Date: Tue, 1 Mar 2016 22:08:28 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r296279 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm cr... Message-ID: <201603012208.u21M8Sk2041551@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue Mar 1 22:08:28 2016 New Revision: 296279 URL: https://svnweb.freebsd.org/changeset/base/296279 Log: Merge OpenSSL 1.0.2g. Relnotes: yes Added: head/crypto/openssl/ssl/sslv2conftest.c - copied unchanged from r296273, vendor-crypto/openssl/dist/ssl/sslv2conftest.c Modified: head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/Makefile head/crypto/openssl/Makefile.shared head/crypto/openssl/NEWS head/crypto/openssl/README head/crypto/openssl/apps/apps.c head/crypto/openssl/apps/apps.h head/crypto/openssl/apps/pkeyutl.c head/crypto/openssl/apps/req.c head/crypto/openssl/apps/rsautl.c head/crypto/openssl/apps/s_client.c head/crypto/openssl/apps/s_server.c head/crypto/openssl/config head/crypto/openssl/crypto/asn1/tasn_dec.c head/crypto/openssl/crypto/bio/b_print.c head/crypto/openssl/crypto/bio/bio.h head/crypto/openssl/crypto/bio/bss_mem.c head/crypto/openssl/crypto/bn/Makefile head/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl head/crypto/openssl/crypto/bn/bn.h head/crypto/openssl/crypto/bn/bn_exp.c head/crypto/openssl/crypto/bn/bn_print.c head/crypto/openssl/crypto/bn/bn_recp.c head/crypto/openssl/crypto/cmac/cmac.c head/crypto/openssl/crypto/cryptlib.c head/crypto/openssl/crypto/crypto.h head/crypto/openssl/crypto/dh/dh.h head/crypto/openssl/crypto/dh/dh_check.c head/crypto/openssl/crypto/dsa/dsa_ameth.c head/crypto/openssl/crypto/dso/dso_lib.c head/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl head/crypto/openssl/crypto/ec/ecp_nistp224.c head/crypto/openssl/crypto/ec/ecp_nistp256.c head/crypto/openssl/crypto/ec/ecp_nistp521.c head/crypto/openssl/crypto/ec/ectest.c head/crypto/openssl/crypto/engine/eng_dyn.c head/crypto/openssl/crypto/evp/e_des.c head/crypto/openssl/crypto/evp/e_des3.c head/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl head/crypto/openssl/crypto/modes/ctr128.c head/crypto/openssl/crypto/opensslconf.h head/crypto/openssl/crypto/opensslv.h head/crypto/openssl/crypto/perlasm/x86_64-xlate.pl head/crypto/openssl/crypto/pkcs7/pk7_smime.c head/crypto/openssl/crypto/rsa/rsa_sign.c head/crypto/openssl/crypto/srp/srp.h head/crypto/openssl/crypto/srp/srp_vfy.c head/crypto/openssl/crypto/stack/stack.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/doc/apps/ciphers.pod head/crypto/openssl/doc/apps/pkeyutl.pod head/crypto/openssl/doc/apps/req.pod head/crypto/openssl/doc/apps/s_client.pod head/crypto/openssl/doc/apps/s_server.pod head/crypto/openssl/doc/crypto/BIO_s_mem.pod head/crypto/openssl/doc/ssl/SSL_CONF_cmd.pod head/crypto/openssl/doc/ssl/SSL_CTX_new.pod head/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod head/crypto/openssl/doc/ssl/ssl.pod head/crypto/openssl/engines/e_capi.c head/crypto/openssl/ssl/Makefile head/crypto/openssl/ssl/s2_lib.c head/crypto/openssl/ssl/s3_lib.c head/crypto/openssl/ssl/ssl.h head/crypto/openssl/ssl/ssl_conf.c head/crypto/openssl/ssl/ssl_err.c head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/util/libeay.num head/crypto/openssl/util/mk1mf.pl head/crypto/openssl/util/pl/BC-32.pl head/crypto/openssl/util/pl/Mingw32.pl head/crypto/openssl/util/pl/OS2-EMX.pl head/crypto/openssl/util/pl/VC-32.pl head/crypto/openssl/util/pl/linux.pl head/crypto/openssl/util/pl/netware.pl head/crypto/openssl/util/pl/ultrix.pl head/crypto/openssl/util/pl/unix.pl head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/amd64/aes-x86_64.S head/secure/lib/libcrypto/amd64/aesni-sha1-x86_64.S head/secure/lib/libcrypto/amd64/aesni-x86_64.S head/secure/lib/libcrypto/amd64/bsaes-x86_64.S head/secure/lib/libcrypto/amd64/cmll-x86_64.S head/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S head/secure/lib/libcrypto/amd64/ghash-x86_64.S head/secure/lib/libcrypto/amd64/md5-x86_64.S head/secure/lib/libcrypto/amd64/rsaz-x86_64.S head/secure/lib/libcrypto/amd64/sha1-mb-x86_64.S head/secure/lib/libcrypto/amd64/sha1-x86_64.S head/secure/lib/libcrypto/amd64/sha256-mb-x86_64.S head/secure/lib/libcrypto/amd64/sha256-x86_64.S head/secure/lib/libcrypto/amd64/vpaes-x86_64.S head/secure/lib/libcrypto/amd64/x86_64-gf2m.S head/secure/lib/libcrypto/amd64/x86_64-mont.S head/secure/lib/libcrypto/amd64/x86_64-mont5.S head/secure/lib/libcrypto/amd64/x86_64cpuid.S head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/BIO_ctrl.3 head/secure/lib/libcrypto/man/BIO_f_base64.3 head/secure/lib/libcrypto/man/BIO_f_buffer.3 head/secure/lib/libcrypto/man/BIO_f_cipher.3 head/secure/lib/libcrypto/man/BIO_f_md.3 head/secure/lib/libcrypto/man/BIO_f_null.3 head/secure/lib/libcrypto/man/BIO_f_ssl.3 head/secure/lib/libcrypto/man/BIO_find_type.3 head/secure/lib/libcrypto/man/BIO_new.3 head/secure/lib/libcrypto/man/BIO_new_CMS.3 head/secure/lib/libcrypto/man/BIO_push.3 head/secure/lib/libcrypto/man/BIO_read.3 head/secure/lib/libcrypto/man/BIO_s_accept.3 head/secure/lib/libcrypto/man/BIO_s_bio.3 head/secure/lib/libcrypto/man/BIO_s_connect.3 head/secure/lib/libcrypto/man/BIO_s_fd.3 head/secure/lib/libcrypto/man/BIO_s_file.3 head/secure/lib/libcrypto/man/BIO_s_mem.3 head/secure/lib/libcrypto/man/BIO_s_null.3 head/secure/lib/libcrypto/man/BIO_s_socket.3 head/secure/lib/libcrypto/man/BIO_set_callback.3 head/secure/lib/libcrypto/man/BIO_should_retry.3 head/secure/lib/libcrypto/man/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/BN_CTX_new.3 head/secure/lib/libcrypto/man/BN_CTX_start.3 head/secure/lib/libcrypto/man/BN_add.3 head/secure/lib/libcrypto/man/BN_add_word.3 head/secure/lib/libcrypto/man/BN_bn2bin.3 head/secure/lib/libcrypto/man/BN_cmp.3 head/secure/lib/libcrypto/man/BN_copy.3 head/secure/lib/libcrypto/man/BN_generate_prime.3 head/secure/lib/libcrypto/man/BN_mod_inverse.3 head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/BN_new.3 head/secure/lib/libcrypto/man/BN_num_bytes.3 head/secure/lib/libcrypto/man/BN_rand.3 head/secure/lib/libcrypto/man/BN_set_bit.3 head/secure/lib/libcrypto/man/BN_swap.3 head/secure/lib/libcrypto/man/BN_zero.3 head/secure/lib/libcrypto/man/CMS_add0_cert.3 head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/CMS_add1_signer.3 head/secure/lib/libcrypto/man/CMS_compress.3 head/secure/lib/libcrypto/man/CMS_decrypt.3 head/secure/lib/libcrypto/man/CMS_encrypt.3 head/secure/lib/libcrypto/man/CMS_final.3 head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/CMS_get0_type.3 head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/CMS_sign.3 head/secure/lib/libcrypto/man/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/CMS_uncompress.3 head/secure/lib/libcrypto/man/CMS_verify.3 head/secure/lib/libcrypto/man/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/CONF_modules_free.3 head/secure/lib/libcrypto/man/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 head/secure/lib/libcrypto/man/DH_generate_key.3 head/secure/lib/libcrypto/man/DH_generate_parameters.3 head/secure/lib/libcrypto/man/DH_get_ex_new_index.3 head/secure/lib/libcrypto/man/DH_new.3 head/secure/lib/libcrypto/man/DH_set_method.3 head/secure/lib/libcrypto/man/DH_size.3 head/secure/lib/libcrypto/man/DSA_SIG_new.3 head/secure/lib/libcrypto/man/DSA_do_sign.3 head/secure/lib/libcrypto/man/DSA_dup_DH.3 head/secure/lib/libcrypto/man/DSA_generate_key.3 head/secure/lib/libcrypto/man/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/DSA_new.3 head/secure/lib/libcrypto/man/DSA_set_method.3 head/secure/lib/libcrypto/man/DSA_sign.3 head/secure/lib/libcrypto/man/DSA_size.3 head/secure/lib/libcrypto/man/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/EC_GROUP_new.3 head/secure/lib/libcrypto/man/EC_KEY_new.3 head/secure/lib/libcrypto/man/EC_POINT_add.3 head/secure/lib/libcrypto/man/EC_POINT_new.3 head/secure/lib/libcrypto/man/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/ERR_clear_error.3 head/secure/lib/libcrypto/man/ERR_error_string.3 head/secure/lib/libcrypto/man/ERR_get_error.3 head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/ERR_load_strings.3 head/secure/lib/libcrypto/man/ERR_print_errors.3 head/secure/lib/libcrypto/man/ERR_put_error.3 head/secure/lib/libcrypto/man/ERR_remove_state.3 head/secure/lib/libcrypto/man/ERR_set_mark.3 head/secure/lib/libcrypto/man/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/EVP_DigestInit.3 head/secure/lib/libcrypto/man/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/EVP_OpenInit.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/EVP_SealInit.3 head/secure/lib/libcrypto/man/EVP_SignInit.3 head/secure/lib/libcrypto/man/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/OPENSSL_config.3 head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/PKCS12_create.3 head/secure/lib/libcrypto/man/PKCS12_parse.3 head/secure/lib/libcrypto/man/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/PKCS7_sign.3 head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/PKCS7_verify.3 head/secure/lib/libcrypto/man/RAND_add.3 head/secure/lib/libcrypto/man/RAND_bytes.3 head/secure/lib/libcrypto/man/RAND_cleanup.3 head/secure/lib/libcrypto/man/RAND_egd.3 head/secure/lib/libcrypto/man/RAND_load_file.3 head/secure/lib/libcrypto/man/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/RSA_blinding_on.3 head/secure/lib/libcrypto/man/RSA_check_key.3 head/secure/lib/libcrypto/man/RSA_generate_key.3 head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/RSA_new.3 head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/RSA_print.3 head/secure/lib/libcrypto/man/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/RSA_set_method.3 head/secure/lib/libcrypto/man/RSA_sign.3 head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/RSA_size.3 head/secure/lib/libcrypto/man/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/X509_check_host.3 head/secure/lib/libcrypto/man/X509_new.3 head/secure/lib/libcrypto/man/X509_verify_cert.3 head/secure/lib/libcrypto/man/bio.3 head/secure/lib/libcrypto/man/blowfish.3 head/secure/lib/libcrypto/man/bn.3 head/secure/lib/libcrypto/man/bn_internal.3 head/secure/lib/libcrypto/man/buffer.3 head/secure/lib/libcrypto/man/crypto.3 head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 head/secure/lib/libcrypto/man/d2i_DHparams.3 head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_ECPKParameters.3 head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_X509.3 head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 head/secure/lib/libcrypto/man/d2i_X509_CRL.3 head/secure/lib/libcrypto/man/d2i_X509_NAME.3 head/secure/lib/libcrypto/man/d2i_X509_REQ.3 head/secure/lib/libcrypto/man/d2i_X509_SIG.3 head/secure/lib/libcrypto/man/des.3 head/secure/lib/libcrypto/man/dh.3 head/secure/lib/libcrypto/man/dsa.3 head/secure/lib/libcrypto/man/ec.3 head/secure/lib/libcrypto/man/ecdsa.3 head/secure/lib/libcrypto/man/engine.3 head/secure/lib/libcrypto/man/err.3 head/secure/lib/libcrypto/man/evp.3 head/secure/lib/libcrypto/man/hmac.3 head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/lh_stats.3 head/secure/lib/libcrypto/man/lhash.3 head/secure/lib/libcrypto/man/md5.3 head/secure/lib/libcrypto/man/mdc2.3 head/secure/lib/libcrypto/man/pem.3 head/secure/lib/libcrypto/man/rand.3 head/secure/lib/libcrypto/man/rc4.3 head/secure/lib/libcrypto/man/ripemd.3 head/secure/lib/libcrypto/man/rsa.3 head/secure/lib/libcrypto/man/sha.3 head/secure/lib/libcrypto/man/threads.3 head/secure/lib/libcrypto/man/ui.3 head/secure/lib/libcrypto/man/ui_compat.3 head/secure/lib/libcrypto/man/x509.3 head/secure/lib/libcrypto/opensslconf-aarch64.h head/secure/lib/libcrypto/opensslconf-arm.h head/secure/lib/libcrypto/opensslconf-mips.h head/secure/lib/libcrypto/opensslconf-powerpc.h head/secure/lib/libcrypto/opensslconf-riscv.h head/secure/lib/libcrypto/opensslconf-sparc64.h head/secure/lib/libcrypto/opensslconf-x86.h head/secure/lib/libssl/Makefile.man head/secure/lib/libssl/man/SSL_CIPHER_get_name.3 head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 head/secure/lib/libssl/man/SSL_CONF_CTX_new.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libssl/man/SSL_CONF_cmd.3 head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libssl/man/SSL_CTX_add_session.3 head/secure/lib/libssl/man/SSL_CTX_ctrl.3 head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 head/secure/lib/libssl/man/SSL_CTX_free.3 head/secure/lib/libssl/man/SSL_CTX_get0_param.3 head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 head/secure/lib/libssl/man/SSL_CTX_new.3 head/secure/lib/libssl/man/SSL_CTX_sess_number.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libssl/man/SSL_CTX_sessions.3 head/secure/lib/libssl/man/SSL_CTX_set1_curves.3 head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 head/secure/lib/libssl/man/SSL_CTX_set_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_options.3 head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 head/secure/lib/libssl/man/SSL_CTX_set_timeout.3 head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_verify.3 head/secure/lib/libssl/man/SSL_CTX_use_certificate.3 head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 head/secure/lib/libssl/man/SSL_SESSION_free.3 head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_SESSION_get_time.3 head/secure/lib/libssl/man/SSL_accept.3 head/secure/lib/libssl/man/SSL_alert_type_string.3 head/secure/lib/libssl/man/SSL_check_chain.3 head/secure/lib/libssl/man/SSL_clear.3 head/secure/lib/libssl/man/SSL_connect.3 head/secure/lib/libssl/man/SSL_do_handshake.3 head/secure/lib/libssl/man/SSL_free.3 head/secure/lib/libssl/man/SSL_get_SSL_CTX.3 head/secure/lib/libssl/man/SSL_get_ciphers.3 head/secure/lib/libssl/man/SSL_get_client_CA_list.3 head/secure/lib/libssl/man/SSL_get_current_cipher.3 head/secure/lib/libssl/man/SSL_get_default_timeout.3 head/secure/lib/libssl/man/SSL_get_error.3 head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 head/secure/lib/libssl/man/SSL_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_get_fd.3 head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 head/secure/lib/libssl/man/SSL_get_peer_certificate.3 head/secure/lib/libssl/man/SSL_get_psk_identity.3 head/secure/lib/libssl/man/SSL_get_rbio.3 head/secure/lib/libssl/man/SSL_get_session.3 head/secure/lib/libssl/man/SSL_get_verify_result.3 head/secure/lib/libssl/man/SSL_get_version.3 head/secure/lib/libssl/man/SSL_library_init.3 head/secure/lib/libssl/man/SSL_load_client_CA_file.3 head/secure/lib/libssl/man/SSL_new.3 head/secure/lib/libssl/man/SSL_pending.3 head/secure/lib/libssl/man/SSL_read.3 head/secure/lib/libssl/man/SSL_rstate_string.3 head/secure/lib/libssl/man/SSL_session_reused.3 head/secure/lib/libssl/man/SSL_set_bio.3 head/secure/lib/libssl/man/SSL_set_connect_state.3 head/secure/lib/libssl/man/SSL_set_fd.3 head/secure/lib/libssl/man/SSL_set_session.3 head/secure/lib/libssl/man/SSL_set_shutdown.3 head/secure/lib/libssl/man/SSL_set_verify_result.3 head/secure/lib/libssl/man/SSL_shutdown.3 head/secure/lib/libssl/man/SSL_state_string.3 head/secure/lib/libssl/man/SSL_want.3 head/secure/lib/libssl/man/SSL_write.3 head/secure/lib/libssl/man/d2i_SSL_SESSION.3 head/secure/lib/libssl/man/ssl.3 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/c_rehash.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 head/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/CHANGES Tue Mar 1 22:08:28 2016 (r296279) @@ -2,6 +2,138 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2f and 1.0.2g [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + (CVE-2016-0800) + [Viktor Dukhovni] + + *) Fix a double-free in DSA code + + A double free bug was discovered when OpenSSL parses malformed DSA private + keys and could lead to a DoS attack or memory corruption for applications + that receive DSA private keys from untrusted sources. This scenario is + considered rare. + + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using + libFuzzer. + (CVE-2016-0705) + [Stephen Henson] + + *) Disable SRP fake user seed to address a server memory leak. + + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user + was changed to ignore the "fake user" SRP seed, even if the seed + is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + (CVE-2016-0798) + [Emilia Käsper] + + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + + In the BN_hex2bn function the number of hex digits is calculated using an + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For + large values of |i| this can result in |bn_expand| not allocating any + memory because |i * 4| is negative. This can leave the internal BIGNUM data + field as NULL leading to a subsequent NULL ptr deref. For very large values + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + In this case memory is allocated to the internal BIGNUM data field, but it + is insufficiently sized leading to heap corruption. A similar issue exists + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn + is ever called by user applications with very large untrusted hex/dec data. + This is anticipated to be a rare occurrence. + + All OpenSSL internal usage of these functions use data that is not expected + to be untrusted, e.g. config file data or application command line + arguments. If user developed applications generate config file data based + on untrusted data then it is possible that this could also lead to security + consequences. This is also anticipated to be rare. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2016-0797) + [Matt Caswell] + + *) Fix memory issues in BIO_*printf functions + + The internal |fmtstr| function used in processing a "%s" format string in + the BIO_*printf functions could overflow while calculating the length of a + string and cause an OOB read when printing very long strings. + + Additionally the internal |doapr_outch| function can attempt to write to an + OOB memory location (at an offset from the NULL pointer) in the event of a + memory allocation failure. In 1.0.2 and below this could be caused where + the size of a buffer to be allocated is greater than INT_MAX. E.g. this + could be in processing a very long "%s" format string. Memory leaks can + also occur. + + The first issue may mask the second issue dependent on compiler behaviour. + These problems could enable attacks where large amounts of untrusted data + is passed to the BIO_*printf functions. If applications use these functions + in this way then they could be vulnerable. OpenSSL itself uses these + functions when printing out human-readable dumps of ASN.1 data. Therefore + applications that print this data could be vulnerable if the data is from + untrusted sources. OpenSSL command line applications could also be + vulnerable where they print out ASN.1 data, or if untrusted data is passed + as command line arguments. + + Libssl is not considered directly vulnerable. Additionally certificates etc + received via remote connections via libssl are also unlikely to be able to + trigger these issues because of message size limits enforced within libssl. + + This issue was reported to OpenSSL Guido Vranken. + (CVE-2016-0799) + [Matt Caswell] + + *) Side channel attack on modular exponentiation + + A side-channel attack was found which makes use of cache-bank conflicts on + the Intel Sandy-Bridge microarchitecture which could lead to the recovery + of RSA keys. The ability to exploit this issue is limited as it relies on + an attacker who has control of code in a thread running on the same + hyper-threaded core as the victim thread which is performing decryptions. + + This issue was reported to OpenSSL by Yuval Yarom, The University of + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and + Nadia Heninger, University of Pennsylvania with more information at + http://cachebleed.info. + (CVE-2016-0702) + [Andy Polyakov] + + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] + Changes between 1.0.2e and 1.0.2f [28 Jan 2016] *) DH small subgroups @@ -105,7 +237,7 @@ [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, - return an error + use a random seed, as already documented. [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] Changes between 1.0.2c and 1.0.2d [9 Jul 2015] Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/Configure Tue Mar 1 22:08:28 2016 (r296279) @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher> # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # -<xxx> +<xxx> compiler options are passed through @@ -781,11 +785,13 @@ my %disabled = ( # "what" => "co "md2" => "default", "rc5" => "default", "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", "ssl-trace" => "default", + "ssl2" => "default", "store" => "experimental", "unit-test" => "default", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); Modified: head/crypto/openssl/Makefile ============================================================================== --- head/crypto/openssl/Makefile Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/Makefile Tue Mar 1 22:08:28 2016 (r296279) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2f +VERSION=1.0.2g MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= EX_LIBS= EXE_EXT= Modified: head/crypto/openssl/Makefile.shared ============================================================================== --- head/crypto/openssl/Makefile.shared Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/Makefile.shared Tue Mar 1 22:08:28 2016 (r296279) @@ -272,7 +272,7 @@ link_o.cygwin: SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-s,-Bsymbolic"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \ $(LINK_SO_O) #for mingw target if def-file is in use dll-name should match library-name link_a.cygwin: @@ -289,7 +289,7 @@ link_a.cygwin: SHLIB_SOVER=32; \ extras="$(LIBNAME).def"; \ $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \ - base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ + base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ fi; \ dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ $(PERL) util/mkrc.pl $$dll_name | \ @@ -297,7 +297,7 @@ link_a.cygwin: extras="$$extras rc.o"; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-s,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \ [ -f apps/$$dll_name ] && rm apps/$$dll_name; \ [ -f test/$$dll_name ] && rm test/$$dll_name; \ $(LINK_SO_A) || exit 1; \ Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/NEWS Tue Mar 1 22:08:28 2016 (r296279) @@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/README Tue Mar 1 22:08:28 2016 (r296279) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2f 28 Jan 2016 + OpenSSL 1.0.2g 1 Mar 2016 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: head/crypto/openssl/apps/apps.c ============================================================================== --- head/crypto/openssl/apps/apps.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/apps.c Tue Mar 1 22:08:28 2016 (r296279) @@ -2442,7 +2442,11 @@ int bio_to_mem(unsigned char **out, int else len = 1024; len = BIO_read(in, tbuf, len); - if (len <= 0) + if (len < 0) { + BIO_free(mem); + return -1; + } + if (len == 0) break; if (BIO_write(mem, tbuf, len) != len) { BIO_free(mem); @@ -2459,7 +2463,7 @@ int bio_to_mem(unsigned char **out, int return ret; } -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) { int rv; char *stmp, *vtmp = NULL; Modified: head/crypto/openssl/apps/apps.h ============================================================================== --- head/crypto/openssl/apps/apps.h Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/apps.h Tue Mar 1 22:08:28 2016 (r296279) @@ -321,7 +321,7 @@ int args_verify(char ***pargs, int *parg int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname, ENGINE *e, int do_param); int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, Modified: head/crypto/openssl/apps/pkeyutl.c ============================================================================== --- head/crypto/openssl/apps/pkeyutl.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/pkeyutl.c Tue Mar 1 22:08:28 2016 (r296279) @@ -73,7 +73,7 @@ static void usage(void); #define PROG pkeyutl_main static EVP_PKEY_CTX *init_ctx(int *pkeysize, - char *keyfile, int keyform, int key_type, + const char *keyfile, int keyform, int key_type, char *passargin, int pkey_op, ENGINE *e, int impl); @@ -99,10 +99,12 @@ int MAIN(int argc, char **argv) char *passargin = NULL; int keysize = -1; int engine_impl = 0; - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; - size_t buf_outlen; + size_t buf_outlen = 0; int buf_inlen = 0, siglen = -1; + const char *inkey = NULL; + const char *peerkey = NULL; + STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; int ret = 1, rv = -1; @@ -136,21 +138,13 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*argv, "-inkey")) { if (--argc < 1) badarg = 1; - else { - ctx = init_ctx(&keysize, - *(++argv), keyform, key_type, - passargin, pkey_op, e, engine_impl); - if (!ctx) { - BIO_puts(bio_err, "Error initializing context\n"); - ERR_print_errors(bio_err); - badarg = 1; - } - } + else + inkey = *++argv; } else if (!strcmp(*argv, "-peerkey")) { if (--argc < 1) badarg = 1; - else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e)) - badarg = 1; + else + peerkey = *++argv; } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) badarg = 1; @@ -191,23 +185,21 @@ int MAIN(int argc, char **argv) pkey_op = EVP_PKEY_OP_VERIFY; else if (!strcmp(*argv, "-verifyrecover")) pkey_op = EVP_PKEY_OP_VERIFYRECOVER; - else if (!strcmp(*argv, "-rev")) - rev = 1; else if (!strcmp(*argv, "-encrypt")) pkey_op = EVP_PKEY_OP_ENCRYPT; else if (!strcmp(*argv, "-decrypt")) pkey_op = EVP_PKEY_OP_DECRYPT; else if (!strcmp(*argv, "-derive")) pkey_op = EVP_PKEY_OP_DERIVE; + else if (!strcmp(*argv, "-rev")) + rev = 1; else if (strcmp(*argv, "-pkeyopt") == 0) { if (--argc < 1) badarg = 1; - else if (!ctx) { - BIO_puts(bio_err, "-pkeyopt command before -inkey\n"); - badarg = 1; - } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) { - BIO_puts(bio_err, "parameter setting error\n"); - ERR_print_errors(bio_err); + else if ((pkeyopts == NULL && + (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || + sk_OPENSSL_STRING_push(pkeyopts, *++argv) == 0) { + BIO_puts(bio_err, "out of memory\n"); goto end; } } else @@ -220,10 +212,37 @@ int MAIN(int argc, char **argv) argv++; } - if (!ctx) { + if (inkey == NULL || + (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) { usage(); goto end; } + ctx = init_ctx(&keysize, inkey, keyform, key_type, + passargin, pkey_op, e, engine_impl); + if (!ctx) { + BIO_puts(bio_err, "Error initializing context\n"); + ERR_print_errors(bio_err); + goto end; + } + if (peerkey != NULL && !setup_peer(bio_err, ctx, peerform, peerkey, e)) { + BIO_puts(bio_err, "Error setting up peer key\n"); + ERR_print_errors(bio_err); + goto end; + } + if (pkeyopts != NULL) { + int num = sk_OPENSSL_STRING_num(pkeyopts); + int i; + + for (i = 0; i < num; ++i) { + const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i); + + if (pkey_ctrl_string(ctx, opt) <= 0) { + BIO_puts(bio_err, "parameter setting error\n"); + ERR_print_errors(bio_err); + goto end; + } + } + } if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_puts(bio_err, "Signature file specified for non verify\n"); @@ -273,7 +292,7 @@ int MAIN(int argc, char **argv) } siglen = bio_to_mem(&sig, keysize * 10, sigbio); BIO_free(sigbio); - if (siglen <= 0) { + if (siglen < 0) { BIO_printf(bio_err, "Error reading signature data\n"); goto end; } @@ -282,7 +301,7 @@ int MAIN(int argc, char **argv) if (in) { /* Read the input data */ buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); - if (buf_inlen <= 0) { + if (buf_inlen < 0) { BIO_printf(bio_err, "Error reading input Data\n"); exit(1); } @@ -310,7 +329,7 @@ int MAIN(int argc, char **argv) } else { rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, buf_in, (size_t)buf_inlen); - if (rv > 0) { + if (rv > 0 && buf_outlen != 0) { buf_out = OPENSSL_malloc(buf_outlen); if (!buf_out) rv = -1; @@ -340,12 +359,14 @@ int MAIN(int argc, char **argv) EVP_PKEY_CTX_free(ctx); BIO_free(in); BIO_free_all(out); - if (buf_in) + if (buf_in != NULL) OPENSSL_free(buf_in); - if (buf_out) + if (buf_out != NULL) OPENSSL_free(buf_out); - if (sig) + if (sig != NULL) OPENSSL_free(sig); + if (pkeyopts != NULL) + sk_OPENSSL_STRING_free(pkeyopts); return ret; } @@ -380,7 +401,7 @@ static void usage() } static EVP_PKEY_CTX *init_ctx(int *pkeysize, - char *keyfile, int keyform, int key_type, + const char *keyfile, int keyform, int key_type, char *passargin, int pkey_op, ENGINE *e, int engine_impl) { @@ -484,14 +505,9 @@ static int setup_peer(BIO *err, EVP_PKEY EVP_PKEY *peer = NULL; ENGINE* engine = NULL; int ret; - if (!ctx) { - BIO_puts(err, "-peerkey command before -inkey\n"); - return 0; - } if (peerform == FORMAT_ENGINE) - engine = e; - + engine = e; peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key"); if (!peer) { Modified: head/crypto/openssl/apps/req.c ============================================================================== --- head/crypto/openssl/apps/req.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/req.c Tue Mar 1 22:08:28 2016 (r296279) @@ -101,8 +101,8 @@ #define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define DEFAULT_KEY_LENGTH 512 -#define MIN_KEY_LENGTH 384 +#define DEFAULT_KEY_LENGTH 2048 +#define MIN_KEY_LENGTH 512 #undef PROG #define PROG req_main Modified: head/crypto/openssl/apps/rsautl.c ============================================================================== --- head/crypto/openssl/apps/rsautl.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/rsautl.c Tue Mar 1 22:08:28 2016 (r296279) @@ -250,7 +250,7 @@ int MAIN(int argc, char **argv) if (outfile) { if (!(out = BIO_new_file(outfile, "wb"))) { - BIO_printf(bio_err, "Error Reading Output File\n"); + BIO_printf(bio_err, "Error Writing Output File\n"); ERR_print_errors(bio_err); goto end; } @@ -276,7 +276,7 @@ int MAIN(int argc, char **argv) /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); - if (rsa_inlen <= 0) { + if (rsa_inlen < 0) { BIO_printf(bio_err, "Error reading input Data\n"); exit(1); } @@ -311,7 +311,7 @@ int MAIN(int argc, char **argv) } - if (rsa_outlen <= 0) { + if (rsa_outlen < 0) { BIO_printf(bio_err, "RSA operation error\n"); ERR_print_errors(bio_err); goto end; Modified: head/crypto/openssl/apps/s_client.c ============================================================================== --- head/crypto/openssl/apps/s_client.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/s_client.c Tue Mar 1 22:08:28 2016 (r296279) @@ -391,8 +391,6 @@ static void sc_usage(void) BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err, - " -serverpref - Use server's cipher preferences (only SSLv2)\n"); - BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err, " command to see what is available\n"); Modified: head/crypto/openssl/apps/s_server.c ============================================================================== --- head/crypto/openssl/apps/s_server.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/apps/s_server.c Tue Mar 1 22:08:28 2016 (r296279) @@ -429,6 +429,8 @@ typedef struct srpsrvparm_st { static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *) arg; + int ret = SSL3_AL_FATAL; + if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); @@ -437,21 +439,25 @@ static int MS_CALLBACK ssl_srp_server_pa if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; + goto err; } + if (SSL_set_srp_server_param (s, p->user->N, p->user->g, p->user->s, p->user->v, p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; + goto err; } BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info); - /* need to check whether there are memory leaks */ + ret = SSL_ERROR_NONE; + +err: + SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; - return SSL_ERROR_NONE; + return ret; } #endif @@ -2452,9 +2458,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during write\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2508,9 +2515,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2605,9 +2613,10 @@ static int init_ssl_connection(SSL *con) while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2849,9 +2858,10 @@ static int www_body(char *hostname, int && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2891,9 +2901,10 @@ static int www_body(char *hostname, int if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -3236,9 +3247,10 @@ static int rev_body(char *hostname, int if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -3264,9 +3276,10 @@ static int rev_body(char *hostname, int if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); Modified: head/crypto/openssl/config ============================================================================== --- head/crypto/openssl/config Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/config Tue Mar 1 22:08:28 2016 (r296279) @@ -852,7 +852,8 @@ case "$GUESSOS" in # *-dgux) OUT="dgux" ;; mips-sony-newsos4) OUT="newsos4-gcc" ;; *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;; - *-*-cygwin) OUT="Cygwin" ;; + i[3456]86-*-cygwin) OUT="Cygwin" ;; + *-*-cygwin) OUT="Cygwin-${MACHINE}" ;; t3e-cray-unicosmk) OUT="cray-t3e" ;; j90-cray-unicos) OUT="cray-j90" ;; nsr-tandem-nsk) OUT="tandem-c89" ;; Modified: head/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- head/crypto/openssl/crypto/asn1/tasn_dec.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/crypto/asn1/tasn_dec.c Tue Mar 1 22:08:28 2016 (r296279) @@ -717,7 +717,7 @@ static int asn1_d2i_ex_primitive(ASN1_VA long plen; char cst, inf, free_cont = 0; const unsigned char *p; - BUF_MEM buf; + BUF_MEM buf = { 0, NULL, 0 }; const unsigned char *cont = NULL; long len; if (!pval) { @@ -793,7 +793,6 @@ static int asn1_d2i_ex_primitive(ASN1_VA } else { len = p - cont + plen; p += plen; - buf.data = NULL; } } else if (cst) { if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN @@ -802,9 +801,9 @@ static int asn1_d2i_ex_primitive(ASN1_VA ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); return 0; } - buf.length = 0; - buf.max = 0; - buf.data = NULL; + + /* Free any returned 'buf' content */ + free_cont = 1; /* * Should really check the internal tags are correct but some things * may get this wrong. The relevant specs say that constructed string @@ -812,18 +811,16 @@ static int asn1_d2i_ex_primitive(ASN1_VA * So instead just check for UNIVERSAL class and ignore the tag. */ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - free_cont = 1; goto err; } len = buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } buf.data[len] = 0; cont = (const unsigned char *)buf.data; - free_cont = 1; } else { cont = p; len = plen; @@ -831,6 +828,7 @@ static int asn1_d2i_ex_primitive(ASN1_VA } /* We now have content length and type: translate into a structure */ + /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; Modified: head/crypto/openssl/crypto/bio/b_print.c ============================================================================== --- head/crypto/openssl/crypto/bio/b_print.c Tue Mar 1 19:15:34 2016 (r296278) +++ head/crypto/openssl/crypto/bio/b_print.c Tue Mar 1 22:08:28 2016 (r296279) @@ -125,16 +125,16 @@ # define LLONG long #endif -static void fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); -static void fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); -static void fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int); -static void doapr_outch(char **, char **, size_t *, size_t *, int); -static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); +static int fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); +static int fmtfp(char **, char **, size_t *, size_t *, + LDOUBLE, int, int, int); +static int doapr_outch(char **, char **, size_t *, size_t *, int); +static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char * #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static void +static int _dopr(char **sbuffer, char **buffer, size_t *maxlen, @@ -196,7 +196,8 @@ _dopr(char **sbuffer, if (ch == '%') state = DP_S_FLAGS; else - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; ch = *format++; break; case DP_S_FLAGS: @@ -302,8 +303,9 @@ _dopr(char **sbuffer, value = va_arg(args, int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 10, min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, + max, flags)) + return 0; break; case 'X': flags |= DP_F_UP; @@ -326,17 +328,19 @@ _dopr(char **sbuffer, value = (LLONG) va_arg(args, unsigned int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, + ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), + min, max, flags)) + return 0; break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); else fvalue = va_arg(args, double); - fmtfp(sbuffer, buffer, &currlen, maxlen, - fvalue, min, max, flags); + if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, + flags)) + return 0; break; case 'E': flags |= DP_F_UP; @@ -355,8 +359,9 @@ _dopr(char **sbuffer, fvalue = va_arg(args, double); break; case 'c': - doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) + return 0; break; case 's': strvalue = va_arg(args, char *); @@ -366,13 +371,15 @@ _dopr(char **sbuffer, else max = *maxlen; } - fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max); + if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, + flags, min, max)) + return 0; break; case 'p': value = (long)va_arg(args, void *); - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, + value, 16, min, max, flags | DP_F_NUM)) + return 0; break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -394,7 +401,8 @@ _dopr(char **sbuffer, } break; case '%': - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; break; case 'w': /* not supported yet, treat as next char */ @@ -418,46 +426,56 @@ _dopr(char **sbuffer, *truncated = (currlen > *maxlen - 1); if (*truncated) currlen = *maxlen - 1; - doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) + return 0; *retlen = currlen - 1; - return; + return 1; } -static void +static int fmtstr(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, const char *value, int flags, int min, int max) { - int padlen, strln; + int padlen; + size_t strln; int cnt = 0; if (value == 0) value = "<NULL>"; - for (strln = 0; value[strln]; ++strln) ; + + strln = strlen(value); + if (strln > INT_MAX) + strln = INT_MAX; + padlen = min - strln; - if (padlen < 0) + if (min < 0 || padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; while ((padlen > 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; ++cnt; } while (*value && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + return 0; ++cnt; } while ((padlen < 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; ++cnt; } + return 1; } -static void +static int fmtint(char **sbuffer, char **buffer, size_t *currlen, @@ -517,37 +535,44 @@ fmtint(char **sbuffer, /* spaces */ while (spadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --spadlen; } /* sign */ if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; /* prefix */ while (*prefix) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) + return 0; prefix++; } /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } } /* digits */ - while (place > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); + while (place > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) + return 0; + } /* left justified spaces */ while (spadlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++spadlen; } - return; + return 1; } static LDOUBLE abs_val(LDOUBLE value) @@ -578,7 +603,7 @@ static long roundv(LDOUBLE value) return intpart; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603012208.u21M8Sk2041551>