Date: Fri, 6 Jun 2014 21:38:35 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r267190 - in vendor-crypto/openssl/dist-0.9.8: . apps crypto crypto/asn1 crypto/bn crypto/cms crypto/ec crypto/engine crypto/err crypto/evp crypto/pkcs12 demos/x509 doc doc/apps doc/cry... Message-ID: <201406062138.s56LcZia069448@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Fri Jun 6 21:38:34 2014 New Revision: 267190 URL: http://svnweb.freebsd.org/changeset/base/267190 Log: Import OpenSSL 0.9.8za. Approved by: so (delphij) Deleted: vendor-crypto/openssl/dist-0.9.8/test/srptest.c vendor-crypto/openssl/dist-0.9.8/test/wp_test.c Modified: vendor-crypto/openssl/dist-0.9.8/ACKNOWLEDGMENTS vendor-crypto/openssl/dist-0.9.8/CHANGES vendor-crypto/openssl/dist-0.9.8/Configure vendor-crypto/openssl/dist-0.9.8/FAQ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade vendor-crypto/openssl/dist-0.9.8/Makefile vendor-crypto/openssl/dist-0.9.8/Makefile.org vendor-crypto/openssl/dist-0.9.8/NEWS vendor-crypto/openssl/dist-0.9.8/README vendor-crypto/openssl/dist-0.9.8/apps/apps.c vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c vendor-crypto/openssl/dist-0.9.8/apps/req.c vendor-crypto/openssl/dist-0.9.8/apps/s_cb.c vendor-crypto/openssl/dist-0.9.8/apps/smime.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_strnid.c vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_pkey.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_mont.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_cd.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_env.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_sd.c vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec2_mult.c vendor-crypto/openssl/dist-0.9.8/crypto/ec/ec_lib.c vendor-crypto/openssl/dist-0.9.8/crypto/engine/eng_all.c vendor-crypto/openssl/dist-0.9.8/crypto/engine/engine.h vendor-crypto/openssl/dist-0.9.8/crypto/err/err_all.c vendor-crypto/openssl/dist-0.9.8/crypto/err/openssl.ec vendor-crypto/openssl/dist-0.9.8/crypto/evp/bio_b64.c vendor-crypto/openssl/dist-0.9.8/crypto/evp/encode.c vendor-crypto/openssl/dist-0.9.8/crypto/opensslv.h vendor-crypto/openssl/dist-0.9.8/crypto/pkcs12/p12_crt.c vendor-crypto/openssl/dist-0.9.8/crypto/pkcs12/p12_kiss.c vendor-crypto/openssl/dist-0.9.8/crypto/x86cpuid.pl vendor-crypto/openssl/dist-0.9.8/demos/x509/mkreq.c vendor-crypto/openssl/dist-0.9.8/doc/apps/smime.pod vendor-crypto/openssl/dist-0.9.8/doc/apps/verify.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/CONF_modules_free.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/CONF_modules_load_file.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/ERR_get_error.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/OPENSSL_config.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/X509_NAME_ENTRY_get_object.pod vendor-crypto/openssl/dist-0.9.8/doc/crypto/ecdsa.pod vendor-crypto/openssl/dist-0.9.8/doc/fingerprints.txt vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_client_CA_list.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_msg_callback.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_options.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_accept.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_connect.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_do_handshake.pod vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_shutdown.pod vendor-crypto/openssl/dist-0.9.8/openssl.spec vendor-crypto/openssl/dist-0.9.8/ssl/d1_both.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_pkt.c vendor-crypto/openssl/dist-0.9.8/ssl/d1_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/s23_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_cbc.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_clnt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_enc.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_pkt.c vendor-crypto/openssl/dist-0.9.8/ssl/s3_srvr.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl.h vendor-crypto/openssl/dist-0.9.8/ssl/ssl3.h vendor-crypto/openssl/dist-0.9.8/ssl/ssl_err.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/ssl_stat.c vendor-crypto/openssl/dist-0.9.8/ssl/ssltest.c vendor-crypto/openssl/dist-0.9.8/ssl/t1_enc.c vendor-crypto/openssl/dist-0.9.8/ssl/t1_lib.c vendor-crypto/openssl/dist-0.9.8/ssl/tls1.h vendor-crypto/openssl/dist-0.9.8/test/Makefile vendor-crypto/openssl/dist-0.9.8/test/cms-test.pl vendor-crypto/openssl/dist-0.9.8/test/mdc2test.c vendor-crypto/openssl/dist-0.9.8/test/testssl vendor-crypto/openssl/dist-0.9.8/util/libeay.num vendor-crypto/openssl/dist-0.9.8/util/pl/VC-32.pl Modified: vendor-crypto/openssl/dist-0.9.8/ACKNOWLEDGMENTS ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/ACKNOWLEDGMENTS Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/ACKNOWLEDGMENTS Fri Jun 6 21:38:34 2014 (r267190) @@ -10,13 +10,18 @@ OpenSSL project. We would like to identify and thank the following such sponsors for their past or current significant support of the OpenSSL project: +Major support: + + Qualys http://www.qualys.com/ + Very significant support: - OpenGear: www.opengear.com + OpenGear: http://www.opengear.com/ Significant support: - PSW Group: www.psw.net + PSW Group: http://www.psw.net/ + Acano Ltd. http://acano.com/ Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. Modified: vendor-crypto/openssl/dist-0.9.8/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/CHANGES Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/CHANGES Fri Jun 6 21:38:34 2014 (r267190) @@ -2,6 +2,64 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gröbert, Ivan Fratric, Steve Henson] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + Thanks to mancha for backporting the fix to the 0.9.8 branch. + + *) Fix handling of warning-level alerts in SSL23 client mode so they + don't cause client-side termination (eg. on SNI unrecognized_name + warnings). Add client and server support for six additional alerts + per RFC 6066 and RFC 4279. + [mancha] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + Changes between 0.9.8x and 0.9.8y [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. Modified: vendor-crypto/openssl/dist-0.9.8/Configure ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Configure Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/Configure Fri Jun 6 21:38:34 2014 (r267190) @@ -166,7 +166,7 @@ my %table=( "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", Modified: vendor-crypto/openssl/dist-0.9.8/FAQ ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FAQ Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/FAQ Fri Jun 6 21:38:34 2014 (r267190) @@ -87,7 +87,7 @@ OpenSSL 1.0.1d was released on Feb 5th, In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access. +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. * Where is the documentation? @@ -768,6 +768,9 @@ openssl-security@openssl.org if you don' acknowledging receipt then resend or mail it directly to one of the more active team members (e.g. Steve). +Note that bugs only present in the openssl utility are not in general +considered to be security issues. + [PROG] ======================================================================== * Is OpenSSL thread-safe? Modified: vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/FREEBSD-upgrade Fri Jun 6 21:38:34 2014 (r267190) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://svn.freebsd.org/base" -setenv OSSLVER 0.9.8y -# OSSLTAG format: v0_9_8y +setenv OSSLVER 0.9.8za +# OSSLTAG format: v0_9_8za ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist-0.9.8/Makefile ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Makefile Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/Makefile Fri Jun 6 21:38:34 2014 (r267190) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8y +VERSION=0.9.8za MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -71,7 +71,7 @@ ARD=ar $(ARFLAGS) d RANLIB= /usr/bin/ranlib PERL= /usr/bin/perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib Modified: vendor-crypto/openssl/dist-0.9.8/Makefile.org ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/Makefile.org Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/Makefile.org Fri Jun 6 21:38:34 2014 (r267190) @@ -69,7 +69,7 @@ ARD=ar $(ARFLAGS) d RANLIB= ranlib PERL= perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib Modified: vendor-crypto/openssl/dist-0.9.8/NEWS ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/NEWS Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/NEWS Fri Jun 6 21:38:34 2014 (r267190) @@ -5,34 +5,44 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: + + o Fix for CVE-2014-0224 + o Fix for CVE-2014-0221 + o Fix for CVE-2014-0195 + o Fix for CVE-2014-3470 + o Fix for CVE-2014-0076 + o Fix for CVE-2010-5298 + o Fix to TLS alert handling. + + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 - Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 - Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) - Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 - Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. - Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 - Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 @@ -40,20 +50,20 @@ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. @@ -61,12 +71,12 @@ o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. o Fix security issues CVE-2010-0740 and CVE-2010-0433. - Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: o Cipher definition fixes. o Workaround for slow RAND_poll() on some WIN32 versions. @@ -78,33 +88,33 @@ o Ticket and SNI coexistence fixes. o Many fixes to DTLS handling. - Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: o Temporary work around for CVE-2009-3555: disable renegotiation. - Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: o Fix various build issues. o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) - Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: + Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]: o Fix security issue (CVE-2008-5077) o Merge FIPS 140-2 branch code. - Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]: o CryptoAPI ENGINE support. o Various precautionary measures. o Fix for bugs affecting certificate request creation. o Support for local machine keyset attribute in PKCS#12 files. - Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: + Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]: o Backport of CMS functionality to 0.9.8. o Fixes for bugs introduced with 0.9.8f. - Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: + Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]: o Add gcc 4.2 support. o Add support for AES and SSE2 assembly lanugauge optimization @@ -115,23 +125,23 @@ o RFC4507bis support. o TLS Extensions support. - Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: + Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]: o Various ciphersuite selection fixes. o RFC3779 support. - Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: + Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) o Changes to ciphersuite selection algorithm - Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 o New cipher Camellia - Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]: o Cipher string fixes. o Fixes for VC++ 2005. @@ -141,12 +151,12 @@ o Built in dynamic engine compilation support on Win32. o Fixes auto dynamic engine loading in Win32. - Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]: o Fix potential SSL 2.0 rollback, CVE-2005-2969 o Extended Windows CE support - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]: o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This @@ -220,36 +230,36 @@ o Added initial support for Win64. o Added alternate pkg-config files. - Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: + Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]: o FIPS 1.1.1 module linking. o Various ciphersuite selection fixes. - Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) - Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 - Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]: o Visual C++ 2005 fixes. o Update Windows build system for FIPS. - Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: + Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: o Fix SSL 2.0 Rollback, CVE-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations - Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]: o More compilation issues fixed. o Adaptation to more modern Kerberos API. @@ -258,7 +268,7 @@ o More constification. o Added processing of proxy certificates (RFC 3820). - Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: + Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]: o Several compilation issues fixed. o Many memory allocation failure checks added. @@ -266,12 +276,12 @@ o Mandatory basic checks on certificates. o Performance improvements. - Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: + Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]: o Fix race condition in CRL checking code. o Fixes to PKCS#7 (S/MIME) code. - Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: + Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]: o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug o Security: Fix null-pointer assignment in do_change_cipher_spec() @@ -279,14 +289,14 @@ o Multiple X509 verification fixes o Speed up HMAC and other operations - Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: + Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o New -ignore_err option to OCSP utility. o Various interop and bug fixes in S/MIME code. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack @@ -297,7 +307,7 @@ o ASN.1: treat domainComponent correctly. o Documentation: fixes and additions. - Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]: o Security: Important security related bugfixes. o Enhanced compatibility with MIT Kerberos. @@ -308,7 +318,7 @@ o SSL/TLS: now handles manual certificate chain building. o SSL/TLS: certain session ID malfunctions corrected. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]: o New library section OCSP. o Complete rewrite of ASN1 code. @@ -354,23 +364,23 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). - Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: + Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack o Security: make RSA blinding default. o Build: shared library support fixes. - Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]: o Important security related bugfixes. - Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]: o New configuration targets for Tandem OSS and A/UX. o New OIDs for Microsoft attributes. @@ -384,25 +394,25 @@ o Fixes for smaller building problems. o Updates of manuals, FAQ and other instructive documents. - Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: + Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]: o Important building fixes on Unix. - Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]: o Various important bugfixes. - Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]: o Important security related bugfixes. o Various SSL/TLS library bugfixes. - Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. - Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]: o Various SSL/TLS library bugfixes. o BIGNUM library fixes. @@ -415,7 +425,7 @@ Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. - Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]: o Security fix: PRNG improvements. o Security fix: RSA OAEP check. @@ -432,7 +442,7 @@ o Increase default size for BIO buffering filter. o Compatibility fixes in some scripts. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]: o Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. @@ -457,7 +467,7 @@ o New function BN_rand_range(). o Add "-rand" option to openssl s_client and s_server. - Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: + Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]: o Some documentation for BIO and SSL libraries. o Enhanced chain verification using key identifiers. @@ -472,7 +482,7 @@ [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. - Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: + Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]: o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 o Shared library support for HPUX and Solaris-gcc @@ -481,7 +491,7 @@ o New 'rand' application o New way to check for existence of algorithms from scripts - Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: + Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]: o S/MIME support in new 'smime' command o Documentation for the OpenSSL command line application @@ -517,7 +527,7 @@ o Enhanced support for Alpha Linux o Experimental MacOS support - Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: + Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]: o Transparent support for PKCS#8 format private keys: these are used by several software packages and are more secure than the standard @@ -528,7 +538,7 @@ o New pipe-like BIO that allows using the SSL library when actual I/O must be handled by the application (BIO pair) - Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: + Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]: o Lots of enhancements and cleanups to the Configuration mechanism o RSA OEAP related fixes o Added `openssl ca -revoke' option for revoking a certificate @@ -542,7 +552,7 @@ o Sparc assembler bignum implementation, optimized hash functions o Option to disable selected ciphers - Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: + Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]: o Fixed a security hole related to session resumption o Fixed RSA encryption routines for the p < q case o "ALL" in cipher lists now means "everything except NULL ciphers" @@ -564,7 +574,7 @@ o Lots of memory leak fixes. o Lots of bug fixes. - Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: + Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]: o Integration of the popular NO_RSA/NO_DSA patches o Initial support for compression inside the SSL record layer o Added BIO proxy and filtering functionality Modified: vendor-crypto/openssl/dist-0.9.8/README ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/README Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/README Fri Jun 6 21:38:34 2014 (r267190) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8y 5 Feb 2013 + OpenSSL 0.9.8za 5 Jun 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -190,7 +190,7 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current CVS or the last snapshot. They should follow the coding style of + current Git or the last snapshot. They should follow the coding style of OpenSSL and compile without warnings. Some of the core team developer targets can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL compiles on many varied platforms: try to ensure you only use portable Modified: vendor-crypto/openssl/dist-0.9.8/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/apps.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/apps/apps.c Fri Jun 6 21:38:34 2014 (r267190) @@ -558,12 +558,12 @@ int password_callback(char *buf, int buf if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, - PW_MIN_LENGTH,BUFSIZ-1); + PW_MIN_LENGTH,bufsiz-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, - PW_MIN_LENGTH,BUFSIZ-1, buf); + PW_MIN_LENGTH,bufsiz-1, buf); } if (ok >= 0) do Modified: vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/apps/ocsp.c Fri Jun 6 21:38:34 2014 (r267190) @@ -98,6 +98,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; + char *thost = NULL, *tport = NULL, *tpath = NULL; char *reqin = NULL, *respin = NULL; char *reqout = NULL, *respout = NULL; char *signfile = NULL, *keyfile = NULL; @@ -173,6 +174,12 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*args, "-url")) { + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); if (args[1]) { args++; @@ -181,6 +188,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Error parsing URL\n"); badarg = 1; } + thost = host; + tport = port; + tpath = path; } else badarg = 1; } @@ -871,12 +881,12 @@ end: sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); - if (use_ssl != -1) - { - OPENSSL_free(host); - OPENSSL_free(port); - OPENSSL_free(path); - } + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); OPENSSL_EXIT(ret); } Modified: vendor-crypto/openssl/dist-0.9.8/apps/req.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/req.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/apps/req.c Fri Jun 6 21:38:34 2014 (r267190) @@ -1574,7 +1574,13 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, n_min, n_max)) goto start; + if(!req_check_len(i, n_min, n_max)) + { + if (batch || value) + return 0; + goto start; + } + if (!X509_NAME_add_entry_by_NID(n,nid, chtype, (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; @@ -1633,7 +1639,12 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, n_min, n_max)) goto start; + if(!req_check_len(i, n_min, n_max)) + { + if (batch || value) + return 0; + goto start; + } if(!X509_REQ_add1_attr_by_NID(req, nid, chtype, (unsigned char *)buf, -1)) { Modified: vendor-crypto/openssl/dist-0.9.8/apps/s_cb.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/s_cb.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/apps/s_cb.c Fri Jun 6 21:38:34 2014 (r267190) @@ -518,6 +518,24 @@ void MS_CALLBACK msg_cb(int write_p, int case 100: str_details2 = " no_renegotiation"; break; + case 110: + str_details2 = " unsupported_extension"; + break; + case 111: + str_details2 = " certificate_unobtainable"; + break; + case 112: + str_details2 = " unrecognized_name"; + break; + case 113: + str_details2 = " bad_certificate_status_response"; + break; + case 114: + str_details2 = " bad_certificate_hash_value"; + break; + case 115: + str_details2 = " unknown_psk_identity"; + break; } } } Modified: vendor-crypto/openssl/dist-0.9.8/apps/smime.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/apps/smime.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/apps/smime.c Fri Jun 6 21:38:34 2014 (r267190) @@ -521,8 +521,8 @@ int MAIN(int argc, char **argv) { if (!cipher) { -#ifndef OPENSSL_NO_RC2 - cipher = EVP_rc2_40_cbc(); +#ifndef OPENSSL_NO_DES + cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_int.c Fri Jun 6 21:38:34 2014 (r267190) @@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un int pad=0,ret,i,neg; unsigned char *p,*n,pb=0; - if ((a == NULL) || (a->data == NULL)) return(0); + if (a == NULL) return(0); neg=a->type & V_ASN1_NEG; if (a->length == 0) ret=1; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_strnid.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_strnid.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/a_strnid.c Fri Jun 6 21:38:34 2014 (r267190) @@ -75,7 +75,7 @@ static int table_cmp(const void *a, cons * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = 0xFFFFFFFFL; +static unsigned long global_mask = B_ASN1_UTF8STRING; void ASN1_STRING_set_default_mask(unsigned long mask) { Modified: vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_pkey.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_pkey.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/asn1/t_pkey.c Fri Jun 6 21:38:34 2014 (r267190) @@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int if (x->p) buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn.h Fri Jun 6 21:38:34 2014 (r267190) @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_lib.c Fri Jun 6 21:38:34 2014 (r267190) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_mont.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_mont.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/bn/bn_mont.c Fri Jun 6 21:38:34 2014 (r267190) @@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CT BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { - int got_write_lock = 0; BN_MONT_CTX *ret; CRYPTO_r_lock(lock); - if (!*pmont) + ret = *pmont; + CRYPTO_r_unlock(lock); + if (ret) + return ret; + + /* We don't want to serialise globally while doing our lazy-init math in + * BN_MONT_CTX_set. That punishes threads that are doing independent + * things. Instead, punish the case where more than one thread tries to + * lazy-init the same 'pmont', by having each do the lazy-init math work + * independently and only use the one from the thread that wins the race + * (the losers throw away the work they've done). */ + ret = BN_MONT_CTX_new(); + if (!ret) + return NULL; + if (!BN_MONT_CTX_set(ret, mod, ctx)) { - CRYPTO_r_unlock(lock); - CRYPTO_w_lock(lock); - got_write_lock = 1; + BN_MONT_CTX_free(ret); + return NULL; + } - if (!*pmont) - { - ret = BN_MONT_CTX_new(); - if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) - BN_MONT_CTX_free(ret); - else - *pmont = ret; - } + /* The locked compare-and-set, after the local work is done. */ + CRYPTO_w_lock(lock); + if (*pmont) + { + BN_MONT_CTX_free(ret); + ret = *pmont; } - - ret = *pmont; - - if (got_write_lock) - CRYPTO_w_unlock(lock); else - CRYPTO_r_unlock(lock); - + *pmont = ret; + CRYPTO_w_unlock(lock); return ret; } Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_cd.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_cd.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_cd.c Fri Jun 6 21:38:34 2014 (r267190) @@ -58,7 +58,9 @@ #include <openssl/err.h> #include <openssl/cms.h> #include <openssl/bio.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include "cms_lcl.h" DECLARE_ASN1_ITEM(CMS_CompressedData) Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_env.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_env.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_env.c Fri Jun 6 21:38:34 2014 (r267190) @@ -185,6 +185,8 @@ CMS_RecipientInfo *CMS_add1_recipient_ce if (flags & CMS_USE_KEYID) { ktri->version = 2; + if (env->version < 2) + env->version = 2; type = CMS_RECIPINFO_KEYIDENTIFIER; } else Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_lib.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_lib.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_lib.c Fri Jun 6 21:38:34 2014 (r267190) @@ -477,8 +477,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return 0; - if (!pcerts) - return 0; for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_sd.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_sd.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_sd.c Fri Jun 6 21:38:34 2014 (r267190) @@ -157,8 +157,8 @@ static void cms_sd_set_version(CMS_Signe if (sd->version < 3) sd->version = 3; } - else - sd->version = 1; + else if (si->version < 1) + si->version = 1; } if (sd->version < 1) Modified: vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c ============================================================================== --- vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c Fri Jun 6 21:00:19 2014 (r267189) +++ vendor-crypto/openssl/dist-0.9.8/crypto/cms/cms_smime.c Fri Jun 6 21:38:34 2014 (r267190) @@ -622,7 +622,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r; - int debug = 0; + int debug = 0, ri_match = 0; ris = CMS_get0_RecipientInfos(cms); if (ris) debug = cms->d.envelopedData->encryptedContentInfo->debug; @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) continue; + ri_match = 1; /* If we have a cert try matching RecipientInfo * otherwise try them all. */ @@ -666,7 +667,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf } } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406062138.s56LcZia069448>