svn commit: r295001 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/bio crypto/bn crypto/bn/asm crypto/camellia crypto/des crypto/dh crypto/dsa crypto/dso crypto/ec ...
Jung-uk Kim
jkim at FreeBSD.org
Thu Jan 28 18:42:05 UTC 2016
Author: jkim
Date: Thu Jan 28 18:41:59 2016
New Revision: 295001
URL: https://svnweb.freebsd.org/changeset/base/295001
Log:
Import OpenSSL 1.0.2f.
Added:
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
vendor-crypto/openssl/dist/util/pod2mantest (contents, props changed)
Modified:
vendor-crypto/openssl/dist/ACKNOWLEDGMENTS
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/INSTALL
vendor-crypto/openssl/dist/LICENSE
vendor-crypto/openssl/dist/Makefile
vendor-crypto/openssl/dist/Makefile.org
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/engine.c
vendor-crypto/openssl/dist/apps/ocsp.c
vendor-crypto/openssl/dist/apps/pkcs12.c
vendor-crypto/openssl/dist/apps/pkeyutl.c
vendor-crypto/openssl/dist/apps/s_client.c
vendor-crypto/openssl/dist/apps/s_server.c
vendor-crypto/openssl/dist/apps/speed.c
vendor-crypto/openssl/dist/apps/x509.c
vendor-crypto/openssl/dist/crypto/aes/aes.h
vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c
vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c
vendor-crypto/openssl/dist/crypto/aes/aes_core.c
vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c
vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c
vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
vendor-crypto/openssl/dist/crypto/aes/aes_locl.h
vendor-crypto/openssl/dist/crypto/aes/aes_misc.c
vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c
vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl
vendor-crypto/openssl/dist/crypto/bio/bio.h
vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
vendor-crypto/openssl/dist/crypto/bn/exptest.c
vendor-crypto/openssl/dist/crypto/camellia/camellia.c
vendor-crypto/openssl/dist/crypto/camellia/camellia.h
vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h
vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c
vendor-crypto/openssl/dist/crypto/camellia/cmll_utl.c
vendor-crypto/openssl/dist/crypto/des/des_old.c
vendor-crypto/openssl/dist/crypto/des/des_old.h
vendor-crypto/openssl/dist/crypto/des/des_old2.c
vendor-crypto/openssl/dist/crypto/dh/dh.h
vendor-crypto/openssl/dist/crypto/dh/dh_check.c
vendor-crypto/openssl/dist/crypto/dh/dhtest.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/dist/crypto/dso/dso.h
vendor-crypto/openssl/dist/crypto/dso/dso_dl.c
vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c
vendor-crypto/openssl/dist/crypto/dso/dso_lib.c
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl
vendor-crypto/openssl/dist/crypto/ec/ec2_smpl.c
vendor-crypto/openssl/dist/crypto/ec/ec_key.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256_table.c
vendor-crypto/openssl/dist/crypto/ec/ectest.c
vendor-crypto/openssl/dist/crypto/engine/eng_all.c
vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
vendor-crypto/openssl/dist/crypto/evp/e_old.c
vendor-crypto/openssl/dist/crypto/evp/e_seed.c
vendor-crypto/openssl/dist/crypto/mem_clr.c
vendor-crypto/openssl/dist/crypto/modes/asm/aesni-gcm-x86_64.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl
vendor-crypto/openssl/dist/crypto/o_dir.c
vendor-crypto/openssl/dist/crypto/o_dir.h
vendor-crypto/openssl/dist/crypto/o_dir_test.c
vendor-crypto/openssl/dist/crypto/o_str.c
vendor-crypto/openssl/dist/crypto/o_str.h
vendor-crypto/openssl/dist/crypto/o_time.c
vendor-crypto/openssl/dist/crypto/o_time.h
vendor-crypto/openssl/dist/crypto/opensslv.h
vendor-crypto/openssl/dist/crypto/rc4/rc4_utl.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c
vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c
vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c
vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/sha1test.c
vendor-crypto/openssl/dist/crypto/store/store.h
vendor-crypto/openssl/dist/crypto/store/str_lib.c
vendor-crypto/openssl/dist/crypto/store/str_locl.h
vendor-crypto/openssl/dist/crypto/store/str_mem.c
vendor-crypto/openssl/dist/crypto/store/str_meth.c
vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c
vendor-crypto/openssl/dist/crypto/ui/ui.h
vendor-crypto/openssl/dist/crypto/ui/ui_compat.c
vendor-crypto/openssl/dist/crypto/ui/ui_compat.h
vendor-crypto/openssl/dist/crypto/ui/ui_lib.c
vendor-crypto/openssl/dist/crypto/ui/ui_locl.h
vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist/crypto/ui/ui_util.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h
vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c
vendor-crypto/openssl/dist/crypto/x509v3/v3nametest.c
vendor-crypto/openssl/dist/doc/apps/s_time.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
vendor-crypto/openssl/dist/engines/e_chil.c
vendor-crypto/openssl/dist/ssl/d1_both.c
vendor-crypto/openssl/dist/ssl/kssl.c
vendor-crypto/openssl/dist/ssl/kssl.h
vendor-crypto/openssl/dist/ssl/kssl_lcl.h
vendor-crypto/openssl/dist/ssl/s2_srvr.c
vendor-crypto/openssl/dist/ssl/s3_clnt.c
vendor-crypto/openssl/dist/ssl/s3_lib.c
vendor-crypto/openssl/dist/ssl/s3_srvr.c
vendor-crypto/openssl/dist/ssl/ssl.h
vendor-crypto/openssl/dist/ssl/ssl_err.c
vendor-crypto/openssl/dist/ssl/ssl_lib.c
vendor-crypto/openssl/dist/ssl/ssl_sess.c
vendor-crypto/openssl/dist/ssl/t1_enc.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/util/domd
vendor-crypto/openssl/dist/util/pl/VC-32.pl
Modified: vendor-crypto/openssl/dist/ACKNOWLEDGMENTS
==============================================================================
--- vendor-crypto/openssl/dist/ACKNOWLEDGMENTS Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/ACKNOWLEDGMENTS Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,30 +1,2 @@
-The OpenSSL project depends on volunteer efforts and financial support from
-the end user community. That support comes in the form of donations and paid
-sponsorships, software support contracts, paid consulting services
-and commissioned software development.
-
-Since all these activities support the continued development and improvement
-of OpenSSL we consider all these clients and customers as sponsors of the
-OpenSSL project.
-
-We would like to identify and thank the following such sponsors for their past
-or current significant support of the OpenSSL project:
-
-Major support:
-
- Qualys http://www.qualys.com/
-
-Very significant support:
-
- OpenGear: http://www.opengear.com/
-
-Significant support:
-
- PSW Group: http://www.psw.net/
- Acano Ltd. http://acano.com/
-
-Please note that we ask permission to identify sponsors and that some sponsors
-we consider eligible for inclusion here have requested to remain anonymous.
-
-Additional sponsorship or financial support is always welcome: for more
-information please contact the OpenSSL Software Foundation.
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/CHANGES Thu Jan 28 18:41:59 2016 (r295001)
@@ -2,6 +2,54 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+
+ *) DH small subgroups
+
+ Historically OpenSSL only ever generated DH parameters based on "safe"
+ primes. More recently (in version 1.0.2) support was provided for
+ generating X9.42 style parameter files such as those required for RFC 5114
+ support. The primes used in such files may not be "safe". Where an
+ application is using DH configured with parameters based on primes that are
+ not "safe" then an attacker could use this fact to find a peer's private
+ DH exponent. This attack requires that the attacker complete multiple
+ handshakes in which the peer uses the same private DH exponent. For example
+ this could be used to discover a TLS server's private DH exponent if it's
+ reusing the private DH exponent or it's using a static DH ciphersuite.
+
+ OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+ TLS. It is not on by default. If the option is not set then the server
+ reuses the same private DH exponent for the life of the server process and
+ would be vulnerable to this attack. It is believed that many popular
+ applications do set this option and would therefore not be at risk.
+
+ The fix for this issue adds an additional check where a "q" parameter is
+ available (as is the case in X9.42 based parameters). This detects the
+ only known attack, and is the only possible defense for static DH
+ ciphersuites. This could have some performance impact.
+
+ Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
+ default and cannot be disabled. This could have some performance impact.
+
+ This issue was reported to OpenSSL by Antonio Sanso (Adobe).
+ (CVE-2016-0701)
+ [Matt Caswell]
+
+ *) SSLv2 doesn't block disabled ciphers
+
+ A malicious client can negotiate SSLv2 ciphers that have been disabled on
+ the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+ been disabled, provided that the SSLv2 protocol was not also disabled via
+ SSL_OP_NO_SSLv2.
+
+ This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+ and Sebastian Schinzel.
+ (CVE-2015-3197)
+ [Viktor Dukhovni]
+
+ *) Reject DH handshakes with parameters shorter than 1024 bits.
+ [Kurt Roeckx]
+
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64
Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/Configure Thu Jan 28 18:41:59 2016 (r295001)
@@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unus
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/) # Intel C compi
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
- $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@@ -2028,14 +2031,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
+ $warn_make_depend++;
+ }
}
# create the ms/version32.rc file if needed
@@ -2114,12 +2111,18 @@ EOF
print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'. If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+ make depend
EOF
exit(0);
Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Jan 28 18:41:59 2016 (r295001)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.0.2e
-# OSSLTAG format: v1_0_2e
+setenv OSSLVER 1.0.2f
+# OSSLTAG format: v1_0_2f
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist/INSTALL
==============================================================================
--- vendor-crypto/openssl/dist/INSTALL Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/INSTALL Thu Jan 28 18:41:59 2016 (r295001)
@@ -164,10 +164,10 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs at openssl.org> (note that your
message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/support/rt.html and will be forwarded to a
- public mailing list). Include the output of "make report" in your message.
- Please check out the request tracker. Maybe the bug was already
- reported or has already been fixed.
+ at https://www.openssl.org/community/index.html#bugs and will be
+ forwarded to a public mailing list). Include the output of "make
+ report" in your message. Please check out the request tracker. Maybe
+ the bug was already reported or has already been fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
Modified: vendor-crypto/openssl/dist/LICENSE
==============================================================================
--- vendor-crypto/openssl/dist/LICENSE Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/LICENSE Thu Jan 28 18:41:59 2016 (r295001)
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Modified: vendor-crypto/openssl/dist/Makefile
==============================================================================
--- vendor-crypto/openssl/dist/Makefile Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/Makefile Thu Jan 28 18:41:59 2016 (r295001)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2e
+VERSION=1.0.2f
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -182,8 +182,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
+TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@@ -501,38 +500,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl:0 --group openssl:0 \
- --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+ --owner 0 --group 0 \
+ --transform 's|^|$(NAME)/|' \
-cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \! -name '*test' \! -name '.#*' \! -name '*~' \
- | sort > ../$(TARFILE).list
+ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+ \! -name '.#*' \! -name '*~' \! -type l \
+ | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
- $(TAR_COMMAND) > ../$(TARFILE)
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE)
+ $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+ $(TAR_COMMAND) > $(TARFILE)
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE)
dist:
$(PERL) Configure dist
- @$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
Modified: vendor-crypto/openssl/dist/Makefile.org
==============================================================================
--- vendor-crypto/openssl/dist/Makefile.org Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/Makefile.org Thu Jan 28 18:41:59 2016 (r295001)
@@ -180,8 +180,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
+TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@@ -499,38 +498,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl:0 --group openssl:0 \
- --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+ --owner 0 --group 0 \
+ --transform 's|^|$(NAME)/|' \
-cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \! -name '*test' \! -name '.#*' \! -name '*~' \
- | sort > ../$(TARFILE).list
+ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+ \! -name '.#*' \! -name '*~' \! -type l \
+ | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
- $(TAR_COMMAND) > ../$(TARFILE)
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE)
+ $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+ $(TAR_COMMAND) > $(TARFILE)
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE)
dist:
$(PERL) Configure dist
- @$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/NEWS Thu Jan 28 18:41:59 2016 (r295001)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+ o DH small subgroups (CVE-2016-0701)
+ o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/README Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2e 3 Dec 2015
+ OpenSSL 1.0.2f 28 Jan 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -90,11 +90,12 @@
In order to avoid spam, this is a moderated mailing list, and it might
take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
- this address is recorded in the public RT (request tracker) database (see
- https://www.openssl.org/support/rt.html for details) and also forwarded
- the public openssl-dev mailing list. Confidential mail may be sent to
- openssl-security at openssl.org (PGP key available from the key servers).
+ that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list. Confidential mail
+ may be sent to openssl-security at openssl.org (PGP key available from the
+ key servers).
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
Modified: vendor-crypto/openssl/dist/apps/engine.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/engine.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/engine.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
/*
* Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
* 2000.
Modified: vendor-crypto/openssl/dist/apps/ocsp.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/ocsp.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPO
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+ nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
Modified: vendor-crypto/openssl/dist/apps/pkcs12.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/pkcs12.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/pkcs12.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
# define CLCERTS 0x8
# define CACERTS 0x10
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
- if (!vret) {
+ if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
- if (vret >= 0)
+ if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
@@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
/* Given a single certificate return a verified chain or NULL if error */
-/* Hope this is OK .... */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
+ STACK_OF(X509) *chn = NULL;
int i = 0;
- /*
- * FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this function
- * is less obvious.
- */
- X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
- if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error(&store_ctx);
- if (i == 0)
- /*
- * avoid returning 0 if X509_verify_cert() did not set an
- * appropriate error value in the context
- */
- i = -1;
- chn = NULL;
- goto err;
- } else
+ if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+ *chain = NULL;
+ return X509_V_ERR_UNSPECIFIED;
+ }
+
+ if (X509_verify_cert(&store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+ else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+ i = X509_V_ERR_UNSPECIFIED;
+
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
-
return i;
}
Modified: vendor-crypto/openssl/dist/apps/pkeyutl.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/pkeyutl.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/pkeyutl.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -74,10 +74,11 @@ static void usage(void);
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e);
+ char *passargin, int pkey_op, ENGINE *e,
+ int impl);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file);
+ const char *file, ENGINE* e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
+ int engine_impl = 0;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
@@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
- passargin, pkey_op, e);
+ passargin, pkey_op, e, engine_impl);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
@@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+ else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
badarg = 1;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
@@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
+ } else if (!strcmp(*argv, "-engine_impl")) {
+ engine_impl = 1;
}
#endif
else if (!strcmp(*argv, "-pubin"))
@@ -368,7 +372,8 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
- "-engine e use engine e, possibly a hardware device.\n");
+ "-engine e use engine e, maybe a hardware device, for loading keys.\n");
+ BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
@@ -376,10 +381,12 @@ static void usage()
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e)
+ char *passargin, int pkey_op, ENGINE *e,
+ int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
+ ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
@@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys
if (!pkey)
goto end;
-
- ctx = EVP_PKEY_CTX_new(pkey, e);
-
+
+#ifndef OPENSSL_NO_ENGINE
+ if (engine_impl)
+ impl = e;
+#endif
+
+ ctx = EVP_PKEY_CTX_new(pkey, impl);
+
EVP_PKEY_free(pkey);
if (!ctx)
@@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file)
+ const char *file, ENGINE* e)
{
EVP_PKEY *peer = NULL;
+ ENGINE* engine = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
- peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+ if (peerform == FORMAT_ENGINE)
+ engine = e;
+
+ peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
Modified: vendor-crypto/openssl/dist/apps/s_client.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/s_client.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/s_client.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -308,7 +308,7 @@ static void sc_usage(void)
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
Modified: vendor-crypto/openssl/dist/apps/s_server.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/s_server.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/s_server.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -498,7 +498,7 @@ static void sv_usage(void)
BIO_printf(bio_err,
" -accept arg - port to accept on (default is %d)\n", PORT);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
Modified: vendor-crypto/openssl/dist/apps/speed.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/speed.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/speed.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
*
Modified: vendor-crypto/openssl/dist/apps/x509.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/x509.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/apps/x509.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
- NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))
Modified: vendor-crypto/openssl/dist/crypto/aes/aes.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes.h Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes.h Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_core.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_core.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_core.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ige.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ige.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_locl.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_locl.h Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_locl.h Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_misc.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_misc.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_misc.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
$avx = ($1>=10) + ($1>=11);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
-$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
$shaext=1; ### set to zero if compiling for 1.0.1
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
$avx = ($1>=10) + ($1>=12);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: vendor-crypto/openssl/dist/crypto/bio/bio.h
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio.h Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bio/bio.h Thu Jan 28 18:41:59 2016 (r295001)
@@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+/* BIO_s_accept() and BIO_s_connect() */
# define BIO_do_connect(b) BIO_do_handshake(b)
# define BIO_do_accept(b) BIO_do_handshake(b)
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+/* BIO_s_file() */
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+/* BIO_s_fd() and BIO_s_file() */
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_bio.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_bio.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_bio.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_conn.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_conn.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, l
{
BIO *dbio;
int *ip;
- const char **pptr;
+ const char **pptr = NULL;
long ret = 1;
BIO_CONNECT *data;
@@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, l
case BIO_C_GET_CONNECT:
if (ptr != NULL) {
pptr = (const char **)ptr;
- if (num == 0) {
- *pptr = data->param_hostname;
+ }
- } else if (num == 1) {
- *pptr = data->param_port;
- } else if (num == 2) {
- *pptr = (char *)&(data->ip[0]);
- } else if (num == 3) {
- *((int *)ptr) = data->port;
+ if (b->init) {
+ if (pptr != NULL) {
+ ret = 1;
+ if (num == 0) {
+ *pptr = data->param_hostname;
+ } else if (num == 1) {
+ *pptr = data->param_port;
+ } else if (num == 2) {
+ *pptr = (char *)&(data->ip[0]);
+ } else {
+ ret = 0;
+ }
+ }
+ if (num == 3) {
+ ret = data->port;
}
- if ((!b->init) || (ptr == NULL))
+ } else {
+ if (pptr != NULL)
*pptr = "not initialized";
- ret = 1;
+ ret = 0;
}
break;
case BIO_C_SET_CONNECT:
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd,
switch (cmd) {
case BIO_CTRL_RESET:
num = 0;
- case BIO_C_FILE_SEEK:
ret = 0;
break;
- case BIO_C_FILE_TELL:
case BIO_CTRL_INFO:
ret = 0;
break;
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 18:41:59 2016 (r295001)
@@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
}
bits = BN_num_bits(p);
-
if (bits == 0) {
- ret = BN_one(r);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
@@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
}
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
* precomputation memory layout to limit data-dependency to a minimum to
* protect secret exponents (cf. the hyper-threading timing attacks pointed
* out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
@@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
- } else
+ } else {
ret = BN_one(rr);
+ }
return ret;
}
if (a == 0) {
@@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B
}
bits = BN_num_bits(p);
-
- if (bits == 0) {
- ret = BN_one(r);
+ if (bits == 0) {
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
Modified: vendor-crypto/openssl/dist/crypto/bn/exptest.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exptest.c Thu Jan 28 18:25:55 2016 (r295000)
+++ vendor-crypto/openssl/dist/crypto/bn/exptest.c Thu Jan 28 18:41:59 2016 (r295001)
@@ -73,14 +73,34 @@ static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
/*
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list