC$ARGV_PARSE_STYLE is the urgent one.
- */
-
-decc_feat_t decc_feat_array[] = {
- /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
- {"DECC$ARGV_PARSE_STYLE", 1},
-
- /* Preserve case for file names on ODS5 disks. */
- {"DECC$EFS_CASE_PRESERVE", 1},
-
- /*
- * Enable multiple dots (and most characters) in ODS5 file names, while
- * preserving VMS-ness of ";version".
- */
- {"DECC$EFS_CHARSET", 1},
-
- /* List terminator. */
- {(char *)NULL, 0}
-};
-
-/* LIB$INITIALIZE initialization function. */
-
-static void decc_init(void)
-{
- char *openssl_debug_decc_init;
- int verbose = 0;
- int feat_index;
- int feat_value;
- int feat_value_max;
- int feat_value_min;
- int i;
- int sts;
-
- /* Get debug option. */
- openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT");
- if (openssl_debug_decc_init != NULL) {
- verbose = strtol(openssl_debug_decc_init, NULL, 10);
- if (verbose <= 0) {
- verbose = 1;
- }
- }
-
- /* Set the global flag to indicate that LIB$INITIALIZE worked. */
- decc_init_done = 1;
-
- /* Loop through all items in the decc_feat_array[]. */
-
- for (i = 0; decc_feat_array[i].name != NULL; i++) {
- /* Get the feature index. */
- feat_index = decc$feature_get_index(decc_feat_array[i].name);
- if (feat_index >= 0) {
- /* Valid item. Collect its properties. */
- feat_value = decc$feature_get_value(feat_index, 1);
- feat_value_min = decc$feature_get_value(feat_index, 2);
- feat_value_max = decc$feature_get_value(feat_index, 3);
-
- /* Check the validity of our desired value. */
- if ((decc_feat_array[i].value >= feat_value_min) &&
- (decc_feat_array[i].value <= feat_value_max)) {
- /* Valid value. Set it if necessary. */
- if (feat_value != decc_feat_array[i].value) {
- sts = decc$feature_set_value(feat_index,
- 1, decc_feat_array[i].value);
-
- if (verbose > 1) {
- fprintf(stderr, " %s = %d, sts = %d.\n",
- decc_feat_array[i].name,
- decc_feat_array[i].value, sts);
- }
- }
- } else {
- /* Invalid DECC feature value. */
- fprintf(stderr,
- " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
- feat_value,
- feat_value_min, decc_feat_array[i].name,
- feat_value_max);
- }
- } else {
- /* Invalid DECC feature name. */
- fprintf(stderr,
- " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name);
- }
- }
-
- if (verbose > 0) {
- fprintf(stderr, " DECC_INIT complete.\n");
- }
-}
-
-/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
-
-# pragma nostandard
-
-/*
- * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
- * attributes. Note that "nopic" is significant only on VAX.
- */
-# pragma extern_model save
-
-# if __INITIAL_POINTER_SIZE == 64
-# define PSECT_ALIGN 3
-# else
-# define PSECT_ALIGN 2
-# endif
-
-# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
-const int spare[8] = { 0 };
-
-# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
-void (*const x_decc_init) () = decc_init;
-
-# pragma extern_model restore
-
-/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
-
-# pragma extern_model save
-
-int LIB$INITIALIZE(void);
-
-# pragma extern_model strict_refdef
-int dmy_lib$initialize = (int)LIB$INITIALIZE;
-
-# pragma extern_model restore
-
-# pragma standard
-
-#else /* def USE_DECC_INIT */
-
-/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
-int decc_init_dummy(void);
-
-#endif /* def USE_DECC_INIT */
Deleted: trunk/crypto/openssl/apps/winrand.c
===================================================================
--- trunk/crypto/openssl/apps/winrand.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/apps/winrand.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1,146 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*-
- * Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
- PSTR cmdline, int iCmdShow)
-{
- static char appname[] = "OpenSSL";
- HWND hwnd;
- MSG msg;
- WNDCLASSEX wndclass;
- char buffer[200];
-
- if (cmdline[0] == '\0')
- filename = RAND_file_name(buffer, sizeof buffer);
- else
- filename = cmdline;
-
- RAND_load_file(filename, -1);
-
- wndclass.cbSize = sizeof(wndclass);
- wndclass.style = CS_HREDRAW | CS_VREDRAW;
- wndclass.lpfnWndProc = WndProc;
- wndclass.cbClsExtra = 0;
- wndclass.cbWndExtra = 0;
- wndclass.hInstance = hInstance;
- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
- wndclass.lpszMenuName = NULL;
- wndclass.lpszClassName = appname;
- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
- RegisterClassEx(&wndclass);
-
- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
- NULL);
-
- ShowWindow(hwnd, iCmdShow);
- UpdateWindow(hwnd);
-
- while (GetMessage(&msg, NULL, 0, 0)) {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- return msg.wParam;
-}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-{
- HDC hdc;
- PAINTSTRUCT ps;
- RECT rect;
- static int seeded = 0;
-
- switch (iMsg) {
- case WM_PAINT:
- hdc = BeginPaint(hwnd, &ps);
- GetClientRect(hwnd, &rect);
- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
- EndPaint(hwnd, &ps);
- return 0;
-
- case WM_DESTROY:
- PostQuitMessage(0);
- return 0;
- }
-
- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
- seeded = 1;
- if (RAND_write_file(filename) <= 0)
- MessageBox(hwnd, "Couldn't write random file!",
- "OpenSSL", MB_OK | MB_ICONERROR);
- PostQuitMessage(0);
- }
-
- return DefWindowProc(hwnd, iMsg, wParam, lParam);
-}
Modified: trunk/crypto/openssl/crypto/aes/asm/aes-586.pl
===================================================================
--- trunk/crypto/openssl/crypto/aes/asm/aes-586.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/aes/asm/aes-586.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -45,7 +45,7 @@
# the undertaken effort was that it appeared that in tight IA-32
# register window little-endian flavor could achieve slightly higher
# Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent \xB5-archs...
+# better performance on most recent µ-archs...
#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
@@ -223,7 +223,7 @@
$speed_limit=512; # chunks smaller than $speed_limit are
# processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
- # recent \xB5-archs], but ~5 times smaller!
+ # recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
@@ -562,7 +562,7 @@
# Performance is not actually extraordinary in comparison to pure
# x86 code. In particular encrypt performance is virtually the same.
# Decrypt performance on the other hand is 15-20% better on newer
-# \xB5-archs [but we're thankful for *any* improvement here], and ~50%
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
# better on PIII:-) And additionally on the pros side this code
# eliminates redundant references to stack and thus relieves/
# minimizes the pressure on the memory bus.
Modified: trunk/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -68,6 +68,7 @@
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
Modified: trunk/crypto/openssl/crypto/aes/asm/aesni-x86.pl
===================================================================
--- trunk/crypto/openssl/crypto/aes/asm/aesni-x86.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/aes/asm/aesni-x86.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -74,7 +74,7 @@
$inout4="xmm6"; $in0="xmm6";
$inout5="xmm7"; $ivec="xmm7";
-# AESNI extenstion
+# AESNI extension
sub aeskeygenassist
{ my($dst,$src,$imm)=@_;
if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
Modified: trunk/crypto/openssl/crypto/asn1/asn1_par.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_par.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/asn1_par.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -62,6 +62,10 @@
#include <openssl/objects.h>
#include <openssl/asn1.h>
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent);
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -128,6 +132,12 @@
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif
+
+ if (depth > ASN1_PARSE_MAXDEPTH) {
+ BIO_puts(bp, "BAD RECURSION DEPTH\n");
+ return 0;
+ }
+
p = *pp;
tot = p + length;
op = p - 1;
Modified: trunk/crypto/openssl/crypto/asn1/d2i_pr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/d2i_pr.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/d2i_pr.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -72,6 +72,7 @@
long length)
{
EVP_PKEY *ret;
+ const unsigned char *p = *pp;
if ((a == NULL) || (*a == NULL)) {
if ((ret = EVP_PKEY_new()) == NULL) {
@@ -94,11 +95,11 @@
}
if (!ret->ameth->old_priv_decode ||
- !ret->ameth->old_priv_decode(ret, pp, length)) {
+ !ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
- p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
tmp = EVP_PKCS82PKEY(p8);
@@ -112,6 +113,7 @@
goto err;
}
}
+ *pp = p;
if (a != NULL)
(*a) = ret;
return (ret);
@@ -139,6 +141,7 @@
* input is surrounded by an ASN1 SEQUENCE.
*/
inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+ p = *pp;
/*
* Since we only need to discern "traditional format" RSA and DSA keys we
* can just count the elements.
@@ -149,7 +152,7 @@
keytype = EVP_PKEY_EC;
else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
* traditional format */
- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
EVP_PKEY *ret;
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
@@ -160,6 +163,9 @@
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
+ if (ret == NULL)
+ return NULL;
+ *pp = p;
if (a) {
*a = ret;
}
Modified: trunk/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -352,9 +352,9 @@
}
asn1_set_choice_selector(pval, i, it);
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;
case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -491,9 +491,9 @@
/* Save encoding */
if (!asn1_enc_save(pval, *in, p - *in, it))
goto auxerr;
- *in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
+ *in = p;
return 1;
default:
Modified: trunk/crypto/openssl/crypto/asn1/x_bignum.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_bignum.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/x_bignum.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -141,8 +141,9 @@
int utype, char *free_cont, const ASN1_ITEM *it)
{
BIGNUM *bn;
- if (!*pval)
- bn_new(pval, it);
+
+ if (*pval == NULL && !bn_new(pval, it))
+ return 0;
bn = (BIGNUM *)*pval;
if (!BN_bin2bn(cont, len, bn)) {
bn_free(pval, it);
Modified: trunk/crypto/openssl/crypto/asn1/x_pubkey.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_pubkey.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/x_pubkey.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -188,7 +188,9 @@
{
X509_PUBKEY *xpk;
EVP_PKEY *pktmp;
- xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ const unsigned char *q;
+ q = *pp;
+ xpk = d2i_X509_PUBKEY(NULL, &q, length);
if (!xpk)
return NULL;
pktmp = X509_PUBKEY_get(xpk);
@@ -195,6 +197,7 @@
X509_PUBKEY_free(xpk);
if (!pktmp)
return NULL;
+ *pp = q;
if (a) {
EVP_PKEY_free(*a);
*a = pktmp;
Modified: trunk/crypto/openssl/crypto/asn1/x_x509.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_x509.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/asn1/x_x509.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -180,16 +180,15 @@
if (!a || *a == NULL) {
freeret = 1;
}
- ret = d2i_X509(a, pp, length);
+ ret = d2i_X509(a, &q, length);
/* If certificate unreadable then forget it */
if (!ret)
return NULL;
/* update length */
- length -= *pp - q;
- if (!length)
- return ret;
- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+ length -= q - *pp;
+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
goto err;
+ *pp = q;
return ret;
err:
if (freeret) {
Modified: trunk/crypto/openssl/crypto/bio/b_dump.c
===================================================================
--- trunk/crypto/openssl/crypto/bio/b_dump.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bio/b_dump.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -104,7 +104,6 @@
if ((rows * dump_width) < len)
rows++;
for (i = 0; i < rows; i++) {
- buf[0] = '\0'; /* start with empty string */
BUF_strlcpy(buf, str, sizeof buf);
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
BUF_strlcat(buf, tmp, sizeof buf);
Modified: trunk/crypto/openssl/crypto/bio/bio.h
===================================================================
--- trunk/crypto/openssl/crypto/bio/bio.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bio/bio.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -290,7 +290,7 @@
* BIO_CB_RETURN flag indicates if it is after the call
*/
# define BIO_CB_RETURN 0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
Modified: trunk/crypto/openssl/crypto/bio/bss_file.c
===================================================================
--- trunk/crypto/openssl/crypto/bio/bss_file.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bio/bss_file.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -115,9 +115,8 @@
NULL,
};
-BIO *BIO_new_file(const char *filename, const char *mode)
+static FILE *file_fopen(const char *filename, const char *mode)
{
- BIO *ret;
FILE *file = NULL;
# if defined(_WIN32) && defined(CP_UTF8)
@@ -164,6 +163,14 @@
# else
file = fopen(filename, mode);
# endif
+ return (file);
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ BIO *ret;
+ FILE *file = file_fopen(filename, mode);
+
if (file == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
@@ -386,7 +393,7 @@
else
strcat(p, "t");
# endif
- fp = fopen(ptr, p);
+ fp = file_fopen(ptr, p);
if (fp == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
Modified: trunk/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -41,13 +41,13 @@
.align 5
mul_1x1_neon:
vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a
- vmull.p8 `&Q("d0")`,d16,d17 @ a\xB7bb
+ vmull.p8 `&Q("d0")`,d16,d17 @ a·bb
vshl.u64 `&Dlo("q2")`,d16,#16
- vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8\xB7bb
+ vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb
vshl.u64 `&Dlo("q3")`,d16,#24
- vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16\xB7bb
+ vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb
vshr.u64 `&Dlo("q1")`,#8
- vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24\xB7bb
+ vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb
vshl.u64 `&Dhi("q1")`,#24
veor d0,`&Dlo("q1")`
vshr.u64 `&Dlo("q2")`,#16
@@ -158,7 +158,7 @@
################
# void bn_GF2m_mul_2x2(BN_ULONG *r,
# BN_ULONG a1,BN_ULONG a0,
-# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0\xB7b1b0
+# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0
($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23));
@@ -184,20 +184,20 @@
vmov d16,$A1
vmov d17,$B1
- bl mul_1x1_neon @ a1\xB7b1
+ bl mul_1x1_neon @ a1·b1
vmov $A1B1,d0
vmov d16,$A0
vmov d17,$B0
- bl mul_1x1_neon @ a0\xB7b0
+ bl mul_1x1_neon @ a0·b0
vmov $A0B0,d0
veor d16,$A0,$A1
veor d17,$B0,$B1
veor $A0,$A0B0,$A1B1
- bl mul_1x1_neon @ (a0+a1)\xB7(b0+b1)
+ bl mul_1x1_neon @ (a0+a1)·(b0+b1)
- veor d0,$A0 @ (a0+a1)\xB7(b0+b1)-a0\xB7b0-a1\xB7b1
+ veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
vshl.u64 d1,d0,#32
vshr.u64 d0,d0,#32
veor $A0B0,d1
@@ -220,7 +220,7 @@
mov $mask,#7<<2
sub sp,sp,#32 @ allocate tab[8]
- bl mul_1x1_ialu @ a1\xB7b1
+ bl mul_1x1_ialu @ a1·b1
str $lo,[$ret,#8]
str $hi,[$ret,#12]
@@ -230,13 +230,13 @@
eor r2,r2,$a
eor $b,$b,r3
eor $a,$a,r2
- bl mul_1x1_ialu @ a0\xB7b0
+ bl mul_1x1_ialu @ a0·b0
str $lo,[$ret]
str $hi,[$ret,#4]
eor $a,$a,r2
eor $b,$b,r3
- bl mul_1x1_ialu @ (a1+a0)\xB7(b1+b0)
+ bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
___
@r=map("r$_",(6..9));
$code.=<<___;
Modified: trunk/crypto/openssl/crypto/bn/asm/ia64.S
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/ia64.S 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/ia64.S 2018-07-08 16:40:18 UTC (rev 11620)
@@ -422,7 +422,7 @@
// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
// Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was peforming *all* additions in IALU and was starving
+// version was performing *all* additions in IALU and was starving
// for those even on Itanium 2. In this version one addition is
// moved to FPU and is folded with multiplication. This is at cost
// of propogating the result from previous call to this subroutine
@@ -568,7 +568,7 @@
// I've estimated this routine to run in ~120 ticks, but in reality
// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
// cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium \xB5-architecture manual? Comments are welcomed and
+// clause in Itanium µ-architecture manual? Comments are welcomed and
// highly appreciated.
//
// On Itanium 2 it takes ~190 ticks. This is because of stalls on
Modified: trunk/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -172,12 +172,12 @@
if ($SIZE_T==8) {
my @r=map("%r$_",(6..9));
$code.=<<___;
- bras $ra,_mul_1x1 # a1\xB7b1
+ bras $ra,_mul_1x1 # a1·b1
stmg $lo,$hi,16($rp)
lg $a,`$stdframe+128+4*$SIZE_T`($sp)
lg $b,`$stdframe+128+6*$SIZE_T`($sp)
- bras $ra,_mul_1x1 # a0\xB7b0
+ bras $ra,_mul_1x1 # a0·b0
stmg $lo,$hi,0($rp)
lg $a,`$stdframe+128+3*$SIZE_T`($sp)
@@ -184,7 +184,7 @@
lg $b,`$stdframe+128+5*$SIZE_T`($sp)
xg $a,`$stdframe+128+4*$SIZE_T`($sp)
xg $b,`$stdframe+128+6*$SIZE_T`($sp)
- bras $ra,_mul_1x1 # (a0+a1)\xB7(b0+b1)
+ bras $ra,_mul_1x1 # (a0+a1)·(b0+b1)
lmg @r[0], at r[3],0($rp)
xgr $lo,$hi
Modified: trunk/crypto/openssl/crypto/bn/asm/x86-gf2m.pl
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/x86-gf2m.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/x86-gf2m.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -14,7 +14,7 @@
# the time being... Except that it has three code paths: pure integer
# code suitable for any x86 CPU, MMX code suitable for PIII and later
# and PCLMULQDQ suitable for Westmere and later. Improvement varies
-# from one benchmark and \xB5-arch to another. Below are interval values
+# from one benchmark and µ-arch to another. Below are interval values
# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
# code:
#
@@ -226,12 +226,12 @@
&push ("edi");
&mov ($a,&wparam(1));
&mov ($b,&wparam(3));
- &call ("_mul_1x1_mmx"); # a1\xB7b1
+ &call ("_mul_1x1_mmx"); # a1·b1
&movq ("mm7",$R);
&mov ($a,&wparam(2));
&mov ($b,&wparam(4));
- &call ("_mul_1x1_mmx"); # a0\xB7b0
+ &call ("_mul_1x1_mmx"); # a0·b0
&movq ("mm6",$R);
&mov ($a,&wparam(1));
@@ -238,10 +238,10 @@
&mov ($b,&wparam(3));
&xor ($a,&wparam(2));
&xor ($b,&wparam(4));
- &call ("_mul_1x1_mmx"); # (a0+a1)\xB7(b0+b1)
+ &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1)
&pxor ($R,"mm7");
&mov ($a,&wparam(0));
- &pxor ($R,"mm6"); # (a0+a1)\xB7(b0+b1)-a1\xB7b1-a0\xB7b0
+ &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0
&movq ($A,$R);
&psllq ($R,32);
@@ -266,13 +266,13 @@
&mov ($a,&wparam(1));
&mov ($b,&wparam(3));
- &call ("_mul_1x1_ialu"); # a1\xB7b1
+ &call ("_mul_1x1_ialu"); # a1·b1
&mov (&DWP(8,"esp"),$lo);
&mov (&DWP(12,"esp"),$hi);
&mov ($a,&wparam(2));
&mov ($b,&wparam(4));
- &call ("_mul_1x1_ialu"); # a0\xB7b0
+ &call ("_mul_1x1_ialu"); # a0·b0
&mov (&DWP(0,"esp"),$lo);
&mov (&DWP(4,"esp"),$hi);
@@ -280,7 +280,7 @@
&mov ($b,&wparam(3));
&xor ($a,&wparam(2));
&xor ($b,&wparam(4));
- &call ("_mul_1x1_ialu"); # (a0+a1)\xB7(b0+b1)
+ &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1)
&mov ("ebp",&wparam(0));
@r=("ebx","ecx","edi","esi");
Modified: trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -66,7 +66,7 @@
# undef sqr
/*-
- * "m"(a), "+m"(r) is the way to favor DirectPath \xB5-code;
+ * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
* "g"(0) let the compiler to decide where does it
* want to keep the value of zero;
*/
Modified: trunk/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -13,7 +13,7 @@
# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
# the time being... Except that it has two code paths: code suitable
# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
-# later. Improvement varies from one benchmark and \xB5-arch to another.
+# later. Improvement varies from one benchmark and µ-arch to another.
# Vanilla code path is at most 20% faster than compiler-generated code
# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
@@ -184,13 +184,13 @@
$code.=<<___;
movdqa %xmm0,%xmm4
movdqa %xmm1,%xmm5
- pclmulqdq \$0,%xmm1,%xmm0 # a1\xB7b1
+ pclmulqdq \$0,%xmm1,%xmm0 # a1·b1
pxor %xmm2,%xmm4
pxor %xmm3,%xmm5
- pclmulqdq \$0,%xmm3,%xmm2 # a0\xB7b0
- pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)\xB7(b0+b1)
+ pclmulqdq \$0,%xmm3,%xmm2 # a0·b0
+ pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1)
xorps %xmm0,%xmm4
- xorps %xmm2,%xmm4 # (a0+a1)\xB7(b0+b1)-a0\xB7b0-a1\xB7b1
+ xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1
movdqa %xmm4,%xmm5
pslldq \$8,%xmm4
psrldq \$8,%xmm5
@@ -225,13 +225,13 @@
mov \$0xf,$mask
mov $a1,$a
mov $b1,$b
- call _mul_1x1 # a1\xB7b1
+ call _mul_1x1 # a1·b1
mov $lo,16(%rsp)
mov $hi,24(%rsp)
mov 48(%rsp),$a
mov 64(%rsp),$b
- call _mul_1x1 # a0\xB7b0
+ call _mul_1x1 # a0·b0
mov $lo,0(%rsp)
mov $hi,8(%rsp)
@@ -239,7 +239,7 @@
mov 56(%rsp),$b
xor 48(%rsp),$a
xor 64(%rsp),$b
- call _mul_1x1 # (a0+a1)\xB7(b0+b1)
+ call _mul_1x1 # (a0+a1)·(b0+b1)
___
@r=("%rbx","%rcx","%rdi","%rsi");
$code.=<<___;
Modified: trunk/crypto/openssl/crypto/bn/bn_exp.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_exp.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_exp.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -649,12 +649,13 @@
bn_check_top(p);
bn_check_top(m);
- top = m->top;
-
- if (!(m->d[0] & 1)) {
+ if (!BN_is_odd(m)) {
BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
return (0);
}
+
+ top = m->top;
+
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
Modified: trunk/crypto/openssl/crypto/bn/bn_gcd.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_gcd.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_gcd.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -583,6 +583,7 @@
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
+ local_B.flags = 0;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, pB, A, ctx))
goto err;
@@ -610,6 +611,7 @@
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
+ local_A.flags = 0;
BN_with_flags(pA, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
Modified: trunk/crypto/openssl/crypto/bn/bn_gf2m.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_gf2m.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_gf2m.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -576,7 +576,7 @@
bn_check_top(a);
BN_CTX_start(ctx);
if ((s = BN_CTX_get(ctx)) == NULL)
- return 0;
+ goto err;
if (!bn_wexpand(s, 2 * a->top))
goto err;
@@ -700,18 +700,21 @@
int top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp;
- bn_wexpand(u, top);
+ if (!bn_wexpand(u, top))
+ goto err;
udp = u->d;
for (i = u->top; i < top; i++)
udp[i] = 0;
u->top = top;
- bn_wexpand(b, top);
+ if (!bn_wexpand(b, top))
+ goto err;
bdp = b->d;
bdp[0] = 1;
for (i = 1; i < top; i++)
bdp[i] = 0;
b->top = top;
- bn_wexpand(c, top);
+ if (!bn_wexpand(c, top))
+ goto err;
cdp = c->d;
for (i = 0; i < top; i++)
cdp[i] = 0;
Modified: trunk/crypto/openssl/crypto/bn/bn_mont.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_mont.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_mont.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -361,9 +361,9 @@
if (mont == NULL)
return;
- BN_free(&(mont->RR));
- BN_free(&(mont->N));
- BN_free(&(mont->Ni));
+ BN_clear_free(&(mont->RR));
+ BN_clear_free(&(mont->N));
+ BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
OPENSSL_free(mont);
}
@@ -373,6 +373,9 @@
int ret = 0;
BIGNUM *Ri, *R;
+ if (BN_is_zero(mod))
+ return 0;
+
BN_CTX_start(ctx);
if ((Ri = BN_CTX_get(ctx)) == NULL)
goto err;
Modified: trunk/crypto/openssl/crypto/bn/bn_recp.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_recp.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_recp.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -153,8 +153,10 @@
if (BN_ucmp(m, &(recp->N)) < 0) {
BN_zero(d);
- if (!BN_copy(r, m))
+ if (!BN_copy(r, m)) {
+ BN_CTX_end(ctx);
return 0;
+ }
BN_CTX_end(ctx);
return (1);
}
Modified: trunk/crypto/openssl/crypto/bn/bn_x931p.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_x931p.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bn_x931p.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -213,7 +213,7 @@
* exceeded.
*/
if (!BN_rand(Xp, nbits, 1, 0))
- return 0;
+ goto err;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
@@ -220,7 +220,7 @@
for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0))
- return 0;
+ goto err;
/* Check that |Xp - Xq| > 2^(nbits - 100) */
BN_sub(t, Xp, Xq);
if (BN_num_bits(t) > (nbits - 100))
@@ -234,6 +234,9 @@
return 0;
+ err:
+ BN_CTX_end(ctx);
+ return 0;
}
/*
Modified: trunk/crypto/openssl/crypto/bn/bntest.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bntest.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/bn/bntest.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -441,6 +441,14 @@
BN_init(&d);
BN_init(&e);
+ BN_one(&a);
+ BN_zero(&b);
+
+ if (BN_div(&d, &c, &a, &b, ctx)) {
+ fprintf(stderr, "Division by zero succeeded!\n");
+ return 0;
+ }
+
for (i = 0; i < num0 + num1; i++) {
if (i < num1) {
BN_bntest_rand(&a, 400, 0, 0);
@@ -516,9 +524,9 @@
do {
BN_bntest_rand(&a, 512, -1, 0);
BN_bntest_rand(&b, BN_BITS2, -1, 0);
- s = b.d[0];
- } while (!s);
+ } while (BN_is_zero(&b));
+ s = b.d[0];
BN_copy(&b, &a);
r = BN_div_word(&b, s);
@@ -781,6 +789,18 @@
if (mont == NULL)
return 0;
+ BN_zero(&n);
+ if (BN_MONT_CTX_set(mont, &n, ctx)) {
+ fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
+ return 0;
+ }
+
+ BN_set_word(&n, 16);
+ if (BN_MONT_CTX_set(mont, &n, ctx)) {
+ fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
+ return 0;
+ }
+
BN_bntest_rand(&a, 100, 0, 0);
BN_bntest_rand(&b, 100, 0, 0);
for (i = 0; i < num2; i++) {
@@ -887,6 +907,14 @@
d = BN_new();
e = BN_new();
+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_mul(e, a, b, c, ctx)) {
+ fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
+ return 0;
+ }
+
for (j = 0; j < 3; j++) {
BN_bntest_rand(c, 1024, 0, 0);
for (i = 0; i < num0; i++) {
@@ -952,6 +980,14 @@
d = BN_new();
e = BN_new();
+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_exp(d, a, b, c, ctx)) {
+ fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
+ return 0;
+ }
+
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);
@@ -999,6 +1035,22 @@
d = BN_new();
e = BN_new();
+ BN_one(a);
+ BN_one(b);
+ BN_zero(c);
+ if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+ fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus "
+ "succeeded\n");
+ return 0;
+ }
+
+ BN_set_word(c, 16);
+ if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
+ fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus "
+ "succeeded\n");
+ return 0;
+ }
+
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);
Modified: trunk/crypto/openssl/crypto/buffer/buf_str.c
===================================================================
--- trunk/crypto/openssl/crypto/buffer/buf_str.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/buffer/buf_str.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -58,12 +58,13 @@
#include <stdio.h>
#include "cryptlib.h"
+#include <limits.h>
#include <openssl/buffer.h>
char *BUF_strdup(const char *str)
{
if (str == NULL)
- return (NULL);
+ return NULL;
return BUF_strndup(str, strlen(str));
}
@@ -72,14 +73,20 @@
char *ret;
if (str == NULL)
- return (NULL);
+ return NULL;
+ if (siz >= INT_MAX)
+ return NULL;
+
ret = OPENSSL_malloc(siz + 1);
if (ret == NULL) {
BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
- BUF_strlcpy(ret, str, siz + 1);
+
+ memcpy(ret, str, siz);
+ ret[siz] = '\0';
+
return (ret);
}
@@ -87,13 +94,13 @@
{
void *ret;
- if (data == NULL)
- return (NULL);
+ if (data == NULL || siz >= INT_MAX)
+ return NULL;
ret = OPENSSL_malloc(siz);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
- return (NULL);
+ return NULL;
}
return memcpy(ret, data, siz);
}
Modified: trunk/crypto/openssl/crypto/buffer/buffer.h
===================================================================
--- trunk/crypto/openssl/crypto/buffer/buffer.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/buffer/buffer.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -85,7 +85,13 @@
int BUF_MEM_grow(BUF_MEM *str, size_t len);
int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
char *BUF_strdup(const char *str);
+
+/*
+ * Like strndup, but in addition, explicitly guarantees to never read past the
+ * first |siz| bytes of |str|.
+ */
char *BUF_strndup(const char *str, size_t siz);
+
void *BUF_memdup(const void *data, size_t siz);
void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
Modified: trunk/crypto/openssl/crypto/cms/cms_enc.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_enc.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/cms/cms_enc.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -199,7 +199,7 @@
ok = 1;
err:
- if (ec->key && !keep_key) {
+ if (ec->key && (!keep_key || !ok)) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
ec->key = NULL;
Modified: trunk/crypto/openssl/crypto/cms/cms_pwri.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_pwri.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/cms/cms_pwri.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -121,6 +121,9 @@
/* Setup algorithm identifier for cipher */
encalg = X509_ALGOR_new();
+ if (encalg == NULL) {
+ goto merr;
+ }
EVP_CIPHER_CTX_init(&ctx);
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
Modified: trunk/crypto/openssl/crypto/cms/cms_smime.c
===================================================================
--- trunk/crypto/openssl/crypto/cms/cms_smime.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/cms/cms_smime.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -714,7 +714,7 @@
BIO *cmsbio;
int ret = 0;
if (!(cmsbio = CMS_dataInit(cms, dcont))) {
- CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}
Modified: trunk/crypto/openssl/crypto/comp/c_zlib.c
===================================================================
--- trunk/crypto/openssl/crypto/comp/c_zlib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/comp/c_zlib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -404,8 +404,9 @@
void COMP_zlib_cleanup(void)
{
#ifdef ZLIB_SHARED
- if (zlib_dso)
+ if (zlib_dso != NULL)
DSO_free(zlib_dso);
+ zlib_dso = NULL;
#endif
}
Modified: trunk/crypto/openssl/crypto/conf/conf_def.c
===================================================================
--- trunk/crypto/openssl/crypto/conf/conf_def.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/conf/conf_def.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -225,12 +225,11 @@
goto err;
}
- section = (char *)OPENSSL_malloc(10);
+ section = BUF_strdup("default");
if (section == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
- BUF_strlcpy(section, "default", 10);
if (_CONF_new_data(conf) == 0) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
Modified: trunk/crypto/openssl/crypto/conf/conf_sap.c
===================================================================
--- trunk/crypto/openssl/crypto/conf/conf_sap.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/conf/conf_sap.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -90,6 +90,7 @@
CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
+ openssl_configured = 1;
}
void OPENSSL_no_config()
Modified: trunk/crypto/openssl/crypto/cryptlib.c
===================================================================
--- trunk/crypto/openssl/crypto/cryptlib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/cryptlib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -930,13 +930,29 @@
# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
if (check_winnt() && OPENSSL_isservice() > 0) {
- HANDLE h = RegisterEventSource(0, _T("OPENSSL"));
- const TCHAR *pmsg = buf;
- ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0);
- DeregisterEventSource(h);
+ HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+ if (hEventLog != NULL) {
+ const TCHAR *pmsg = buf;
+
+ if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+ 1, 0, &pmsg, NULL)) {
+#if defined(DEBUG)
+ /*
+ * We are in a situation where we tried to report a critical
+ * error and this failed for some reason. As a last resort,
+ * in debug builds, send output to the debugger or any other
+ * tool like DebugView which can monitor the output.
+ */
+ OutputDebugString(pmsg);
+#endif
+ }
+
+ (void)DeregisterEventSource(hEventLog);
+ }
} else
# endif
- MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
}
#else
void OPENSSL_showfatal(const char *fmta, ...)
Modified: trunk/crypto/openssl/crypto/dsa/dsa_ameth.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_ameth.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/dsa/dsa_ameth.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -318,6 +318,7 @@
dplen = i2d_ASN1_INTEGER(prkey, &dp);
ASN1_STRING_clear_free(prkey);
+ prkey = NULL;
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
V_ASN1_SEQUENCE, params, dp, dplen))
Modified: trunk/crypto/openssl/crypto/dsa/dsa_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_gen.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/dsa/dsa_gen.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -112,17 +112,9 @@
}
# endif
else {
- const EVP_MD *evpmd;
- size_t qbits = bits >= 2048 ? 256 : 160;
+ const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+ size_t qbits = EVP_MD_size(evpmd) * 8;
- if (bits >= 2048) {
- qbits = 256;
- evpmd = EVP_sha256();
- } else {
- qbits = 160;
- evpmd = EVP_sha1();
- }
-
return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
seed_in, seed_len, NULL, counter_ret,
h_ret, cb);
@@ -174,13 +166,14 @@
if (seed_in != NULL)
memcpy(seed, seed_in, seed_len);
- if ((ctx = BN_CTX_new()) == NULL)
+ if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;
- if ((mont = BN_MONT_CTX_new()) == NULL)
+ if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
+
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
@@ -201,7 +194,7 @@
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (!seed_len) {
+ if (!seed_len || !seed_in) {
if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
Modified: trunk/crypto/openssl/crypto/ec/ec.h
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ec/ec.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -106,7 +106,7 @@
/** the point is encoded as z||x, where the octet z specifies
* which solution of the quadratic equation y is */
POINT_CONVERSION_COMPRESSED = 2,
- /** the point is encoded as z||x||y, where z is the octet 0x02 */
+ /** the point is encoded as z||x||y, where z is the octet 0x04 */
POINT_CONVERSION_UNCOMPRESSED = 4,
/** the point is encoded as z||x||y, where the octet z specifies
* which solution of the quadratic equation y is */
Modified: trunk/crypto/openssl/crypto/ec/ec_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec_asn1.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ec/ec_asn1.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -970,8 +970,9 @@
{
EC_GROUP *group = NULL;
ECPKPARAMETERS *params = NULL;
+ const unsigned char *p = *in;
- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+ if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
ECPKPARAMETERS_free(params);
return NULL;
@@ -989,6 +990,7 @@
*a = group;
ECPKPARAMETERS_free(params);
+ *in = p;
return (group);
}
@@ -1016,8 +1018,9 @@
int ok = 0;
EC_KEY *ret = NULL;
EC_PRIVATEKEY *priv_key = NULL;
+ const unsigned char *p = *in;
- if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
+ if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
return NULL;
}
@@ -1096,6 +1099,7 @@
if (a)
*a = ret;
+ *in = p;
ok = 1;
err:
if (!ok) {
Modified: trunk/crypto/openssl/crypto/ec/ec_key.c
===================================================================
--- trunk/crypto/openssl/crypto/ec/ec_key.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ec/ec_key.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -366,7 +366,10 @@
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
- int ok = 0, tmp_nid, is_char_two = 0;
+ int ok = 0;
+#ifndef OPENSSL_NO_EC2M
+ int tmp_nid, is_char_two = 0;
+#endif
if (!key || !key->group || !x || !y) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
@@ -382,14 +385,15 @@
if (!point)
goto err;
+ tx = BN_CTX_get(ctx);
+ ty = BN_CTX_get(ctx);
+
+#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
- tx = BN_CTX_get(ctx);
- ty = BN_CTX_get(ctx);
-#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))
Modified: trunk/crypto/openssl/crypto/engine/eng_cryptodev.c
===================================================================
--- trunk/crypto/openssl/crypto/engine/eng_cryptodev.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/engine/eng_cryptodev.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1230,15 +1230,18 @@
if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
BN_num_bytes(dsa->q), s) == 0) {
dsaret = DSA_SIG_new();
+ if (dsaret == NULL)
+ goto err;
dsaret->r = r;
dsaret->s = s;
+ r = s = NULL;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
- BN_free(r);
- BN_free(s);
dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
}
err:
+ BN_free(r);
+ BN_free(s);
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
Modified: trunk/crypto/openssl/crypto/engine/eng_list.c
===================================================================
--- trunk/crypto/openssl/crypto/engine/eng_list.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/engine/eng_list.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -260,6 +260,7 @@
}
if ((e->id == NULL) || (e->name == NULL)) {
ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+ return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if (!engine_list_add(e)) {
Modified: trunk/crypto/openssl/crypto/evp/e_aes.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/e_aes.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/e_aes.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1146,7 +1146,7 @@
case EVP_CTRL_CCM_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
- if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+ if (c->encrypt && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
Modified: trunk/crypto/openssl/crypto/evp/e_des3.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/e_des3.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/e_des3.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -241,7 +241,7 @@
DES_cblock *deskey = (DES_cblock *)key;
# ifdef EVP_CHECK_DES_KEY
if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
- ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
+ || DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
return 0;
# else
DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
Modified: trunk/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -267,6 +267,8 @@
len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) {
+ if (len < MD5_DIGEST_LENGTH)
+ return -1;
len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8;
p[arg - 1] = len;
Modified: trunk/crypto/openssl/crypto/evp/encode.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/encode.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/encode.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -61,9 +61,9 @@
#include "cryptlib.h"
#include <openssl/evp.h>
+static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f])
#else
/*
* We assume that PEM encoded files are EBCDIC files (i.e., printable text
@@ -72,7 +72,6 @@
* as the underlying textstring data_bin2ascii[] is already EBCDIC)
*/
# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
#endif
/*-
@@ -104,6 +103,7 @@
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
+#define B64_BASE64(a) !B64_NOT_BASE64(a)
static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -124,6 +124,23 @@
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+ a = os_toascii[a];
+ if (a & 0x80)
+ return B64_ERROR;
+ return data_ascii2bin[a];
+}
+#endif
+
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->length = 48;
@@ -224,8 +241,9 @@
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
- ctx->length = 30;
+ /* Only ctx->num is used during decoding. */
ctx->num = 0;
+ ctx->length = 0;
ctx->line_num = 0;
ctx->expect_nl = 0;
}
@@ -234,139 +252,123 @@
* -1 for error
* 0 for last line
* 1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ * - Padding or B64_EOF was detected and the last block is complete.
+ * - Input has zero-length.
+ * -1 is returned if:
+ * - Invalid characters are detected.
+ * - There is extra trailing padding, or data after padding.
+ * - B64_EOF is detected after an incomplete base64 block.
*/
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl;
+ int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
unsigned char *d;
n = ctx->num;
d = ctx->enc_data;
- ln = ctx->line_num;
- exp_nl = ctx->expect_nl;
- /* last line of input. */
- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
+ if (n > 0 && d[n - 1] == '=') {
+ eof++;
+ if (n > 1 && d[n - 2] == '=')
+ eof++;
+ }
+
+ /* Legacy behaviour: an empty input chunk signals end of input. */
+ if (inl == 0) {
rv = 0;
goto end;
}
- /* We parse the input data */
for (i = 0; i < inl; i++) {
- /* If the current line is > 80 characters, scream alot */
- if (ln >= 80) {
- rv = -1;
- goto end;
- }
-
- /* Get char and put it into the buffer */
tmp = *(in++);
v = conv_ascii2bin(tmp);
- /* only save the good data :-) */
- if (!B64_NOT_BASE64(v)) {
- OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
- d[n++] = tmp;
- ln++;
- } else if (v == B64_ERROR) {
+ if (v == B64_ERROR) {
rv = -1;
goto end;
}
- /*
- * have we seen a '=' which is 'definitly' the last input line. seof
- * will point to the character that holds it. and eof will hold how
- * many characters to chop off.
- */
if (tmp == '=') {
- if (seof == -1)
- seof = n;
eof++;
+ } else if (eof > 0 && B64_BASE64(v)) {
+ /* More data after padding. */
+ rv = -1;
+ goto end;
}
- if (v == B64_CR) {
- ln = 0;
- if (exp_nl)
- continue;
+ if (eof > 2) {
+ rv = -1;
+ goto end;
}
- /* eoln */
- if (v == B64_EOLN) {
- ln = 0;
- if (exp_nl) {
- exp_nl = 0;
- continue;
- }
+ if (v == B64_EOF) {
+ seof = 1;
+ goto tail;
}
- exp_nl = 0;
- /*
- * If we are at the end of input and it looks like a line, process
- * it.
- */
- if (((i + 1) == inl) && (((n & 3) == 0) || eof)) {
- v = B64_EOF;
- /*
- * In case things were given us in really small records (so two
- * '=' were given in separate updates), eof may contain the
- * incorrect number of ending bytes to skip, so let's redo the
- * count
- */
- eof = 0;
- if (d[n - 1] == '=')
- eof++;
- if (d[n - 2] == '=')
- eof++;
- /* There will never be more than two '=' */
+ /* Only save valid base64 characters. */
+ if (B64_BASE64(v)) {
+ if (n >= 64) {
+ /*
+ * We increment n once per loop, and empty the buffer as soon as
+ * we reach 64 characters, so this can only happen if someone's
+ * manually messed with the ctx. Refuse to write any more data.
+ */
+ rv = -1;
+ goto end;
+ }
+ OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+ d[n++] = tmp;
}
- if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) {
- /*
- * This is needed to work correctly on 64 byte input lines. We
- * process the line and then need to accept the '\n'
- */
- if ((v != B64_EOF) && (n >= 64))
- exp_nl = 1;
- if (n > 0) {
- v = EVP_DecodeBlock(out, d, n);
- n = 0;
- if (v < 0) {
- rv = 0;
- goto end;
- }
- if (eof > v) {
- rv = -1;
- goto end;
- }
- ret += (v - eof);
- } else {
- eof = 1;
- v = 0;
+ if (n == 64) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
+ goto end;
}
+ ret += decoded_len - eof;
+ out += decoded_len - eof;
+ }
+ }
- /*
- * This is the case where we have had a short but valid input
- * line
- */
- if ((v < ctx->length) && eof) {
- rv = 0;
+ /*
+ * Legacy behaviour: if the current line is a full base64-block (i.e., has
+ * 0 mod 4 base64 characters), it is processed immediately. We keep this
+ * behaviour as applications may not be calling EVP_DecodeFinal properly.
+ */
+tail:
+ if (n > 0) {
+ if ((n & 3) == 0) {
+ decoded_len = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (decoded_len < 0 || eof > decoded_len) {
+ rv = -1;
goto end;
- } else
- ctx->length = v;
-
- if (seof >= 0) {
- rv = 0;
- goto end;
}
- out += v;
+ ret += (decoded_len - eof);
+ } else if (seof) {
+ /* EOF in the middle of a base64 block. */
+ rv = -1;
+ goto end;
}
}
- rv = 1;
- end:
+
+ rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+ /* Legacy behaviour. This should probably rather be zeroed on error. */
*outl = ret;
ctx->num = n;
- ctx->line_num = ln;
- ctx->expect_nl = exp_nl;
return (rv);
}
Modified: trunk/crypto/openssl/crypto/evp/evp_key.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/evp_key.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/evp_key.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -104,6 +104,8 @@
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt = prompt_string;
ui = UI_new();
+ if (ui == NULL)
+ return -1;
UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
if (verify)
@@ -137,7 +139,7 @@
EVP_MD_CTX_init(&c);
for (;;) {
if (!EVP_DigestInit_ex(&c, md, NULL))
- return 0;
+ goto err;
if (addmd++)
if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds))
goto err;
@@ -188,6 +190,6 @@
rv = type->key_len;
err:
EVP_MD_CTX_cleanup(&c);
- OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(md_buf, sizeof(md_buf));
return rv;
}
Modified: trunk/crypto/openssl/crypto/evp/evp_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/evp_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/evp_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -67,9 +67,19 @@
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_set_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_set_asn1_iv(c, type);
+ }
+ } else
ret = -1;
return (ret);
}
@@ -80,9 +90,20 @@
if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_get_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ break;
+ }
+ } else
ret = -1;
return (ret);
}
Modified: trunk/crypto/openssl/crypto/evp/evp_pbe.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/evp_pbe.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/evp_pbe.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -228,12 +228,16 @@
int md_nid, EVP_PBE_KEYGEN *keygen)
{
EVP_PBE_CTL *pbe_tmp;
- if (!pbe_algs)
+
+ if (pbe_algs == NULL) {
pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
- if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) {
- EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
- return 0;
+ if (pbe_algs == NULL)
+ goto err;
}
+
+ if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL)
+ goto err;
+
pbe_tmp->pbe_type = pbe_type;
pbe_tmp->pbe_nid = pbe_nid;
pbe_tmp->cipher_nid = cipher_nid;
@@ -242,6 +246,10 @@
sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp);
return 1;
+
+ err:
+ EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+ return 0;
}
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
Modified: trunk/crypto/openssl/crypto/evp/p_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/p_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/p_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -253,7 +253,7 @@
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
{
- if (!EVP_PKEY_set_type(pkey, type))
+ if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
return 0;
pkey->pkey.ptr = key;
return (key != NULL);
Modified: trunk/crypto/openssl/crypto/evp/pmeth_gn.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/pmeth_gn.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/evp/pmeth_gn.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -96,12 +96,17 @@
return -1;
}
- if (!ppkey)
+ if (ppkey == NULL)
return -1;
- if (!*ppkey)
+ if (*ppkey == NULL)
*ppkey = EVP_PKEY_new();
+ if (*ppkey == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
ret = ctx->pmeth->paramgen(ctx, *ppkey);
if (ret <= 0) {
EVP_PKEY_free(*ppkey);
Modified: trunk/crypto/openssl/crypto/hmac/hm_ameth.c
===================================================================
--- trunk/crypto/openssl/crypto/hmac/hm_ameth.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/hmac/hm_ameth.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -108,9 +108,14 @@
ASN1_OCTET_STRING *os;
os = ASN1_OCTET_STRING_new();
if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
- return 0;
- EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
+ goto err;
+ if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
+ goto err;
return 1;
+
+ err:
+ ASN1_OCTET_STRING_free(os);
+ return 0;
}
static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
Modified: trunk/crypto/openssl/crypto/jpake/jpake.c
===================================================================
--- trunk/crypto/openssl/crypto/jpake/jpake.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/jpake/jpake.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -218,6 +218,9 @@
BIGNUM *t3 = BN_new();
int ret = 0;
+ if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL)
+ goto end;
+
zkp_hash(h, zkpg, p, ctx->p.peer_name);
/* t1 = g^b */
@@ -233,6 +236,7 @@
else
JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+end:
/* cleanup */
BN_free(t3);
BN_free(t2);
Modified: trunk/crypto/openssl/crypto/mem_clr.c
===================================================================
--- trunk/crypto/openssl/crypto/mem_clr.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/mem_clr.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -66,6 +66,10 @@
{
unsigned char *p = ptr;
size_t loop = len, ctr = cleanse_ctr;
+
+ if (ptr == NULL)
+ return;
+
while (loop--) {
*(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF));
Modified: trunk/crypto/openssl/crypto/modes/asm/ghash-armv4.pl
===================================================================
--- trunk/crypto/openssl/crypto/modes/asm/ghash-armv4.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/modes/asm/ghash-armv4.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -374,8 +374,8 @@
vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte
.Linner_neon:
subs $cnt,$cnt,#1
- vmull.p8 $Qlo,$Hlo,$xi @ H.lo\xB7Xi[i]
- vmull.p8 $Qhi,$Hhi,$xi @ H.hi\xB7Xi[i]
+ vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i]
+ vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i]
vext.8 $IN,$zero,#1 @ IN>>=8
veor $Z,$Qpost @ modulo-scheduled part
@@ -388,7 +388,7 @@
vsli.8 $Zo,$T,#1 @ compose the "carry" byte
vext.8 $Z,$zero,#1 @ Z>>=8
- vmull.p8 $R,$Zo,$mod @ "carry"\xB70xe1
+ vmull.p8 $R,$Zo,$mod @ "carry"·0xe1
vshr.u8 $Zo,$T,#7 @ save Z's bottom bit
vext.8 $Qpost,$Qlo,$zero,#1 @ Qlo>>=8
veor $Z,$Qhi
Modified: trunk/crypto/openssl/crypto/modes/asm/ghash-x86.pl
===================================================================
--- trunk/crypto/openssl/crypto/modes/asm/ghash-x86.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/modes/asm/ghash-x86.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -346,7 +346,7 @@
# effective address calculation and finally merge of value to Z.hi.
# Reference to rem_4bit is scheduled so late that I had to >>4
# rem_4bit elements. This resulted in 20-45% procent improvement
-# on contemporary \xB5-archs.
+# on contemporary µ-archs.
{
my $cnt;
my $rem_4bit = "eax";
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -246,12 +246,6 @@
if ((p = strchr(p, ':'))) {
*p = 0;
port = p + 1;
- } else {
- /* Not found: set default port */
- if (*pssl)
- port = "443";
- else
- port = "80";
}
*pport = BUF_strdup(port);
Modified: trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c
===================================================================
--- trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ocsp/ocsp_prn.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -212,8 +212,7 @@
return 1;
}
- i = ASN1_STRING_length(rb->response);
- if (!(br = OCSP_response_get1_basic(o)))
+ if ((br = OCSP_response_get1_basic(o)) == NULL)
goto err;
rd = br->tbsResponseData;
l = ASN1_INTEGER_get(rd->version);
Modified: trunk/crypto/openssl/crypto/opensslconf.h
===================================================================
--- trunk/crypto/openssl/crypto/opensslconf.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/opensslconf.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -197,7 +197,7 @@
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
@@ -216,7 +216,7 @@
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
-#if defined( sun ) /* Newer Sparc's */
+#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
Modified: trunk/crypto/openssl/crypto/opensslconf.h.in
===================================================================
--- trunk/crypto/openssl/crypto/opensslconf.h.in 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/opensslconf.h.in 2018-07-08 16:40:18 UTC (rev 11620)
@@ -101,7 +101,7 @@
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
@@ -120,7 +120,7 @@
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
-#if defined( sun ) /* Newer Sparc's */
+#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
Modified: trunk/crypto/openssl/crypto/opensslv.h
===================================================================
--- trunk/crypto/openssl/crypto/opensslv.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/opensslv.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -34,7 +34,7 @@
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1u-fips 22 Sep 2016"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1u 22 Sep 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1u-freebsd 22 Sep 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: trunk/crypto/openssl/crypto/pem/pem_info.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pem_info.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pem/pem_info.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -172,6 +172,8 @@
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_RSA;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
@@ -193,6 +195,8 @@
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_DSA;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
@@ -214,6 +218,8 @@
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_EC;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
Modified: trunk/crypto/openssl/crypto/pem/pvkfmt.c
===================================================================
--- trunk/crypto/openssl/crypto/pem/pvkfmt.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pem/pvkfmt.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -635,13 +635,11 @@
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
return 0;
}
- length -= 20;
} else {
if (length < 24) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
return 0;
}
- length -= 24;
pvk_magic = read_ledword(&p);
if (pvk_magic != MS_PVKMAGIC) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
@@ -706,16 +704,16 @@
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (inlen <= 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
- return NULL;
+ goto err;
}
enctmp = OPENSSL_malloc(keylen + 8);
if (!enctmp) {
PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
if (!derive_pvk_key(keybuf, p, saltlen,
(unsigned char *)psbuf, inlen))
- return NULL;
+ goto err;
p += saltlen;
/* Copy BLOBHEADER across, decrypt rest */
memcpy(enctmp, p, 8);
@@ -722,7 +720,7 @@
p += 8;
if (keylen < 8) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
- return NULL;
+ goto err;
}
inlen = keylen - 8;
q = enctmp + 8;
Modified: trunk/crypto/openssl/crypto/perlasm/x86asm.pl
===================================================================
--- trunk/crypto/openssl/crypto/perlasm/x86asm.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/perlasm/x86asm.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -257,4 +257,6 @@
&file($filename);
}
+sub ::hidden {}
+
1;
Modified: trunk/crypto/openssl/crypto/perlasm/x86gas.pl
===================================================================
--- trunk/crypto/openssl/crypto/perlasm/x86gas.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/perlasm/x86gas.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -250,4 +250,6 @@
sub ::dataseg
{ push(@out,".data\n"); }
+*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf);
+
1;
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_add.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_add.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_add.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -75,15 +75,19 @@
bag->type = OBJ_nid2obj(nid1);
if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
if (!(safebag = PKCS12_SAFEBAG_new())) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
safebag->value.bag = bag;
safebag->type = OBJ_nid2obj(nid2);
return safebag;
+
+ err:
+ PKCS12_BAGS_free(bag);
+ return NULL;
}
/* Turn PKCS8 object into a keybag */
@@ -127,6 +131,7 @@
PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+ PKCS12_SAFEBAG_free(bag);
return NULL;
}
@@ -144,14 +149,18 @@
p7->type = OBJ_nid2obj(NID_pkcs7_data);
if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
- return NULL;
+ goto err;
}
return p7;
+
+ err:
+ PKCS7_free(p7);
+ return NULL;
}
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
@@ -181,7 +190,7 @@
if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
- return NULL;
+ goto err;
}
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
@@ -193,7 +202,7 @@
if (!pbe) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe;
@@ -202,10 +211,14 @@
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
passlen, bags, 1))) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
- return NULL;
+ goto err;
}
return p7;
+
+ err:
+ PKCS7_free(p7);
+ return NULL;
}
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_crpt.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_crpt.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_crpt.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -77,6 +77,9 @@
const unsigned char *pbuf;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+ if (cipher == NULL)
+ return 0;
+
/* Extract useful info from parameter */
if (param == NULL || param->type != V_ASN1_SEQUENCE ||
param->value.sequence == NULL) {
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_kiss.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -135,10 +135,12 @@
while ((x = sk_X509_pop(ocerts))) {
if (pkey && *pkey && cert && !*cert) {
+ ERR_set_mark();
if (X509_check_private_key(x, *pkey)) {
*cert = x;
x = NULL;
}
+ ERR_pop_to_mark();
}
if (ca && x) {
Modified: trunk/crypto/openssl/crypto/pkcs12/p12_mutl.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs12/p12_mutl.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pkcs12/p12_mutl.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -173,11 +173,11 @@
}
if (!saltlen)
saltlen = PKCS12_SALT_LEN;
- p12->mac->salt->length = saltlen;
- if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) {
+ if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
+ p12->mac->salt->length = saltlen;
if (!salt) {
if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
return 0;
Modified: trunk/crypto/openssl/crypto/pkcs7/pk7_doit.c
===================================================================
--- trunk/crypto/openssl/crypto/pkcs7/pk7_doit.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/pkcs7/pk7_doit.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -656,6 +656,8 @@
bio = BIO_new_mem_buf(data_body->data, data_body->length);
else {
bio = BIO_new(BIO_s_mem());
+ if (bio == NULL)
+ goto err;
BIO_set_mem_eof_return(bio, 0);
}
if (bio == NULL)
@@ -1156,7 +1158,6 @@
rsk = p7->d.signed_and_enveloped->recipientinfo;
if (rsk == NULL)
return NULL;
- ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
return (NULL);
ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
Modified: trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -56,7 +56,7 @@
# achieves respectful 432MBps on 2.8GHz processor now. For reference.
# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than
# RC4_INT code-path. While if executed on Opteron, it's only 25%
-# slower than the RC4_INT one [meaning that if CPU \xB5-arch detection
+# slower than the RC4_INT one [meaning that if CPU µ-arch detection
# is not implemented, then this final RC4_CHAR code-path should be
# preferred, as it provides better *all-round* performance].
Modified: trunk/crypto/openssl/crypto/rsa/rsa_gen.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_gen.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/rsa/rsa_gen.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -69,6 +69,8 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
#endif
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
@@ -94,7 +96,7 @@
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
#ifdef OPENSSL_FIPS
if (FIPS_mode())
- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb);
}
Modified: trunk/crypto/openssl/crypto/rsa/rsa_sign.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_sign.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/rsa/rsa_sign.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -218,14 +218,13 @@
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
- } else if (memcmp(m, s + 2, 16))
+ } else if (memcmp(m, s + 2, 16)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- else
+ } else {
ret = 1;
- }
-
- /* Special case: SSL signature */
- if (dtype == NID_md5_sha1) {
+ }
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
Modified: trunk/crypto/openssl/crypto/rsa/rsa_test.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_test.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/rsa/rsa_test.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -297,22 +297,30 @@
} else
printf("OAEP encryption/decryption ok\n");
- /* Try decrypting corrupted ciphertexts */
+ /* Try decrypting corrupted ciphertexts. */
for (n = 0; n < clen; ++n) {
- int b;
- unsigned char saved = ctext[n];
- for (b = 0; b < 256; ++b) {
- if (b == saved)
- continue;
- ctext[n] = b;
- num = RSA_private_decrypt(num, ctext, ptext, key,
+ ctext[n] ^= 1;
+ num = RSA_private_decrypt(clen, ctext, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (num > 0) {
- printf("Corrupt data decrypted!\n");
- err = 1;
- }
+ if (num > 0) {
+ printf("Corrupt data decrypted!\n");
+ err = 1;
+ break;
}
+ ctext[n] ^= 1;
}
+
+ /* Test truncated ciphertexts, as well as negative length. */
+ for (n = -1; n < clen; ++n) {
+ num = RSA_private_decrypt(n, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ printf("Truncated data decrypted!\n");
+ err = 1;
+ break;
+ }
+ }
+
next:
RSA_free(key);
}
Modified: trunk/crypto/openssl/crypto/sha/asm/sha1-586.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha1-586.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sha/asm/sha1-586.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -66,9 +66,9 @@
# switch to AVX alone improves performance by as little as 4% in
# comparison to SSSE3 code path. But below result doesn't look like
# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
-# pair of \xB5-ops, and it's the additional \xB5-ops, two per round, that
+# pair of µ-ops, and it's the additional µ-ops, two per round, that
# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
-# as single \xB5-op by Sandy Bridge and it's replacing 'ro[rl]' with
+# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
# cycles per processed byte. But 'sh[rl]d' is not something that used
# to be fast, nor does it appear to be fast in upcoming Bulldozer
@@ -116,6 +116,9 @@
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
$1>=2.03); # first version supporting AVX
+$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+ $2>=3.0); # first version supporting AVX
+
&external_label("OPENSSL_ia32cap_P") if ($xmm);
Modified: trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -81,6 +81,8 @@
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ &&
+ $2>=3.0);
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
Modified: trunk/crypto/openssl/crypto/sha/asm/sha256-586.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha256-586.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sha/asm/sha256-586.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -21,7 +21,7 @@
# purposes.
#
# Performance improvement over compiler generated code varies from
-# 10% to 40% [see above]. Not very impressive on some \xB5-archs, but
+# 10% to 40% [see above]. Not very impressive on some µ-archs, but
# it's 5 times smaller and optimizies amount of writes.
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
Modified: trunk/crypto/openssl/crypto/sha/asm/sha512-586.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha512-586.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sha/asm/sha512-586.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -23,7 +23,7 @@
#
# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
# performance improvement over compiler generated code reaches ~60%,
-# while on PIII - ~35%. On newer \xB5-archs improvement varies from 15%
+# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
# to 50%, but it's less important as they are expected to execute SSE2
# code-path, which is commonly ~2-3x faster [than compiler generated
# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
Modified: trunk/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
===================================================================
--- trunk/crypto/openssl/crypto/sha/asm/sha512-parisc.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sha/asm/sha512-parisc.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -19,7 +19,7 @@
# SHA512 performance is >2.9x better than gcc 3.2 generated code on
# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the
# code is executed on PA-RISC 2.0 processor and switches to 64-bit
-# code path delivering adequate peformance even in "blended" 32-bit
+# code path delivering adequate performance even in "blended" 32-bit
# build. Though 64-bit code is not any faster than code generated by
# vendor compiler on PA-8600...
#
Modified: trunk/crypto/openssl/crypto/sparccpuid.S
===================================================================
--- trunk/crypto/openssl/crypto/sparccpuid.S 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/sparccpuid.S 2018-07-08 16:40:18 UTC (rev 11620)
@@ -123,7 +123,7 @@
fmovs %f1,%f3
fmovs %f0,%f2
- add %fp,BIAS,%i0 ! return pointer to caller\xB4s top of stack
+ add %fp,BIAS,%i0 ! return pointer to caller´s top of stack
ret
restore
Modified: trunk/crypto/openssl/crypto/srp/srp_vfy.c
===================================================================
--- trunk/crypto/openssl/crypto/srp/srp_vfy.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/srp/srp_vfy.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -568,12 +568,12 @@
char **verifier, const char *N, const char *g)
{
int len;
- char *result = NULL;
- char *vf;
+ char *result = NULL, *vf = NULL;
BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
unsigned char tmp[MAX_LEN];
unsigned char tmp2[MAX_LEN];
char *defgNid = NULL;
+ int vfsize = 0;
if ((user == NULL) ||
(pass == NULL) || (salt == NULL) || (verifier == NULL))
@@ -611,16 +611,15 @@
goto err;
BN_bn2bin(v, tmp);
- if (((vf = OPENSSL_malloc(BN_num_bytes(v) * 2)) == NULL))
+ vfsize = BN_num_bytes(v) * 2;
+ if (((vf = OPENSSL_malloc(vfsize)) == NULL))
goto err;
t_tob64(vf, tmp, BN_num_bytes(v));
- *verifier = vf;
if (*salt == NULL) {
char *tmp_salt;
if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
- OPENSSL_free(vf);
goto err;
}
t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
@@ -627,6 +626,8 @@
*salt = tmp_salt;
}
+ *verifier = vf;
+ vf = NULL;
result = defgNid;
err:
@@ -634,11 +635,21 @@
BN_free(N_bn);
BN_free(g_bn);
}
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ BN_clear_free(s);
+ BN_clear_free(v);
return result;
}
/*
- * create a verifier (*salt,*verifier,g and N are BIGNUMs)
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
*/
int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
@@ -647,6 +658,7 @@
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
+ BIGNUM *salttmp = NULL;
if ((user == NULL) ||
(pass == NULL) ||
@@ -661,10 +673,12 @@
if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
goto err;
- *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+ } else {
+ salttmp = *salt;
}
- x = SRP_Calc_x(*salt, user, pass);
+ x = SRP_Calc_x(salttmp, user, pass);
*verifier = BN_new();
if (*verifier == NULL)
@@ -678,9 +692,11 @@
srp_bn_print(*verifier);
result = 1;
+ *salt = salttmp;
err:
-
+ if (*salt != salttmp)
+ BN_clear_free(salttmp);
BN_clear_free(x);
BN_CTX_free(bn_ctx);
return result;
Modified: trunk/crypto/openssl/crypto/threads/mttest.c
===================================================================
--- trunk/crypto/openssl/crypto/threads/mttest.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/threads/mttest.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -56,7 +56,6 @@
* [including the GNU Public Licence.]
*/
-#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
@@ -86,17 +85,11 @@
#include <openssl/lhash.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
-#include "../../e_os.h"
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#ifdef OPENSSL_NO_FP_API
-# define APPS_WIN16
-# include "../buffer/bss_file.c"
-#endif
-
#ifdef OPENSSL_SYS_NETWARE
# define TEST_SERVER_CERT "/openssl/apps/server.pem"
# define TEST_CLIENT_CERT "/openssl/apps/client.pem"
@@ -107,23 +100,23 @@
#define MAX_THREAD_NUMBER 100
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+int verify_callback(int ok, X509_STORE_CTX *xs);
void thread_setup(void);
void thread_cleanup(void);
void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx);
-void irix_locking_callback(int mode, int type, char *file, int line);
-void solaris_locking_callback(int mode, int type, char *file, int line);
-void win32_locking_callback(int mode, int type, char *file, int line);
-void pthreads_locking_callback(int mode, int type, char *file, int line);
-void netware_locking_callback(int mode, int type, char *file, int line);
+void irix_locking_callback(int mode, int type, const char *file, int line);
+void solaris_locking_callback(int mode, int type, const char *file, int line);
+void win32_locking_callback(int mode, int type, const char *file, int line);
+void pthreads_locking_callback(int mode, int type, const char *file, int line);
+void netware_locking_callback(int mode, int type, const char *file, int line);
void beos_locking_callback(int mode, int type, const char *file, int line);
-unsigned long irix_thread_id(void);
-unsigned long solaris_thread_id(void);
-unsigned long pthreads_thread_id(void);
-unsigned long netware_thread_id(void);
-unsigned long beos_thread_id(void);
+void irix_thread_id(CRYPTO_THREADID *tid);
+void solaris_thread_id(CRYPTO_THREADID *tid);
+void pthreads_thread_id(CRYPTO_THREADID *tid);
+void netware_thread_id(CRYPTO_THREADID *tid);
+void beos_thread_id(CRYPTO_THREADID *tid);
#if defined(OPENSSL_SYS_NETWARE)
static MPKMutex *lock_cs;
@@ -149,39 +142,39 @@
"string to make the random number generator think it has entropy";
int doit(char *ctx[4]);
-static void print_stats(FILE *fp, SSL_CTX *ctx)
+static void print_stats(BIO *bio, SSL_CTX *ctx)
{
- fprintf(fp, "%4ld items in the session cache\n",
- SSL_CTX_sess_number(ctx));
- fprintf(fp, "%4d client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ctx));
- fprintf(fp, "%4d client connects that finished\n",
- SSL_CTX_sess_connect_good(ctx));
- fprintf(fp, "%4d server connects (SSL_accept())\n",
- SSL_CTX_sess_accept(ctx));
- fprintf(fp, "%4d server connects that finished\n",
- SSL_CTX_sess_accept_good(ctx));
- fprintf(fp, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
- fprintf(fp, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
- fprintf(fp, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
+ BIO_printf(bio, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ctx));
+ BIO_printf(bio, "%4d client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ctx));
+ BIO_printf(bio, "%4d client connects that finished\n",
+ SSL_CTX_sess_connect_good(ctx));
+ BIO_printf(bio, "%4d server connects (SSL_accept())\n",
+ SSL_CTX_sess_accept(ctx));
+ BIO_printf(bio, "%4d server connects that finished\n",
+ SSL_CTX_sess_accept_good(ctx));
+ BIO_printf(bio, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
+ BIO_printf(bio, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
+ BIO_printf(bio, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
}
static void sv_usage(void)
{
- fprintf(stderr, "usage: ssltest [args ...]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " -server_auth - check server certificate\n");
- fprintf(stderr, " -client_auth - do client authentication\n");
- fprintf(stderr, " -v - more output\n");
- fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr, " -threads arg - number of threads\n");
- fprintf(stderr, " -loops arg - number of 'connections', per thread\n");
- fprintf(stderr, " -reconnect - reuse session-id's\n");
- fprintf(stderr, " -stats - server session-id cache stats\n");
- fprintf(stderr, " -cert arg - server certificate/key\n");
- fprintf(stderr, " -ccert arg - client certificate/key\n");
- fprintf(stderr, " -ssl3 - just SSLv3n\n");
+ BIO_printf(bio_err, "usage: ssltest [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -server_auth - check server certificate\n");
+ BIO_printf(bio_err, " -client_auth - do client authentication\n");
+ BIO_printf(bio_err, " -v - more output\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, " -threads arg - number of threads\n");
+ BIO_printf(bio_err, " -loops arg - number of 'connections', per thread\n");
+ BIO_printf(bio_err, " -reconnect - reuse session-id's\n");
+ BIO_printf(bio_err, " -stats - server session-id cache stats\n");
+ BIO_printf(bio_err, " -cert arg - server certificate/key\n");
+ BIO_printf(bio_err, " -ccert arg - client certificate/key\n");
+ BIO_printf(bio_err, " -ssl3 - just SSLv3n\n");
}
int main(int argc, char *argv[])
@@ -195,14 +188,14 @@
SSL_CTX *c_ctx = NULL;
char *scert = TEST_SERVER_CERT;
char *ccert = TEST_CLIENT_CERT;
- SSL_METHOD *ssl_method = SSLv23_method();
+ const SSL_METHOD *ssl_method = SSLv23_method();
RAND_seed(rnd_seed, sizeof rnd_seed);
if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ bio_err = BIO_new_fd(2, BIO_NOCLOSE);
if (bio_stdout == NULL)
- bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio_stdout = BIO_new_fd(1, BIO_NOCLOSE);
argc--;
argv++;
@@ -250,7 +243,7 @@
if (number_of_loops == 0)
number_of_loops = 1;
} else {
- fprintf(stderr, "unknown option %s\n", *argv);
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
break;
}
@@ -284,9 +277,12 @@
SSL_SESS_CACHE_SERVER);
if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_certificate_file (%s)\n", scert);
ERR_print_errors(bio_err);
+ goto end;
} else
if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_RSAPrivateKey_file (%s)\n", scert);
ERR_print_errors(bio_err);
goto end;
}
@@ -300,19 +296,19 @@
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
- fprintf(stderr, "SSL_load_verify_locations\n");
+ BIO_printf(bio_err, "SSL_load_verify_locations\n");
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
- fprintf(stderr, "client authentication\n");
+ BIO_printf(bio_err, "client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
}
if (server_auth) {
- fprintf(stderr, "server authentication\n");
+ BIO_printf(bio_err, "server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
}
@@ -322,24 +318,24 @@
end:
if (c_ctx != NULL) {
- fprintf(stderr, "Client SSL_CTX stats then free it\n");
- print_stats(stderr, c_ctx);
+ BIO_printf(bio_err, "Client SSL_CTX stats then free it\n");
+ print_stats(bio_err, c_ctx);
SSL_CTX_free(c_ctx);
}
if (s_ctx != NULL) {
- fprintf(stderr, "Server SSL_CTX stats then free it\n");
- print_stats(stderr, s_ctx);
+ BIO_printf(bio_err, "Server SSL_CTX stats then free it\n");
+ print_stats(bio_err, s_ctx);
if (cache_stats) {
- fprintf(stderr, "-----\n");
- lh_stats(SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
- /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n"); */
- lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
+ BIO_printf(bio_err, "-----\n");
+ lh_SSL_SESSION_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
+ /*- lh_SSL_SESSION_node_stats_bio(SSL_CTX_sessions(s_ctx),bio_err);
+ BIO_printf(bio_err,"-----\n"); */
+ lh_SSL_SESSION_node_usage_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
}
SSL_CTX_free(s_ctx);
- fprintf(stderr, "done free\n");
+ BIO_printf(bio_err, "done free\n");
}
exit(ret);
return (0);
@@ -355,6 +351,7 @@
int i;
int ret;
char *ctx[4];
+ CRYPTO_THREADID thread_id;
ctx[0] = (char *)ssl_ctx[0];
ctx[1] = (char *)ssl_ctx[1];
@@ -367,22 +364,24 @@
ctx[3] = NULL;
}
- fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id());
+ CRYPTO_THREADID_current(&thread_id);
+ BIO_printf(bio_stdout, "started thread %lu\n",
+ CRYPTO_THREADID_hash(&thread_id));
for (i = 0; i < number_of_loops; i++) {
-/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
- CRYPTO_thread_id(),i,
- ssl_ctx[0]->references,
- ssl_ctx[1]->references); */
+/*- BIO_printf(bio_err,"%4d %2d ctx->ref (%3d,%3d)\n",
+ CRYPTO_THREADID_hash(&thread_id),i,
+ ssl_ctx[0]->references,
+ ssl_ctx[1]->references); */
/* pthread_delay_np(&tm); */
ret = doit(ctx);
if (ret != 0) {
- fprintf(stdout, "error[%d] %lu - %d\n",
- i, CRYPTO_thread_id(), ret);
+ BIO_printf(bio_stdout, "error[%d] %lu - %d\n",
+ i, CRYPTO_THREADID_hash(&thread_id), ret);
return (ret);
}
}
- fprintf(stdout, "DONE %lu\n", CRYPTO_thread_id());
+ BIO_printf(bio_stdout, "DONE %lu\n", CRYPTO_THREADID_hash(&thread_id));
if (reconnect) {
SSL_free((SSL *)ctx[2]);
SSL_free((SSL *)ctx[3]);
@@ -467,26 +466,26 @@
if (do_server && verbose) {
if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
+ BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
else if (s_write)
- printf("server:SSL_write()\n");
+ BIO_printf(bio_stdout, "server:SSL_write()\n");
else
- printf("server:SSL_read()\n");
+ BIO_printf(bio_stdout, "server:SSL_read()\n");
}
if (do_client && verbose) {
if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
+ BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
else if (c_write)
- printf("client:SSL_write()\n");
+ BIO_printf(bio_stdout, "client:SSL_write()\n");
else
- printf("client:SSL_read()\n");
+ BIO_printf(bio_stdout, "client:SSL_read()\n");
}
if (!do_client && !do_server) {
- fprintf(stdout, "ERROR IN STARTUP\n");
+ BIO_printf(bio_stdout, "ERROR IN STARTUP\n");
break;
}
if (do_client && !(done & C_DONE)) {
@@ -501,12 +500,12 @@
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
/* ok */
@@ -523,19 +522,19 @@
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
done |= C_DONE;
#ifdef undef
- fprintf(stdout, "CLIENT:from server:");
- fwrite(cbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "CLIENT:from server:");
+ BIO_write(bio_stdout, cbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
}
@@ -553,20 +552,20 @@
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 1;
s_w = 1;
#ifdef undef
- fprintf(stdout, "SERVER:from client:");
- fwrite(sbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "SERVER:from client:");
+ BIO_write(bio_stdout, sbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
} else {
@@ -580,12 +579,12 @@
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 0;
@@ -606,7 +605,7 @@
SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#ifdef undef
- fprintf(stdout, "DONE\n");
+ BIO_printf(bio_stdout, "DONE\n");
#endif
err:
/*
@@ -640,7 +639,7 @@
return (0);
}
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];
@@ -649,9 +648,9 @@
buf, 256);
if (s != NULL) {
if (ok)
- fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ BIO_printf(bio_err, "depth=%d %s\n", ctx->error_depth, buf);
else
- fprintf(stderr, "depth=%d error=%d %s\n",
+ BIO_printf(bio_err, "depth=%d error=%d %s\n",
ctx->error_depth, ctx->error, buf);
}
}
@@ -688,7 +687,7 @@
OPENSSL_free(lock_cs);
}
-void win32_locking_callback(int mode, int type, char *file, int line)
+void win32_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
WaitForSingleObject(lock_cs[type], INFINITE);
@@ -717,7 +716,7 @@
(void *)ssl_ctx, 0L, &(thread_id[i]));
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i += 50) {
int j;
@@ -727,7 +726,7 @@
(CONST HANDLE *) & (thread_handle[i]),
TRUE, INFINITE)
== WAIT_FAILED) {
- fprintf(stderr, "WaitForMultipleObjects failed:%d\n",
+ BIO_printf(bio_err, "WaitForMultipleObjects failed:%d\n",
GetLastError());
exit(1);
}
@@ -743,7 +742,7 @@
ret = (ret + end.wSecond - start.wSecond);
ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0;
- printf("win32 threads done - %.3f seconds\n", ret);
+ BIO_printf(bio_stdout, "win32 threads done - %.3f seconds\n", ret);
}
#endif /* OPENSSL_SYS_WIN32 */
@@ -768,8 +767,8 @@
mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
}
- CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
- CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+ CRYPTO_set_id_callback(solaris_thread_id);
+ CRYPTO_set_locking_callback(solaris_locking_callback);
}
void thread_cleanup(void)
@@ -778,34 +777,34 @@
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
/* rwlock_destroy(&(lock_cs[i])); */
mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
-void solaris_locking_callback(int mode, int type, char *file, int line)
+void solaris_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
/*-
@@ -837,21 +836,22 @@
(void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i]));
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
thr_join(thread_ctx[i], NULL, NULL);
}
- printf("solaris threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "solaris threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "solaris threads done\n");
+#endif
}
-unsigned long solaris_thread_id(void)
+void solaris_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)thr_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)thr_self());
}
#endif /* SOLARIS */
@@ -880,8 +880,8 @@
lock_cs[i] = usnewsema(arena, 1);
}
- CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
- CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+ CRYPTO_set_id_callback(irix_thread_id);
+ CRYPTO_set_locking_callback(irix_locking_callback);
}
void thread_cleanup(void)
@@ -899,13 +899,13 @@
OPENSSL_free(lock_cs);
}
-void irix_locking_callback(int mode, int type, char *file, int line)
+void irix_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
- printf("lock %d\n", type);
+ BIO_printf(bio_stdout, "lock %d\n", type);
uspsema(lock_cs[type]);
} else {
- printf("unlock %d\n", type);
+ BIO_printf(bio_stdout, "unlock %d\n", type);
usvsema(lock_cs[type]);
}
}
@@ -924,21 +924,22 @@
PR_SADDR | PR_SFDS, (void *)ssl_ctx);
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
wait(NULL);
}
- printf("irix threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "irix threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "irix threads done\n");
+#endif
}
unsigned long irix_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)getpid();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)getpid());
}
#endif /* IRIX */
@@ -958,8 +959,8 @@
pthread_mutex_init(&(lock_cs[i]), NULL);
}
- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+ CRYPTO_THREADID_set_callback(pthreads_thread_id);
+ CRYPTO_set_locking_callback(pthreads_locking_callback);
}
void thread_cleanup(void)
@@ -967,30 +968,30 @@
int i;
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
-void pthreads_locking_callback(int mode, int type, char *file, int line)
+void pthreads_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&(lock_cs[type]));
@@ -1017,21 +1018,22 @@
(void *(*)())ndoit, (void *)ssl_ctx);
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
pthread_join(thread_ctx[i], NULL);
}
- printf("pthreads threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "pthreads threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "pthreads threads done\n");
+#endif
}
-unsigned long pthreads_thread_id(void)
+void pthreads_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)pthread_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self());
}
#endif /* PTHREADS */
@@ -1051,8 +1053,8 @@
ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0);
- CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
- CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
+ CRYPTO_set_id_callback(netware_thread_id);
+ CRYPTO_set_locking_callback(netware_locking_callback);
}
void thread_cleanup(void)
@@ -1061,11 +1063,11 @@
CRYPTO_set_locking_callback(NULL);
- fprintf(stdout, "thread_cleanup\n");
+ BIO_printf(bio_stdout, "thread_cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
MPKMutexFree(lock_cs[i]);
- fprintf(stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
@@ -1072,10 +1074,10 @@
MPKSemaphoreFree(ThreadSem);
- fprintf(stdout, "done cleanup\n");
+ BIO_printf(bio_stdout, "done cleanup\n");
}
-void netware_locking_callback(int mode, int type, char *file, int line)
+void netware_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
MPKMutexLock(lock_cs[type]);
@@ -1097,22 +1099,23 @@
ThreadSwitchWithDelay();
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
/* loop until all threads have signaled the semaphore */
for (i = 0; i < thread_number; i++) {
MPKSemaphoreWait(ThreadSem);
}
- printf("netware threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "netware threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "netware threads done\n");
+#endif
}
unsigned long netware_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)GetThreadID();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)GetThreadID());
}
#endif /* NETWARE */
@@ -1144,24 +1147,24 @@
int i;
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
delete lock_cs[i];
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
void beos_locking_callback(int mode, int type, const char *file, int line)
{
# if 0
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
if (mode & CRYPTO_LOCK) {
lock_cs[type]->Lock();
@@ -1187,14 +1190,14 @@
resume_thread(thread_ctx[i]);
}
- printf("waiting...\n");
+ BIO_printf(bio_stdout, "waiting...\n");
for (i = 0; i < thread_number; i++) {
status_t result;
wait_for_thread(thread_ctx[i], &result);
}
- printf("beos threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+ BIO_printf(bio_stdout, "beos threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
}
unsigned long beos_thread_id(void)
Modified: trunk/crypto/openssl/crypto/threads/pthread2.sh
===================================================================
--- trunk/crypto/openssl/crypto/threads/pthread2.sh 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/threads/pthread2.sh 2018-07-08 16:40:18 UTC (rev 11620)
@@ -3,5 +3,4 @@
# build using pthreads where it's already built into the system
#
/bin/rm -f mttest
-gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
-
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread -ldl
Modified: trunk/crypto/openssl/crypto/ts/ts_rsp_verify.c
===================================================================
--- trunk/crypto/openssl/crypto/ts/ts_rsp_verify.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/ts/ts_rsp_verify.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -523,7 +523,7 @@
if (ASN1_BIT_STRING_get_bit(info->failure_info,
TS_failure_info[i].code)) {
if (!first)
- strcpy(failure_text, ",");
+ strcat(failure_text, ",");
else
first = 0;
strcat(failure_text, TS_failure_info[i].text);
Modified: trunk/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl
===================================================================
--- trunk/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -16,7 +16,7 @@
# table]. I stick to value of 2 for two reasons: 1. smaller table
# minimizes cache trashing and thus mitigates the hazard of side-
# channel leakage similar to AES cache-timing one; 2. performance
-# gap among different \xB5-archs is smaller.
+# gap among different µ-archs is smaller.
#
# Performance table lists rounded amounts of CPU cycles spent by
# whirlpool_block_mmx routine on single 64 byte input block, i.e.
Modified: trunk/crypto/openssl/crypto/x509/Makefile
===================================================================
--- trunk/crypto/openssl/crypto/x509/Makefile 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509/Makefile 2018-07-08 16:40:18 UTC (rev 11620)
@@ -13,7 +13,7 @@
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile README
-TEST=
+TEST=verify_extra_test.c
APPS=
LIB=$(TOP)/libcrypto.a
Modified: trunk/crypto/openssl/crypto/x509/x509_cmp.c
===================================================================
--- trunk/crypto/openssl/crypto/x509/x509_cmp.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509/x509_cmp.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -179,11 +179,24 @@
*/
int X509_cmp(const X509 *a, const X509 *b)
{
+ int rv;
+
/* ensure hash is valid */
X509_check_purpose((X509 *)a, -1, 0);
X509_check_purpose((X509 *)b, -1, 0);
- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ if (rv)
+ return rv;
+ /* Check for match against stored encoding too */
+ if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
+ rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
+ if (rv)
+ return rv;
+ return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+ a->cert_info->enc.len);
+ }
+ return rv;
}
#endif
Modified: trunk/crypto/openssl/crypto/x509/x509_lu.c
===================================================================
--- trunk/crypto/openssl/crypto/x509/x509_lu.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509/x509_lu.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -523,8 +523,6 @@
X509_OBJECT *obj, xobj;
sk = sk_X509_CRL_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- /* Check cache first */
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
/*
* Always do lookup to possibly add new CRLs to cache
Modified: trunk/crypto/openssl/crypto/x509/x509_vfy.c
===================================================================
--- trunk/crypto/openssl/crypto/x509/x509_vfy.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509/x509_vfy.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -186,6 +186,8 @@
ok = -1;
goto end;
}
+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+ ctx->last_untrusted = 1;
/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
@@ -322,7 +324,7 @@
* if the user hasn't switched off alternate chain checking
*/
retry = 0;
- if (j == ctx->last_untrusted &&
+ if (num == ctx->last_untrusted &&
!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
@@ -346,8 +348,8 @@
xtmp = sk_X509_pop(ctx->chain);
X509_free(xtmp);
num--;
- ctx->last_untrusted--;
}
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
retry = 1;
break;
}
Modified: trunk/crypto/openssl/crypto/x509v3/v3_addr.c
===================================================================
--- trunk/crypto/openssl/crypto/x509v3/v3_addr.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509v3/v3_addr.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -130,10 +130,12 @@
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
- return ((f != NULL &&
- f->addressFamily != NULL && f->addressFamily->data != NULL)
- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
- : 0);
+ if (f == NULL
+ || f->addressFamily == NULL
+ || f->addressFamily->data == NULL
+ || f->addressFamily->length < 2)
+ return 0;
+ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*
Modified: trunk/crypto/openssl/crypto/x509v3/v3_cpols.c
===================================================================
--- trunk/crypto/openssl/crypto/x509v3/v3_cpols.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509v3/v3_cpols.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -186,6 +186,10 @@
goto err;
}
pol = POLICYINFO_new();
+ if (pol == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
pol->policyid = pobj;
}
if (!sk_POLICYINFO_push(pols, pol)) {
Modified: trunk/crypto/openssl/crypto/x509v3/v3_ncons.c
===================================================================
--- trunk/crypto/openssl/crypto/x509v3/v3_ncons.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509v3/v3_ncons.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -132,6 +132,8 @@
}
tval.value = val->value;
sub = GENERAL_SUBTREE_new();
+ if (sub == NULL)
+ goto memerr;
if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
goto err;
if (!*ptree)
Modified: trunk/crypto/openssl/crypto/x509v3/v3_pci.c
===================================================================
--- trunk/crypto/openssl/crypto/x509v3/v3_pci.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509v3/v3_pci.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -3,7 +3,7 @@
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (richard at levitte.org)
*/
-/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
Modified: trunk/crypto/openssl/crypto/x509v3/v3_pcia.c
===================================================================
--- trunk/crypto/openssl/crypto/x509v3/v3_pcia.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x509v3/v3_pcia.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -3,7 +3,7 @@
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (richard at levitte.org)
*/
-/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
Modified: trunk/crypto/openssl/crypto/x86cpuid.pl
===================================================================
--- trunk/crypto/openssl/crypto/x86cpuid.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/crypto/x86cpuid.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -355,4 +355,7 @@
&initseg("OPENSSL_cpuid_setup");
+&hidden("OPENSSL_cpuid_setup");
+&hidden("OPENSSL_ia32cap_P");
+
&asm_finish();
Modified: trunk/crypto/openssl/doc/apps/ciphers.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/ciphers.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/apps/ciphers.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -214,7 +214,7 @@
cipher suites using ephemeral ECDH key agreement, including anonymous
cipher suites.
-=item B<EECDHE>
+=item B<EECDH>
cipher suites using authenticated ephemeral ECDH key agreement.
Modified: trunk/crypto/openssl/doc/apps/dgst.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/dgst.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/apps/dgst.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -13,7 +13,6 @@
[B<-hex>]
[B<-binary>]
[B<-r>]
-[B<-hmac arg>]
[B<-non-fips-allow>]
[B<-out filename>]
[B<-sign filename>]
@@ -64,10 +63,6 @@
output the digest in the "coreutils" format used by programs like B<sha1sum>.
-=item B<-hmac arg>
-
-set the HMAC key to "arg".
-
=item B<-non-fips-allow>
Allow use of non FIPS digest when in FIPS mode. This has no effect when not in
Modified: trunk/crypto/openssl/doc/apps/genrsa.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/genrsa.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/apps/genrsa.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -10,17 +10,11 @@
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
-[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
Modified: trunk/crypto/openssl/doc/apps/req.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/req.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/apps/req.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -490,7 +490,7 @@
The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
-organizationUnitName, stateOrProvinceName. Additionally emailAddress
+organizationalUnitName, stateOrProvinceName. Additionally emailAddress
is include as well as name, surname, givenName initials and dnQualifier.
Additional object identifiers can be defined with the B<oid_file> or
Modified: trunk/crypto/openssl/doc/apps/x509.pod
===================================================================
--- trunk/crypto/openssl/doc/apps/x509.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/apps/x509.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -529,7 +529,8 @@
"space" additionally place a space after the separator to make it
more readable. The B<sep_multiline> uses a linefeed character for
the RDN separator and a spaced B<+> for the AVA separator. It also
-indents the fields by four characters.
+indents the fields by four characters. If no field separator is specified
+then B<sep_comma_plus_space> is used by default.
=item B<dn_rev>
Modified: trunk/crypto/openssl/doc/crypto/BIO_read.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/BIO_read.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/BIO_read.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -9,9 +9,9 @@
#include <openssl/bio.h>
int BIO_read(BIO *b, void *buf, int len);
- int BIO_gets(BIO *b,char *buf, int size);
+ int BIO_gets(BIO *b, char *buf, int size);
int BIO_write(BIO *b, const void *buf, int len);
- int BIO_puts(BIO *b,const char *buf);
+ int BIO_puts(BIO *b, const char *buf);
=head1 DESCRIPTION
@@ -26,7 +26,7 @@
BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
-BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>
+BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>.
=head1 RETURN VALUES
Modified: trunk/crypto/openssl/doc/crypto/BN_rand.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/BN_rand.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/BN_rand.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -19,7 +19,7 @@
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
-B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
+B<bits> in length and stores it in B<rnd>. If B<top> is -1, the
most significant bit of the random number can be zero. If B<top> is 0,
it is set to 1, and if B<top> is 1, the two most significant bits of
the number will be set to 1, so that the product of two such random
@@ -33,7 +33,7 @@
protocols, but usually not for key generation etc.
BN_rand_range() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
+number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
and hence numbers generated by it are not necessarily unpredictable.
Modified: trunk/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -23,7 +23,7 @@
If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
generated at random. Otherwise, the seed is used to generate
them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
+seed is chosen.
DSA_generate_parameters() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
Modified: trunk/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -37,10 +37,11 @@
or a negative value for failure. In particular a return value of -2 indicates
the operation is not supported by the public key algorithm.
-Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only
-indicates that the signature did not verify successfully (that is tbs did
-not match the original data or the signature was of invalid form) it is not an
-indication of a more serious error.
+EVP_DigestVerifyFinal() returns 1 for success; any other value indicates
+failure. A return value of zero indicates that the signature did not verify
+successfully (that is, tbs did not match the original data or the signature had
+an invalid form), while other values indicate a more serious error (and
+sometimes also indicate an invalid signature form).
The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
Modified: trunk/crypto/openssl/doc/crypto/EVP_SignInit.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/EVP_SignInit.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/EVP_SignInit.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -2,7 +2,8 @@
=head1 NAME
-EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing
+functions
=head1 SYNOPSIS
Modified: trunk/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -29,6 +29,7 @@
X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
should initially be set to -1. If there are no more entries -1 is returned.
+If B<nid> is invalid (doesn't correspond to a valid OID) then -2 is returned.
X509_NAME_entry_count() returns the total number of entries in B<name>.
@@ -63,6 +64,10 @@
the source code header files E<lt>openssl/obj_mac.hE<gt> and/or
E<lt>openssl/objects.hE<gt>.
+Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID()
+should check for the return value of -2. Alternatively the NID validity
+can be determined first by checking OBJ_nid2obj(nid) is not NULL.
+
=head1 EXAMPLES
Process all entries:
@@ -95,6 +100,8 @@
X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
return the index of the next matching entry or -1 if not found.
+X509_NAME_get_index_by_NID() can also return -2 if the supplied
+NID is invalid.
X509_NAME_entry_count() returns the total number of entries.
Modified: trunk/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -39,10 +39,15 @@
is no longer valid.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
-The trusted certificate store is set to B<store>, the end entity certificate
-to be verified is set to B<x509> and a set of additional certificates (which
-will be untrusted but may be used to build the chain) in B<chain>. Any or
-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
+good for one call to X509_verify_cert(); if you want to verify a second
+certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
+and then X509_STORE_CTX_init() again before the second call to
+X509_verify_cert(). The trusted certificate store is set to B<store>, the end
+entity certificate to be verified is set to B<x509> and a set of additional
+certificates (which will be untrusted but may be used to build the chain) in
+B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
+B<NULL>.
X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
to B<sk>. This is an alternative way of specifying trusted certificates
Modified: trunk/crypto/openssl/doc/crypto/buffer.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/buffer.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/buffer.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -2,9 +2,12 @@
=head1 NAME
-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
+character array structure
+BUF_strdup, BUF_strndup, BUF_memdup, BUF_strlcpy, BUF_strlcat -
+standard C library equivalents
+
=head1 SYNOPSIS
#include <openssl/buffer.h>
@@ -15,26 +18,21 @@
int BUF_MEM_grow(BUF_MEM *str, int len);
- char * BUF_strdup(const char *str);
+ char *BUF_strdup(const char *str);
+ char *BUF_strndup(const char *str, size_t siz);
+
+ void *BUF_memdup(const void *data, size_t siz);
+
+ size_t BUF_strlcpy(char *dst, const char *src, size_t size);
+
+ size_t BUF_strlcat(char *dst, const char *src, size_t size);
+
=head1 DESCRIPTION
The buffer library handles simple character arrays. Buffers are used for
various purposes in the library, most notably memory BIOs.
-The library uses the BUF_MEM structure defined in buffer.h:
-
- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
-
-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
-
BUF_MEM_new() allocates a new buffer of zero size.
BUF_MEM_free() frees up an already existing buffer. The data is zeroed
@@ -44,15 +42,18 @@
B<len>. Any data already in the buffer is preserved if it increases in
size.
-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
+BUF_strdup(), BUF_strndup(), BUF_memdup(), BUF_strlcpy() and
+BUF_strlcat() are equivalents of the standard C library functions. The
+dup() functions use OPENSSL_malloc() underneath and so should be used
+in preference to the standard library for memory leak checking or
+replacing the malloc() function.
-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
+Memory allocated from these functions should be freed up using the
+OPENSSL_free() function.
+BUF_strndup makes the explicit guarantee that it will never read past
+the first B<siz> bytes of B<str>.
+
=head1 RETURN VALUES
BUF_MEM_new() returns the buffer or NULL on error.
Modified: trunk/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
===================================================================
--- trunk/crypto/openssl/doc/crypto/d2i_X509_NAME.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/crypto/d2i_X509_NAME.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -14,7 +14,7 @@
=head1 DESCRIPTION
These functions decode and encode an B<X509_NAME> structure which is the
-the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
+same as the B<Name> type defined in RFC2459 (and elsewhere) and used
for example in certificate subject and issuer names.
Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 2018-07-08 16:40:18 UTC (rev 11620)
@@ -2,29 +2,39 @@
=head1 NAME
-SSL_CTX_add_extra_chain_cert - add certificate to chain
+SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
+extra chain certificates
=head1 SYNOPSIS
#include <openssl/ssl.h>
- long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
=head1 DESCRIPTION
-SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
-chain presented together with the certificate. Several certificates
-can be added one after the other.
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
+certificates associated with B<ctx>. Several certificates can be added one
+after another.
+SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
+associated with B<ctx>.
+
+These functions are implemented as macros.
+
=head1 NOTES
-When constructing the certificate chain, the chain will be formed from
-these certificates explicitly specified. If no chain is specified,
-the library will try to complete the chain from the available CA
-certificates in the trusted CA storage, see
+When sending a certificate chain, extra chain certificates are sent in order
+following the end entity certificate.
+
+If no chain is specified, the library will try to complete the chain from the
+available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
-The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
+freed by the library when the B<SSL_CTX> is destroyed. An application
+B<should not> free the B<x509> object.
=head1 RESTRICTIONS
@@ -36,8 +46,9 @@
=head1 RETURN VALUES
-SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
-error stack to find out the reason for failure otherwise.
+SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
+1 on success and 0 for failure. Check out the error stack to find out the
+reason for failure.
=head1 SEE ALSO
Modified: trunk/crypto/openssl/e_os.h
===================================================================
--- trunk/crypto/openssl/e_os.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/e_os.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -315,7 +315,7 @@
# undef isxdigit
# endif
# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin)
-# if _MSC_VER>=1300
+# if _MSC_VER>=1300 && _MSC_VER<1600
# undef stdin
# undef stdout
# undef stderr
@@ -323,7 +323,7 @@
# define stdin (&__iob_func()[0])
# define stdout (&__iob_func()[1])
# define stderr (&__iob_func()[2])
-# elif defined(I_CAN_LIVE_WITH_LNK4049)
+# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049)
# undef stdin
# undef stdout
# undef stderr
@@ -612,7 +612,7 @@
# include <sys/select.h>
# endif
-# if defined(sun)
+# if defined(__sun) || defined(sun)
# include <sys/filio.h>
# else
# ifndef VMS
@@ -654,7 +654,7 @@
# endif
-# if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4)
/* include headers first, so our defines don't break it */
# include <stdlib.h>
# include <string.h>
Modified: trunk/crypto/openssl/engines/e_chil.c
===================================================================
--- trunk/crypto/openssl/engines/e_chil.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/engines/e_chil.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -839,6 +839,10 @@
bn_fix_top(rtmp->n);
res = EVP_PKEY_new();
+ if (res == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ goto err;
+ }
EVP_PKEY_assign_RSA(res, rtmp);
# endif
Modified: trunk/crypto/openssl/ssl/Makefile
===================================================================
--- trunk/crypto/openssl/ssl/Makefile 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/Makefile 2018-07-08 16:40:18 UTC (rev 11620)
@@ -15,7 +15,7 @@
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c heartbeat_test.c
+TEST=ssltest.c heartbeat_test.c clienthellotest.c
APPS=
LIB=$(TOP)/libssl.a
Modified: trunk/crypto/openssl/ssl/bio_ssl.c
===================================================================
--- trunk/crypto/openssl/ssl/bio_ssl.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/bio_ssl.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -419,6 +419,10 @@
BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
b->retry_reason = b->next_bio->retry_reason;
break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ b->retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
default:
break;
}
Modified: trunk/crypto/openssl/ssl/d1_both.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_both.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/d1_both.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1521,9 +1521,12 @@
{
int ret;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+ BIO *wbio;
+
+ wbio = SSL_get_wbio(s);
+ if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+ ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0)
return -1;
Modified: trunk/crypto/openssl/ssl/d1_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_clnt.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/d1_clnt.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -299,13 +299,12 @@
#endif
case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
s->shutdown = 0;
/* every DTLS ClientHello resets Finished MAC */
ssl3_init_finished_mac(s);
+ case SSL3_ST_CW_CLNT_HELLO_B:
dtls1_start_timer(s);
ret = dtls1_client_hello(s);
if (ret <= 0)
@@ -350,11 +349,15 @@
sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0,
- 0);
+ 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@@ -362,6 +365,10 @@
#endif
s->state = SSL3_ST_CR_FINISHED_A;
+ if (s->tlsext_ticket_expected) {
+ /* receive renewed session ticket */
+ s->state = SSL3_ST_CR_SESSION_TICKET_A;
+ }
} else
s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
}
@@ -484,9 +491,13 @@
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
Modified: trunk/crypto/openssl/ssl/d1_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_srvr.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/d1_srvr.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -267,6 +267,19 @@
ssl3_init_finished_mac(s);
s->state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
+ } else if (!s->s3->send_connection_binding &&
+ !(s->options &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * Server attempting to renegotiate with client that doesn't
+ * support secure renegotiation.
+ */
+ SSLerr(SSL_F_DTLS1_ACCEPT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
} else {
/*
* s->state == SSL_ST_RENEGOTIATE, we will just send a
@@ -405,9 +418,13 @@
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -628,9 +645,13 @@
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
Modified: trunk/crypto/openssl/ssl/s23_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_clnt.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s23_clnt.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -373,12 +373,13 @@
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-#if 0
- /* don't reuse session-id's */
+ /*
+ * Since we're sending s23 client hello, we're not reusing a session, as
+ * we'd be using the method from the saved session instead
+ */
if (!ssl_get_new_session(s, 0)) {
- return (-1);
+ return -1;
}
-#endif
p = s->s3->client_random;
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
@@ -439,9 +440,6 @@
/*
* put in the session-id length (zero since there is no reuse)
*/
-#if 0
- s->session->session_id_length = 0;
-#endif
s2n(0, d);
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
@@ -729,6 +727,8 @@
goto err;
}
+ s->session->ssl_version = s->version;
+
/* ensure that TLS_MAX_VERSION is up-to-date */
OPENSSL_assert(s->version <= TLS_MAX_VERSION);
@@ -784,13 +784,6 @@
}
s->init_num = 0;
- /*
- * Since, if we are sending a ssl23 client hello, we are not reusing a
- * session-id
- */
- if (!ssl_get_new_session(s, 0))
- goto err;
-
return (SSL_connect(s));
err:
return (-1);
Modified: trunk/crypto/openssl/ssl/s3_cbc.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_cbc.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s3_cbc.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -411,8 +411,9 @@
* functions, above, we know that data_plus_mac_size is large enough to contain
* a padding byte and MAC. (If the padding was invalid, it might contain the
* padding too. )
+ * Returns 1 on success or 0 on error
*/
-void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char *md_out,
size_t *md_out_size,
const unsigned char header[13],
@@ -455,7 +456,8 @@
switch (EVP_MD_CTX_type(ctx)) {
case NID_md5:
- MD5_Init((MD5_CTX *)md_state.c);
+ if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_md5_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))MD5_Transform;
@@ -464,7 +466,8 @@
length_is_big_endian = 0;
break;
case NID_sha1:
- SHA1_Init((SHA_CTX *)md_state.c);
+ if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_sha1_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
@@ -472,7 +475,8 @@
break;
#ifndef OPENSSL_NO_SHA256
case NID_sha224:
- SHA224_Init((SHA256_CTX *)md_state.c);
+ if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_sha256_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
@@ -479,7 +483,8 @@
md_size = 224 / 8;
break;
case NID_sha256:
- SHA256_Init((SHA256_CTX *)md_state.c);
+ if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_sha256_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
@@ -488,7 +493,8 @@
#endif
#ifndef OPENSSL_NO_SHA512
case NID_sha384:
- SHA384_Init((SHA512_CTX *)md_state.c);
+ if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_sha512_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
@@ -497,7 +503,8 @@
md_length_size = 16;
break;
case NID_sha512:
- SHA512_Init((SHA512_CTX *)md_state.c);
+ if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
+ return 0;
md_final_raw = tls1_sha512_final_raw;
md_transform =
(void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
@@ -514,7 +521,7 @@
OPENSSL_assert(0);
if (md_out_size)
*md_out_size = -1;
- return;
+ return 0;
}
OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
@@ -652,7 +659,7 @@
*/
if (header_length <= md_block_size) {
/* Should never happen */
- return;
+ return 0;
}
overhang = header_length - md_block_size;
md_transform(md_state.c, header);
@@ -733,26 +740,34 @@
}
EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ );
+ if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0)
+ goto err;
if (is_sslv3) {
/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
memset(hmac_pad, 0x5c, sslv3_pad_length);
- EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
- EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
- EVP_DigestUpdate(&md_ctx, mac_out, md_size);
+ if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0
+ || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0
+ || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
+ goto err;
} else {
/* Complete the HMAC in the standard manner. */
for (i = 0; i < md_block_size; i++)
hmac_pad[i] ^= 0x6a;
- EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
- EVP_DigestUpdate(&md_ctx, mac_out, md_size);
+ if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0
+ || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0)
+ goto err;
}
EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
if (md_out_size)
*md_out_size = md_out_size_u;
EVP_MD_CTX_cleanup(&md_ctx);
+
+ return 1;
+err:
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return 0;
}
#ifdef OPENSSL_FIPS
Modified: trunk/crypto/openssl/ssl/s3_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_clnt.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s3_clnt.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1387,8 +1387,6 @@
#ifndef OPENSSL_NO_PSK
if (alg_k & SSL_kPSK) {
- char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
-
param_len = 2;
if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -1414,17 +1412,8 @@
}
param_len += i;
- /*
- * If received PSK identity hint contains NULL characters, the hint
- * is truncated from the first NULL. p may not be ending with NULL,
- * so create a NULL-terminated string.
- */
- memcpy(tmp_id_hint, p, i);
- memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
- if (s->ctx->psk_identity_hint != NULL)
- OPENSSL_free(s->ctx->psk_identity_hint);
- s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->ctx->psk_identity_hint == NULL) {
+ s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+ if (s->session->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -1641,6 +1630,12 @@
}
p += i;
+ if (BN_is_zero(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+ goto f_err;
+ }
+
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1661,6 +1656,11 @@
}
p += i;
+ if (BN_is_zero(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1682,6 +1682,11 @@
p += i;
n -= param_len;
+ if (BN_is_zero(dh->pub_key)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
+ goto f_err;
+ }
+
# ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey =
@@ -1884,14 +1889,20 @@
q = md_buf;
for (num = 2; num > 0; num--) {
EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx, (num == 2)
- ? s->ctx->md5 : s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx, param, param_len);
- EVP_DigestFinal_ex(&md_ctx, q, &size);
+ if (EVP_DigestInit_ex(&md_ctx,
+ (num == 2) ? s->ctx->md5 : s->ctx->sha1,
+ NULL) <= 0
+ || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0
+ || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
q += size;
j += size;
}
@@ -1910,12 +1921,16 @@
} else
#endif
{
- EVP_VerifyInit_ex(&md_ctx, md, NULL);
- EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx, param, param_len);
+ if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0
+ || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB);
+ goto f_err;
+ }
if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
/* bad signature */
al = SSL_AD_DECRYPT_ERROR;
@@ -2142,6 +2157,7 @@
long n;
const unsigned char *p;
unsigned char *d;
+ unsigned long ticket_lifetime_hint;
n = s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A,
@@ -2160,6 +2176,19 @@
p = d = (unsigned char *)s->init_msg;
+ n2l(p, ticket_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ /* Server is allowed to change its mind and send an empty ticket. */
+ if (ticklen == 0)
+ return 1;
+
if (s->session->session_id_length > 0) {
int i = s->session_ctx->session_cache_mode;
SSL_SESSION *new_sess;
@@ -2191,14 +2220,6 @@
s->session = new_sess;
}
- n2l(p, s->session->tlsext_tick_lifetime_hint);
- n2s(p, ticklen);
- /* ticket_lifetime_hint + ticket_length + ticket */
- if (ticklen + 6 != n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
if (s->session->tlsext_tick) {
OPENSSL_free(s->session->tlsext_tick);
s->session->tlsext_ticklen = 0;
@@ -2209,6 +2230,7 @@
goto err;
}
memcpy(s->session->tlsext_tick, p, ticklen);
+ s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
s->session->tlsext_ticklen = ticklen;
/*
* There are two ways to detect a resumed ticket session. One is to set
@@ -2385,6 +2407,7 @@
|| (pkey->pkey.rsa == NULL)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_free(pkey);
goto err;
}
rsa = pkey->pkey.rsa;
@@ -2832,6 +2855,11 @@
pkey_ctx = EVP_PKEY_CTX_new(pub_key =
X509_get_pubkey(peer_cert), NULL);
+ if (pkey_ctx == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
/*
* If we have send a certificate, and certificate key
*
@@ -2841,10 +2869,13 @@
/* Otherwise, generate ephemeral key pair */
- EVP_PKEY_encrypt_init(pkey_ctx);
- /* Generate session key */
- if (RAND_bytes(premaster_secret, 32) <= 0) {
+ if (pkey_ctx == NULL
+ || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+ /* Generate session key */
+ || RAND_bytes(premaster_secret, 32) <= 0) {
EVP_PKEY_CTX_free(pkey_ctx);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
goto err;
}
/*
@@ -2852,13 +2883,18 @@
* data
*/
ukm_hash = EVP_MD_CTX_create();
- EVP_DigestInit(ukm_hash,
- EVP_get_digestbynid(NID_id_GostR3411_94));
- EVP_DigestUpdate(ukm_hash, s->s3->client_random,
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(ukm_hash, s->s3->server_random,
- SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
+ if (EVP_DigestInit(ukm_hash,
+ EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0
+ || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+ EVP_MD_CTX_destroy(ukm_hash);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
EVP_MD_CTX_destroy(ukm_hash);
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
@@ -2874,7 +2910,7 @@
*(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
msglen = 255;
if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
- < 0) {
+ <= 0) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
SSL_R_LIBRARY_BUG);
goto err;
@@ -2952,7 +2988,7 @@
}
memset(identity, 0, sizeof(identity));
- psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+ psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1,
psk_or_pre_ms,
sizeof(psk_or_pre_ms));
@@ -3069,7 +3105,10 @@
pkey = s->cert->key->privatekey;
/* Create context from key and test if sha1 is allowed as digest */
pctx = EVP_PKEY_CTX_new(pkey, NULL);
- EVP_PKEY_sign_init(pctx);
+ if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
if (TLS1_get_version(s) < TLS1_2_VERSION)
s->method->ssl3_enc->cert_verify_mac(s,
@@ -3206,7 +3245,6 @@
* If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
* return(-1); We then get retied later
*/
- i = 0;
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
s->rwstate = SSL_X509_LOOKUP;
Modified: trunk/crypto/openssl/ssl/s3_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_enc.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s3_enc.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -253,7 +253,10 @@
EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd = s->enc_read_ctx;
- ssl_replace_hash(&s->read_hash, m);
+ if (ssl_replace_hash(&s->read_hash, m) == NULL) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->expand != NULL) {
@@ -288,7 +291,10 @@
*/
EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd = s->enc_write_ctx;
- ssl_replace_hash(&s->write_hash, m);
+ if (ssl_replace_hash(&s->write_hash, m) == NULL) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->compress != NULL) {
@@ -674,19 +680,21 @@
return 0;
npad = (48 / n) * n;
- if (sender != NULL)
- EVP_DigestUpdate(&ctx, sender, len);
- EVP_DigestUpdate(&ctx, s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
- EVP_DigestFinal_ex(&ctx, md_buf, &i);
+ if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0)
+ || EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length) <= 0
+ || EVP_DigestUpdate(&ctx, ssl3_pad_1, npad) <= 0
+ || EVP_DigestFinal_ex(&ctx, md_buf, &i) <= 0
- EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL);
- EVP_DigestUpdate(&ctx, s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
- EVP_DigestUpdate(&ctx, md_buf, i);
- EVP_DigestFinal_ex(&ctx, p, &ret);
+ || EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL) <= 0
+ || EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length) <= 0
+ || EVP_DigestUpdate(&ctx, ssl3_pad_2, npad) <= 0
+ || EVP_DigestUpdate(&ctx, md_buf, i) <= 0
+ || EVP_DigestFinal_ex(&ctx, p, &ret) <= 0) {
+ SSLerr(SSL_F_SSL3_HANDSHAKE_MAC, ERR_R_INTERNAL_ERROR);
+ ret = 0;
+ }
EVP_MD_CTX_cleanup(&ctx);
@@ -758,33 +766,36 @@
header[j++] = rec->length & 0xff;
/* Final param == is SSLv3 */
- ssl3_cbc_digest_record(hash,
- md, &md_size,
- header, rec->input,
- rec->length + md_size, orig_len,
- mac_sec, md_size, 1);
+ if (ssl3_cbc_digest_record(hash,
+ md, &md_size,
+ header, rec->input,
+ rec->length + md_size, orig_len,
+ mac_sec, md_size, 1) <= 0)
+ return -1;
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
EVP_MD_CTX_init(&md_ctx);
- EVP_MD_CTX_copy_ex(&md_ctx, hash);
- EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
- EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
- EVP_DigestUpdate(&md_ctx, seq, 8);
rec_char = rec->type;
- EVP_DigestUpdate(&md_ctx, &rec_char, 1);
p = md;
s2n(rec->length, p);
- EVP_DigestUpdate(&md_ctx, md, 2);
- EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
- EVP_DigestFinal_ex(&md_ctx, md, NULL);
-
- EVP_MD_CTX_copy_ex(&md_ctx, hash);
- EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
- EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
- EVP_DigestUpdate(&md_ctx, md, md_size);
- EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
+ if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
+ || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
+ || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0
+ || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0
+ || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0
+ || EVP_DigestUpdate(&md_ctx, md, 2) <= 0
+ || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0
+ || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0
+ || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0
+ || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0
+ || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0
+ || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0
+ || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) {
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return -1;
+ }
md_size = md_size_u;
EVP_MD_CTX_cleanup(&md_ctx);
@@ -826,17 +837,24 @@
EVP_MD_CTX_init(&ctx);
for (i = 0; i < 3; i++) {
- EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL);
- EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));
- EVP_DigestUpdate(&ctx, p, len);
- EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&ctx, buf, &n);
+ if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0
+ || EVP_DigestUpdate(&ctx, salt[i],
+ strlen((const char *)salt[i])) <= 0
+ || EVP_DigestUpdate(&ctx, p, len) <= 0
+ || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0
- EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL);
- EVP_DigestUpdate(&ctx, p, len);
- EVP_DigestUpdate(&ctx, buf, n);
- EVP_DigestFinal_ex(&ctx, out, &n);
+ || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0
+ || EVP_DigestUpdate(&ctx, p, len) <= 0
+ || EVP_DigestUpdate(&ctx, buf, n) <= 0
+ || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) {
+ SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+ ret = 0;
+ break;
+ }
out += n;
ret += n;
}
Modified: trunk/crypto/openssl/ssl/s3_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s3_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -3009,7 +3009,7 @@
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL || s->s3 == NULL)
return;
#ifdef TLSEXT_TYPE_opaque_prf_input
Modified: trunk/crypto/openssl/ssl/s3_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_srvr.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/s3_srvr.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -383,7 +383,6 @@
*/
if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT);
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
ret = -1;
s->state = SSL_ST_ERR;
goto end;
@@ -967,7 +966,7 @@
int ssl3_get_client_hello(SSL *s)
{
- int i, j, ok, al, ret = -1;
+ int i, j, ok, al, ret = -1, cookie_valid = 0;
unsigned int cookie_len;
long n;
unsigned long id;
@@ -1161,8 +1160,7 @@
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
goto f_err;
}
-
- ret = 2;
+ cookie_valid = 1;
}
p += cookie_len;
@@ -1498,8 +1496,7 @@
}
}
- if (ret < 0)
- ret = 1;
+ ret = cookie_valid ? 2 : 1;
if (0) {
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -1509,7 +1506,7 @@
if (ciphers != NULL)
sk_SSL_CIPHER_free(ciphers);
- return (ret);
+ return ret;
}
int ssl3_send_server_hello(SSL *s)
@@ -1982,14 +1979,22 @@
for (num = 2; num > 0; num--) {
EVP_MD_CTX_set_flags(&md_ctx,
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx, (num == 2)
- ? s->ctx->md5 : s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx, &(d[4]), n);
- EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
+ if (EVP_DigestInit_ex(&md_ctx,
+ (num == 2) ? s->ctx->md5
+ : s->ctx->sha1,
+ NULL) <= 0
+ || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_DigestUpdate(&md_ctx, &(d[4]), n) <= 0
+ || EVP_DigestFinal_ex(&md_ctx, q,
+ (unsigned int *)&i) <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_LIB_EVP);
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
q += i;
j += i;
}
@@ -2019,16 +2024,17 @@
#ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
#endif
- EVP_SignInit_ex(&md_ctx, md, NULL);
- EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx, &(d[4]), n);
- if (!EVP_SignFinal(&md_ctx, &(p[2]),
- (unsigned int *)&i, pkey)) {
+ if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
+ || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE) <= 0
+ || EVP_SignUpdate(&md_ctx, &(d[4]), n) <= 0
+ || EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
- goto err;
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
}
s2n(i, p);
n += i + 2;
@@ -2784,7 +2790,7 @@
if (s->session->psk_identity != NULL)
OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strdup((char *)p);
+ s->session->psk_identity = BUF_strndup((char *)p, i);
if (s->session->psk_identity == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto psk_err;
@@ -2871,7 +2877,15 @@
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
- EVP_PKEY_decrypt_init(pkey_ctx);
+ if (pkey_ctx == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto gerr;
+ }
/*
* If client certificate is present and is of the same type, maybe
* use it for key exchange. Don't mind errors from
@@ -3115,7 +3129,17 @@
unsigned char signature[64];
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
- EVP_PKEY_verify_init(pctx);
+ if (pctx == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ if (EVP_PKEY_verify_init(pctx) <= 0) {
+ EVP_PKEY_CTX_free(pctx);
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
if (i != 64) {
fprintf(stderr, "GOST signature length is %d", i);
}
Modified: trunk/crypto/openssl/ssl/srtp.h
===================================================================
--- trunk/crypto/openssl/ssl/srtp.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/srtp.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -134,9 +134,9 @@
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
# endif
Modified: trunk/crypto/openssl/ssl/ssl.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1544,7 +1544,7 @@
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
@@ -2314,6 +2314,7 @@
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
# define SSL_F_SSL3_ENC 134
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_CERT_STATUS 289
# define SSL_F_SSL3_GET_CERT_VERIFY 136
@@ -2466,8 +2467,11 @@
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DH_P_VALUE 395
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
Modified: trunk/crypto/openssl/ssl/ssl3.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl3.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl3.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -263,6 +263,8 @@
# define SSL3_SESSION_ID_SIZE 32
# define SSL3_RT_HEADER_LENGTH 5
+# define SSL3_HM_HEADER_LENGTH 4
+
# ifndef SSL3_ALIGN_PAYLOAD
/*
* Some will argue that this increases memory footprint, but it's not
Modified: trunk/crypto/openssl/ssl/ssl_asn1.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_asn1.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_asn1.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -121,7 +121,7 @@
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
- int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0;
+ int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
@@ -128,6 +128,9 @@
int v6 = 0, v9 = 0, v10 = 0;
unsigned char ibuf6[LSIZE2];
#endif
+#ifndef OPENSSL_NO_PSK
+ int v7 = 0, v8 = 0;
+#endif
#ifndef OPENSSL_NO_COMP
unsigned char cbuf;
int v11 = 0;
Modified: trunk/crypto/openssl/ssl/ssl_cert.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_cert.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_cert.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -206,6 +206,7 @@
memset(ret, 0, sizeof(CERT));
+ ret->references = 1;
ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
/*
* or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -282,7 +283,6 @@
* chain is held inside SSL_CTX
*/
- ret->references = 1;
/*
* Set digests to defaults. NB: we don't copy existing values as they
* will be set during handshake.
Modified: trunk/crypto/openssl/ssl/ssl_ciph.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_ciph.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_ciph.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -355,10 +355,11 @@
const EVP_PKEY_ASN1_METHOD *ameth;
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
- if (ameth) {
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+ if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth) > 0) {
+ return pkey_id;
}
- return pkey_id;
+ return 0;
}
#else
@@ -370,7 +371,9 @@
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
if (ameth) {
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+ if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+ ameth) <= 0)
+ pkey_id = 0;
}
if (tmpeng)
ENGINE_finish(tmpeng);
Modified: trunk/crypto/openssl/ssl/ssl_err.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_err.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_err.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -164,6 +164,8 @@
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
{ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"},
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
+ "ssl3_generate_master_secret"},
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
"SSL3_GET_CERTIFICATE_REQUEST"},
{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
@@ -371,8 +373,11 @@
"bad data returned by callback"},
{ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
{ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+ {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
{ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+ {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
{ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
Modified: trunk/crypto/openssl/ssl/ssl_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -307,6 +307,7 @@
s->options = ctx->options;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
+ s->references = 1;
if (ctx->cert != NULL) {
/*
@@ -375,7 +376,6 @@
if (!s->method->ssl_new(s))
goto err;
- s->references = 1;
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
SSL_clear(s);
@@ -3290,8 +3290,11 @@
{
ssl_clear_hash_ctx(hash);
*hash = EVP_MD_CTX_create();
- if (md)
- EVP_DigestInit_ex(*hash, md, NULL);
+ if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+ EVP_MD_CTX_destroy(*hash);
+ *hash = NULL;
+ return NULL;
+ }
return *hash;
}
Modified: trunk/crypto/openssl/ssl/ssl_locl.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl_locl.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_locl.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -1222,15 +1222,15 @@
SSL3_RECORD *rec,
unsigned block_size, unsigned mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
- unsigned char *md_out,
- size_t *md_out_size,
- const unsigned char header[13],
- const unsigned char *data,
- size_t data_plus_mac_size,
- size_t data_plus_mac_plus_padding_size,
- const unsigned char *mac_secret,
- unsigned mac_secret_length, char is_sslv3);
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+ unsigned char *md_out,
+ size_t *md_out_size,
+ const unsigned char header[13],
+ const unsigned char *data,
+ size_t data_plus_mac_size,
+ size_t data_plus_mac_plus_padding_size,
+ const unsigned char *mac_secret,
+ unsigned mac_secret_length, char is_sslv3);
void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
EVP_MD_CTX *mac_ctx, const unsigned char *data,
Modified: trunk/crypto/openssl/ssl/ssl_rsa.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_rsa.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_rsa.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -160,7 +160,10 @@
}
RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey, rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
+ return 0;
+ }
ret = ssl_set_pkey(ssl->cert, pkey);
EVP_PKEY_free(pkey);
@@ -181,6 +184,15 @@
if (c->pkeys[i].x509 != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(c->pkeys[i].x509);
+ if (pktmp == NULL) {
+ SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
+ EVP_PKEY_free(pktmp);
+ return 0;
+ }
+ /*
+ * The return code from EVP_PKEY_copy_parameters is deliberately
+ * ignored. Some EVP_PKEY types cannot do this.
+ */
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error();
@@ -382,6 +394,10 @@
}
if (c->pkeys[i].privatekey != NULL) {
+ /*
+ * The return code from EVP_PKEY_copy_parameters is deliberately
+ * ignored. Some EVP_PKEY types cannot do this.
+ */
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
@@ -502,7 +518,10 @@
}
RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey, rsa);
+ if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+ RSA_free(rsa);
+ return 0;
+ }
ret = ssl_set_pkey(ctx->cert, pkey);
EVP_PKEY_free(pkey);
Modified: trunk/crypto/openssl/ssl/ssl_sess.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_sess.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssl_sess.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -256,8 +256,8 @@
dest->tlsext_ecpointformatlist = NULL;
dest->tlsext_ellipticcurvelist = NULL;
# endif
+ dest->tlsext_tick = NULL;
#endif
- dest->tlsext_tick = NULL;
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
@@ -324,7 +324,6 @@
goto err;
}
# endif
-#endif
if (ticket != 0) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
@@ -334,6 +333,7 @@
dest->tlsext_tick_lifetime_hint = 0;
dest->tlsext_ticklen = 0;
}
+#endif
#ifndef OPENSSL_NO_SRP
if (src->srp_username) {
Modified: trunk/crypto/openssl/ssl/ssltest.c
===================================================================
--- trunk/crypto/openssl/ssl/ssltest.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/ssltest.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -142,6 +142,7 @@
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
#define _BSD_SOURCE 1
+#define _DEFAULT_SOURCE 1
#include <assert.h>
#include <errno.h>
Modified: trunk/crypto/openssl/ssl/t1_enc.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_enc.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/t1_enc.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -385,6 +385,8 @@
EVP_CIPHER_CTX_init(s->enc_read_ctx);
dd = s->enc_read_ctx;
mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
+ if (mac_ctx == NULL)
+ goto err;
#ifndef OPENSSL_NO_COMP
if (s->expand != NULL) {
COMP_CTX_free(s->expand);
@@ -423,11 +425,14 @@
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_create();
- if (!mac_ctx)
+ if (mac_ctx == NULL)
goto err;
s->write_hash = mac_ctx;
- } else
+ } else {
mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
+ if (mac_ctx == NULL)
+ goto err;
+ }
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL) {
COMP_CTX_free(s->compress);
@@ -500,7 +505,12 @@
if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
mac_secret, *mac_secret_size);
- EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
+ if (mac_key == NULL
+ || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+ EVP_PKEY_free(mac_key);
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
EVP_PKEY_free(mac_key);
}
#ifdef TLS_DEBUG
@@ -913,8 +923,9 @@
}
EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx, d);
- EVP_DigestFinal_ex(&ctx, out, &ret);
+ if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
+ || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
+ ret = 0;
EVP_MD_CTX_cleanup(&ctx);
return ((int)ret);
}
@@ -1041,17 +1052,24 @@
* are hashing because that gives an attacker a timing-oracle.
*/
/* Final param == not SSLv3 */
- ssl3_cbc_digest_record(mac_ctx,
- md, &md_size,
- header, rec->input,
- rec->length + md_size, orig_len,
- ssl->s3->read_mac_secret,
- ssl->s3->read_mac_secret_size, 0);
+ if (ssl3_cbc_digest_record(mac_ctx,
+ md, &md_size,
+ header, rec->input,
+ rec->length + md_size, orig_len,
+ ssl->s3->read_mac_secret,
+ ssl->s3->read_mac_secret_size, 0) <= 0) {
+ if (!stream_mac)
+ EVP_MD_CTX_cleanup(&hmac);
+ return -1;
+ }
} else {
- EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
- EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
- t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
- OPENSSL_assert(t > 0);
+ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+ || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+ || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+ if (!stream_mac)
+ EVP_MD_CTX_cleanup(&hmac);
+ return -1;
+ }
#ifdef OPENSSL_FIPS
if (!send && FIPS_mode())
tls_fips_digest_extra(ssl->enc_read_ctx,
Modified: trunk/crypto/openssl/ssl/t1_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/t1_lib.c 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/t1_lib.c 2018-07-08 16:40:18 UTC (rev 11620)
@@ -2301,10 +2301,13 @@
/* Check key name matches */
if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, etick + 16);
+ if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL) <= 0
+ || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key,
+ etick + 16) <= 0) {
+ goto err;
+ }
}
/*
* Attempt to process session ticket, first conduct sanity and integrity
@@ -2312,8 +2315,7 @@
*/
mlen = HMAC_size(&hctx);
if (mlen < 0) {
- EVP_CIPHER_CTX_cleanup(&ctx);
- return -1;
+ goto err;
}
/* Sanity check ticket length: must exceed keyname + IV + HMAC */
if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
@@ -2324,8 +2326,10 @@
eticklen -= mlen;
/* Check HMAC of encrypted ticket */
- HMAC_Update(&hctx, etick, eticklen);
- HMAC_Final(&hctx, tick_hmac, NULL);
+ if (HMAC_Update(&hctx, etick, eticklen) <= 0
+ || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
+ goto err;
+ }
HMAC_CTX_cleanup(&hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
@@ -2342,7 +2346,6 @@
OPENSSL_free(sdec);
return -1;
}
- EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_free(sdec);
@@ -2375,6 +2378,10 @@
* For session parse failure, indicate that we need to send a new ticket.
*/
return 2;
+err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&hctx);
+ return -1;
}
/* Tables to translate from NIDs to TLS v1.2 ids */
Modified: trunk/crypto/openssl/ssl/tls1.h
===================================================================
--- trunk/crypto/openssl/ssl/tls1.h 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/ssl/tls1.h 2018-07-08 16:40:18 UTC (rev 11620)
@@ -235,8 +235,7 @@
/*
* ExtensionType value for TLS padding extension.
- * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
- * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ * http://tools.ietf.org/html/draft-agl-tls-padding
*/
# define TLSEXT_TYPE_padding 21
@@ -261,12 +260,12 @@
# define TLSEXT_TYPE_next_proto_neg 13172
# endif
-/* NameType value from RFC 3546 */
+/* NameType value from RFC3546 */
# define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
+/* status request value from RFC3546 */
# define TLSEXT_STATUSTYPE_ocsp 1
-/* ECPointFormat values from draft-ietf-tls-ecc-12 */
+/* ECPointFormat values from RFC4492 */
# define TLSEXT_ECPOINTFORMAT_first 0
# define TLSEXT_ECPOINTFORMAT_uncompressed 0
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
@@ -273,8 +272,7 @@
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
# define TLSEXT_ECPOINTFORMAT_last 2
-/* Signature and hash algorithms from RFC 5246 */
-
+/* Signature and hash algorithms from RFC5246 */
# define TLSEXT_signature_anonymous 0
# define TLSEXT_signature_rsa 1
# define TLSEXT_signature_dsa 2
@@ -404,7 +402,6 @@
# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
/* AES ciphersuites from RFC3268 */
-
# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
@@ -570,7 +567,7 @@
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+/* ECC ciphersuites from RFC4492 */
# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
Modified: trunk/crypto/openssl/util/indent.pro
===================================================================
--- trunk/crypto/openssl/util/indent.pro 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/indent.pro 2018-07-08 16:40:18 UTC (rev 11620)
@@ -749,3 +749,19 @@
-T ssl_trace_tbl
-T _stdcall
-T tls12_lookup
+-T OPTIONS
+-T OPT_PAIR
+-T uint64_t
+-T int64_t
+-T uint32_t
+-T int32_t
+-T uint16_t
+-T int16_t
+-T uint8_t
+-T int8_t
+-T STRINT_PAIR
+-T felem
+-T felem_bytearray
+-T SH_LIST
+-T PACKET
+-T RECORD_LAYER
Modified: trunk/crypto/openssl/util/mk1mf.pl
===================================================================
--- trunk/crypto/openssl/util/mk1mf.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/mk1mf.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -426,7 +426,7 @@
$defs= <<"EOF";
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
-# by default leave the 'intertesting' output files in .${o}out and the stuff
+# by default leave the 'interesting' output files in .${o}out and the stuff
# that needs deleting in .${o}tmp.
# The file was generated by running 'make makefile.one', which
# does a 'make files', which writes all the environment variables from all
Modified: trunk/crypto/openssl/util/mkrc.pl
===================================================================
--- trunk/crypto/openssl/util/mkrc.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/mkrc.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -57,7 +57,7 @@
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright \xA9 1998-2006 The OpenSSL Project. Copyright \xA9 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
Modified: trunk/crypto/openssl/util/mkstack.pl
===================================================================
--- trunk/crypto/openssl/util/mkstack.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/mkstack.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -97,7 +97,7 @@
EOF
}
- foreach $type_thing (sort @sstacklst) {
+ foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) {
my $t1 = $type_thing->[0];
my $t2 = $type_thing->[1];
$new_stackfile .= <<EOF;
Modified: trunk/crypto/openssl/util/pl/VC-32.pl
===================================================================
--- trunk/crypto/openssl/util/pl/VC-32.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/pl/VC-32.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -342,7 +342,7 @@
local($ret,$_);
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
+ $ret.="$target: $files $dep_libs";
if ($standalone == 1)
{
$ret.=" \$(OBJ_D)${o}applink.obj" if $shlib;
@@ -356,6 +356,7 @@
}
elsif ($standalone == 2)
{
+ $ret.="\n";
$ret.="\tSET FIPS_LINK=\$(LINK_CMD)\n";
$ret.="\tSET FIPS_CC=\$(CC)\n";
$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
@@ -368,6 +369,7 @@
}
else
{
+ $ret.="\n";
$ret.="\t\$(LINK_CMD) \$(LFLAGS) $efile$target @<<\n";
$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
}
Modified: trunk/crypto/openssl/util/selftest.pl
===================================================================
--- trunk/crypto/openssl/util/selftest.pl 2018-07-08 16:35:42 UTC (rev 11619)
+++ trunk/crypto/openssl/util/selftest.pl 2018-07-08 16:40:18 UTC (rev 11620)
@@ -199,3 +199,4 @@
}
print "\nTest report in file $report\n";
+die if $ok != 2;
More information about the Midnightbsd-cvs
mailing list