From owner-svn-src-all@FreeBSD.ORG Tue Apr 8 20:15:27 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14BF59D2; Tue, 8 Apr 2014 20:15:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F21861DD6; Tue, 8 Apr 2014 20:15:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s38KFQT3094729; Tue, 8 Apr 2014 20:15:26 GMT (envelope-from jkim@svn.freebsd.org) Received: (from jkim@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s38KFIrB094682; Tue, 8 Apr 2014 20:15:18 GMT (envelope-from jkim@svn.freebsd.org) Message-Id: <201404082015.s38KFIrB094682@svn.freebsd.org> From: Jung-uk Kim Date: Tue, 8 Apr 2014 20:15:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r264271 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/cms crypto/ec crypto/engine crypto/evp crypto/modes crypto/rand crypto/x509... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 20:15:27 -0000 Author: jkim Date: Tue Apr 8 20:15:18 2014 New Revision: 264271 URL: http://svnweb.freebsd.org/changeset/base/264271 Log: Import OpenSSL 1.0.1g. Approved by: benl (maintainer) Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FAQ vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/Makefile.org vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/crl.c vendor-crypto/openssl/dist/apps/dgst.c vendor-crypto/openssl/dist/apps/ecparam.c vendor-crypto/openssl/dist/apps/req.c vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c vendor-crypto/openssl/dist/crypto/bio/bss_log.c vendor-crypto/openssl/dist/crypto/bn/bn.h vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/cms/cms_lib.c vendor-crypto/openssl/dist/crypto/cryptlib.c vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c vendor-crypto/openssl/dist/crypto/engine/eng_list.c vendor-crypto/openssl/dist/crypto/evp/bio_b64.c vendor-crypto/openssl/dist/crypto/modes/gcm128.c vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/symhacks.h vendor-crypto/openssl/dist/crypto/x509/by_dir.c vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c vendor-crypto/openssl/dist/doc/apps/config.pod vendor-crypto/openssl/dist/doc/apps/crl.pod vendor-crypto/openssl/dist/doc/apps/ec.pod vendor-crypto/openssl/dist/doc/apps/pkcs12.pod vendor-crypto/openssl/dist/doc/apps/req.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/s_server.pod vendor-crypto/openssl/dist/doc/apps/ts.pod vendor-crypto/openssl/dist/doc/apps/tsget.pod vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod vendor-crypto/openssl/dist/doc/crypto/pem.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod vendor-crypto/openssl/dist/doc/ssl/SSL_set_shutdown.pod vendor-crypto/openssl/dist/e_os.h vendor-crypto/openssl/dist/engines/ccgost/gosthash.c vendor-crypto/openssl/dist/ssl/d1_both.c vendor-crypto/openssl/dist/ssl/kssl.h vendor-crypto/openssl/dist/ssl/s23_clnt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl.h vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/tls1.h vendor-crypto/openssl/dist/util/libeay.num vendor-crypto/openssl/dist/util/pl/BC-32.pl vendor-crypto/openssl/dist/util/pl/VC-32.pl Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/CHANGES Tue Apr 8 20:15:18 2014 (r264271) @@ -2,6 +2,35 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) TLS pad extension: draft-agl-tls-padding-03 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + [Adam Langley, Steve Henson] + Changes between 1.0.1e and 1.0.1f [6 Jan 2014] *) Fix for TLS record tampering bug. A carefully crafted invalid Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/Configure Tue Apr 8 20:15:18 2014 (r264271) @@ -526,7 +526,7 @@ my %table=( # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target -"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 Modified: vendor-crypto/openssl/dist/FAQ ============================================================================== --- vendor-crypto/openssl/dist/FAQ Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/FAQ Tue Apr 8 20:15:18 2014 (r264271) @@ -768,6 +768,9 @@ openssl-security@openssl.org if you don' acknowledging receipt then resend or mail it directly to one of the more active team members (e.g. Steve). +Note that bugs only present in the openssl utility are not in general +considered to be security issues. + [PROG] ======================================================================== * Is OpenSSL thread-safe? Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 8 20:15:18 2014 (r264271) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 1.0.1f -# OSSLTAG format: v1_0_1f +setenv OSSLVER 1.0.1g +# OSSLTAG format: v1_0_1g ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/Makefile Tue Apr 8 20:15:18 2014 (r264271) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1f +VERSION=1.0.1g MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \ - touch -c fips_premain_dso$(EXE_EXT); \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: vendor-crypto/openssl/dist/Makefile.org ============================================================================== --- vendor-crypto/openssl/dist/Makefile.org Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/Makefile.org Tue Apr 8 20:15:18 2014 (r264271) @@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \ - touch -c fips_premain_dso$(EXE_EXT); \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/NEWS Tue Apr 8 20:15:18 2014 (r264271) @@ -5,8 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] + + o Fix for CVE-2014-0160 + o Add TLS padding extension workaround for broken servers. + o Fix for CVE-2014-0076 + Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] + o Don't include gmt_unix_time in TLS server and client random values o Fix for TLS record tampering bug CVE-2013-4353 o Fix for TLS version checking bug CVE-2013-6449 o Fix for DTLS retransmission bug CVE-2013-6450 Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/README Tue Apr 8 20:15:18 2014 (r264271) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1f 6 Jan 2014 + OpenSSL 1.0.1g 7 Apr 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/apps/apps.c Tue Apr 8 20:15:18 2014 (r264271) @@ -586,12 +586,12 @@ int password_callback(char *buf, int buf if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, - PW_MIN_LENGTH,BUFSIZ-1); + PW_MIN_LENGTH,bufsiz-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, - PW_MIN_LENGTH,BUFSIZ-1, buf); + PW_MIN_LENGTH,bufsiz-1, buf); } if (ok >= 0) do @@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert if (proc==NULL) { - if (GetVersion() < 0x80000000) + if (check_winnt()) proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE, GetCurrentProcessId()); if (proc==NULL) proc = (HANDLE)-1; Modified: vendor-crypto/openssl/dist/apps/crl.c ============================================================================== --- vendor-crypto/openssl/dist/apps/crl.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/apps/crl.c Tue Apr 8 20:15:18 2014 (r264271) @@ -81,6 +81,9 @@ static const char *crl_usage[]={ " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -hash - print hash value\n", +#ifndef OPENSSL_NO_MD5 +" -hash_old - print old-style (MD5) hash value\n", +#endif " -fingerprint - print the crl fingerprint\n", " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", @@ -108,6 +111,9 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; +#ifndef OPENSSL_NO_MD5 + int hash_old=0; +#endif int fingerprint = 0, crlnumber = 0; const char **pp; X509_STORE *store = NULL; @@ -192,6 +198,10 @@ int MAIN(int argc, char **argv) text = 1; else if (strcmp(*argv,"-hash") == 0) hash= ++num; +#ifndef OPENSSL_NO_MD5 + else if (strcmp(*argv,"-hash_old") == 0) + hash_old= ++num; +#endif else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; @@ -304,6 +314,14 @@ bad: BIO_printf(bio_out,"%08lx\n", X509_NAME_hash(X509_CRL_get_issuer(x))); } +#ifndef OPENSSL_NO_MD5 + if (hash_old == i) + { + BIO_printf(bio_out,"%08lx\n", + X509_NAME_hash_old( + X509_CRL_get_issuer(x))); + } +#endif if (lastupdate == i) { BIO_printf(bio_out,"lastUpdate="); Modified: vendor-crypto/openssl/dist/apps/dgst.c ============================================================================== --- vendor-crypto/openssl/dist/apps/dgst.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/apps/dgst.c Tue Apr 8 20:15:18 2014 (r264271) @@ -427,9 +427,9 @@ int MAIN(int argc, char **argv) goto end; } if (do_verify) - r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); + r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey); else - r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); + r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); Modified: vendor-crypto/openssl/dist/apps/ecparam.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 8 20:15:18 2014 (r264271) @@ -105,7 +105,7 @@ * in the asn1 der encoding * possible values: named_curve (default) * explicit - * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -no_seed - if 'explicit' parameters are chosen do not use the seed * -genkey - generate ec key * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device @@ -286,7 +286,7 @@ bad: BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" - " parameters are choosen do not" + " parameters are chosen do not" " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); Modified: vendor-crypto/openssl/dist/apps/req.c ============================================================================== --- vendor-crypto/openssl/dist/apps/req.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/apps/req.c Tue Apr 8 20:15:18 2014 (r264271) @@ -644,6 +644,11 @@ bad: if (inrand) app_RAND_load_files(inrand); + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) + { + newkey=DEFAULT_KEY_LENGTH; + } + if (keyalg) { genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, @@ -652,12 +657,6 @@ bad: goto end; } - if (newkey <= 0) - { - if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) - newkey=DEFAULT_KEY_LENGTH; - } - if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); @@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO keylen = atol(p + 1); *pkeylen = keylen; } + else + keylen = *pkeylen; } else if (p) paramfile = p + 1; Modified: vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 20:15:18 2014 (r264271) @@ -1060,7 +1060,7 @@ _vpaes_consts: .Lk_dsbo: # decryption sbox final output .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" +.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" .align 64 .size _vpaes_consts,.-_vpaes_consts ___ Modified: vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c Tue Apr 8 20:15:18 2014 (r264271) @@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, -{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, Modified: vendor-crypto/openssl/dist/crypto/bio/bss_log.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Apr 8 20:15:18 2014 (r264271) @@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, static void xopenlog(BIO* bp, char* name, int level) { - if (GetVersion() < 0x80000000) + if (check_winnt()) bp->ptr = RegisterEventSourceA(NULL,name); else bp->ptr = NULL; Modified: vendor-crypto/openssl/dist/crypto/bn/bn.h ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn.h Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/bn/bn.h Tue Apr 8 20:15:18 2014 (r264271) @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Apr 8 20:15:18 2014 (r264271) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: vendor-crypto/openssl/dist/crypto/cms/cms_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cms/cms_lib.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/cms/cms_lib.c Tue Apr 8 20:15:18 2014 (r264271) @@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return 0; - if (!pcerts) - return 0; for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); Modified: vendor-crypto/openssl/dist/crypto/cryptlib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Apr 8 20:15:18 2014 (r264271) @@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) + if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); Modified: vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c Tue Apr 8 20:15:18 2014 (r264271) @@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *grou return ret; } + /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_mult word = scalar->d[i]; while (mask) { - if (word & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); mask >>= 1; } mask = BN_TBIT; Modified: vendor-crypto/openssl/dist/crypto/engine/eng_list.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/engine/eng_list.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/engine/eng_list.c Tue Apr 8 20:15:18 2014 (r264271) @@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id) !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) || + !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) goto notfound; return iterator; Modified: vendor-crypto/openssl/dist/crypto/evp/bio_b64.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/evp/bio_b64.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/evp/bio_b64.c Tue Apr 8 20:15:18 2014 (r264271) @@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, i } /* we fell off the end without starting */ - if (j == i) + if ((j == i) && (num == 0)) { /* Is this is one long chunk?, if so, keep on * reading until a new line. */ Modified: vendor-crypto/openssl/dist/crypto/modes/gcm128.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/modes/gcm128.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/modes/gcm128.c Tue Apr 8 20:15:18 2014 (r264271) @@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT GCM_MUL(ctx,Yi); if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; } @@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) { @@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; GHASH(ctx,out,GHASH_CHUNK); @@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; in += i; @@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; @@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += i; @@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { Modified: vendor-crypto/openssl/dist/crypto/opensslv.h ============================================================================== --- vendor-crypto/openssl/dist/crypto/opensslv.h Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/opensslv.h Tue Apr 8 20:15:18 2014 (r264271) @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000106fL +#define OPENSSL_VERSION_NUMBER 0x1000107fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: vendor-crypto/openssl/dist/crypto/rand/md_rand.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/rand/md_rand.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/rand/md_rand.c Tue Apr 8 20:15:18 2014 (r264271) @@ -198,6 +198,9 @@ static void ssleay_rand_add(const void * EVP_MD_CTX m; int do_not_lock; + if (!num) + return; + /* * (Based on the rand(3) manpage) * Modified: vendor-crypto/openssl/dist/crypto/symhacks.h ============================================================================== --- vendor-crypto/openssl/dist/crypto/symhacks.h Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/symhacks.h Tue Apr 8 20:15:18 2014 (r264271) @@ -204,6 +204,12 @@ #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb #undef SSL_CTX_set_next_proto_select_cb #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt Modified: vendor-crypto/openssl/dist/crypto/x509/by_dir.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/x509/by_dir.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/x509/by_dir.c Tue Apr 8 20:15:18 2014 (r264271) @@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, con s=dir; p=s; - for (;;p++) + do { if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { @@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, con return 0; } } - if (*p == '\0') - break; - } + } while (*p++ != '\0'); return 1; } Modified: vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c Tue Apr 8 20:15:18 2014 (r264271) @@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, * a certificate was revoked. This has since been changed since * critical extension can change the meaning of CRL entries. */ - if (crl->flags & EXFLAG_CRITICAL) + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (crl->flags & EXFLAG_CRITICAL)) { - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ok = ctx->verify_cb(0, ctx); if(!ok) Modified: vendor-crypto/openssl/dist/doc/apps/config.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/config.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/config.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -119,7 +119,7 @@ variable points to a section containing information. The section pointed to by B is a table of engine names (though see -B below) and further sections containing configuration informations +B below) and further sections containing configuration information specific to each ENGINE. Each ENGINE specific section is used to set default algorithms, load Modified: vendor-crypto/openssl/dist/doc/apps/crl.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/crl.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/crl.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -62,6 +62,11 @@ don't output the encoded version of the output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. +=item B<-hash_old> + +outputs the "hash" of the CRL issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. + =item B<-issuer> output the issuer name. Modified: vendor-crypto/openssl/dist/doc/apps/ec.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/ec.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/ec.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -41,7 +41,7 @@ PKCS#8 private key format use the B option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it -uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. Modified: vendor-crypto/openssl/dist/doc/apps/pkcs12.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/pkcs12.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/pkcs12.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -67,7 +67,7 @@ by default. The filename to write certificates and private keys to, standard output by default. They are all written in PEM format. -=item B<-pass arg>, B<-passin arg> +=item B<-passin arg> the PKCS#12 file (i.e. input file) password source. For more information about the format of B see the B section in @@ -75,10 +75,15 @@ L. =item B<-passout arg> -pass phrase source to encrypt any outputed private keys with. For more +pass phrase source to encrypt any outputted private keys with. For more information about the format of B see the B section in L. +=item B<-password arg> + +With -export, -password is equivalent to -passout. +Otherwise, -password is equivalent to -passin. + =item B<-noout> this option inhibits output of the keys and certificates to the output file Modified: vendor-crypto/openssl/dist/doc/apps/req.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/req.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/req.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge> =item B<-newhdr> -Adds the word B to the PEM file header and footer lines on the outputed +Adds the word B to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this. =item B<-batch> Modified: vendor-crypto/openssl/dist/doc/apps/s_client.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/s_client.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/s_client.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -10,6 +10,7 @@ s_client - SSL/TLS client program B B [B<-connect host:port>] [B<-verify depth>] +[B<-verify_return_error>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key filename>] @@ -90,6 +91,11 @@ Currently the verify operation continues with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. +=item B<-verify_return_error> + +Return verification errors instead of continuing. This will typically +abort the handshake with a fatal error. + =item B<-CApath directory> The directory to use for server certificate verification. This directory @@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot inc these will only be supported if its use is disabled, for example by using the B<-no_sslv2> option. +The B utility is a test tool and is designed to continue the +handshake after any certificate verification errors. As a result it will +accept any certificate chain (trusted or not) sent by the peer. None test +applications should B do this as it makes them vulnerable to a MITM +attack. This behaviour can be changed by with the B<-verify_return_error> +option: any verify errors are then returned aborting the handshake. + =head1 BUGS Because this program has a lot of options and also because some of @@ -293,9 +306,6 @@ the techniques used are rather old, the hard to read and not a model of how things should be done. A typical SSL client program would be much simpler. -The B<-verify> option should really exit if the server verification -fails. - The B<-prexit> option is a bit of a hack. We should really report information whenever a session is renegotiated. Modified: vendor-crypto/openssl/dist/doc/apps/s_server.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/s_server.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/s_server.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -111,7 +111,7 @@ by using an appropriate certificate. =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> -addtional certificate and private key format and passphrase respectively. +additional certificate and private key format and passphrase respectively. =item B<-nocert> Modified: vendor-crypto/openssl/dist/doc/apps/ts.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/ts.pod Tue Apr 8 20:10:57 2014 (r264270) +++ vendor-crypto/openssl/dist/doc/apps/ts.pod Tue Apr 8 20:15:18 2014 (r264271) @@ -352,7 +352,7 @@ switch always overrides the settings in This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default -section can be overriden with the B<-section> command line switch. (Optional) +section can be overridden with the B<-section> command line switch. (Optional) =item B @@ -453,7 +453,7 @@ included. Default is no. (Optional) =head1 ENVIRONMENT VARIABLES B contains the path of the configuration file and can be -overriden by the B<-config> command line option. +overridden by the B<-config> command line option. =head1 EXAMPLES Modified: vendor-crypto/openssl/dist/doc/apps/tsget.pod ============================================================================== --- vendor-crypto/openssl/dist/doc/apps/tsget.pod Tue Apr 8 20:10:57 2014 (r264270) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***