Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist Changes between 1.0.1m and ...
details: https://anonhg.NetBSD.org/src/rev/6f1c3c36272a
branches: trunk
changeset: 338860:6f1c3c36272a
user: christos <christos%NetBSD.org@localhost>
date: Fri Jun 12 16:34:57 2015 +0000
description:
Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
*) Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno B?ck.
(CVE-2015-1789)
[Emilia K?sper]
*) PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia K?sper]
*) CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
*) Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when attempting to
reuse a previous ticket then a race condition can occur potentially leading to
a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
diffstat:
crypto/external/bsd/openssl/dist/Makefile.org | 26 +-
crypto/external/bsd/openssl/dist/apps/Makefile | 19 +-
crypto/external/bsd/openssl/dist/apps/apps.c | 6 +-
crypto/external/bsd/openssl/dist/apps/asn1pars.c | 2 +-
crypto/external/bsd/openssl/dist/apps/cms.c | 2 +
crypto/external/bsd/openssl/dist/apps/dhparam.c | 4 +-
crypto/external/bsd/openssl/dist/apps/enc.c | 13 +-
crypto/external/bsd/openssl/dist/apps/gendh.c | 2 +-
crypto/external/bsd/openssl/dist/apps/s_cb.c | 3 +-
crypto/external/bsd/openssl/dist/apps/smime.c | 2 +
crypto/external/bsd/openssl/dist/apps/srp.c | 4 +-
crypto/external/bsd/openssl/dist/apps/verify.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/asn1/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/asn1/a_int.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_gen.c | 40 +-
crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_new.c | 3 -
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_prn.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/asn1/x_x509.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bf/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/bio/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/bio/b_print.c | 45 +-
crypto/external/bsd/openssl/dist/crypto/bio/bf_nbio.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c | 21 +-
crypto/external/bsd/openssl/dist/crypto/bn/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/bn/bn_err.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_gf2m.c | 15 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_shift.c | 10 +
crypto/external/bsd/openssl/dist/crypto/buffer/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/camellia/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/cast/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/cmac/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/cmac/cmac.c | 2 +
crypto/external/bsd/openssl/dist/crypto/cms/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/comp/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/conf/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/des/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/des/enc_writ.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/dh/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/dh/dh_ameth.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/dsa/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_gen.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/dso/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/dso/dso_lib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/dso/dso_vms.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ec/ec2_oct.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_check.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_lcl.h | 8 -
crypto/external/bsd/openssl/dist/crypto/ec/ec_lib.c | 7 +
crypto/external/bsd/openssl/dist/crypto/ec/eck_prn.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_oct.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ecdh/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ecdsa/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecdsatest.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_table.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/err/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/evp/encode.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/evp/p_seal.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/hmac/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/hmac/hmac.c | 28 +-
crypto/external/bsd/openssl/dist/crypto/hmac/hmac.h | 1 +
crypto/external/bsd/openssl/dist/crypto/idea/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/jpake/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/krb5/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/lhash/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/md2/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/md4/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/md5/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/mdc2/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/modes/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/objects/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/objects/objects.README | 8 +-
crypto/external/bsd/openssl/dist/crypto/objects/objects.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/ocsp/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_ext.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/pem/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem_pk8.c | 2 +
crypto/external/bsd/openssl/dist/crypto/pkcs12/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_mutl.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/pqueue/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/rand/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/rand/rand_os2.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/rc2/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/rc5/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ripemd/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_pmeth.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/seed/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/sha/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/srp/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/srp/srp_vfy.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/stack/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/store/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ts/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/txt_db/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/ui/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/whrlpool/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/x509/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/x509/x509_lu.c | 2 +
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h | 6 +
crypto/external/bsd/openssl/dist/crypto/x509/x509_vpm.c | 2 +
crypto/external/bsd/openssl/dist/crypto/x509/x509type.c | 3 -
crypto/external/bsd/openssl/dist/crypto/x509v3/Makefile | 2 +
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_alt.c | 18 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_cpols.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_utl.c | 4 +
crypto/external/bsd/openssl/dist/demos/easy_tls/easy-tls.c | 3 +-
crypto/external/bsd/openssl/dist/doc/apps/cms.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/apps/config.pod | 53 ++
crypto/external/bsd/openssl/dist/doc/apps/dhparam.pod | 13 +-
crypto/external/bsd/openssl/dist/doc/apps/ocsp.pod | 11 +
crypto/external/bsd/openssl/dist/doc/apps/s_client.pod | 7 +-
crypto/external/bsd/openssl/dist/doc/apps/s_server.pod | 9 +
crypto/external/bsd/openssl/dist/doc/apps/smime.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/apps/verify.pod | 13 +
crypto/external/bsd/openssl/dist/doc/crypto/BN_rand.pod | 3 +-
crypto/external/bsd/openssl/dist/doc/crypto/BN_set_bit.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +-
crypto/external/bsd/openssl/dist/doc/crypto/pem.pod | 27 +-
crypto/external/bsd/openssl/dist/e_os2.h | 8 +-
crypto/external/bsd/openssl/dist/engines/Makefile | 13 +-
crypto/external/bsd/openssl/dist/engines/ccgost/Makefile | 18 +-
crypto/external/bsd/openssl/dist/engines/ccgost/e_gost_err.c | 3 +-
crypto/external/bsd/openssl/dist/engines/ccgost/e_gost_err.h | 1 +
crypto/external/bsd/openssl/dist/engines/ccgost/gost2001.c | 229 +++++++--
crypto/external/bsd/openssl/dist/engines/ccgost/gost_ameth.c | 36 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gost_pmeth.c | 2 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gost_sign.c | 87 +++-
crypto/external/bsd/openssl/dist/engines/e_sureware.c | 27 +-
crypto/external/bsd/openssl/dist/ssl/d1_clnt.c | 10 +
crypto/external/bsd/openssl/dist/ssl/s2_pkt.c | 14 +
crypto/external/bsd/openssl/dist/ssl/s3_both.c | 2 +-
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c | 131 +++++-
crypto/external/bsd/openssl/dist/ssl/ssl_stat.c | 6 +
crypto/external/bsd/openssl/dist/tools/Makefile | 2 +
crypto/external/bsd/openssl/dist/util/mkerr.pl | 21 +-
crypto/external/bsd/openssl/dist/util/pl/BC-32.pl | 2 +-
crypto/external/bsd/openssl/dist/util/pl/VC-32.pl | 2 +-
152 files changed, 1062 insertions(+), 307 deletions(-)
diffs (truncated from 3832 to 300 lines):
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/Makefile.org
--- a/crypto/external/bsd/openssl/dist/Makefile.org Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile.org Fri Jun 12 16:34:57 2015 +0000
@@ -184,7 +184,7 @@
EXHEADER= e_os2.h
HEADER= e_os.h
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,7 +270,10 @@
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -459,6 +462,9 @@
report:
@$(PERL) util/selftest.pl
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -483,26 +489,10 @@
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/Makefile
--- a/crypto/external/bsd/openssl/dist/apps/Makefile Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/Makefile Fri Jun 12 16:34:57 2015 +0000
@@ -94,6 +94,9 @@
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+openssl-vms.cnf: openssl.cnf
+ $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -127,12 +130,12 @@
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
- fi
+update: openssl-vms.cnf local_depend
+
+depend: local_depend
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -144,10 +147,10 @@
rm -f req
$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
+ (cd ..; $(MAKE) build_libssl)
$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
+ (cd ..; $(MAKE) build_libcrypto)
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/apps.c
--- a/crypto/external/bsd/openssl/dist/apps/apps.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/apps.c Fri Jun 12 16:34:57 2015 +0000
@@ -572,7 +572,7 @@
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
- if(!prompt) {
+ if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
return 0;
@@ -586,7 +586,7 @@
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = (char *)OPENSSL_malloc(bufsiz);
- if(!buff) {
+ if (!buff) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
OPENSSL_free(prompt);
@@ -2238,6 +2238,8 @@
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else
return 0;
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/asn1pars.c
--- a/crypto/external/bsd/openssl/dist/apps/asn1pars.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/asn1pars.c Fri Jun 12 16:34:57 2015 +0000
@@ -375,7 +375,7 @@
{
CONF *cnf = NULL;
int len;
- long errline;
+ long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/cms.c
--- a/crypto/external/bsd/openssl/dist/apps/cms.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/cms.c Fri Jun 12 16:34:57 2015 +0000
@@ -581,6 +581,8 @@
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/dhparam.c
--- a/crypto/external/bsd/openssl/dist/apps/dhparam.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/dhparam.c Fri Jun 12 16:34:57 2015 +0000
@@ -130,7 +130,7 @@
# undef PROG
# define PROG dhparam_main
-# define DEFBITS 512
+# define DEFBITS 2048
/*-
* -inform arg - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@
BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err,
- " numbits number of bits in to generate (default 512)\n");
+ " numbits number of bits in to generate (default 2048)\n");
# ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n");
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/enc.c
--- a/crypto/external/bsd/openssl/dist/apps/enc.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/enc.c Fri Jun 12 16:34:57 2015 +0000
@@ -548,9 +548,14 @@
else
OPENSSL_cleanse(str, strlen(str));
}
- if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
- BIO_printf(bio_err, "invalid hex iv value\n");
- goto end;
+ if (hiv != NULL) {
+ int siz = EVP_CIPHER_iv_length(cipher);
+ if (siz == 0) {
+ BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+ } else if (!set_hex(hiv, iv, sizeof iv)) {
+ BIO_printf(bio_err, "invalid hex iv value\n");
+ goto end;
+ }
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
@@ -562,7 +567,7 @@
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+ if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/gendh.c
--- a/crypto/external/bsd/openssl/dist/apps/gendh.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/gendh.c Fri Jun 12 16:34:57 2015 +0000
@@ -80,7 +80,7 @@
# include <openssl/x509.h>
# include <openssl/pem.h>
-# define DEFBITS 512
+# define DEFBITS 2048
# undef PROG
# define PROG gendh_main
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/s_cb.c
--- a/crypto/external/bsd/openssl/dist/apps/s_cb.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_cb.c Fri Jun 12 16:34:57 2015 +0000
@@ -111,6 +111,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h> /* for memcpy() */
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
@@ -747,7 +748,7 @@
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/smime.c
--- a/crypto/external/bsd/openssl/dist/apps/smime.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/smime.c Fri Jun 12 16:34:57 2015 +0000
@@ -442,6 +442,8 @@
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
+ "-no_alt_chains only ever use the first certificate chain found\n");
+ BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err,
"-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/srp.c
--- a/crypto/external/bsd/openssl/dist/apps/srp.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/srp.c Fri Jun 12 16:34:57 2015 +0000
@@ -435,7 +435,7 @@
# ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
@@ -443,7 +443,7 @@
# else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
- if(!tofree) {
+ if (!tofree) {
BIO_printf(bio_err, "Out of memory\n");
goto err;
}
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/apps/verify.c
--- a/crypto/external/bsd/openssl/dist/apps/verify.c Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/verify.c Fri Jun 12 16:34:57 2015 +0000
@@ -227,7 +227,7 @@
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err, " [-attime timestamp]");
+ BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]");
#endif
diff -r 433615d4a867 -r 6f1c3c36272a crypto/external/bsd/openssl/dist/crypto/asn1/Makefile
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/Makefile Fri Jun 12 16:28:39 2015 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/Makefile Fri Jun 12 16:34:57 2015 +0000
@@ -93,6 +93,8 @@
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
+update: depend
+
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
Home |
Main Index |
Thread Index |
Old Index