From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 4 23:57:47 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 44D67331 for ; Mon, 4 Aug 2014 23:57:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1B0922EA8 for ; Mon, 4 Aug 2014 23:57:47 +0000 (UTC) Received: from delphij (uid 1035) (envelope-from delphij@FreeBSD.org) id 5f83 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Mon, 04 Aug 2014 23:57:46 +0000 From: Xin LI Date: Mon, 4 Aug 2014 23:57:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269542 - vendor-sys/illumos/dist/uts/common/fs/zfs X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e01dfa.5f83.14a4a95b@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2014 23:57:47 -0000 Author: delphij Date: Mon Aug 4 23:57:46 2014 New Revision: 269542 URL: http://svnweb.freebsd.org/changeset/base/269542 Log: 5049 panic when removing log device Reviewed by: George Wilson Reviewed by: Mattew Ahrens Reviewed by: Paul Dagnelie Reviewed by: Dan Kimmel Reviewed by: Saso Kiselkov Approved by: Rich Lowe Author: Alex Reece illumos/illumos-gate@2986efa8094ce00f75df27fb74a184c65c38614a Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/vdev.c Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/vdev.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/vdev.c Mon Aug 4 23:00:13 2014 (r269541) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/vdev.c Mon Aug 4 23:57:46 2014 (r269542) @@ -2613,8 +2613,9 @@ vdev_get_stats(vdev_t *vd, vdev_stat_t * if (vd->vdev_ops->vdev_op_leaf) vs->vs_rsize += VDEV_LABEL_START_SIZE + VDEV_LABEL_END_SIZE; vs->vs_esize = vd->vdev_max_asize - vd->vdev_asize; - if (vd->vdev_aux == NULL && vd == vd->vdev_top) + if (vd->vdev_aux == NULL && vd == vd->vdev_top && !vd->vdev_ishole) { vs->vs_fragmentation = vd->vdev_mg->mg_fragmentation; + } /* * If we're getting stats on the root vdev, aggregate the I/O counts From owner-svn-src-vendor@FreeBSD.ORG Tue Aug 5 23:16:35 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 163E730F for ; Tue, 5 Aug 2014 23:16:35 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F137A254A for ; Tue, 5 Aug 2014 23:16:34 +0000 (UTC) Received: from pfg (uid 1275) (envelope-from pfg@FreeBSD.org) id 5451 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Tue, 05 Aug 2014 23:16:31 +0000 From: Pedro F. Giffuni Date: Tue, 5 Aug 2014 23:16:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269610 - in vendor/resolver: 9.5.0 9.5.0/include 9.5.0/include/arpa 9.5.0/lib/libc/include 9.5.0/lib/libc/include/isc 9.5.0/lib/libc/inet 9.5.0/lib/libc/isc 9.5.0/lib/libc/nameser 9.5.... X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e165cf.5451.77e90820@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2014 23:16:35 -0000 Author: pfg Date: Tue Aug 5 23:16:31 2014 New Revision: 269610 URL: http://svnweb.freebsd.org/changeset/base/269610 Log: Bring final version of libbind: From http://www.isc.org/downloads/libbind/ The libbind functions have been separated from the BIND suite as of BIND 9.6.0. Originally from older versions of BIND, they have been continually maintained and improved but not installed by default with BIND 9. This standard resolver library contains the same historical functions and headers included with many Unix operating systems. In fact, most implementations are based on the same original code. At present, NetBSD maintains libbind code, now known as "netresolv". Added: vendor/resolver/9.5.0/ - copied from r269608, vendor/resolver/dist/ vendor/resolver/9.5.0/include/hesiod.h (contents, props changed) vendor/resolver/9.5.0/include/netgroup.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/include/fd_setsize.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/include/isc/assertions.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/include/isc/dst.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/include/isc/heap.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/include/isc/memcluster.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/isc/assertions.c (contents, props changed) vendor/resolver/9.5.0/lib/libc/isc/assertions.mdoc vendor/resolver/9.5.0/lib/libc/resolv/res_mkupdate.h (contents, props changed) vendor/resolver/9.5.0/lib/libc/resolv/res_sendsigned.c (contents, props changed) vendor/resolver/dist/include/hesiod.h (contents, props changed) vendor/resolver/dist/include/netgroup.h (contents, props changed) vendor/resolver/dist/lib/libc/include/fd_setsize.h (contents, props changed) vendor/resolver/dist/lib/libc/include/isc/assertions.h (contents, props changed) vendor/resolver/dist/lib/libc/include/isc/dst.h (contents, props changed) vendor/resolver/dist/lib/libc/include/isc/heap.h (contents, props changed) vendor/resolver/dist/lib/libc/include/isc/memcluster.h (contents, props changed) vendor/resolver/dist/lib/libc/isc/assertions.c (contents, props changed) vendor/resolver/dist/lib/libc/isc/assertions.mdoc vendor/resolver/dist/lib/libc/resolv/res_mkupdate.h (contents, props changed) vendor/resolver/dist/lib/libc/resolv/res_sendsigned.c (contents, props changed) Modified: vendor/resolver/9.5.0/include/arpa/inet.h vendor/resolver/9.5.0/include/arpa/nameser.h vendor/resolver/9.5.0/include/arpa/nameser_compat.h vendor/resolver/9.5.0/include/res_update.h vendor/resolver/9.5.0/include/resolv.h vendor/resolver/9.5.0/lib/libc/include/isc/eventlib.h vendor/resolver/9.5.0/lib/libc/include/isc/list.h vendor/resolver/9.5.0/lib/libc/inet/inet_addr.c vendor/resolver/9.5.0/lib/libc/inet/inet_cidr_ntop.c vendor/resolver/9.5.0/lib/libc/inet/inet_cidr_pton.c vendor/resolver/9.5.0/lib/libc/inet/inet_net_ntop.c vendor/resolver/9.5.0/lib/libc/inet/inet_net_pton.c vendor/resolver/9.5.0/lib/libc/inet/inet_neta.c vendor/resolver/9.5.0/lib/libc/inet/inet_ntoa.c vendor/resolver/9.5.0/lib/libc/inet/inet_ntop.c vendor/resolver/9.5.0/lib/libc/inet/inet_pton.c vendor/resolver/9.5.0/lib/libc/inet/nsap_addr.c vendor/resolver/9.5.0/lib/libc/isc/ev_streams.c vendor/resolver/9.5.0/lib/libc/isc/ev_timers.c vendor/resolver/9.5.0/lib/libc/isc/eventlib_p.h vendor/resolver/9.5.0/lib/libc/nameser/ns_name.c vendor/resolver/9.5.0/lib/libc/nameser/ns_netint.c vendor/resolver/9.5.0/lib/libc/nameser/ns_parse.c vendor/resolver/9.5.0/lib/libc/nameser/ns_print.c vendor/resolver/9.5.0/lib/libc/nameser/ns_samedomain.c vendor/resolver/9.5.0/lib/libc/nameser/ns_ttl.c vendor/resolver/9.5.0/lib/libc/resolv/herror.c vendor/resolver/9.5.0/lib/libc/resolv/res_comp.c vendor/resolver/9.5.0/lib/libc/resolv/res_data.c vendor/resolver/9.5.0/lib/libc/resolv/res_debug.c vendor/resolver/9.5.0/lib/libc/resolv/res_findzonecut.c vendor/resolver/9.5.0/lib/libc/resolv/res_init.c vendor/resolver/9.5.0/lib/libc/resolv/res_mkquery.c vendor/resolver/9.5.0/lib/libc/resolv/res_mkupdate.c vendor/resolver/9.5.0/lib/libc/resolv/res_query.c vendor/resolver/9.5.0/lib/libc/resolv/res_send.c vendor/resolver/9.5.0/lib/libc/resolv/res_update.c vendor/resolver/dist/include/arpa/inet.h vendor/resolver/dist/include/arpa/nameser.h vendor/resolver/dist/include/arpa/nameser_compat.h vendor/resolver/dist/include/res_update.h vendor/resolver/dist/include/resolv.h vendor/resolver/dist/lib/libc/include/isc/eventlib.h vendor/resolver/dist/lib/libc/include/isc/list.h vendor/resolver/dist/lib/libc/inet/inet_addr.c vendor/resolver/dist/lib/libc/inet/inet_cidr_ntop.c vendor/resolver/dist/lib/libc/inet/inet_cidr_pton.c vendor/resolver/dist/lib/libc/inet/inet_net_ntop.c vendor/resolver/dist/lib/libc/inet/inet_net_pton.c vendor/resolver/dist/lib/libc/inet/inet_neta.c vendor/resolver/dist/lib/libc/inet/inet_ntoa.c vendor/resolver/dist/lib/libc/inet/inet_ntop.c vendor/resolver/dist/lib/libc/inet/inet_pton.c vendor/resolver/dist/lib/libc/inet/nsap_addr.c vendor/resolver/dist/lib/libc/isc/ev_streams.c vendor/resolver/dist/lib/libc/isc/ev_timers.c vendor/resolver/dist/lib/libc/isc/eventlib_p.h vendor/resolver/dist/lib/libc/nameser/ns_name.c vendor/resolver/dist/lib/libc/nameser/ns_netint.c vendor/resolver/dist/lib/libc/nameser/ns_parse.c vendor/resolver/dist/lib/libc/nameser/ns_print.c vendor/resolver/dist/lib/libc/nameser/ns_samedomain.c vendor/resolver/dist/lib/libc/nameser/ns_ttl.c vendor/resolver/dist/lib/libc/resolv/herror.c vendor/resolver/dist/lib/libc/resolv/res_comp.c vendor/resolver/dist/lib/libc/resolv/res_data.c vendor/resolver/dist/lib/libc/resolv/res_debug.c vendor/resolver/dist/lib/libc/resolv/res_findzonecut.c vendor/resolver/dist/lib/libc/resolv/res_init.c vendor/resolver/dist/lib/libc/resolv/res_mkquery.c vendor/resolver/dist/lib/libc/resolv/res_mkupdate.c vendor/resolver/dist/lib/libc/resolv/res_query.c vendor/resolver/dist/lib/libc/resolv/res_send.c vendor/resolver/dist/lib/libc/resolv/res_update.c Modified: vendor/resolver/9.5.0/include/arpa/inet.h ============================================================================== --- vendor/resolver/dist/include/arpa/inet.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/include/arpa/inet.h Tue Aug 5 23:16:31 2014 (r269610) @@ -55,7 +55,7 @@ /*% * @(#)inet.h 8.1 (Berkeley) 6/2/93 - * $Id: inet.h,v 1.2.18.1 2005/04/27 05:00:50 sra Exp $ + * $Id: inet.h,v 1.3 2005/04/27 04:56:16 sra Exp $ */ #ifndef _INET_H_ Modified: vendor/resolver/9.5.0/include/arpa/nameser.h ============================================================================== --- vendor/resolver/dist/include/arpa/nameser.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/include/arpa/nameser.h Tue Aug 5 23:16:31 2014 (r269610) @@ -1,7 +1,24 @@ /* + * Portions Copyright (C) 2004, 2005, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1996-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* * Copyright (c) 1983, 1989, 1993 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +34,7 @@ * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -32,24 +49,7 @@ */ /* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1996-1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * $Id: nameser.h,v 1.7.18.2 2008/04/03 23:15:15 marka Exp $ + * $Id: nameser.h,v 1.16 2009/03/03 01:52:48 each Exp $ */ #ifndef _ARPA_NAMESER_H_ @@ -75,15 +75,18 @@ * contains a new enough lib/nameser/ to support the feature you need. */ -#define __NAMESER 19991006 /*%< New interface version stamp. */ +#define __NAMESER 20090302 /*%< New interface version stamp. */ /* * Define constants based on RFC0883, RFC1034, RFC 1035 */ #define NS_PACKETSZ 512 /*%< default UDP packet size */ -#define NS_MAXDNAME 1025 /*%< maximum domain name */ +#define NS_MAXDNAME 1025 /*%< maximum domain name (presentation format)*/ #define NS_MAXMSG 65535 /*%< maximum message size */ #define NS_MAXCDNAME 255 /*%< maximum compressed domain name */ #define NS_MAXLABEL 63 /*%< maximum length of domain label */ +#define NS_MAXLABELS 128 /*%< theoretical max #/labels per domain name */ +#define NS_MAXNNAME 256 /*%< maximum uncompressed (binary) domain name*/ +#define NS_MAXPADDR (sizeof "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") #define NS_HFIXEDSZ 12 /*%< #/bytes of fixed data in header */ #define NS_QFIXEDSZ 4 /*%< #/bytes of fixed data in query */ #define NS_RRFIXEDSZ 10 /*%< #/bytes of fixed data in r record */ @@ -110,6 +113,18 @@ typedef enum __ns_sect { } ns_sect; /*% + * Network name (compressed or not) type. Equivilent to a pointer when used + * in a function prototype. Can be const'd. + */ +typedef u_char ns_nname[NS_MAXNNAME]; +typedef const u_char *ns_nname_ct; +typedef u_char *ns_nname_t; + +struct ns_namemap { ns_nname_ct base; int len; }; +typedef struct ns_namemap *ns_namemap_t; +typedef const struct ns_namemap *ns_namemap_ct; + +/*% * This is a message handle. It is caller allocated and has no dynamic data. * This structure is intended to be opaque to all but ns_parse.c, thus the * leading _'s on the member names. Use the accessor functions, not the _'s. @@ -123,6 +138,17 @@ typedef struct __ns_msg { const u_char *_msg_ptr; } ns_msg; +/* + * This is a newmsg handle, used when constructing new messages with + * ns_newmsg_init, et al. + */ +struct ns_newmsg { + ns_msg msg; + const u_char *dnptrs[25]; + const u_char **lastdnptr; +}; +typedef struct ns_newmsg ns_newmsg; + /* Private data structure - do not use from outside library. */ struct _ns_flagdata { int mask, shift; }; extern struct _ns_flagdata _ns_flagdata[]; @@ -147,8 +173,23 @@ typedef struct __ns_rr { const u_char * rdata; } ns_rr; +/* + * Same thing, but using uncompressed network binary names, and real C types. + */ +typedef struct __ns_rr2 { + ns_nname nname; + size_t nnamel; + int type; + int rr_class; + u_int ttl; + int rdlength; + const u_char * rdata; +} ns_rr2; + /* Accessor macros - this is part of the public interface. */ #define ns_rr_name(rr) (((rr).name[0] != '\0') ? (rr).name : ".") +#define ns_rr_nname(rr) ((const ns_nname_t)(rr).nname) +#define ns_rr_nnamel(rr) ((rr).nnamel + 0) #define ns_rr_type(rr) ((ns_type)((rr).type + 0)) #define ns_rr_class(rr) ((ns_class)((rr).rr_class + 0)) #define ns_rr_ttl(rr) ((rr).ttl + 0) @@ -223,9 +264,9 @@ typedef enum __ns_update_operation { * This structure is used for TSIG authenticated messages */ struct ns_tsig_key { - char name[NS_MAXDNAME], alg[NS_MAXDNAME]; - unsigned char *data; - int len; + char name[NS_MAXDNAME], alg[NS_MAXDNAME]; + unsigned char *data; + int len; }; typedef struct ns_tsig_key ns_tsig_key; @@ -281,7 +322,7 @@ typedef enum __ns_type { ns_t_key = 25, /*%< Security key. */ ns_t_px = 26, /*%< X.400 mail mapping. */ ns_t_gpos = 27, /*%< Geographical position (withdrawn). */ - ns_t_aaaa = 28, /*%< Ip6 Address. */ + ns_t_aaaa = 28, /*%< IPv6 Address. */ ns_t_loc = 29, /*%< Location Information. */ ns_t_nxt = 30, /*%< Next domain (security). */ ns_t_eid = 31, /*%< Endpoint identifier. */ @@ -291,11 +332,22 @@ typedef enum __ns_type { ns_t_naptr = 35, /*%< Naming Authority PoinTeR */ ns_t_kx = 36, /*%< Key Exchange */ ns_t_cert = 37, /*%< Certification record */ - ns_t_a6 = 38, /*%< IPv6 address (deprecates AAAA) */ - ns_t_dname = 39, /*%< Non-terminal DNAME (for IPv6) */ + ns_t_a6 = 38, /*%< IPv6 address (experimental) */ + ns_t_dname = 39, /*%< Non-terminal DNAME */ ns_t_sink = 40, /*%< Kitchen sink (experimentatl) */ ns_t_opt = 41, /*%< EDNS0 option (meta-RR) */ ns_t_apl = 42, /*%< Address prefix list (RFC3123) */ + ns_t_ds = 43, /*%< Delegation Signer */ + ns_t_sshfp = 44, /*%< SSH Fingerprint */ + ns_t_ipseckey = 45, /*%< IPSEC Key */ + ns_t_rrsig = 46, /*%< RRset Signature */ + ns_t_nsec = 47, /*%< Negative security */ + ns_t_dnskey = 48, /*%< DNS Key */ + ns_t_dhcid = 49, /*%< Dynamic host configuratin identifier */ + ns_t_nsec3 = 50, /*%< Negative security type 3 */ + ns_t_nsec3param = 51, /*%< Negative security type 3 parameters */ + ns_t_hip = 55, /*%< Host Identity Protocol */ + ns_t_spf = 99, /*%< Sender Policy Framework */ ns_t_tkey = 249, /*%< Transaction key */ ns_t_tsig = 250, /*%< Transaction signature. */ ns_t_ixfr = 251, /*%< Incremental zone transfer. */ @@ -304,6 +356,7 @@ typedef enum __ns_type { ns_t_maila = 254, /*%< Transfer mail agent records. */ ns_t_any = 255, /*%< Wildcard match. */ ns_t_zxfr = 256, /*%< BIND-specific, nonstandard. */ + ns_t_dlv = 32769, /*%< DNSSEC look-aside validatation. */ ns_t_max = 65536 } ns_type; @@ -482,6 +535,7 @@ typedef enum __ns_cert_types { #define ns_initparse __ns_initparse #define ns_skiprr __ns_skiprr #define ns_parserr __ns_parserr +#define ns_parserr2 __ns_parserr2 #define ns_sprintrr __ns_sprintrr #define ns_sprintrrf __ns_sprintrrf #define ns_format_ttl __ns_format_ttl @@ -490,12 +544,19 @@ typedef enum __ns_cert_types { #define ns_name_ntol __ns_name_ntol #define ns_name_ntop __ns_name_ntop #define ns_name_pton __ns_name_pton +#define ns_name_pton2 __ns_name_pton2 #define ns_name_unpack __ns_name_unpack +#define ns_name_unpack2 __ns_name_unpack2 #define ns_name_pack __ns_name_pack #define ns_name_compress __ns_name_compress #define ns_name_uncompress __ns_name_uncompress #define ns_name_skip __ns_name_skip #define ns_name_rollback __ns_name_rollback +#define ns_name_length __ns_name_length +#define ns_name_eq __ns_name_eq +#define ns_name_owned __ns_name_owned +#define ns_name_map __ns_name_map +#define ns_name_labels __ns_name_labels #define ns_sign __ns_sign #define ns_sign2 __ns_sign2 #define ns_sign_tcp __ns_sign_tcp @@ -509,6 +570,16 @@ typedef enum __ns_cert_types { #define ns_subdomain __ns_subdomain #define ns_makecanon __ns_makecanon #define ns_samename __ns_samename +#define ns_newmsg_init __ns_newmsg_init +#define ns_newmsg_copy __ns_newmsg_copy +#define ns_newmsg_id __ns_newmsg_id +#define ns_newmsg_flag __ns_newmsg_flag +#define ns_newmsg_q __ns_newmsg_q +#define ns_newmsg_rr __ns_newmsg_rr +#define ns_newmsg_done __ns_newmsg_done +#define ns_rdata_unpack __ns_rdata_unpack +#define ns_rdata_equal __ns_rdata_equal +#define ns_rdata_refers __ns_rdata_refers __BEGIN_DECLS int ns_msg_getflag __P((ns_msg, int)); @@ -519,6 +590,7 @@ void ns_put32 __P((u_long, u_char *)); int ns_initparse __P((const u_char *, int, ns_msg *)); int ns_skiprr __P((const u_char *, const u_char *, ns_sect, int)); int ns_parserr __P((ns_msg *, ns_sect, int, ns_rr *)); +int ns_parserr2 __P((ns_msg *, ns_sect, int, ns_rr2 *)); int ns_sprintrr __P((const ns_msg *, const ns_rr *, const char *, const char *, char *, size_t)); int ns_sprintrrf __P((const u_char *, size_t, const char *, @@ -531,8 +603,12 @@ u_int32_t ns_datetosecs __P((const char int ns_name_ntol __P((const u_char *, u_char *, size_t)); int ns_name_ntop __P((const u_char *, char *, size_t)); int ns_name_pton __P((const char *, u_char *, size_t)); +int ns_name_pton2 __P((const char *, u_char *, size_t, size_t *)); int ns_name_unpack __P((const u_char *, const u_char *, const u_char *, u_char *, size_t)); +int ns_name_unpack2 __P((const u_char *, const u_char *, + const u_char *, u_char *, size_t, + size_t *)); int ns_name_pack __P((const u_char *, u_char *, int, const u_char **, const u_char **)); int ns_name_uncompress __P((const u_char *, const u_char *, @@ -542,6 +618,11 @@ int ns_name_compress __P((const char *, int ns_name_skip __P((const u_char **, const u_char *)); void ns_name_rollback __P((const u_char *, const u_char **, const u_char **)); +ssize_t ns_name_length(ns_nname_ct, size_t); +int ns_name_eq(ns_nname_ct, size_t, ns_nname_ct, size_t); +int ns_name_owned(ns_namemap_ct, int, ns_namemap_ct, int); +int ns_name_map(ns_nname_ct, size_t, ns_namemap_t, int); +int ns_name_labels(ns_nname_ct, size_t); int ns_sign __P((u_char *, int *, int, int, void *, const u_char *, int, u_char *, int *, time_t)); int ns_sign2 __P((u_char *, int *, int, int, void *, @@ -565,6 +646,25 @@ int ns_samedomain __P((const char *, co int ns_subdomain __P((const char *, const char *)); int ns_makecanon __P((const char *, char *, size_t)); int ns_samename __P((const char *, const char *)); +int ns_newmsg_init(u_char *buffer, size_t bufsiz, ns_newmsg *); +int ns_newmsg_copy(ns_newmsg *, ns_msg *); +void ns_newmsg_id(ns_newmsg *handle, u_int16_t id); +void ns_newmsg_flag(ns_newmsg *handle, ns_flag flag, u_int value); +int ns_newmsg_q(ns_newmsg *handle, ns_nname_ct qname, + ns_type qtype, ns_class qclass); +int ns_newmsg_rr(ns_newmsg *handle, ns_sect sect, + ns_nname_ct name, ns_type type, + ns_class rr_class, u_int32_t ttl, + u_int16_t rdlen, const u_char *rdata); +size_t ns_newmsg_done(ns_newmsg *handle); +ssize_t ns_rdata_unpack(const u_char *, const u_char *, ns_type, + const u_char *, size_t, u_char *, size_t); +int ns_rdata_equal(ns_type, + const u_char *, size_t, + const u_char *, size_t); +int ns_rdata_refers(ns_type, + const u_char *, size_t, + const u_char *); __END_DECLS #ifdef BIND_4_COMPAT Modified: vendor/resolver/9.5.0/include/arpa/nameser_compat.h ============================================================================== --- vendor/resolver/dist/include/arpa/nameser_compat.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/include/arpa/nameser_compat.h Tue Aug 5 23:16:31 2014 (r269610) @@ -32,7 +32,7 @@ /*% * from nameser.h 8.1 (Berkeley) 6/2/93 - * $Id: nameser_compat.h,v 1.5.18.3 2006/05/19 02:36:00 marka Exp $ + * $Id: nameser_compat.h,v 1.8 2006/05/19 02:33:40 marka Exp $ */ #ifndef _ARPA_NAMESER_COMPAT_ Added: vendor/resolver/9.5.0/include/hesiod.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/include/hesiod.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/*! \file + * \brief + * This file is primarily maintained by and . + */ + +/* + * $Id: hesiod.h,v 1.4 2005/04/27 04:56:14 sra Exp $ + */ + +#ifndef _HESIOD_H_INCLUDED +#define _HESIOD_H_INCLUDED + +int hesiod_init __P((void **)); +void hesiod_end __P((void *)); +char * hesiod_to_bind __P((void *, const char *, const char *)); +char ** hesiod_resolve __P((void *, const char *, const char *)); +void hesiod_free_list __P((void *, char **)); +struct __res_state * __hesiod_res_get __P((void *)); +void __hesiod_res_set __P((void *, struct __res_state *, + void (*)(void *))); + +#endif /*_HESIOD_H_INCLUDED*/ Added: vendor/resolver/9.5.0/include/netgroup.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/include/netgroup.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,26 @@ +#ifndef netgroup_h +#define netgroup_h +#ifndef __GLIBC__ + +/* + * The standard is crazy. These values "belong" to getnetgrent() and + * shouldn't be altered by the caller. + */ +int getnetgrent __P((/* const */ char **, /* const */ char **, + /* const */ char **)); + +int getnetgrent_r __P((char **, char **, char **, char *, int)); + +void endnetgrent __P((void)); + +#ifdef __osf__ +int innetgr __P((char *, char *, char *, char *)); +void setnetgrent __P((char *)); +#else +void setnetgrent __P((const char *)); +int innetgr __P((const char *, const char *, const char *, const char *)); +#endif +#endif +#endif + +/*! \file */ Modified: vendor/resolver/9.5.0/include/res_update.h ============================================================================== --- vendor/resolver/dist/include/res_update.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/include/res_update.h Tue Aug 5 23:16:31 2014 (r269610) @@ -16,7 +16,7 @@ */ /* - * $Id: res_update.h,v 1.2.18.1 2005/04/27 05:00:49 sra Exp $ + * $Id: res_update.h,v 1.3 2005/04/27 04:56:15 sra Exp $ */ #ifndef __RES_UPDATE_H Modified: vendor/resolver/9.5.0/include/resolv.h ============================================================================== --- vendor/resolver/dist/include/resolv.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/include/resolv.h Tue Aug 5 23:16:31 2014 (r269610) @@ -1,7 +1,24 @@ /* + * Portions Copyright (C) 2004, 2005, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1995-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* * Copyright (c) 1983, 1987, 1989 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,7 +34,7 @@ * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,26 +48,9 @@ * SUCH DAMAGE. */ -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 1996-1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - /*% * @(#)resolv.h 8.1 (Berkeley) 6/2/93 - * $Id: resolv.h,v 1.19.18.4 2008/04/03 23:15:15 marka Exp $ + * $Id: resolv.h,v 1.30 2009/03/03 01:52:48 each Exp $ */ #ifndef _RESOLV_H_ @@ -75,7 +75,7 @@ * is new enough to contain a certain feature. */ -#define __RES 20030124 +#define __RES 20090302 /*% * This used to be defined in res_query.c, now it's in herror.c. @@ -185,10 +185,11 @@ struct __res_state { int res_h_errno; /*%< last one set for this context */ int _vcsock; /*%< PRIVATE: for res_send VC i/o */ u_int _flags; /*%< PRIVATE: see below */ + u_char _rnd[16]; /*%< PRIVATE: random state */ u_int _pad; /*%< make _u 64 bit aligned */ union { /* On an 32-bit arch this means 512b total. */ - char pad[72 - 4*sizeof (int) - 2*sizeof (void *)]; + char pad[56 - 4*sizeof (int) - 2*sizeof (void *)]; struct { u_int16_t nscount; u_int16_t nstimes[MAXNS]; /*%< ms. */ @@ -338,7 +339,7 @@ __END_DECLS #if !defined(SHARED_LIBBIND) || defined(LIB) /* * If libbind is a shared object (well, DLL anyway) - * these externs break the linker when resolv.h is + * these externs break the linker when resolv.h is * included by a lib client (like named) * Make them go away if a client is including this * @@ -392,7 +393,9 @@ extern const struct res_sym __p_rcode_sy #define res_nisourserver __res_nisourserver #define res_ownok __res_ownok #define res_queriesmatch __res_queriesmatch +#define res_rndinit __res_rndinit #define res_randomid __res_randomid +#define res_nrandomid __res_nrandomid #define sym_ntop __sym_ntop #define sym_ntos __sym_ntos #define sym_ston __sym_ston @@ -451,7 +454,9 @@ int dn_comp __P((const char *, u_char * u_char **, u_char **)); int dn_expand __P((const u_char *, const u_char *, const u_char *, char *, int)); +void res_rndinit __P((res_state)); u_int res_randomid __P((void)); +u_int res_nrandomid __P((res_state)); int res_nameinquery __P((const char *, int, int, const u_char *, const u_char *)); int res_queriesmatch __P((const u_char *, const u_char *, Added: vendor/resolver/9.5.0/lib/libc/include/fd_setsize.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/lib/libc/include/fd_setsize.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,10 @@ +#ifndef _FD_SETSIZE_H +#define _FD_SETSIZE_H + +/*% + * If you need a bigger FD_SETSIZE, this is NOT the place to set it. + * This file is a fallback for BIND ports which don't specify their own. + */ + +#endif /* _FD_SETSIZE_H */ +/*! \file */ Added: vendor/resolver/9.5.0/lib/libc/include/isc/assertions.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/lib/libc/include/isc/assertions.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1997-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * $Id: assertions.h,v 1.5 2008/11/14 02:36:51 marka Exp $ + */ + +#ifndef ASSERTIONS_H +#define ASSERTIONS_H 1 + +typedef enum { + assert_require, assert_ensure, assert_insist, assert_invariant +} assertion_type; + +typedef void (*assertion_failure_callback)(const char *, int, assertion_type, + const char *, int); + +/* coverity[+kill] */ +extern assertion_failure_callback __assertion_failed; +void set_assertion_failure_callback(assertion_failure_callback f); +const char *assertion_type_to_text(assertion_type type); + +#if defined(CHECK_ALL) || defined(__COVERITY__) +#define CHECK_REQUIRE 1 +#define CHECK_ENSURE 1 +#define CHECK_INSIST 1 +#define CHECK_INVARIANT 1 +#endif + +#if defined(CHECK_NONE) && !defined(__COVERITY__) +#define CHECK_REQUIRE 0 +#define CHECK_ENSURE 0 +#define CHECK_INSIST 0 +#define CHECK_INVARIANT 0 +#endif + +#ifndef CHECK_REQUIRE +#define CHECK_REQUIRE 1 +#endif + +#ifndef CHECK_ENSURE +#define CHECK_ENSURE 1 +#endif + +#ifndef CHECK_INSIST +#define CHECK_INSIST 1 +#endif + +#ifndef CHECK_INVARIANT +#define CHECK_INVARIANT 1 +#endif + +#if CHECK_REQUIRE != 0 +#define REQUIRE(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_require, \ + #cond, 0), 0))) +#define REQUIRE_ERR(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_require, \ + #cond, 1), 0))) +#else +#define REQUIRE(cond) ((void) (cond)) +#define REQUIRE_ERR(cond) ((void) (cond)) +#endif /* CHECK_REQUIRE */ + +#if CHECK_ENSURE != 0 +#define ENSURE(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_ensure, \ + #cond, 0), 0))) +#define ENSURE_ERR(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_ensure, \ + #cond, 1), 0))) +#else +#define ENSURE(cond) ((void) (cond)) +#define ENSURE_ERR(cond) ((void) (cond)) +#endif /* CHECK_ENSURE */ + +#if CHECK_INSIST != 0 +#define INSIST(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_insist, \ + #cond, 0), 0))) +#define INSIST_ERR(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_insist, \ + #cond, 1), 0))) +#else +#define INSIST(cond) ((void) (cond)) +#define INSIST_ERR(cond) ((void) (cond)) +#endif /* CHECK_INSIST */ + +#if CHECK_INVARIANT != 0 +#define INVARIANT(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_invariant, \ + #cond, 0), 0))) +#define INVARIANT_ERR(cond) \ + ((void) ((cond) || \ + ((__assertion_failed)(__FILE__, __LINE__, assert_invariant, \ + #cond, 1), 0))) +#else +#define INVARIANT(cond) ((void) (cond)) +#define INVARIANT_ERR(cond) ((void) (cond)) +#endif /* CHECK_INVARIANT */ +#endif /* ASSERTIONS_H */ +/*! \file */ Added: vendor/resolver/9.5.0/lib/libc/include/isc/dst.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/lib/libc/include/isc/dst.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,168 @@ +#ifndef DST_H +#define DST_H + +#ifndef HAS_DST_KEY +typedef struct dst_key { + char *dk_key_name; /*%< name of the key */ + int dk_key_size; /*%< this is the size of the key in bits */ + int dk_proto; /*%< what protocols this key can be used for */ + int dk_alg; /*%< algorithm number from key record */ + u_int32_t dk_flags; /*%< and the flags of the public key */ + u_int16_t dk_id; /*%< identifier of the key */ +} DST_KEY; +#endif /* HAS_DST_KEY */ +/* + * do not taint namespace + */ +#define dst_bsafe_init __dst_bsafe_init +#define dst_buffer_to_key __dst_buffer_to_key +#define dst_check_algorithm __dst_check_algorithm +#define dst_compare_keys __dst_compare_keys +#define dst_cylink_init __dst_cylink_init +#define dst_dnskey_to_key __dst_dnskey_to_key +#define dst_eay_dss_init __dst_eay_dss_init +#define dst_free_key __dst_free_key +#define dst_generate_key __dst_generate_key +#define dst_hmac_md5_init __dst_hmac_md5_init +#define dst_init __dst_init +#define dst_key_to_buffer __dst_key_to_buffer +#define dst_key_to_dnskey __dst_key_to_dnskey +#define dst_read_key __dst_read_key +#define dst_rsaref_init __dst_rsaref_init +#define dst_s_build_filename __dst_s_build_filename +#define dst_s_calculate_bits __dst_s_calculate_bits +#define dst_s_conv_bignum_b64_to_u8 __dst_s_conv_bignum_b64_to_u8 +#define dst_s_conv_bignum_u8_to_b64 __dst_s_conv_bignum_u8_to_b64 +#define dst_s_dns_key_id __dst_s_dns_key_id +#define dst_s_dump __dst_s_dump +#define dst_s_filename_length __dst_s_filename_length +#define dst_s_fopen __dst_s_fopen +#define dst_s_get_int16 __dst_s_get_int16 +#define dst_s_get_int32 __dst_s_get_int32 +#define dst_s_id_calc __dst_s_id_calc +#define dst_s_put_int16 __dst_s_put_int16 +#define dst_s_put_int32 __dst_s_put_int32 +#define dst_s_quick_random __dst_s_quick_random +#define dst_s_quick_random_set __dst_s_quick_random_set +#define dst_s_random __dst_s_random +#define dst_s_semi_random __dst_s_semi_random +#define dst_s_verify_str __dst_s_verify_str +#define dst_sig_size __dst_sig_size +#define dst_sign_data __dst_sign_data +#define dst_verify_data __dst_verify_data +#define dst_write_key __dst_write_key + +/* + * DST Crypto API defintions + */ +void dst_init(void); +int dst_check_algorithm(const int); + + +int dst_sign_data(const int, /*!< specifies INIT/UPDATE/FINAL/ALL */ + DST_KEY *, /*!< the key to use */ + void **, /*!< pointer to state structure */ + const u_char *, /*!< data to be signed */ + const int, /*!< length of input data */ + u_char *, /*!< buffer to write signature to */ + const int); /*!< size of output buffer */ +int dst_verify_data(const int, /*!< specifies INIT/UPDATE/FINAL/ALL */ + DST_KEY *, /*!< the key to use */ + void **, /*!< pointer to state structure */ + const u_char *, /*!< data to be verified */ + const int, /*!< length of input data */ + const u_char *, /*!< buffer containing signature */ + const int); /*!< length of signature */ +DST_KEY *dst_read_key(const char *, /*!< name of key */ + const u_int16_t, /*!< key tag identifier */ + const int, /*!< key algorithm */ + const int); /*!< Private/PublicKey wanted */ +int dst_write_key(const DST_KEY *, /*!< key to write out */ + const int); /*!< Public/Private */ +DST_KEY *dst_dnskey_to_key(const char *, /*!< KEY record name */ + const u_char *, /*!< KEY RDATA */ + const int); /*!< size of input buffer */ +int dst_key_to_dnskey(const DST_KEY *, /*!< key to translate */ + u_char *, /*!< output buffer */ + const int); /*!< size of out_storage */ +DST_KEY *dst_buffer_to_key(const char *, /*!< name of the key */ + const int, /*!< algorithm */ + const int, /*!< dns flags */ + const int, /*!< dns protocol */ + const u_char *, /*!< key in dns wire fmt */ + const int); /*!< size of key */ +int dst_key_to_buffer(DST_KEY *, u_char *, int); + +DST_KEY *dst_generate_key(const char *, /*!< name of new key */ + const int, /*!< key algorithm to generate */ + const int, /*!< size of new key */ + const int, /*!< alg dependent parameter */ + const int, /*!< key DNS flags */ + const int); /*!< key DNS protocol */ +DST_KEY *dst_free_key(DST_KEY *); +int dst_compare_keys(const DST_KEY *, const DST_KEY *); + +int dst_sig_size(DST_KEY *); + + +/* support for dns key tags/ids */ +u_int16_t dst_s_dns_key_id(const u_char *, const int); +u_int16_t dst_s_id_calc(const u_char *, const int); + +/* Used by callers as well as by the library. */ +#define RAW_KEY_SIZE 8192 /*%< large enough to store any key */ +/* DST_API control flags */ +/* These are used used in functions dst_sign_data and dst_verify_data */ +#define SIG_MODE_INIT 1 /*%< initialize digest */ +#define SIG_MODE_UPDATE 2 /*%< add data to digest */ +#define SIG_MODE_FINAL 4 /*%< generate/verify signature */ +#define SIG_MODE_ALL (SIG_MODE_INIT|SIG_MODE_UPDATE|SIG_MODE_FINAL) + +/* Flags for dst_read_private_key() */ +#define DST_FORCE_READ 0x1000000 +#define DST_CAN_SIGN 0x010F +#define DST_NO_AUTHEN 0x8000 +#define DST_EXTEND_FLAG 0x1000 +#define DST_STANDARD 0 +#define DST_PRIVATE 0x2000000 +#define DST_PUBLIC 0x4000000 +#define DST_RAND_SEMI 1 +#define DST_RAND_STD 2 +#define DST_RAND_KEY 3 +#define DST_RAND_DSS 4 + + +/* DST algorithm codes */ +#define KEY_RSA 1 +#define KEY_DH 2 +#define KEY_DSA 3 +#define KEY_PRIVATE 254 +#define KEY_EXPAND 255 +#define KEY_HMAC_MD5 157 +#define KEY_HMAC_SHA1 158 +#define UNKNOWN_KEYALG 0 +#define DST_MAX_ALGS KEY_HMAC_SHA1 + +/* DST constants to locations in KEY record changes in new KEY record */ +#define DST_FLAGS_SIZE 2 +#define DST_KEY_PROT 2 +#define DST_KEY_ALG 3 +#define DST_EXT_FLAG 4 +#define DST_KEY_START 4 + +#ifndef SIGN_F_NOKEY +#define SIGN_F_NOKEY 0xC000 +#endif + +/* error codes from dst routines */ +#define SIGN_INIT_FAILURE (-23) +#define SIGN_UPDATE_FAILURE (-24) +#define SIGN_FINAL_FAILURE (-25) +#define VERIFY_INIT_FAILURE (-26) +#define VERIFY_UPDATE_FAILURE (-27) +#define VERIFY_FINAL_FAILURE (-28) +#define MISSING_KEY_OR_SIGNATURE (-30) +#define UNSUPPORTED_KEYALG (-31) + +#endif /* DST_H */ +/*! \file */ Modified: vendor/resolver/9.5.0/lib/libc/include/isc/eventlib.h ============================================================================== --- vendor/resolver/dist/lib/libc/include/isc/eventlib.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/lib/libc/include/isc/eventlib.h Tue Aug 5 23:16:31 2014 (r269610) @@ -1,24 +1,24 @@ /* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Copyright (c) 1995-1999 by Internet Software Consortium + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1995-1999, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. */ /* eventlib.h - exported interfaces for eventlib * vix 09sep95 [initial] * - * $Id: eventlib.h,v 1.3.18.3 2008/01/23 02:12:01 marka Exp $ + * $Id: eventlib.h,v 1.7 2008/11/14 02:36:51 marka Exp $ */ #ifndef _EVENTLIB_H Added: vendor/resolver/9.5.0/lib/libc/include/isc/heap.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/lib/libc/include/isc/heap.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1997,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +typedef int (*heap_higher_priority_func)(void *, void *); +typedef void (*heap_index_func)(void *, int); +typedef void (*heap_for_each_func)(void *, void *); + +typedef struct heap_context { + int array_size; + int array_size_increment; + int heap_size; + void **heap; + heap_higher_priority_func higher_priority; + heap_index_func index; +} *heap_context; + +#define heap_new __heap_new +#define heap_free __heap_free +#define heap_insert __heap_insert +#define heap_delete __heap_delete +#define heap_increased __heap_increased +#define heap_decreased __heap_decreased +#define heap_element __heap_element +#define heap_for_each __heap_for_each + +heap_context heap_new(heap_higher_priority_func, heap_index_func, int); +int heap_free(heap_context); +int heap_insert(heap_context, void *); +int heap_delete(heap_context, int); +int heap_increased(heap_context, int); +int heap_decreased(heap_context, int); +void * heap_element(heap_context, int); +int heap_for_each(heap_context, heap_for_each_func, void *); + +/*! \file */ Modified: vendor/resolver/9.5.0/lib/libc/include/isc/list.h ============================================================================== --- vendor/resolver/dist/lib/libc/include/isc/list.h Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/lib/libc/include/isc/list.h Tue Aug 5 23:16:31 2014 (r269610) @@ -31,7 +31,8 @@ } while (0) #define INIT_LINK(elt, link) \ INIT_LINK_TYPE(elt, link, void) -#define LINKED(elt, link) ((void *)((elt)->link.prev) != (void *)(-1)) +#define LINKED(elt, link) ((void *)((elt)->link.prev) != (void *)(-1) && \ + (void *)((elt)->link.next) != (void *)(-1)) #define HEAD(list) ((list).head) #define TAIL(list) ((list).tail) Added: vendor/resolver/9.5.0/lib/libc/include/isc/memcluster.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/resolver/9.5.0/lib/libc/include/isc/memcluster.h Tue Aug 5 23:16:31 2014 (r269610) @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1997,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef MEMCLUSTER_H +#define MEMCLUSTER_H + +#include + +#define meminit __meminit +#ifdef MEMCLUSTER_DEBUG +#define memget(s) __memget_debug(s, __FILE__, __LINE__) +#define memput(p, s) __memput_debug(p, s, __FILE__, __LINE__) +#else /*MEMCLUSTER_DEBUG*/ +#ifdef MEMCLUSTER_RECORD +#define memget(s) __memget_record(s, __FILE__, __LINE__) +#define memput(p, s) __memput_record(p, s, __FILE__, __LINE__) +#else /*MEMCLUSTER_RECORD*/ +#define memget __memget +#define memput __memput +#endif /*MEMCLUSTER_RECORD*/ +#endif /*MEMCLUSTER_DEBUG*/ +#define memstats __memstats +#define memactive __memactive + +int meminit(size_t, size_t); +void * __memget(size_t); +void __memput(void *, size_t); +void * __memget_debug(size_t, const char *, int); +void __memput_debug(void *, size_t, const char *, int); +void * __memget_record(size_t, const char *, int); +void __memput_record(void *, size_t, const char *, int); +void memstats(FILE *); +int memactive(void); + +#endif /* MEMCLUSTER_H */ +/*! \file */ Modified: vendor/resolver/9.5.0/lib/libc/inet/inet_addr.c ============================================================================== --- vendor/resolver/dist/lib/libc/inet/inet_addr.c Tue Aug 5 19:43:44 2014 (r269608) +++ vendor/resolver/9.5.0/lib/libc/inet/inet_addr.c Tue Aug 5 23:16:31 2014 (r269610) @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "$Id: inet_addr.c,v 1.4.18.1 2005/04/27 05:00:52 sra Exp $"; +static const char rcsid[] = "$Id: inet_addr.c,v 1.5 2005/04/27 04:56:19 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Tue Aug 5 23:25:29 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 862015A4 for ; Tue, 5 Aug 2014 23:25:29 +0000 (UTC) Received: from nm47-vm1.bullet.mail.bf1.yahoo.com (nm47-vm1.bullet.mail.bf1.yahoo.com [216.109.115.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2755C2622 for ; Tue, 5 Aug 2014 23:25:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1407281121; bh=EFWzQ6YqqoGBrrsbNCFLbb0cVL8pDLvlBjMVrEn5sQI=; h=Received:Received:Received:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=pCLT4/j8/qJqSo3IWx05V3J7NrRX4YXAUoCD5E4BaBUlsiX8q+dPekCsTk80Dq67708JItrsSjTeaz0XgFZcbWqfcqtali4ExbymaQUDMFzEmtS6t40pXOn55Oq1VIubpBaDYpDwhEaNuBhdP8ZxC7TzqwbBH0XgLSDHMNoJGb/EtuWchSpOGK3V86U3nC/fvmE0JQ8d48nCukt1LHt3/Qb67HI5Zk4xV76NmlLPi3MDaDv/7snH8JYIo2NwlRmMdxIhdW/G0MDfgIoLJpSI9UpxIRBkyu4Yaw/DT9i1GY0xvH8aIDesChI0dhq6ryoR1mNpa4VVt2UPPqk1tZuDiQ== DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=SOtFu77g0EAvmt3ZCxumGsCfCBWClgOrcgdcqq23G9JlgY4KUt/WzwBLU56ZggwrLY4m0T2Xp6sxdvWlv1EFjY4FJfpErDQT7YBOWjUsJFPetndU6rI5RF4yJ21e2CoVi1GCUxhuur43mTRWIS9gdV+V5xJ3Unpp8bfmHMeVSOwF0t52PIdcfJIdXRKalQWJaklDVMR7YnxOFEUeyctspkn/MnzwwLGAfBItRwhTW3dsjZxq12ePfnMT90nLIBNe8tEqz5o+okBYGi1kG2WQcDqXh+gNxPuQRe+IPdWVSgCeadUwTyzBBt0KS03cvZ9sU8DsIzE9+T3yuC1VQ034mw==; Received: from [98.139.212.153] by nm47.bullet.mail.bf1.yahoo.com with NNFMP; 05 Aug 2014 23:25:21 -0000 Received: from [98.139.211.197] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 05 Aug 2014 23:25:20 -0000 Received: from [127.0.0.1] by smtp206.mail.bf1.yahoo.com with NNFMP; 05 Aug 2014 23:25:20 -0000 X-Yahoo-Newman-Id: 751352.56254.bm@smtp206.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: qR.NRHIVM1nyysyAge08ljYyW_ONnK1M.wrRz_Ak1BACy9h DtvfWTHZB0L5OYdq_lhRXjS0I87nmQdiH2KL3Y8aZ7o9t1bUCoPj1Zg2_FQS JJ3oNE9lsK0ck5PyDFiYCfH5Uzw3a75uHsYwE_FULnpXWuVPfBsG3XScN2Ue xDr2Rr0_.FM4Pw7ET7YPfttp6VQfB.qy9_TnqtYtAGmVWrXaK8yg1r8pjPLM W_CWLp35GauRIeye8rftSUbL4wwMTTeaHve3EmzLIyk9SfRYPqm20jS9EVA3 JzP3gz9AqxC3ulIZoE7StuXQSJi12rbmr0WS3YW8kbqPhTmybirOsmWjZq5a VgPRNRsHBgroXSoUNxmlVaqUc2J0k_rjb.BzOSvBpPSqF_i0oMINsyiAZXca VTHsFO0uaVf21trf0tJhIYR1XesK55TCkl7XxPVBRYfKBPc1IbPU.4nNKyh. RoSOnGnRqvjGYrsCyOrK8cDhlH7l_.7gWKPvXs4gWJMKqGl2E6Ci54SbbAz1 PCbwz9X.XI0e2eF9hjRUg_22W6NN0lgFZ1u0jiOxS9sBsBKIFQd_gH3RuTOr Mh_AZ_tMCYX6qzyipr8DoKOi7dBkggk_N9wDjwCSOIawq.sBw30nCzgLRYk_ KkfodYcomcu2Dj3GebacfRc0hf9Cm.rWmMunXWeZahXHVZfZ676GNoTg7cyA B5A4- X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <53E167DE.8020002@freebsd.org> Date: Tue, 05 Aug 2014 18:25:18 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: Re: svn commit: r269610 - in vendor/resolver: 9.5.0 9.5.0/include 9.5.0/include/arpa 9.5.0/lib/libc/include 9.5.0/lib/libc/include/isc 9.5.0/lib/libc/inet 9.5.0/lib/libc/isc 9.5.0/lib/libc/nameser 9.5.... References: <53e165cf.5451.77e90820@svn.freebsd.org> In-Reply-To: <53e165cf.5451.77e90820@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2014 23:25:29 -0000 On 08/05/14 18:16, Pedro F. Giffuni wrote: > Author: pfg > Date: Tue Aug 5 23:16:31 2014 > New Revision: 269610 > URL: http://svnweb.freebsd.org/changeset/base/269610 > > Log: > Bring final version of libbind: > > From > http://www.isc.org/downloads/libbind/ > > The libbind functions have been separated from the BIND suite as of BIND > 9.6.0. Originally from older versions of BIND, they have been continually > maintained and improved but not installed by default with BIND 9. This > standard resolver library contains the same historical functions and > headers included with many Unix operating systems. In fact, most > implementations are based on the same original code. > > At present, NetBSD maintains libbind code, now known as "netresolv". > > For the record: I am not updating this in the base but having this particular version to the vendor area is important as a reference and to note that in the future we should update this package from NetBSD. Pedro. From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 16:40:24 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97E683D8 for ; Thu, 7 Aug 2014 16:40:24 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 87BF42596 for ; Thu, 7 Aug 2014 16:40:24 +0000 (UTC) Received: from pfg (uid 1275) (envelope-from pfg@FreeBSD.org) id 2b1a by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 16:40:24 +0000 From: Pedro F. Giffuni Date: Thu, 7 Aug 2014 16:40:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269668 - vendor/resolver/dist/lib/libc/nameser X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3abf8.2b1a.26b42ea6@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 16:40:24 -0000 Author: pfg Date: Thu Aug 7 16:40:24 2014 New Revision: 269668 URL: http://svnweb.freebsd.org/changeset/base/269668 Log: Fix broken pointer overflow check ns_name_unpack() Many compilers may optimize away the overflow check `msg + l < msg', where `msg' is a pointer and `l' is an integer, because pointer overflow is undefined behavior in C. Use a safe precondition test `l >= eom - msg' instead. Reference: https://android-review.googlesource.com/#/c/50570/ Obtained from: NetBSD (CVS rev. 1.10) MFC after: 3 weeks Modified: vendor/resolver/dist/lib/libc/nameser/ns_name.c Modified: vendor/resolver/dist/lib/libc/nameser/ns_name.c ============================================================================== --- vendor/resolver/dist/lib/libc/nameser/ns_name.c Thu Aug 7 15:56:55 2014 (r269667) +++ vendor/resolver/dist/lib/libc/nameser/ns_name.c Thu Aug 7 16:40:24 2014 (r269668) @@ -461,11 +461,12 @@ ns_name_unpack2(const u_char *msg, const } if (len < 0) len = srcp - src + 1; - srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff)); - if (srcp < msg || srcp >= eom) { /*%< Out of range. */ + l = ((n & 0x3f) << 8) | (*srcp & 0xff); + if (l >= eom - msg) { /*%< Out of range. */ errno = EMSGSIZE; return (-1); } + srcp = msg + l; checked += 2; /* * Check for loops in the compressed name; From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 16:50:04 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 10AECDAC for ; Thu, 7 Aug 2014 16:50:04 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E843A26D6 for ; Thu, 7 Aug 2014 16:50:03 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 2d9c by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 16:49:56 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 16:49:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269670 - in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bio crypto/bn crypto/cms crypto/conf crypto/ec crypto/evp crypto/idea crypto/objects crypto/ocsp crypto/pem cry... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3ae34.2d9c.69f9d0f4@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 16:50:04 -0000 Author: jkim Date: Thu Aug 7 16:49:55 2014 New Revision: 269670 URL: http://svnweb.freebsd.org/changeset/base/269670 Log: Import OpenSSL 1.0.1i. Added: vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod vendor-crypto/openssl/dist/ssl/ssl_utst.c (contents, props changed) Deleted: vendor-crypto/openssl/dist/crypto/pkcs7/bio_ber.c vendor-crypto/openssl/dist/crypto/pkcs7/dec.c vendor-crypto/openssl/dist/crypto/pkcs7/des.pem vendor-crypto/openssl/dist/crypto/pkcs7/doc vendor-crypto/openssl/dist/crypto/pkcs7/enc.c vendor-crypto/openssl/dist/crypto/pkcs7/es1.pem vendor-crypto/openssl/dist/crypto/pkcs7/example.c vendor-crypto/openssl/dist/crypto/pkcs7/example.h vendor-crypto/openssl/dist/crypto/pkcs7/info.pem vendor-crypto/openssl/dist/crypto/pkcs7/infokey.pem vendor-crypto/openssl/dist/crypto/pkcs7/p7/ vendor-crypto/openssl/dist/crypto/pkcs7/server.pem vendor-crypto/openssl/dist/crypto/pkcs7/sign.c vendor-crypto/openssl/dist/crypto/pkcs7/t/ vendor-crypto/openssl/dist/crypto/pkcs7/verify.c Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FAQ vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/ciphers.c vendor-crypto/openssl/dist/apps/crl2p7.c vendor-crypto/openssl/dist/apps/enc.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/progs.h vendor-crypto/openssl/dist/apps/progs.pl vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/crypto/asn1/a_object.c vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c vendor-crypto/openssl/dist/crypto/asn1/charmap.pl vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c vendor-crypto/openssl/dist/crypto/asn1/t_x509.c vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c vendor-crypto/openssl/dist/crypto/asn1/x_crl.c vendor-crypto/openssl/dist/crypto/bio/bio_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c vendor-crypto/openssl/dist/crypto/conf/conf_def.c vendor-crypto/openssl/dist/crypto/ec/ec_lib.c vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c vendor-crypto/openssl/dist/crypto/ec/ectest.c vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist/crypto/idea/ideatest.c vendor-crypto/openssl/dist/crypto/objects/obj_dat.c vendor-crypto/openssl/dist/crypto/objects/obj_dat.h vendor-crypto/openssl/dist/crypto/objects/obj_dat.pl vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c vendor-crypto/openssl/dist/crypto/opensslconf.h vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c vendor-crypto/openssl/dist/crypto/pkcs7/Makefile vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h vendor-crypto/openssl/dist/crypto/rand/rand_lib.c vendor-crypto/openssl/dist/crypto/rand/randfile.c vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c vendor-crypto/openssl/dist/crypto/srp/srp_lib.c vendor-crypto/openssl/dist/crypto/ui/ui_lib.c vendor-crypto/openssl/dist/doc/apps/asn1parse.pod vendor-crypto/openssl/dist/doc/apps/ca.pod vendor-crypto/openssl/dist/doc/apps/ciphers.pod vendor-crypto/openssl/dist/doc/apps/cms.pod vendor-crypto/openssl/dist/doc/apps/crl.pod vendor-crypto/openssl/dist/doc/apps/dhparam.pod vendor-crypto/openssl/dist/doc/apps/dsa.pod vendor-crypto/openssl/dist/doc/apps/ecparam.pod vendor-crypto/openssl/dist/doc/apps/gendsa.pod vendor-crypto/openssl/dist/doc/apps/genrsa.pod vendor-crypto/openssl/dist/doc/apps/rsa.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/s_server.pod vendor-crypto/openssl/dist/doc/apps/verify.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/apps/x509v3_config.pod vendor-crypto/openssl/dist/doc/crypto/ASN1_generate_nconf.pod vendor-crypto/openssl/dist/doc/crypto/BIO_f_base64.pod vendor-crypto/openssl/dist/doc/crypto/BIO_push.pod vendor-crypto/openssl/dist/doc/crypto/ERR_get_error.pod vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/EVP_SignInit.pod vendor-crypto/openssl/dist/doc/crypto/RSA_set_method.pod vendor-crypto/openssl/dist/doc/crypto/RSA_sign.pod vendor-crypto/openssl/dist/doc/crypto/des.pod vendor-crypto/openssl/dist/doc/crypto/err.pod vendor-crypto/openssl/dist/doc/crypto/pem.pod vendor-crypto/openssl/dist/doc/crypto/ui.pod vendor-crypto/openssl/dist/doc/fingerprints.txt vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_session.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cipher_list.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_CA_list.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_client_cert_cb.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod vendor-crypto/openssl/dist/doc/ssl/SSL_get_version.pod vendor-crypto/openssl/dist/doc/ssl/d2i_SSL_SESSION.pod vendor-crypto/openssl/dist/ssl/Makefile vendor-crypto/openssl/dist/ssl/d1_both.c vendor-crypto/openssl/dist/ssl/d1_clnt.c vendor-crypto/openssl/dist/ssl/d1_srvr.c vendor-crypto/openssl/dist/ssl/heartbeat_test.c vendor-crypto/openssl/dist/ssl/s23_lib.c vendor-crypto/openssl/dist/ssl/s23_srvr.c vendor-crypto/openssl/dist/ssl/s2_lib.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_enc.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl.h vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_err.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/ssl_stat.c vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/tls_srp.c vendor-crypto/openssl/dist/util/mk1mf.pl vendor-crypto/openssl/dist/util/mkdef.pl vendor-crypto/openssl/dist/util/mkerr.pl vendor-crypto/openssl/dist/util/ssleay.num Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/CHANGES Thu Aug 7 16:49:55 2014 (r269670) @@ -2,6 +2,92 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/Configure Thu Aug 7 16:49:55 2014 (r269670) @@ -720,6 +720,7 @@ my %disabled = ( # "what" => "co "sctp" => "default", "shared" => "default", "store" => "experimental", + "unit-test" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -727,7 +728,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE"; +my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). Modified: vendor-crypto/openssl/dist/FAQ ============================================================================== --- vendor-crypto/openssl/dist/FAQ Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/FAQ Thu Aug 7 16:49:55 2014 (r269670) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Aug 7 16:49:55 2014 (r269670) @@ -11,14 +11,14 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 1.0.1h -# OSSLTAG format: v1_0_1h +setenv OSSLVER 1.0.1i +# OSSLTAG format: v1_0_1i ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` cd /FreeBSD/work/openssl/merge -fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ - http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc +fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ + http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz svn co $FSVN/vendor-crypto/openssl/dist dist @@ -43,13 +43,13 @@ comm -13 ../old ../new | xargs svn --par svn stat svn ci -svn cp $FSVN/vendor-crypto/openssl/dist $FSVN/vendor-crypto/openssl/$OSSLVER +svn cp ^/vendor-crypto/openssl/dist ^/vendor-crypto/openssl/$OSSLVER # Merge to head mkdir ../head cd ../head svn co $FSVN/head/crypto/openssl crypto/openssl -svn merge $FSVN/vendor-crypto/openssl/dist crypto/openssl +svn merge ^/vendor-crypto/openssl/dist crypto/openssl # Resolve conflicts manually Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/Makefile Thu Aug 7 16:49:55 2014 (r269670) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1h +VERSION=1.0.1i MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= EX_LIBS= EXE_EXT= Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/NEWS Thu Aug 7 16:49:55 2014 (r269670) @@ -5,10 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] + + o Fix for CVE-2014-3512 + o Fix for CVE-2014-3511 + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3509 + o Fix for CVE-2014-5139 + o Fix for CVE-2014-3508 + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/README Thu Aug 7 16:49:55 2014 (r269670) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1h 5 Jun 2014 + OpenSSL 1.0.1i 6 Aug 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/apps.c Thu Aug 7 16:49:55 2014 (r269670) @@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -1542,6 +1544,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ca.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: vendor-crypto/openssl/dist/apps/ciphers.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ciphers.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ciphers.c Thu Aug 7 16:49:55 2014 (r269670) @@ -96,13 +96,7 @@ int MAIN(int argc, char **argv) char buf[512]; BIO *STDout=NULL; -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_server_method(); -#endif apps_startup(); Modified: vendor-crypto/openssl/dist/apps/crl2p7.c ============================================================================== --- vendor-crypto/openssl/dist/apps/crl2p7.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/crl2p7.c Thu Aug 7 16:49:55 2014 (r269670) @@ -141,7 +141,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_OPENSSL_STRING_push(certflst,*(++argv))) + { + sk_OPENSSL_STRING_free(certflst); + goto end; + } } else { Modified: vendor-crypto/openssl/dist/apps/enc.c ============================================================================== --- vendor-crypto/openssl/dist/apps/enc.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/enc.c Thu Aug 7 16:49:55 2014 (r269670) @@ -67,7 +67,9 @@ #include #include #include +#ifndef OPENSSL_NO_COMP #include +#endif #include int set_hex(char *in,unsigned char *out,int size); @@ -337,6 +339,12 @@ bad: goto end; } + if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) + { + BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n"); + goto end; + } + if (md && (dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); Modified: vendor-crypto/openssl/dist/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ocsp.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/ocsp.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (cbio) BIO_free_all(cbio); Modified: vendor-crypto/openssl/dist/apps/progs.h ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.h Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/progs.h Thu Aug 7 16:49:55 2014 (r269670) @@ -107,16 +107,16 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif #ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, #endif -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, @@ -126,7 +126,7 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, -#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) +#if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, #endif {FUNC_TYPE_GENERAL,"nseq",nseq_main}, Modified: vendor-crypto/openssl/dist/apps/progs.pl ============================================================================== --- vendor-crypto/openssl/dist/apps/progs.pl Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/progs.pl Thu Aug 7 16:49:55 2014 (r269670) @@ -32,7 +32,7 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) Modified: vendor-crypto/openssl/dist/apps/s_client.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_client.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/s_client.c Thu Aug 7 16:49:55 2014 (r269670) @@ -290,6 +290,7 @@ static void sc_usage(void) BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); @@ -300,6 +301,7 @@ static void sc_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); + BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); BIO_printf(bio_err," -debug - extra output\n"); #ifdef WATT32 Modified: vendor-crypto/openssl/dist/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_server.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/apps/s_server.c Thu Aug 7 16:49:55 2014 (r269670) @@ -463,6 +463,7 @@ static void sv_usage(void) BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -verify_return_error - return verification errors\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ @@ -534,6 +535,7 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); @@ -562,6 +564,10 @@ static void sv_usage(void) #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + BIO_printf(bio_err," -status - respond to certificate status requests\n"); + BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); + BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); + BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); } static int local_argc=0; @@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1356,6 +1362,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) if (jpake_secret) Modified: vendor-crypto/openssl/dist/crypto/asn1/a_object.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_object.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/a_object.c Thu Aug 7 16:49:55 2014 (r269670) @@ -283,17 +283,29 @@ err: ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT data = (unsigned char *)ret->data; ret->data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret->length < len)) + if ((data == NULL) || (ret->length < length)) { ret->length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret->data =data; - ret->length=(int)len; + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Modified: vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c Thu Aug 7 16:49:55 2014 (r269670) @@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT struct tm *ts; struct tm data; size_t len = 20; + int free_s = 0; if (s == NULL) + { + free_s = 1; s=M_ASN1_UTCTIME_new(); + } if (s == NULL) - return(NULL); + goto err; + ts=OPENSSL_gmtime(&t, &data); if (ts == NULL) - return(NULL); + goto err; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; + goto err; } if((ts->tm_year < 50) || (ts->tm_year >= 150)) - return NULL; + goto err; p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) @@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT if (p == NULL) { ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE); - return(NULL); + goto err; } if (s->data != NULL) OPENSSL_free(s->data); @@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCT ebcdic2ascii(s->data, s->data, s->length); #endif return(s); + err: + if (free_s && s) + M_ASN1_UTCTIME_free(s); + return NULL; } @@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_U t -= offset*60; /* FIXME: may overflow in extreme cases */ tm = OPENSSL_gmtime(&t, &data); + /* NB: -1, 0, 1 already valid return values so use -2 to + * indicate error. + */ + if (tm == NULL) + return -2; #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); Modified: vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int if (!ameth) return 0; ameth->pkey_base_id = to; - return EVP_PKEY_asn1_add0(ameth); + if (!EVP_PKEY_asn1_add0(ameth)) + { + EVP_PKEY_asn1_free(ameth); + return 0; + } + return 1; } int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, Modified: vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Modified: vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c Thu Aug 7 16:49:55 2014 (r269670) @@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Modified: vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c Thu Aug 7 16:49:55 2014 (r269670) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Modified: vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c Thu Aug 7 16:49:55 2014 (r269670) @@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b) if (!ctx) return 0; if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) + { + OPENSSL_free(ctx); return 0; + } b->init = 1; b->ptr = (char *)ctx; b->flags = 0; Modified: vendor-crypto/openssl/dist/crypto/asn1/charmap.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/charmap.pl Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/charmap.pl Thu Aug 7 16:49:55 2014 (r269670) @@ -1,5 +1,8 @@ #!/usr/local/bin/perl -w +# Written by Dr Stephen N Henson (steve@openssl.org). +# Licensed under the terms of the OpenSSL license. + use strict; my ($i, @arr); Modified: vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c Thu Aug 7 16:49:55 2014 (r269670) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Modified: vendor-crypto/openssl/dist/crypto/asn1/t_x509.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/t_x509.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/t_x509.c Thu Aug 7 16:49:55 2014 (r269670) @@ -475,6 +475,8 @@ int X509_NAME_print(BIO *bp, X509_NAME * l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c Thu Aug 7 16:49:55 2014 (r269670) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Modified: vendor-crypto/openssl/dist/crypto/asn1/x_crl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_crl.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/asn1/x_crl.c Thu Aug 7 16:49:55 2014 (r269670) @@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VA { /* We handle IDP and deltas */ if ((nid == NID_issuing_distribution_point) + || (nid == NID_authority_key_identifier) || (nid == NID_delta_crl)) break;; crl->flags |= EXFLAG_CRITICAL; Modified: vendor-crypto/openssl/dist/crypto/bio/bio_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Aug 7 16:49:55 2014 (r269670) @@ -680,7 +680,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as * 512-bit RSA is hardly relevant, we omit it to spare size... */ - if (window==5) + if (window==5 && top>1) { void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap, const void *table,const BN_ULONG *np, Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ Modified: vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c Thu Aug 7 16:49:55 2014 (r269670) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Modified: vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c Thu Aug 7 16:49:55 2014 (r269670) @@ -93,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_pa X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; + env = cms_get0_enveloped(cms); if (!env) - goto err; + return NULL; if (wrap_nid <= 0) wrap_nid = NID_id_alg_PWRI_KEK; Modified: vendor-crypto/openssl/dist/crypto/conf/conf_def.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/conf/conf_def.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/conf/conf_def.c Thu Aug 7 16:49:55 2014 (r269670) @@ -321,7 +321,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Modified: vendor-crypto/openssl/dist/crypto/ec/ec_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec_lib.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/ec/ec_lib.c Thu Aug 7 16:49:55 2014 (r269670) @@ -942,7 +942,7 @@ int EC_POINT_dbl(const EC_GROUP *group, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Modified: vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c Thu Aug 7 16:49:50 2014 (r269669) +++ vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c Thu Aug 7 16:49:55 2014 (r269670) @@ -1181,9 +1181,8 @@ int ec_GFp_simple_make_affine(const EC_G int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1198,124 +1197,104 @@ int ec_GFp_simple_points_make_affine(con } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; - - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; + + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } + + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ + + if (!BN_is_zero(&points[0]->Z)) + { + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; + } + else + { + if (!BN_one(prod_Z[0])) goto err; } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!BN_copy(heap[i], heap[i/2])) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 16:50:47 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7A5B4F17 for ; Thu, 7 Aug 2014 16:50:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5067D276B for ; Thu, 7 Aug 2014 16:50:47 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 2159 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 16:50:47 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 16:50:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269671 - vendor-crypto/openssl/1.0.1i X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3ae67.2159.6a4fbafe@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 16:50:47 -0000 Author: jkim Date: Thu Aug 7 16:50:46 2014 New Revision: 269671 URL: http://svnweb.freebsd.org/changeset/base/269671 Log: Tag OpenSSL 1.0.1i. Added: vendor-crypto/openssl/1.0.1i/ - copied from r269670, vendor-crypto/openssl/dist/ From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 16:51:58 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AF93B19F for ; Thu, 7 Aug 2014 16:51:58 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 963622797 for ; Thu, 7 Aug 2014 16:51:58 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 23cc by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 16:51:51 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 16:51:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269672 - in vendor-crypto/openssl/dist-0.9.8: . apps crypto crypto/asn1 crypto/bio crypto/bn crypto/camellia/asm crypto/conf crypto/ec crypto/idea crypto/objects crypto/ocsp crypto/pkc... X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3aea7.23cc.8cfb32f@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 16:51:58 -0000 Author: jkim Date: Thu Aug 7 16:51:50 2014 New Revision: 269672 URL: http://svnweb.freebsd.org/changeset/base/269672 Log: Import 0.9.8zb. Added: vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod Deleted: vendor-crypto/openssl/dist-0.9.8/crypto/camellia/asm/ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/bio_ber.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/dec.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/des.pem vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/doc vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/enc.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/es1.pem vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/example.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/example.h vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/info.pem vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/infokey.pem vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/p7/ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/server.pem vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/sign.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/t/ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/verify.c vendor-crypto/openssl/dist-0.9.8/demos/eay/ vendor-crypto/openssl/dist-0.9.8/demos/maurice/ Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES vendor-crypto/openssl/dist-0.9.8/FAQ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade vendor-crypto/openssl/dist-0.9.8/Makefile vendor-crypto/openssl/dist-0.9.8/NEWS vendor-crypto/openssl/dist-0.9.8/README vendor-crypto/openssl/dist-0.9.8/apps/apps.c vendor-crypto/openssl/dist-0.9.8/apps/ca.c vendor-crypto/openssl/dist-0.9.8/apps/crl2p7.c vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c vendor-crypto/openssl/dist-0.9.8/apps/s_server.c vendor-crypto/openssl/dist-0.9.8/apps/speed.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_object.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_mime.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_pack.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/evp_asn1.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_x509.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_enc.c vendor-crypto/openssl/dist-0.9.8/crypto/bio/bio_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_gf2m.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_sqr.c vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_api.c vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_def.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c vendor-crypto/openssl/dist-0.9.8/crypto/idea/ideatest.c vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_ht.c vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/Makefile vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_eay.c vendor-crypto/openssl/dist-0.9.8/crypto/ui/ui_lib.c vendor-crypto/openssl/dist-0.9.8/doc/apps/asn1parse.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/ca.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/crl.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/dhparam.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/dsa.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/ecparam.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/gendsa.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/genrsa.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/rsa.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/s_client.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/s_server.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/smime.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/verify.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/x509.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/x509v3_config.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/ASN1_generate_nconf.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/BIO_f_base64.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/BIO_push.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/ERR_get_error.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/RSA_set_method.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/RSA_sign.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/des.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/err.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/pem.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/ui.pod vendor-crypto/openssl/dist-0.9.8/doc/fingerprints.txt vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CIPHER_get_name.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_COMP_add_compression_method.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_add_extra_chain_cert.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_add_session.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_load_verify_locations.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_client_CA_list.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_client_cert_cb.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_options.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_session_id_context.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_ssl_version.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_verify.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_accept.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_clear.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_connect.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_do_handshake.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_get_version.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_read.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_session_reused.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_set_fd.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_set_session.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_shutdown.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_write.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/d2i_SSL_SESSION.pod vendor-crypto/openssl/dist-0.9.8/openssl.spec vendor-crypto/openssl/dist-0.9.8/ssl/d1_both.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/s23_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/s23_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_pkt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl_ciph.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl_stat.c vendor-crypto/openssl/dist-0.9.8/ssl/t1_lib.c vendor-crypto/openssl/dist-0.9.8/util/mkerr.pl Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/CHANGES Thu Aug 7 16:51:50 2014 (r269672) @@ -2,6 +2,53 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Modified: vendor-crypto/openssl/dist-0.9.8/FAQ ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FAQ Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/FAQ Thu Aug 7 16:51:50 2014 (r269672) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Aug 7 16:51:50 2014 (r269672) @@ -11,14 +11,14 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 0.9.8za -# OSSLTAG format: v0_9_8za +setenv OSSLVER 0.9.8zb +# OSSLTAG format: v0_9_8zb ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` cd /FreeBSD/work/openssl/merge -fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ - http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc +fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz \ + http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz svn co $FSVN/vendor-crypto/openssl/dist-0.9.8 dist-0.9.8 Modified: vendor-crypto/openssl/dist-0.9.8/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Makefile Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/Makefile Thu Aug 7 16:51:50 2014 (r269672) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8za +VERSION=0.9.8zb MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: vendor-crypto/openssl/dist-0.9.8/NEWS ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/NEWS Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/NEWS Thu Aug 7 16:51:50 2014 (r269672) @@ -5,6 +5,22 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: + + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3508 + + Known issues in OpenSSL 0.9.8za: + + o Compilation failure of s3_pkt.c on some platforms due to missing + include. Fixed in 0.9.8zb-dev. + o FIPS capable link failure with missing symbol BN_consttime_swap. + Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC + algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 Modified: vendor-crypto/openssl/dist-0.9.8/README ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/README Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/README Thu Aug 7 16:51:50 2014 (r269672) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8za 5 Jun 2014 + OpenSSL 0.9.8zb 6 Aug 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist-0.9.8/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/apps.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/apps.c Thu Aug 7 16:51:50 2014 (r269672) @@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -1429,6 +1431,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: vendor-crypto/openssl/dist-0.9.8/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/ca.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/ca.c Thu Aug 7 16:51:50 2014 (r269672) @@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: vendor-crypto/openssl/dist-0.9.8/apps/crl2p7.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/crl2p7.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/crl2p7.c Thu Aug 7 16:51:50 2014 (r269672) @@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_push(certflst,*(++argv))) + { + sk_free(certflst); + goto end; + } } else { Modified: vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c Thu Aug 7 16:51:50 2014 (r269672) @@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (ctx) SSL_CTX_free(ctx); Modified: vendor-crypto/openssl/dist-0.9.8/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/s_server.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/s_server.c Thu Aug 7 16:51:50 2014 (r269672) @@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1095,6 +1095,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -1922,8 +1930,10 @@ again: #ifdef CHARSET_EBCDIC ascii2ebcdic(buf,buf,i); #endif - write(fileno(stdout),buf, - (unsigned int)i); + if (write(fileno(stdout),buf, + (unsigned int)i) != i) + goto err; + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: Modified: vendor-crypto/openssl/dist-0.9.8/apps/speed.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/speed.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/apps/speed.c Thu Aug 7 16:51:50 2014 (r269672) @@ -2767,7 +2767,11 @@ static int do_multi(int multi) fds=malloc(multi*sizeof *fds); for(n=0 ; n < multi ; ++n) { - pipe(fd); + if (pipe(fd) == -1) + { + fprintf(stderr, "pipe failure\n"); + exit(1); + } fflush(stdout); fflush(stderr); if(fork()) @@ -2779,7 +2783,11 @@ static int do_multi(int multi) { close(fd[0]); close(1); - dup(fd[1]); + if (dup(fd[1]) == -1) + { + fprintf(stderr, "dup failed\n"); + exit(1); + } close(fd[1]); mr=1; usertime=0; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_object.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_object.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_object.c Thu Aug 7 16:51:50 2014 (r269672) @@ -285,16 +285,28 @@ err: ASN1_OBJECT_free(ret); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT else ret=(*a); p= *pp; - if ((ret->data == NULL) || (ret->length < len)) + if ((ret->data == NULL) || (ret->length < length)) { if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + ret->data=(unsigned char *)OPENSSL_malloc(length); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } } - memcpy(ret->data,p,(int)len); - ret->length=(int)len; + memcpy(ret->data,p,length); + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_lib.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn1_lib.c Thu Aug 7 16:51:50 2014 (r269672) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_mime.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_mime.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_mime.c Thu Aug 7 16:51:50 2014 (r269672) @@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_pack.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_pack.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/asn_pack.c Thu Aug 7 16:51:50 2014 (r269672) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/evp_asn1.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/evp_asn1.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/evp_asn1.c Thu Aug 7 16:51:50 2014 (r269672) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_x509.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_x509.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_x509.c Thu Aug 7 16:51:50 2014 (r269672) @@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME * l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_enc.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_enc.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/tasn_enc.c Thu Aug 7 16:51:50 2014 (r269672) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bio/bio_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bio/bio_lib.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bio/bio_lib.c Thu Aug 7 16:51:50 2014 (r269672) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_gf2m.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_gf2m.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_gf2m.c Thu Aug 7 16:51:50 2014 (r269672) @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c Thu Aug 7 16:51:50 2014 (r269672) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ @@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_sqr.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_sqr.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_sqr.c Thu Aug 7 16:51:50 2014 (r269672) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_api.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_api.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_api.c Thu Aug 7 16:51:50 2014 (r269672) @@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf v->value=(char *)sk; vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) Modified: vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_def.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_def.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/conf/conf_def.c Thu Aug 7 16:51:50 2014 (r269672) @@ -324,7 +324,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c Thu Aug 7 16:51:50 2014 (r269672) @@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ec/ecp_smpl.c Thu Aug 7 16:51:50 2014 (r269672) @@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_G int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(con } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; - - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; + + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } + + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ + + if (!BN_is_zero(&points[0]->Z)) + { + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; + } + else + { + if (!BN_one(prod_Z[0])) goto err; } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!BN_copy(heap[i], heap[i/2])) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ + if (!BN_is_zero(&points[0]->Z)) + { + /* Replace points[0]->Z by its inverse. */ + if (!BN_copy(&points[0]->Z, tmp)) goto err; + } + + /* Finally, fix up the X and Y coordinates for all points. */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; + + if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - if (group->meth->field_set_to_one != 0) { if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; @@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(con } ret = 1; - + err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (heap != NULL) + if (prod_Z != NULL) { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) + for (i = 0; i < num; i++) { - if (heap[i] != NULL) - BN_clear_free(heap[i]); + if (prod_Z[i] != NULL) + BN_clear_free(prod_Z[i]); } - OPENSSL_free(heap); + OPENSSL_free(prod_Z); } return ret; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/idea/ideatest.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/idea/ideatest.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/idea/ideatest.c Thu Aug 7 16:51:50 2014 (r269672) @@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb } memcpy(cfb_tmp,cfb_iv,8); n=0; - idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks, + idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks, cfb_tmp,&n,IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)CFB_TEST_SIZE-17,&dks, + idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]), + (long)CFB_TEST_SIZE-13,&eks, cfb_tmp,&n,IDEA_DECRYPT); if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0) { Modified: vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/objects/obj_dat.c Thu Aug 7 16:51:50 2014 (r269672) @@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); - } + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf && buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) + return(0); if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) { @@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i=(int)(l/40); l-=(long)(i*40); } - if (buf && (buf_len > 0)) + if (buf && (buf_len > 1)) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } n++; @@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i = strlen(bndec); if (buf) { - if (buf_len > 0) + if (buf_len > 1) { *buf++ = '.'; + *buf = '\0'; buf_len--; } BUF_strlcpy(buf,bndec,buf_len); @@ -786,4 +789,3 @@ err: OPENSSL_free(buf); return(ok); } - Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_ht.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_ht.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_ht.c Thu Aug 7 16:51:50 2014 (r269672) @@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, ctx = OCSP_sendreq_new(b, path, req, -1); + if (!ctx) + return NULL; + do { rv = OCSP_sendreq_nbio(&resp, ctx); Modified: vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_lib.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/ocsp/ocsp_lib.c Thu Aug 7 16:51:50 2014 (r269672) @@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **pho if (!*ppath) goto mem_err; + p = host; + if(host[0] == '[') + { + /* ipv6 literal */ + host++; + p = strchr(host, ']'); + if(!p) goto parse_err; + *p = '\0'; + p++; + } + /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) + if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h Thu Aug 7 16:51:50 2014 (r269672) @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081afL +#define OPENSSL_VERSION_NUMBER 0x009081bfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-fips 6 Aug 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb 6 Aug 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/Makefile Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/pkcs7/Makefile Thu Aug 7 16:51:50 2014 (r269672) @@ -39,20 +39,6 @@ test: all: lib -testapps: enc dec sign verify - -enc: enc.o lib - $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -dec: dec.o lib - $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -sign: sign.o lib - $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -verify: verify.o example.o lib - $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) - lib: $(LIBOBJ) $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. Modified: vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_eay.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_eay.c Thu Aug 7 16:50:46 2014 (r269671) +++ vendor-crypto/openssl/dist-0.9.8/crypto/rsa/rsa_eay.c Thu Aug 7 16:51:50 2014 (r269672) @@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int f *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 16:53:00 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0008A308 for ; Thu, 7 Aug 2014 16:52:59 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C83F727B9 for ; Thu, 7 Aug 2014 16:52:59 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 241c by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 16:52:59 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 16:52:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269673 - vendor-crypto/openssl/0.9.8zb X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3aeeb.241c.5ef0252@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 16:53:00 -0000 Author: jkim Date: Thu Aug 7 16:52:59 2014 New Revision: 269673 URL: http://svnweb.freebsd.org/changeset/base/269673 Log: Tag OpenSSL 0.9.8zb. Added: vendor-crypto/openssl/0.9.8zb/ - copied from r269672, vendor-crypto/openssl/dist-0.9.8/ From owner-svn-src-vendor@FreeBSD.ORG Thu Aug 7 17:05:26 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 500A9E61 for ; Thu, 7 Aug 2014 17:05:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 25C5F28FD for ; Thu, 7 Aug 2014 17:05:26 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 2a92 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 17:05:26 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 17:05:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269676 - vendor-crypto/openssl/dist-0.9.8 X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3b1d6.2a92.6a1ecdfb@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 17:05:26 -0000 Author: jkim Date: Thu Aug 7 17:05:25 2014 New Revision: 269676 URL: http://svnweb.freebsd.org/changeset/base/269676 Log: Sync. with ^/vendor-crypto/openssl/dist/FREEBSD-upgrade. Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Aug 7 17:00:50 2014 (r269675) +++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Thu Aug 7 17:05:25 2014 (r269676) @@ -35,20 +35,21 @@ comm -23 old new # See that files to add makes sense comm -13 old new -tar -cf - -C openssl-${OSSLVER} . | tar xf - -C dist-0.9.8 +tar -cf - -C openssl-${OSSLVER} . | tar -xf - -C dist-0.9.8 cd dist-0.9.8 comm -23 ../old ../new | xargs svn rm +# Make sure to remove empty directories comm -13 ../old ../new | xargs svn --parents add svn stat svn ci -svn cp $FSVN/vendor-crypto/openssl/dist-0.9.8 $FSVN/vendor-crypto/openssl/$OSSLVER +svn cp ^/vendor-crypto/openssl/dist-0.9.8 ^/vendor-crypto/openssl/$OSSLVER # Merge to head mkdir ../head cd ../head svn co $FSVN/head/crypto/openssl crypto/openssl -svn merge $FSVN/vendor-crypto/openssl/dist-0.9.8 crypto/openssl +svn merge ^/vendor-crypto/openssl/dist-0.9.8 crypto/openssl # Resolve conflicts manually From owner-svn-src-vendor@FreeBSD.ORG Sat Aug 9 20:03:41 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5B68831B for ; Sat, 9 Aug 2014 20:03:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2EE972243 for ; Sat, 9 Aug 2014 20:03:41 +0000 (UTC) Received: from ume (uid 812) (envelope-from ume@FreeBSD.org) id 2875 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Sat, 09 Aug 2014 20:03:41 +0000 From: Hajimu UMEMOTO Date: Sat, 9 Aug 2014 20:03:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269763 - in vendor/resolver: 9.5.0/include dist/include X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e67e9d.2875.8ed8937@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 20:03:41 -0000 Author: ume Date: Sat Aug 9 20:03:40 2014 New Revision: 269763 URL: http://svnweb.freebsd.org/changeset/base/269763 Log: We don't use these files. Deleted: vendor/resolver/9.5.0/include/hesiod.h vendor/resolver/9.5.0/include/netgroup.h vendor/resolver/dist/include/hesiod.h vendor/resolver/dist/include/netgroup.h