svn commit: r298993 - in vendor-crypto/openssl/dist-1.0.1: . apps crypto crypto/asn1 crypto/bn/asm crypto/comp crypto/evp crypto/pem crypto/x509 doc/apps doc/crypto ssl util
Jung-uk Kim
jkim at FreeBSD.org
Tue May 3 18:02:05 UTC 2016
Author: jkim
Date: Tue May 3 18:02:01 2016
New Revision: 298993
URL: https://svnweb.freebsd.org/changeset/base/298993
Log:
Import OpenSSL 1.0.1t.
Added:
vendor-crypto/openssl/dist-1.0.1/doc/crypto/EVP_EncodeInit.pod
Modified:
vendor-crypto/openssl/dist-1.0.1/CHANGES
vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade
vendor-crypto/openssl/dist-1.0.1/Makefile
vendor-crypto/openssl/dist-1.0.1/NEWS
vendor-crypto/openssl/dist-1.0.1/README
vendor-crypto/openssl/dist-1.0.1/apps/pkcs7.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_d2i_fp.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_type.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_par.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/t_x509.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_dec.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c
vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_x509.c
vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86-mont.pl
vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont5.pl
vendor-crypto/openssl/dist-1.0.1/crypto/comp/comp.h
vendor-crypto/openssl/dist-1.0.1/crypto/evp/Makefile
vendor-crypto/openssl/dist-1.0.1/crypto/evp/digest.c
vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_aes_cbc_hmac_sha1.c
vendor-crypto/openssl/dist-1.0.1/crypto/evp/encode.c
vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_enc.c
vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h
vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c
vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509.h
vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_err.c
vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_obj.c
vendor-crypto/openssl/dist-1.0.1/doc/apps/ciphers.pod
vendor-crypto/openssl/dist-1.0.1/doc/crypto/evp.pod
vendor-crypto/openssl/dist-1.0.1/ssl/d1_both.c
vendor-crypto/openssl/dist-1.0.1/ssl/s2_lib.c
vendor-crypto/openssl/dist-1.0.1/ssl/s2_meth.c
vendor-crypto/openssl/dist-1.0.1/ssl/s3_clnt.c
vendor-crypto/openssl/dist-1.0.1/ssl/s3_lib.c
vendor-crypto/openssl/dist-1.0.1/ssl/ssl.h
vendor-crypto/openssl/dist-1.0.1/ssl/ssl_ciph.c
vendor-crypto/openssl/dist-1.0.1/ssl/ssl_locl.h
vendor-crypto/openssl/dist-1.0.1/ssl/t1_lib.c
vendor-crypto/openssl/dist-1.0.1/util/libeay.num
vendor-crypto/openssl/dist-1.0.1/util/mk1mf.pl
vendor-crypto/openssl/dist-1.0.1/util/mkdef.pl
vendor-crypto/openssl/dist-1.0.1/util/ssleay.num
Modified: vendor-crypto/openssl/dist-1.0.1/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/CHANGES Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/CHANGES Tue May 3 18:02:01 2016 (r298993)
@@ -2,6 +2,103 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1s and 1.0.1t [3 May 2016]
+
+ *) Prevent padding oracle in AES-NI CBC MAC check
+
+ A MITM attacker can use a padding oracle attack to decrypt traffic
+ when the connection uses an AES CBC cipher and the server support
+ AES-NI.
+
+ This issue was introduced as part of the fix for Lucky 13 padding
+ attack (CVE-2013-0169). The padding check was rewritten to be in
+ constant time by making sure that always the same bytes are read and
+ compared against either the MAC or padding bytes. But it no longer
+ checked that there was enough data to have both the MAC and padding
+ bytes.
+
+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
+ (CVE-2016-2107)
+ [Kurt Roeckx]
+
+ *) Fix EVP_EncodeUpdate overflow
+
+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
+ Base64 encoding of binary data. If an attacker is able to supply very large
+ amounts of input data then a length check can overflow resulting in a heap
+ corruption.
+
+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+ the PEM_write_bio* family of functions. These are mainly used within the
+ OpenSSL command line applications, so any application which processes data
+ from an untrusted source and outputs it as a PEM file should be considered
+ vulnerable to this issue. User applications that call these APIs directly
+ with large amounts of untrusted data may also be vulnerable.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2105)
+ [Matt Caswell]
+
+ *) Fix EVP_EncryptUpdate overflow
+
+ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+ is able to supply very large amounts of input data after a previous call to
+ EVP_EncryptUpdate() with a partial block then a length check can overflow
+ resulting in a heap corruption. Following an analysis of all OpenSSL
+ internal usage of the EVP_EncryptUpdate() function all usage is one of two
+ forms. The first form is where the EVP_EncryptUpdate() call is known to be
+ the first called function after an EVP_EncryptInit(), and therefore that
+ specific call must be safe. The second form is where the length passed to
+ EVP_EncryptUpdate() can be seen from the code to be some small value and
+ therefore there is no possibility of an overflow. Since all instances are
+ one of these two forms, it is believed that there can be no overflows in
+ internal code due to this problem. It should be noted that
+ EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
+ Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
+ of these calls have also been analysed too and it is believed there are no
+ instances in internal usage where an overflow could occur.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2106)
+ [Matt Caswell]
+
+ *) Prevent ASN.1 BIO excessive memory allocation
+
+ When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+ a short invalid encoding can casuse allocation of large amounts of memory
+ potentially consuming excessive resources or exhausting memory.
+
+ Any application parsing untrusted data through d2i BIO functions is
+ affected. The memory based functions such as d2i_X509() are *not* affected.
+ Since the memory based functions are used by the TLS library, TLS
+ applications are not affected.
+
+ This issue was reported by Brian Carpenter.
+ (CVE-2016-2109)
+ [Stephen Henson]
+
+ *) EBCDIC overread
+
+ ASN1 Strings that are over 1024 bytes can cause an overread in applications
+ using the X509_NAME_oneline() function on EBCDIC systems. This could result
+ in arbitrary stack data being returned in the buffer.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2176)
+ [Matt Caswell]
+
+ *) Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
+ [Todd Short]
+
+ *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
+ default.
+ [Kurt Roeckx]
+
+ *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
+ methods are enabled and ssl2 is disabled the methods return NULL.
+ [Kurt Roeckx]
+
Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Modified: vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade Tue May 3 18:02:01 2016 (r298993)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 1.0.1r
-# OSSLTAG format: v1_0_1r
+setenv OSSLVER 1.0.1t
+# OSSLTAG format: v1_0_1t
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist-1.0.1/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/Makefile Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/Makefile Tue May 3 18:02:01 2016 (r298993)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1s
+VERSION=1.0.1t
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
Modified: vendor-crypto/openssl/dist-1.0.1/NEWS
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/NEWS Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/NEWS Tue May 3 18:02:01 2016 (r298993)
@@ -5,6 +5,19 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]
+
+ o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+ o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+ o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+ o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+ o EBCDIC overread (CVE-2016-2176)
+ o Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
+ o Remove LOW from the DEFAULT cipher list. This removes singles DES from
+ the default.
+ o Only remove the SSLv2 methods with the no-ssl2-method option.
+
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Modified: vendor-crypto/openssl/dist-1.0.1/README
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/README Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/README Tue May 3 18:02:01 2016 (r298993)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1s 1 Mar 2016
+ OpenSSL 1.0.1t 3 May 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: vendor-crypto/openssl/dist-1.0.1/apps/pkcs7.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/pkcs7.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/apps/pkcs7.c Tue May 3 18:02:01 2016 (r298993)
@@ -235,12 +235,16 @@ int MAIN(int argc, char **argv)
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
- certs = p7->d.sign->cert;
- crls = p7->d.sign->crl;
+ if (p7->d.sign != NULL) {
+ certs = p7->d.sign->cert;
+ crls = p7->d.sign->crl;
+ }
break;
case NID_pkcs7_signedAndEnveloped:
- certs = p7->d.signed_and_enveloped->cert;
- crls = p7->d.signed_and_enveloped->crl;
+ if (p7->d.signed_and_enveloped != NULL) {
+ certs = p7->d.signed_and_enveloped->cert;
+ crls = p7->d.signed_and_enveloped->crl;
+ }
break;
default:
break;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c Tue May 3 18:02:01 2016 (r298993)
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING
} else {
if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) {
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
} else
s = ret->data;
memcpy(s, p, (int)len);
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_d2i_fp.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_d2i_fp.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_d2i_fp.c Tue May 3 18:02:01 2016 (r298993)
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
#endif
#define HEADER_SIZE 8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BU
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
- if (!BUF_MEM_grow_clean(b, len + want)) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
while (want > 0) {
- i = BIO_read(in, &(b->data[len]), want);
- if (i <= 0) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
- ASN1_R_NOT_ENOUGH_DATA);
+ /*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+ size_t chunk = want > chunk_max ? chunk_max : want;
+
+ if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
+ want -= chunk;
+ while (chunk > 0) {
+ i = BIO_read(in, &(b->data[len]), chunk);
+ if (i <= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
- len += i;
- want -= i;
+ len += i;
+ chunk -= i;
+ }
+ if (chunk_max < INT_MAX/2)
+ chunk_max *= 2;
}
}
if (off + c.slen < off) {
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_type.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_type.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_type.c Tue May 3 18:02:01 2016 (r298993)
@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c Tue May 3 18:02:01 2016 (r298993)
@@ -63,7 +63,7 @@
#include <openssl/asn1_mac.h>
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max);
+ long max);
static void asn1_put_length(unsigned char **pp, int length);
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char
}
*ptag = tag;
*pclass = xclass;
- if (!asn1_get_length(&p, &inf, plength, (int)max))
+ if (!asn1_get_length(&p, &inf, plength, max))
goto err;
if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char
}
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max)
+ long max)
{
const unsigned char *p = *pp;
unsigned long ret = 0;
- unsigned int i;
+ unsigned long i;
if (max-- < 1)
- return (0);
+ return 0;
if (*p == 0x80) {
*inf = 1;
ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigne
*inf = 0;
i = *p & 0x7f;
if (*(p++) & 0x80) {
- if (i > sizeof(long))
+ if (i > sizeof(ret) || max < (long)i)
return 0;
- if (max-- == 0)
- return (0);
while (i-- > 0) {
ret <<= 8L;
ret |= *(p++);
- if (max-- == 0)
- return (0);
}
} else
ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigne
return 0;
*pp = p;
*rl = (long)ret;
- return (1);
+ return 1;
}
/*
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_par.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_par.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_par.c Tue May 3 18:02:01 2016 (r298993)
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const un
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
goto end;
if (j & V_ASN1_CONSTRUCTED) {
+ const unsigned char *sp;
+
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const un
goto end;
}
if ((j == 0x21) && (len == 0)) {
+ sp = p;
for (;;) {
r = asn1_parse2(bp, &p, (long)(tot - p),
offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const un
ret = 0;
goto end;
}
- if ((r == 2) || (p >= tot))
+ if ((r == 2) || (p >= tot)) {
+ len = p - sp;
break;
+ }
}
- } else
+ } else {
+ long tmp = len;
+
while (p < ep) {
- r = asn1_parse2(bp, &p, (long)len,
- offset + (p - *pp), depth + 1,
+ sp = p;
+ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
+ tmp -= p - sp;
}
+ }
} else if (xclass != 0) {
p += len;
if (BIO_write(bp, "\n", 1) <= 0)
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/t_x509.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/t_x509.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/t_x509.c Tue May 3 18:02:01 2016 (r298993)
@@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsi
goto err;
bs = X509_get_serialNumber(x);
- if (bs->length <= (int)sizeof(long)) {
+ if (bs->length < (int)sizeof(long)
+ || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
l = ASN1_INTEGER_get(bs);
if (bs->type == V_ASN1_NEG_INTEGER) {
l = -l;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_dec.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_dec.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_dec.c Tue May 3 18:02:01 2016 (r298993)
@@ -903,9 +903,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c Tue May 3 18:02:01 2016 (r298993)
@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
/*
* These are all have the same content format as ASN1_INTEGER
*/
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c Tue May 3 18:02:01 2016 (r298993)
@@ -66,6 +66,13 @@
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE *
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
+ if (len > X509_NAME_MAX) {
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+ return 0;
+ }
q = p;
/* Get internal representation of Name */
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_x509.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_x509.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_x509.c Tue May 3 18:02:01 2016 (r298993)
@@ -201,9 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
- int length;
+ int length, tmplen;
+ unsigned char *start = pp != NULL ? *pp : NULL;
length = i2d_X509(a, pp);
- if (a)
- length += i2d_X509_CERT_AUX(a->aux, pp);
+ if (length < 0 || a == NULL)
+ return length;
+
+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+ if (tmplen < 0) {
+ if (start != NULL)
+ *pp = start;
+ return tmplen;
+ }
+ length += tmplen;
+
return length;
}
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86-mont.pl
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86-mont.pl Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86-mont.pl Tue May 3 18:02:01 2016 (r298993)
@@ -85,6 +85,21 @@ $frame=32; # size of above frame roun
&and ("esp",-64); # align to cache line
+ # Some OSes, *cough*-dows, insist on stack being "wired" to
+ # physical memory in strictly sequential manner, i.e. if stack
+ # allocation spans two pages, then reference to farmost one can
+ # be punishable by SEGV. But page walking can do good even on
+ # other OSes, because it guarantees that villain thread hits
+ # the guard page before it can make damage to innocent one...
+ &mov ("eax","ebp");
+ &sub ("eax","esp");
+ &and ("eax",-4096);
+&set_label("page_walk");
+ &mov ("edx",&DWP(0,"esp","eax"));
+ &sub ("eax",4096);
+ &data_byte(0x2e);
+ &jnc (&label("page_walk"));
+
################################# load argument block...
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont.pl
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont.pl Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont.pl Tue May 3 18:02:01 2016 (r298993)
@@ -91,6 +91,20 @@ bn_mul_mont:
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
+ # Some OSes, *cough*-dows, insist on stack being "wired" to
+ # physical memory in strictly sequential manner, i.e. if stack
+ # allocation spans two pages, then reference to farmost one can
+ # be punishable by SEGV. But page walking can do good even on
+ # other OSes, because it guarantees that villain thread hits
+ # the guard page before it can make damage to innocent one...
+ sub %rsp,%r11
+ and \$-4096,%r11
+.Lmul_page_walk:
+ mov (%rsp,%r11),%r10
+ sub \$4096,%r11
+ .byte 0x66,0x2e # predict non-taken
+ jnc .Lmul_page_walk
+
mov $bp,%r12 # reassign $bp
___
$bp="%r12";
@@ -296,6 +310,14 @@ bn_mul4x_mont:
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
+ sub %rsp,%r11
+ and \$-4096,%r11
+.Lmul4x_page_walk:
+ mov (%rsp,%r11),%r10
+ sub \$4096,%r11
+ .byte 0x2e # predict non-taken
+ jnc .Lmul4x_page_walk
+
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
mov %rdx,%r12 # reassign $bp
___
@@ -707,6 +729,7 @@ $code.=<<___;
.align 16
bn_sqr4x_mont:
.Lsqr4x_enter:
+ mov %rsp,%rax
push %rbx
push %rbp
push %r12
@@ -715,12 +738,23 @@ bn_sqr4x_mont:
push %r15
shl \$3,${num}d # convert $num to bytes
- xor %r10,%r10
mov %rsp,%r11 # put aside %rsp
- sub $num,%r10 # -$num
+ neg $num # -$num
mov ($n0),$n0 # *n0
- lea -72(%rsp,%r10,2),%rsp # alloca(frame+2*$num)
+ lea -72(%rsp,$num,2),%rsp # alloca(frame+2*$num)
and \$-1024,%rsp # minimize TLB usage
+
+ sub %rsp,%r11
+ and \$-4096,%r11
+.Lsqr4x_page_walk:
+ mov (%rsp,%r11),%r10
+ sub \$4096,%r11
+ .byte 0x2e # predict non-taken
+ jnc .Lsqr4x_page_walk
+
+ mov $num,%r10
+ neg $num # restore $num
+ lea -48(%rax),%r11 # restore saved %rsp
##############################################################
# Stack layout
#
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont5.pl
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont5.pl Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/asm/x86_64-mont5.pl Tue May 3 18:02:01 2016 (r298993)
@@ -84,6 +84,20 @@ bn_mul_mont_gather5:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
+ # Some OSes, *cough*-dows, insist on stack being "wired" to
+ # physical memory in strictly sequential manner, i.e. if stack
+ # allocation spans two pages, then reference to farmost one can
+ # be punishable by SEGV. But page walking can do good even on
+ # other OSes, because it guarantees that villain thread hits
+ # the guard page before it can make damage to innocent one...
+ sub %rsp,%rax
+ and \$-4096,%rax
+.Lmul_page_walk:
+ mov (%rsp,%rax),%r11
+ sub \$4096,%rax
+ .byte 0x2e # predict non-taken
+ jnc .Lmul_page_walk
+
lea 128($bp),%r12 # reassign $bp (+size optimization)
___
$bp="%r12";
@@ -407,6 +421,14 @@ bn_mul4x_mont_gather5:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
+ sub %rsp,%rax
+ and \$-4096,%rax
+.Lmul4x_page_walk:
+ mov (%rsp,%rax),%r11
+ sub \$4096,%rax
+ .byte 0x2e # predict non-taken
+ jnc .Lmul4x_page_walk
+
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
lea 128(%rdx),%r12 # reassign $bp (+size optimization)
___
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/comp/comp.h
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/comp/comp.h Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/comp/comp.h Tue May 3 18:02:01 2016 (r298993)
@@ -4,6 +4,10 @@
# include <openssl/crypto.h>
+# ifdef OPENSSL_NO_COMP
+# error COMP is disabled.
+# endif
+
#ifdef __cplusplus
extern "C" {
#endif
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/evp/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/evp/Makefile Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/evp/Makefile Tue May 3 18:02:01 2016 (r298993)
@@ -199,8 +199,8 @@ e_aes.o: ../../include/openssl/opensslv.
e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
+e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
@@ -212,8 +212,8 @@ e_aes_cbc_hmac_sha1.o: ../../include/ope
e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
-e_aes_cbc_hmac_sha1.o: evp_locl.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c evp_locl.h
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/evp/digest.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/evp/digest.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/evp/digest.c Tue May 3 18:02:01 2016 (r298993)
@@ -200,8 +200,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
}
#endif
if (ctx->digest != type) {
- if (ctx->digest && ctx->digest->ctx_size)
+ if (ctx->digest && ctx->digest->ctx_size) {
OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
+ }
ctx->digest = type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
ctx->update = type->update;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_aes_cbc_hmac_sha1.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_aes_cbc_hmac_sha1.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_aes_cbc_hmac_sha1.c Tue May 3 18:02:01 2016 (r298993)
@@ -59,6 +59,7 @@
# include <openssl/aes.h>
# include <openssl/sha.h>
# include "evp_locl.h"
+# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -286,6 +287,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
+ ret &= constant_time_ge(maxpad, pad);
+
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/evp/encode.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/evp/encode.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/evp/encode.c Tue May 3 18:02:01 2016 (r298993)
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
const unsigned char *in, int inl)
{
int i, j;
- unsigned int total = 0;
+ size_t total = 0;
*outl = 0;
if (inl <= 0)
return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
- if ((ctx->num + inl) < ctx->length) {
+ if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
return;
@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total = j + 1;
}
- while (inl >= ctx->length) {
+ while (inl >= ctx->length && total <= INT_MAX) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
*out = '\0';
total += j + 1;
}
+ if (total > INT_MAX) {
+ /* Too much output data! */
+ *outl = 0;
+ return;
+ }
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_enc.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/evp/evp_enc.c Tue May 3 18:02:01 2016 (r298993)
@@ -334,7 +334,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
- if (i + inl < bl) {
+ if (bl - i > inl) {
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h Tue May 3 18:02:01 2016 (r298993)
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1000113fL
+# define OPENSSL_VERSION_NUMBER 0x1000114fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1s-fips 1 Mar 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1t-fips 3 May 2016"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1s 1 Mar 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1t 3 May 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_lib.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_lib.c Tue May 3 18:02:01 2016 (r298993)
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
+ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c Tue May 3 18:02:01 2016 (r298993)
@@ -131,6 +131,10 @@ static int read_lebn(const unsigned char
# define MS_PVKMAGIC 0xb0b5f11eL
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN 102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN 10240
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
unsigned int bitlen, int ispub);
@@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned
*psaltlen = read_ledword(&p);
*pkeylen = read_ledword(&p);
+ if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+ return 0;
+
if (is_encrypted && !*psaltlen) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
return 0;
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509.h
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509.h Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509.h Tue May 3 18:02:01 2016 (r298993)
@@ -1281,6 +1281,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
+# define X509_R_NAME_TOO_LONG 134
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_PUBLIC_KEY_DECODE_ERROR 125
# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_err.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_err.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_err.c Tue May 3 18:02:01 2016 (r298993)
@@ -145,6 +145,7 @@ static ERR_STRING_DATA X509_str_reasons[
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
+ {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
Modified: vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_obj.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_obj.c Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_obj.c Tue May 3 18:02:01 2016 (r298993)
@@ -63,6 +63,13 @@
#include <openssl/x509.h>
#include <openssl/buffer.h>
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything enountered in practice.
+ */
+
+#define NAME_ONELINE_MAX (1024 * 1024)
+
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
@@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, ch
goto err;
b->data[0] = '\0';
len = 200;
+ } else if (len == 0) {
+ return NULL;
}
if (a == NULL) {
if (b) {
@@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch
type = ne->value->type;
num = ne->value->length;
+ if (num > NAME_ONELINE_MAX) {
+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+ goto end;
+ }
q = ne->value->data;
#ifdef CHARSET_EBCDIC
if (type == V_ASN1_GENERALSTRING ||
@@ -117,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, ch
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+ if (num > (int)sizeof(ebcdic_buf))
+ num = sizeof(ebcdic_buf);
+ ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
@@ -154,6 +168,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch
lold = l;
l += 1 + l1 + 1 + l2;
+ if (l > NAME_ONELINE_MAX) {
+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+ goto end;
+ }
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
@@ -206,7 +224,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch
return (p);
err:
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
- if (b != NULL)
- BUF_MEM_free(b);
+ end:
+ BUF_MEM_free(b);
return (NULL);
}
Modified: vendor-crypto/openssl/dist-1.0.1/doc/apps/ciphers.pod
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/doc/apps/ciphers.pod Tue May 3 18:01:15 2016 (r298992)
+++ vendor-crypto/openssl/dist-1.0.1/doc/apps/ciphers.pod Tue May 3 18:02:01 2016 (r298993)
@@ -107,7 +107,7 @@ The following is a list of all permitted
The default cipher list.
This is determined at compile time and is normally
-B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
+B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
When used, this must be the first cipherstring specified.
=item B<COMPLEMENTOFDEFAULT>
Added: vendor-crypto/openssl/dist-1.0.1/doc/crypto/EVP_EncodeInit.pod
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor-crypto/openssl/dist-1.0.1/doc/crypto/EVP_EncodeInit.pod Tue May 3 18:02:01 2016 (r298993)
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
+EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
+encode/decode routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+ char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+=head1 DESCRIPTION
+
+The EVP encode routines provide a high level interface to base 64 encoding and
+decoding. Base 64 encoding converts binary data into a printable form that uses
+the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
+bytes of binary data provided 4 bytes of base 64 encoded data will be produced
+plus some occasional newlines (see below). If the input data length is not a
+multiple of 3 then the output data will be padded at the end using the "="
+character.
+
+Encoding of binary data is performed in blocks of 48 input bytes (or less for
+the final block). For each 48 byte input block encoded 64 bytes of base 64 data
+is output plus an additional newline character (i.e. 65 bytes in total). The
+final block (which may be less than 48 bytes) will output 4 bytes for every 3
+bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
+still output for the final 1 or 2 bytes of input. Similarly a newline character
+will also be output.
+
+EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
+
+EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
+B<in>. The output is stored in the buffer B<out> and the number of bytes output
+is stored in B<*outl>. It is the caller's responsibility to ensure that the
+buffer at B<out> is sufficiently large to accommodate the output data. Only full
+blocks of data (48 bytes) will be immediately processed and output by this
+function. Any remainder is held in the B<ctx> object and will be processed by a
+subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
+required size of the output buffer add together the value of B<inl> with the
+amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
+any remainder). This gives the number of blocks of data that will be processed.
+Ensure the output buffer contains 65 bytes of storage for each block, plus an
+additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
+repeatedly to process large amounts of input data. In the event of an error
+EVP_EncodeUpdate() will set B<*outl> to 0.
+
+EVP_EncodeFinal() must be called at the end of an encoding operation. It will
+process any partial block of data remaining in the B<ctx> object. The output
+data will be stored in B<out> and the length of the data written will be stored
+in B<*outl>. It is the caller's responsibility to ensure that B<out> is
+sufficiently large to accommodate the output data which will never be more than
+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
+
+EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
+B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
+output data will be produced. If B<dlen> is not divisible by 3 then the block is
+encoded as a final block of data and the output is padded such that it is always
+divisible by 4. Additionally a NUL terminator character will be added. For
+example if 16 bytes of input data is provided then 24 bytes of encoded data is
+created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
+the data generated I<without> the NUL terminator is returned from the function.
+
+EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
+
+EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
+to by B<in>. The output is stored in the buffer B<out> and the number of bytes
+output is stored in B<*outl>. It is the caller's responsibility to ensure that
+the buffer at B<out> is sufficiently large to accommodate the output data. This
+function will attempt to decode as much data as possible in 4 byte chunks. Any
+whitespace, newline or carriage return characters are ignored. Any partial chunk
+of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
+the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
+any illegal base 64 characters are encountered or if the base 64 padding
+character "=" is encountered in the middle of the data then the function returns
+-1 to indicate an error. A return value of 0 or 1 indicates successful
+processing of the data. A return value of 0 additionally indicates that the last
+input data characters processed included the base 64 padding character "=" and
+therefore no more non-padding character data is expected to be processed. For
+every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
+line feeds), 3 bytes of binary output data will be produced (or less at the end
+of the data where the padding character "=" has been used).
+
+EVP_DecodeFinal() must be called at the end of a decoding operation. If there
+is any unprocessed data still in B<ctx> then the input data must not have been
+a multiple of 4 and therefore an error has occurred. The function will return -1
+in this case. Otherwise the function returns 1 on success.
+
+EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
+contained in B<f> and store the result in B<t>. Any leading whitespace will be
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list