svn commit: r264271 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/cms crypto/ec crypto/engine crypto/evp crypto/modes crypto/rand crypto/x509...
Jung-uk Kim
jkim at FreeBSD.org
Tue Apr 8 20:15:27 UTC 2014
Author: jkim
Date: Tue Apr 8 20:15:18 2014
New Revision: 264271
URL: http://svnweb.freebsd.org/changeset/base/264271
Log:
Import OpenSSL 1.0.1g.
Approved by: benl (maintainer)
Modified:
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FAQ
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/Makefile
vendor-crypto/openssl/dist/Makefile.org
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/apps.c
vendor-crypto/openssl/dist/apps/crl.c
vendor-crypto/openssl/dist/apps/dgst.c
vendor-crypto/openssl/dist/apps/ecparam.c
vendor-crypto/openssl/dist/apps/req.c
vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
vendor-crypto/openssl/dist/crypto/bio/bss_log.c
vendor-crypto/openssl/dist/crypto/bn/bn.h
vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
vendor-crypto/openssl/dist/crypto/cryptlib.c
vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
vendor-crypto/openssl/dist/crypto/engine/eng_list.c
vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
vendor-crypto/openssl/dist/crypto/modes/gcm128.c
vendor-crypto/openssl/dist/crypto/opensslv.h
vendor-crypto/openssl/dist/crypto/rand/md_rand.c
vendor-crypto/openssl/dist/crypto/symhacks.h
vendor-crypto/openssl/dist/crypto/x509/by_dir.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/doc/apps/config.pod
vendor-crypto/openssl/dist/doc/apps/crl.pod
vendor-crypto/openssl/dist/doc/apps/ec.pod
vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
vendor-crypto/openssl/dist/doc/apps/req.pod
vendor-crypto/openssl/dist/doc/apps/s_client.pod
vendor-crypto/openssl/dist/doc/apps/s_server.pod
vendor-crypto/openssl/dist/doc/apps/ts.pod
vendor-crypto/openssl/dist/doc/apps/tsget.pod
vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
vendor-crypto/openssl/dist/doc/crypto/pem.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_set_shutdown.pod
vendor-crypto/openssl/dist/e_os.h
vendor-crypto/openssl/dist/engines/ccgost/gosthash.c
vendor-crypto/openssl/dist/ssl/d1_both.c
vendor-crypto/openssl/dist/ssl/kssl.h
vendor-crypto/openssl/dist/ssl/s23_clnt.c
vendor-crypto/openssl/dist/ssl/s3_srvr.c
vendor-crypto/openssl/dist/ssl/ssl.h
vendor-crypto/openssl/dist/ssl/t1_enc.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/ssl/tls1.h
vendor-crypto/openssl/dist/util/libeay.num
vendor-crypto/openssl/dist/util/pl/BC-32.pl
vendor-crypto/openssl/dist/util/pl/VC-32.pl
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/CHANGES Tue Apr 8 20:15:18 2014 (r264271)
@@ -2,6 +2,35 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) TLS pad extension: draft-agl-tls-padding-03
+
+ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+ TLS client Hello record length value would otherwise be > 255 and
+ less that 512 pad with a dummy extension containing zeroes so it
+ is at least 512 bytes long.
+
+ [Adam Langley, Steve Henson]
+
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/Configure Tue Apr 8 20:15:18 2014 (r264271)
@@ -526,7 +526,7 @@ my %table=(
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
Modified: vendor-crypto/openssl/dist/FAQ
==============================================================================
--- vendor-crypto/openssl/dist/FAQ Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/FAQ Tue Apr 8 20:15:18 2014 (r264271)
@@ -768,6 +768,9 @@ openssl-security at openssl.org if you don'
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve).
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 8 20:15:18 2014 (r264271)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 1.0.1f
-# OSSLTAG format: v1_0_1f
+setenv OSSLVER 1.0.1g
+# OSSLTAG format: v1_0_1g
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist/Makefile
==============================================================================
--- vendor-crypto/openssl/dist/Makefile Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/Makefile Tue Apr 8 20:15:18 2014 (r264271)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1f
+VERSION=1.0.1g
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
- touch -c fips_premain_dso$(EXE_EXT); \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: vendor-crypto/openssl/dist/Makefile.org
==============================================================================
--- vendor-crypto/openssl/dist/Makefile.org Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/Makefile.org Tue Apr 8 20:15:18 2014 (r264271)
@@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
- touch -c fips_premain_dso$(EXE_EXT); \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/NEWS Tue Apr 8 20:15:18 2014 (r264271)
@@ -5,8 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
+
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+ o Don't include gmt_unix_time in TLS server and client random values
o Fix for TLS record tampering bug CVE-2013-4353
o Fix for TLS version checking bug CVE-2013-6449
o Fix for DTLS retransmission bug CVE-2013-6450
Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/README Tue Apr 8 20:15:18 2014 (r264271)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1f 6 Jan 2014
+ OpenSSL 1.0.1g 7 Apr 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: vendor-crypto/openssl/dist/apps/apps.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/apps.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/apps/apps.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -586,12 +586,12 @@ int password_callback(char *buf, int buf
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert
if (proc==NULL)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
GetCurrentProcessId());
if (proc==NULL) proc = (HANDLE)-1;
Modified: vendor-crypto/openssl/dist/apps/crl.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/crl.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/apps/crl.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old - print old-style (MD5) hash value\n",
+#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old=0;
+#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+#ifndef OPENSSL_NO_MD5
+ else if (strcmp(*argv,"-hash_old") == 0)
+ hash_old= ++num;
+#endif
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
+#ifndef OPENSSL_NO_MD5
+ if (hash_old == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
+ }
+#endif
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
Modified: vendor-crypto/openssl/dist/apps/dgst.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dgst.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/apps/dgst.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
Modified: vendor-crypto/openssl/dist/apps/ecparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -105,7 +105,7 @@
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed - if 'explicit' parameters are chosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
+ " parameters are chosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
Modified: vendor-crypto/openssl/dist/apps/req.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/req.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/apps/req.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -644,6 +644,11 @@ bad:
if (inrand)
app_RAND_load_files(inrand);
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ {
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
goto end;
}
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 20:15:18 2014 (r264271)
@@ -1060,7 +1060,7 @@ _vpaes_consts:
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
___
Modified: vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_log.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp,
static void xopenlog(BIO* bp, char* name, int level)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
bp->ptr = RegisterEventSourceA(NULL,name);
else
bp->ptr = NULL;
Modified: vendor-crypto/openssl/dist/crypto/bn/bn.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.h Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/bn/bn.h Tue Apr 8 20:15:18 2014 (r264271)
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
#endif
Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a,
}
return bn_cmp_words(a,b,cl);
}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
Modified: vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_lib.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/cms/cms_lib.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms,
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return 0;
- if (!pcerts)
- return 0;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
{
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
Modified: vendor-crypto/openssl/dist/crypto/cryptlib.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+ if (check_winnt() && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
Modified: vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *grou
return ret;
}
+
/* Computes scalar*point and stores the result in r.
* point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
*/
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_mult
x2 = &r->X;
z2 = &r->Y;
+ bn_wexpand(x1, group->field.top);
+ bn_wexpand(z1, group->field.top);
+ bn_wexpand(x2, group->field.top);
+ bn_wexpand(z2, group->field.top);
+
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
if (!BN_one(z1)) goto err; /* z1 = 1 */
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_mult
word = scalar->d[i];
while (mask)
{
- if (word & mask)
- {
- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
- }
- else
- {
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
- }
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
mask >>= 1;
}
mask = BN_TBIT;
Modified: vendor-crypto/openssl/dist/crypto/engine/eng_list.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_list.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/engine/eng_list.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
load_dir, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
goto notfound;
return iterator;
Modified: vendor-crypto/openssl/dist/crypto/evp/bio_b64.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_b64.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/evp/bio_b64.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, i
}
/* we fell off the end without starting */
- if (j == i)
+ if ((j == i) && (num == 0))
{
/* Is this is one long chunk?, if so, keep on
* reading until a new line. */
Modified: vendor-crypto/openssl/dist/crypto/modes/gcm128.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/modes/gcm128.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/modes/gcm128.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT
GCM_MUL(ctx,Yi);
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
}
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT
(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i) {
@@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx,out,GHASH_CHUNK);
@@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
in += i;
@@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK;
@@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += i;
@@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
Modified: vendor-crypto/openssl/dist/crypto/opensslv.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/opensslv.h Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/opensslv.h Tue Apr 8 20:15:18 2014 (r264271)
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000106fL
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: vendor-crypto/openssl/dist/crypto/rand/md_rand.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/rand/md_rand.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/rand/md_rand.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
Modified: vendor-crypto/openssl/dist/crypto/symhacks.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/symhacks.h Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/symhacks.h Tue Apr 8 20:15:18 2014 (r264271)
@@ -204,6 +204,12 @@
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
#undef SSL_CTX_set_next_proto_select_cb
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
Modified: vendor-crypto/openssl/dist/crypto/x509/by_dir.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/x509/by_dir.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/x509/by_dir.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, con
s=dir;
p=s;
- for (;;p++)
+ do
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, con
return 0;
}
}
- if (*p == '\0')
- break;
- }
+ } while (*p++ != '\0');
return 1;
}
Modified: vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c Tue Apr 8 20:15:18 2014 (r264271)
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx,
* a certificate was revoked. This has since been changed since
* critical extension can change the meaning of CRL entries.
*/
- if (crl->flags & EXFLAG_CRITICAL)
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ && (crl->flags & EXFLAG_CRITICAL))
{
- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- return 1;
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok)
Modified: vendor-crypto/openssl/dist/doc/apps/config.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/config.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/config.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -119,7 +119,7 @@ variable points to a section containing
information.
The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
+B<engine_id> below) and further sections containing configuration information
specific to each ENGINE.
Each ENGINE specific section is used to set default algorithms, load
Modified: vendor-crypto/openssl/dist/doc/apps/crl.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/crl.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/crl.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -62,6 +62,11 @@ don't output the encoded version of the
output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
=item B<-issuer>
output the issuer name.
Modified: vendor-crypto/openssl/dist/doc/apps/ec.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/ec.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/ec.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs
This specifies the input format. The B<DER> option with a private key uses
an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.
Modified: vendor-crypto/openssl/dist/doc/apps/pkcs12.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/pkcs12.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/pkcs12.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -67,7 +67,7 @@ by default.
The filename to write certificates and private keys to, standard output by
default. They are all written in PEM format.
-=item B<-pass arg>, B<-passin arg>
+=item B<-passin arg>
the PKCS#12 file (i.e. input file) password source. For more information about
the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
@@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
=item B<-passout arg>
-pass phrase source to encrypt any outputed private keys with. For more
+pass phrase source to encrypt any outputted private keys with. For more
information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
in L<openssl(1)|openssl(1)>.
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
=item B<-noout>
this option inhibits output of the keys and certificates to the output file
Modified: vendor-crypto/openssl/dist/doc/apps/req.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/req.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/req.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
=item B<-newhdr>
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
request. Some software (Netscape certificate server) and some CAs need this.
=item B<-batch>
Modified: vendor-crypto/openssl/dist/doc/apps/s_client.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_client.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/s_client.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -10,6 +10,7 @@ s_client - SSL/TLS client program
B<openssl> B<s_client>
[B<-connect host:port>]
[B<-verify depth>]
+[B<-verify_return_error>]
[B<-cert filename>]
[B<-certform DER|PEM>]
[B<-key filename>]
@@ -90,6 +91,11 @@ Currently the verify operation continues
with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure.
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
=item B<-CApath directory>
The directory to use for server certificate verification. This directory
@@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot inc
these will only be supported if its use is disabled, for example by using the
B<-no_sslv2> option.
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
=head1 BUGS
Because this program has a lot of options and also because some of
@@ -293,9 +306,6 @@ the techniques used are rather old, the
hard to read and not a model of how things should be done. A typical
SSL client program would be much simpler.
-The B<-verify> option should really exit if the server verification
-fails.
-
The B<-prexit> option is a bit of a hack. We should really report
information whenever a session is renegotiated.
Modified: vendor-crypto/openssl/dist/doc/apps/s_server.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_server.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/s_server.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -111,7 +111,7 @@ by using an appropriate certificate.
=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
=item B<-nocert>
Modified: vendor-crypto/openssl/dist/doc/apps/ts.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/ts.pod Tue Apr 8 20:10:57 2014 (r264270)
+++ vendor-crypto/openssl/dist/doc/apps/ts.pod Tue Apr 8 20:15:18 2014 (r264271)
@@ -352,7 +352,7 @@ switch always overrides the settings in
This is the main section and it specifies the name of another section
that contains all the options for the B<-reply> command. This default
-section can be overriden with the B<-section> command line switch. (Optional)
+section can be overridden with the B<-section> command line switch. (Optional)
=item B<oid_file>
@@ -453,7 +453,7 @@ included. Default is no. (Optional)
=head1 ENVIRONMENT VARIABLES
B<OPENSSL_CONF> contains the path of the configuration file and can be
-overriden by the B<-config> command line option.
+overridden by the B<-config> command line option.
=head1 EXAMPLES
Modified: vendor-crypto/openssl/dist/doc/apps/tsget.pod
==============================================================================
--- vendor-crypto/openssl/dist/doc/apps/tsget.pod Tue Apr 8 20:10:57 2014 (r264270)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list