svn commit: r337764 - in vendor-crypto/openssl/dist-1.0.2: . apps crypto crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/conf crypto/dh crypto/dsa crypto/ec crypto/ecdsa crypto/engine crypto/...
Jung-uk Kim
jkim at FreeBSD.org
Tue Aug 14 16:18:22 UTC 2018
Author: jkim
Date: Tue Aug 14 16:18:14 2018
New Revision: 337764
URL: https://svnweb.freebsd.org/changeset/base/337764
Log:
Import OpenSSL 1.0.2p.
Added:
vendor-crypto/openssl/dist-1.0.2/crypto/bn_int.h (contents, props changed)
vendor-crypto/openssl/dist-1.0.2/doc/man3/
vendor-crypto/openssl/dist-1.0.2/doc/man3/X509_cmp_time.pod
Modified:
vendor-crypto/openssl/dist-1.0.2/CHANGES
vendor-crypto/openssl/dist-1.0.2/CONTRIBUTING
vendor-crypto/openssl/dist-1.0.2/Configure
vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade
vendor-crypto/openssl/dist-1.0.2/Makefile
vendor-crypto/openssl/dist-1.0.2/NEWS
vendor-crypto/openssl/dist-1.0.2/README
vendor-crypto/openssl/dist-1.0.2/apps/apps.c
vendor-crypto/openssl/dist-1.0.2/apps/asn1pars.c
vendor-crypto/openssl/dist-1.0.2/apps/ca.c
vendor-crypto/openssl/dist-1.0.2/apps/ocsp.c
vendor-crypto/openssl/dist-1.0.2/apps/passwd.c
vendor-crypto/openssl/dist-1.0.2/apps/s_apps.h
vendor-crypto/openssl/dist-1.0.2/apps/s_client.c
vendor-crypto/openssl/dist-1.0.2/apps/s_server.c
vendor-crypto/openssl/dist-1.0.2/apps/s_socket.c
vendor-crypto/openssl/dist-1.0.2/apps/verify.c
vendor-crypto/openssl/dist-1.0.2/crypto/Makefile
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_bool.c
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_object.c
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_strex.c
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/ameth_lib.c
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1.h
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1_err.c
vendor-crypto/openssl/dist-1.0.2/crypto/asn1/tasn_enc.c
vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_log.c
vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_mem.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/Makefile
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/armv4-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/ia64-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/mips-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/parisc-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/ppc-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/ppc64-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/rsaz-avx2.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/s390x-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/sparct4-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/sparcv9-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/via-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/vis3-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-mont5.pl
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn.h
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_div.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_exp.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_gf2m.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lcl.h
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lib.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mod.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mont.c
vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_sqr.c
vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_api.c
vendor-crypto/openssl/dist-1.0.2/crypto/dh/dh_key.c
vendor-crypto/openssl/dist-1.0.2/crypto/dh/dh_pmeth.c
vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa.h
vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_err.c
vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_gen.c
vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_pmeth.c
vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_ameth.c
vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist-1.0.2/crypto/ec/ecp_nistz256.c
vendor-crypto/openssl/dist-1.0.2/crypto/ecdsa/Makefile
vendor-crypto/openssl/dist-1.0.2/crypto/ecdsa/ecdsatest.c
vendor-crypto/openssl/dist-1.0.2/crypto/ecdsa/ecs_ossl.c
vendor-crypto/openssl/dist-1.0.2/crypto/engine/eng_lib.c
vendor-crypto/openssl/dist-1.0.2/crypto/engine/tb_asnmth.c
vendor-crypto/openssl/dist-1.0.2/crypto/o_time.c
vendor-crypto/openssl/dist-1.0.2/crypto/opensslv.h
vendor-crypto/openssl/dist-1.0.2/crypto/pem/pem.h
vendor-crypto/openssl/dist-1.0.2/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist-1.0.2/crypto/pem/pem_pk8.c
vendor-crypto/openssl/dist-1.0.2/crypto/pem/pem_pkey.c
vendor-crypto/openssl/dist-1.0.2/crypto/pem/pvkfmt.c
vendor-crypto/openssl/dist-1.0.2/crypto/pkcs12/p12_asn.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/Makefile
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_eay.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_gen.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_oaep.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_pk1.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_ssl.c
vendor-crypto/openssl/dist-1.0.2/crypto/sha/asm/sha1-586.pl
vendor-crypto/openssl/dist-1.0.2/crypto/sha/asm/sha256-586.pl
vendor-crypto/openssl/dist-1.0.2/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist-1.0.2/crypto/x509/x509_cmp.c
vendor-crypto/openssl/dist-1.0.2/crypto/x509/x509_lu.c
vendor-crypto/openssl/dist-1.0.2/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist-1.0.2/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/dist-1.0.2/doc/apps/cms.pod
vendor-crypto/openssl/dist-1.0.2/doc/apps/config.pod
vendor-crypto/openssl/dist-1.0.2/doc/apps/genpkey.pod
vendor-crypto/openssl/dist-1.0.2/doc/apps/s_client.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/BIO_s_fd.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/BN_add.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/BN_bn2bin.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/BN_generate_prime.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/CMS_encrypt.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/CMS_get0_SignerInfos.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/CMS_get1_ReceiptRequest.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/DSA_do_sign.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/DSA_sign.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/OBJ_nid2obj.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/SMIME_read_PKCS7.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/ecdsa.pod
vendor-crypto/openssl/dist-1.0.2/doc/crypto/pem.pod
vendor-crypto/openssl/dist-1.0.2/doc/fingerprints.txt
vendor-crypto/openssl/dist-1.0.2/doc/ssl/SSL_CTX_use_certificate.pod
vendor-crypto/openssl/dist-1.0.2/doc/ssl/SSL_get_ciphers.pod
vendor-crypto/openssl/dist-1.0.2/doc/ssl/SSL_get_session.pod
vendor-crypto/openssl/dist-1.0.2/doc/ssl/SSL_get_version.pod
vendor-crypto/openssl/dist-1.0.2/doc/ssl/ssl.pod
vendor-crypto/openssl/dist-1.0.2/ssl/d1_both.c
vendor-crypto/openssl/dist-1.0.2/ssl/s3_lib.c
vendor-crypto/openssl/dist-1.0.2/ssl/s3_srvr.c
vendor-crypto/openssl/dist-1.0.2/ssl/ssl.h
vendor-crypto/openssl/dist-1.0.2/ssl/ssl_lib.c
vendor-crypto/openssl/dist-1.0.2/ssl/ssl_locl.h
vendor-crypto/openssl/dist-1.0.2/ssl/t1_lib.c
vendor-crypto/openssl/dist-1.0.2/ssl/t1_trce.c
vendor-crypto/openssl/dist-1.0.2/util/domd
Modified: vendor-crypto/openssl/dist-1.0.2/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/CHANGES Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/CHANGES Tue Aug 14 16:18:14 2018 (r337764)
@@ -7,6 +7,64 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+
+ *) Client DoS due to large DH parameter
+
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+ malicious server can send a very large prime value to the client. This will
+ cause the client to spend an unreasonably long period of time generating a
+ key for this prime resulting in a hang until the client has finished. This
+ could be exploited in a Denial Of Service attack.
+
+ This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+ (CVE-2018-0732)
+ [Guido Vranken]
+
+ *) Cache timing vulnerability in RSA Key Generation
+
+ The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+ a cache timing side channel attack. An attacker with sufficient access to
+ mount cache timing attacks during the RSA key generation process could
+ recover the private key.
+
+ This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+ Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+ (CVE-2018-0737)
+ [Billy Brumley]
+
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
+ *) Revert blinding in ECDSA sign and instead make problematic addition
+ length-invariant. Switch even to fixed-length Montgomery multiplication.
+ [Andy Polyakov]
+
+ *) Change generating and checking of primes so that the error rate of not
+ being prime depends on the intended use based on the size of the input.
+ For larger primes this will result in more rounds of Miller-Rabin.
+ The maximal error rate for primes with more than 1080 bits is lowered
+ to 2^-128.
+ [Kurt Roeckx, Annie Yousar]
+
+ *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+ [Kurt Roeckx]
+
+ *) Add blinding to ECDSA and DSA signatures to protect against side channel
+ attacks discovered by Keegan Ryan (NCC Group).
+ [Matt Caswell]
+
+ *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+ now allow empty (zero character) pass phrases.
+ [Richard Levitte]
+
+ *) Certificate time validation (X509_cmp_time) enforces stricter
+ compliance with RFC 5280. Fractional seconds and timezone offsets
+ are no longer allowed.
+ [Emilia Käsper]
+
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Modified: vendor-crypto/openssl/dist-1.0.2/CONTRIBUTING
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/CONTRIBUTING Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/CONTRIBUTING Tue Aug 14 16:18:14 2018 (r337764)
@@ -1,27 +1,27 @@
-HOW TO CONTRIBUTE PATCHES TO OpenSSL
-------------------------------------
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
-Development is coordinated on the openssl-dev mailing list (see the
-above link or https://mta.openssl.org for information on subscribing).
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community you might want to discuss it on the openssl-dev mailing
-list first. Someone may be already working on the same thing or there
-may be a good reason as to why that feature isn't implemented.
+Development is done on GitHub, https://github.com/openssl/openssl.
-To submit a patch, make a pull request on GitHub. If you think the patch
-could use feedback from the community, please start a thread on openssl-dev
-to discuss it.
+To request new features or report bugs, please open an issue on GitHub
-Having addressed the following items before the PR will help make the
-acceptance and review process faster:
+To submit a patch, please open a pull request on GitHub. If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community. Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
- 1. Anything other than trivial contributions will require a contributor
- licensing agreement, giving us permission to use your code. See
- https://www.openssl.org/policies/cla.html for details.
+To make it easier to review and accept your pull request, please follow these
+guidelines:
+ 1. Anything other than a trivial contribution requires a Contributor
+ License Agreement (CLA), giving us permission to use your code. See
+ https://www.openssl.org/policies/cla.html for details. If your
+ contribution is too small to require a CLA, put "CLA: trivial" on a
+ line by itself in your commit message body.
+
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
@@ -34,21 +34,21 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
- often. We do not accept merge commits; You will be asked to remove
- them before a patch is considered acceptable.
+ often. We do not accept merge commits, you will have to remove them
+ (usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
- https://www.openssl.org/policies/codingstyle.html) and compile without
- warnings. Where gcc or clang is availble you should use the
+ https://www.openssl.org/policies/codingstyle.html) and compile
+ without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
- platforms: try to ensure you only use portable features.
- Clean builds via Travis and AppVeyor are expected, and done whenever
- a PR is created or updated.
+ platforms: try to ensure you only use portable features. Clean builds
+ via Travis and AppVeyor are required, and they are started automatically
+ whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
- documentation. Please look at the "pod" files in doc/apps, doc/crypto
- and doc/ssl for examples of our style.
+ documentation. Please look at the "pod" files in doc for
+ examples of our style.
Modified: vendor-crypto/openssl/dist-1.0.2/Configure
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/Configure Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/Configure Tue Aug 14 16:18:14 2018 (r337764)
@@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled))
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
+ if (/^comp$/) { $zlib = 0; }
}
print "\n";
@@ -1671,6 +1672,13 @@ while (<PIPE>) {
}
close(PIPE);
+# Xcode did not handle $cc -M before clang support
+my $cc_as_makedepend = 0;
+if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
+ && !defined($predefined{__clang__}))) {
+ $cc_as_makedepend = 1;
+}
+
if ($strict_warnings)
{
my $wopt;
@@ -1730,14 +1738,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
Modified: vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade Tue Aug 14 16:18:14 2018 (r337764)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.0.2o
-# OSSLTAG format: v1_0_2o
+setenv OSSLVER 1.0.2p
+# OSSLTAG format: v1_0_2p
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
@@ -21,10 +21,10 @@ fetch http://www.openssl.org/source/openssl-${OSSLVER}
http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc
gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
-svn co $FSVN/vendor-crypto/openssl/dist dist
+svn co $FSVN/vendor-crypto/openssl/dist-1.0.2 dist-1.0.2
tar -x -X $XLIST -f openssl-${OSSLVER}.tar.gz
-cd dist
+cd dist-1.0.2
svn list -R | egrep -v -e '/$' -e '^FREEBSD-(Xlist|upgrade)$' | sort >../old
cd ../openssl-${OSSLVER}
find . -type f -or -type l | cut -c 3- | sort >../new
@@ -35,21 +35,21 @@ comm -23 old new
# See that files to add makes sense
comm -13 old new
-tar -cf - -C openssl-${OSSLVER} . | tar -xf - -C dist
-cd dist
+tar -cf - -C openssl-${OSSLVER} . | tar -xf - -C dist-1.0.2
+cd dist-1.0.2
comm -23 ../old ../new | xargs svn rm
# Make sure to remove empty directories
comm -13 ../old ../new | xargs svn --parents add
svn stat
svn ci
-svn cp ^/vendor-crypto/openssl/dist ^/vendor-crypto/openssl/$OSSLVER
+svn cp ^/vendor-crypto/openssl/dist-1.0.2 ^/vendor-crypto/openssl/$OSSLVER
# Merge to head
mkdir ../head
cd ../head
svn co $FSVN/head/crypto/openssl crypto/openssl
-svn merge ^/vendor-crypto/openssl/dist crypto/openssl
+svn merge ^/vendor-crypto/openssl/dist-1.0.2 crypto/openssl
# Resolve conflicts manually
Modified: vendor-crypto/openssl/dist-1.0.2/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/Makefile Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/Makefile Tue Aug 14 16:18:14 2018 (r337764)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2o
+VERSION=1.0.2p
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Modified: vendor-crypto/openssl/dist-1.0.2/NEWS
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/NEWS Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/NEWS Tue Aug 14 16:18:14 2018 (r337764)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
+
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
Modified: vendor-crypto/openssl/dist-1.0.2/README
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/README Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/README Tue Aug 14 16:18:14 2018 (r337764)
@@ -1,7 +1,7 @@
- OpenSSL 1.0.2o 27 Mar 2018
+ OpenSSL 1.0.2p 14 Aug 2018
- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
Modified: vendor-crypto/openssl/dist-1.0.2/apps/apps.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/apps.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/apps.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
- if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ if (*flags != XN_FLAG_COMPAT
+ && (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
Modified: vendor-crypto/openssl/dist-1.0.2/apps/asn1pars.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/asn1pars.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/asn1pars.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
- if (j == 0) {
+ if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
@@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
num = tmplen;
}
- if (offset >= num) {
- BIO_printf(bio_err, "Error: offset too large\n");
+ if (offset < 0 || offset >= num) {
+ BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
- if ((length == 0) || ((long)length > num))
+ if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {
Modified: vendor-crypto/openssl/dist-1.0.2/apps/ca.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/ca.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/ca.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
- if (!BN_add_word(serial, 1))
+ if (!BN_add_word(serial, 1)) {
+ X509_free(x);
goto err;
+ }
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
+ X509_free(x);
goto err;
}
}
Modified: vendor-crypto/openssl/dist-1.0.2/apps/ocsp.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/ocsp.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/ocsp.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
- ret = 0;
goto end;
}
Modified: vendor-crypto/openssl/dist-1.0.2/apps/passwd.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/passwd.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/passwd.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *
out_buf[0] = '$';
out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */
- strncat(out_buf, magic, 4);
- strncat(out_buf, "$", 1);
- strncat(out_buf, salt, 8);
+ BUF_strlcat(out_buf, magic, sizeof(out_buf));
+ BUF_strlcat(out_buf, "$", sizeof(out_buf));
+ BUF_strlcat(out_buf, salt, sizeof(out_buf));
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
Modified: vendor-crypto/openssl/dist-1.0.2/apps/s_apps.h
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/s_apps.h Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/s_apps.h Tue Aug 14 16:18:14 2018 (r337764)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -152,9 +152,8 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
+ int (*cb) (int s, int stype, unsigned char *context),
+ unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
Modified: vendor-crypto/openssl/dist-1.0.2/apps/s_client.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/s_client.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/s_client.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -337,7 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -prexit - print session information even on connection failure\n");
BIO_printf(bio_err,
- " -showcerts - show all certificates in the chain\n");
+ " -showcerts - Show all certificates sent by the server\n");
BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
Modified: vendor-crypto/openssl/dist-1.0.2/apps/s_server.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/s_server.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/s_server.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -209,9 +209,9 @@ typedef unsigned int u_int;
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
-static int sv_body(char *hostname, int s, int stype, unsigned char *context);
-static int www_body(char *hostname, int s, int stype, unsigned char *context);
-static int rev_body(char *hostname, int s, int stype, unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
@@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL;
unsigned char *context = NULL;
+#ifndef OPENSSL_NO_DH
char *dhfile = NULL;
+ int no_dhe = 0;
+#endif
int badop = 0;
int ret = 1;
int build_chain = 0;
- int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
+ int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
@@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
if (--argc < 1)
goto bad;
s_chain_file = *(++argv);
- } else if (strcmp(*argv, "-dhparam") == 0) {
+ }
+#ifndef OPENSSL_NO_DH
+ else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1)
goto bad;
dhfile = *(++argv);
- } else if (strcmp(*argv, "-dcertform") == 0) {
+ }
+#endif
+ else if (strcmp(*argv, "-dcertform") == 0) {
if (--argc < 1)
goto bad;
s_dcert_format = str2fmt(*(++argv));
@@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
verify_quiet = 1;
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
no_tmp_rsa = 1;
- } else if (strcmp(*argv, "-no_dhe") == 0) {
+ }
+#ifndef OPENSSL_NO_DH
+ else if (strcmp(*argv, "-no_dhe") == 0) {
no_dhe = 1;
- } else if (strcmp(*argv, "-no_ecdhe") == 0) {
+ }
+#endif
+ else if (strcmp(*argv, "-no_ecdhe") == 0) {
no_ecdhe = 1;
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
no_resume_ephemeral = 1;
@@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(char *hostname, int s, int stype, unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
@@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
}
#endif
-static int www_body(char *hostname, int s, int stype, unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
@@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype,
return (ret);
}
-static int rev_body(char *hostname, int s, int stype, unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;
Modified: vendor-crypto/openssl/dist-1.0.2/apps/s_socket.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/s_socket.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/s_socket.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -109,7 +109,7 @@ static int ssl_sock_init(void);
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
+static int do_accept(int acc_sock, int *sock);
static int host_ip(char *str, unsigned char ip[4]);
# ifdef OPENSSL_SYS_WIN16
@@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[
}
int do_server(int port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
+ int (*cb) (int s, int stype, unsigned char *context),
+ unsigned char *context, int naccept)
{
int sock;
- char *name = NULL;
int accept_socket = 0;
int i;
@@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
}
for (;;) {
if (type == SOCK_STREAM) {
- if (do_accept(accept_socket, &sock, &name) == 0) {
+ if (do_accept(accept_socket, &sock) == 0) {
SHUTDOWN(accept_socket);
return (0);
}
} else
sock = accept_socket;
- i = (*cb) (name, sock, type, context);
- if (name != NULL)
- OPENSSL_free(name);
+ i = (*cb) (sock, type, context);
if (type == SOCK_STREAM)
SHUTDOWN2(sock);
if (naccept != -1)
@@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
return (init_server_long(sock, port, NULL, type));
}
-static int do_accept(int acc_sock, int *sock, char **host)
+static int do_accept(int acc_sock, int *sock)
{
int ret;
- struct hostent *h1, *h2;
- static struct sockaddr_in from;
- int len;
-/* struct linger ling; */
if (!ssl_sock_init())
- return (0);
+ return 0;
# ifndef OPENSSL_SYS_WINDOWS
redoit:
# endif
- memset((char *)&from, 0, sizeof(from));
- len = sizeof(from);
/*
* Note: under VMS with SOCKETSHR the fourth parameter is currently of
* type (int *) whereas under other systems it is (void *) if you don't
* have a cast it will choke the compiler: if you do have a cast then you
* can either go for (int *) or (void *).
*/
- ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+ ret = accept(acc_sock, NULL, NULL);
if (ret == INVALID_SOCKET) {
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i;
@@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **h
fprintf(stderr, "errno=%d ", errno);
perror("accept");
# endif
- return (0);
+ return 0;
}
-/*-
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
-*/
-
- if (host == NULL)
- goto end;
-# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
-# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
-# endif
- if (h1 == NULL) {
- BIO_printf(bio_err, "bad gethostbyaddr\n");
- *host = NULL;
- /* return(0); */
- } else {
- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
- perror("OPENSSL_malloc");
- closesocket(ret);
- return (0);
- }
- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
-
- h2 = GetHostByName(*host);
- if (h2 == NULL) {
- BIO_printf(bio_err, "gethostbyname failure\n");
- closesocket(ret);
- return (0);
- }
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
- closesocket(ret);
- return (0);
- }
- }
- end:
*sock = ret;
- return (1);
+ return 1;
}
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
Modified: vendor-crypto/openssl/dist-1.0.2/apps/verify.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/apps/verify.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/apps/verify.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err);
+ X509_STORE_CTX_free(csc);
goto end;
}
if (tchain)
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/Makefile Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/Makefile Tue Aug 14 16:18:14 2018 (r337764)
@@ -45,7 +45,7 @@ SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
- constant_time_locl.h $(EXHEADER)
+ constant_time_locl.h bn_int.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_bool.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_bool.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_bool.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -63,17 +63,31 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{
int r;
- unsigned char *p;
+ unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL)
return (r);
- p = *pp;
+ if (*pp == NULL) {
+ if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
+ ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ p = *pp;
+ }
+
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
- *(p++) = (unsigned char)a;
- *pp = p;
- return (r);
+ *p = (unsigned char)a;
+
+
+ /*
+ * If a new buffer was allocated, just return it back.
+ * If not, return the incremented buffer pointer.
+ */
+ *pp = allocated != NULL ? allocated : p + 1;
+ return r;
}
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_object.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_object.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_object.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -66,7 +66,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
- unsigned char *p;
+ unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp
if (pp == NULL || objsize == -1)
return objsize;
- p = *pp;
+ if (*pp == NULL) {
+ if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+ ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ p = *pp;
+ }
+
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
- p += a->length;
- *pp = p;
- return (objsize);
+ /*
+ * If a new buffer was allocated, just return it back.
+ * If not, return the incremented buffer pointer.
+ */
+ *pp = allocated != NULL ? allocated : p + a->length;
+ return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_strex.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_strex.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/a_strex.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{
- int i, outlen, len;
+ int i, outlen, len, charwidth;
unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
+ charwidth = type & BUF_TYPE_WIDTH_MASK;
+
+ switch (charwidth) {
+ case 4:
+ if (buflen & 3) {
+ ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+ return -1;
+ }
+ break;
+ case 2:
+ if (buflen & 1) {
+ ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
+ return -1;
+ }
+ break;
+ default:
+ break;
+ }
+
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
- switch (type & BUF_TYPE_WIDTH_MASK) {
+
+ switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
+ buflen -= i;
p += i;
break;
default:
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/ameth_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/ameth_lib.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/ameth_lib.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -304,6 +304,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int fl
goto err;
} else
ameth->info = NULL;
+
+ /*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+ if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+ goto err;
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1.h
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1.h Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1.h Tue Aug 14 16:18:14 2018 (r337764)
@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
+# define ASN1_F_DO_BUF 221
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
+# define ASN1_F_I2D_ASN1_BOOLEAN 223
+# define ASN1_F_I2D_ASN1_OBJECT 222
# define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161
@@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1_err.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1_err.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/asn1_err.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+ {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/asn1/tasn_enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/asn1/tasn_enc.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/asn1/tasn_enc.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
+ if (cont == NULL || len == 0)
+ return -1;
break;
case V_ASN1_NULL:
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_log.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_log.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_log.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -1,6 +1,6 @@
/* crypto/bio/bss_log.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *i
if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
return (0);
}
- strncpy(buf, in, inl);
+ memcpy(buf, in, inl);
buf[inl] = '\0';
i = 0;
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_mem.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_mem.c Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/bio/bss_mem.c Tue Aug 14 16:18:14 2018 (r337764)
@@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl)
}
BIO_clear_retry_flags(b);
+ if (inl == 0)
+ return 0;
blen = bm->length;
if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
goto end;
Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.2/crypto/bn/Makefile Tue Aug 14 16:03:03 2018 (r337763)
+++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/Makefile Tue Aug 14 16:18:14 2018 (r337764)
@@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/
bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c
+bn_add.o: bn_lcl.h
bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c
+bn_asm.o: bn_lcl.h
bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h
+bn_blind.o: bn_blind.c bn_lcl.h
bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_const.o: ../../include/openssl/opensslconf.h
bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/
bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c
+bn_ctx.o: bn_lcl.h
bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include
bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h
bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c
+bn_div.o: bn_lcl.h
bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list