Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssl/dist merge conflicts



details:   https://anonhg.NetBSD.org/src/rev/99dfb5ce0592
branches:  trunk
changeset: 970889:99dfb5ce0592
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Apr 05 21:53:44 2020 +0000

description:
merge conflicts

diffstat:

 crypto/external/bsd/openssl/dist/CHANGES                |  18 +++++++++++++++++
 crypto/external/bsd/openssl/dist/NEWS                   |   6 +++++
 crypto/external/bsd/openssl/dist/README                 |   4 +-
 crypto/external/bsd/openssl/dist/apps/s_server.c        |   4 +-
 crypto/external/bsd/openssl/dist/crypto/ex_data.c       |   6 ++--
 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c |  10 ++------
 crypto/external/bsd/openssl/dist/ssl/ssl_err.c          |   4 +--
 7 files changed, 35 insertions(+), 17 deletions(-)

diffs (153 lines):

diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES  Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES  Sun Apr 05 21:53:44 2020 +0000
@@ -7,6 +7,24 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
+
+  *) Revert the change of EOF detection while reading in libssl to avoid
+     regressions in applications depending on the current way of reporting
+     the EOF. As the existing method is not fully accurate the change to
+     reporting the EOF via SSL_ERROR_SSL is kept on the current development
+     branch and will be present in the 3.0 release.
+     [Tomas Mraz]
+
+  *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
+     when primes for RSA keys are computed.
+     Since we previously always generated primes == 2 (mod 3) for RSA keys,
+     the 2-prime and 3-prime RSA modules were easy to distinguish, since
+     N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+     2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
+     This avoids possible fingerprinting of newly generated RSA modules.
+     [Bernd Edlinger]
+
  Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
   *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
      while reading in libssl then we would report an error back to the
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS     Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS     Sun Apr 05 21:53:44 2020 +0000
@@ -5,10 +5,16 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+      o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
   Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
 
       o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
         used in exponentiation with 512-bit moduli (CVE-2019-1551)
+      o Properly detect unexpected EOF while reading in libssl and report
+        it via SSL_ERROR_SSL
 
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
 
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/README
--- a/crypto/external/bsd/openssl/dist/README   Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/README   Sun Apr 05 21:53:44 2020 +0000
@@ -1,7 +1,7 @@
 
- OpenSSL 1.1.1e 17 Mar 2020
+ OpenSSL 1.1.1f 31 Mar 2020
 
- Copyright (c) 1998-2019 The OpenSSL Project
+ Copyright (c) 1998-2020 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/apps/s_server.c
--- a/crypto/external/bsd/openssl/dist/apps/s_server.c  Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_server.c  Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1904,7 +1904,7 @@
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
         if (sdebug)
-            ssl_ctx_security_debug(ctx, sdebug);
+            ssl_ctx_security_debug(ctx2, sdebug);
 
         if (session_id_prefix) {
             if (strlen(session_id_prefix) >= 32)
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/crypto/ex_data.c
--- a/crypto/external/bsd/openssl/dist/crypto/ex_data.c Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/ex_data.c Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -235,7 +235,7 @@
         return 0;
     }
     for (i = 0; i < mx; i++) {
-        if (storage[i] && storage[i]->new_func) {
+        if (storage[i] != NULL && storage[i]->new_func != NULL) {
             ptr = CRYPTO_get_ex_data(ad, i);
             storage[i]->new_func(obj, ptr, ad, i,
                                  storage[i]->argl, storage[i]->argp);
@@ -299,7 +299,7 @@
 
     for (i = 0; i < mx; i++) {
         ptr = CRYPTO_get_ex_data(from, i);
-        if (storage[i] && storage[i]->dup_func)
+        if (storage[i] != NULL && storage[i]->dup_func != NULL)
             if (!storage[i]->dup_func(to, from, &ptr, i,
                                       storage[i]->argl, storage[i]->argp))
                 goto err;
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
--- a/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c   Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c   Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -107,12 +107,8 @@
 /* Return 1 is a certificate is self signed */
 static int cert_self_signed(X509 *x)
 {
-    /*
-     * FIXME: x509v3_cache_extensions() needs to detect more failures and not
-     * set EXFLAG_SET when that happens.  Especially, if the failures are
-     * parse errors, rather than memory pressure!
-     */
-    X509_check_purpose(x, -1, 0);
+    if (X509_check_purpose(x, -1, 0) != 1)
+        return 0;
     if (x->ex_flags & EXFLAG_SS)
         return 1;
     else
diff -r 00bc54e3c6d3 -r 99dfb5ce0592 crypto/external/bsd/openssl/dist/ssl/ssl_err.c
--- a/crypto/external/bsd/openssl/dist/ssl/ssl_err.c    Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/ssl_err.c    Sun Apr 05 21:53:44 2020 +0000
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1205,8 +1205,6 @@
     "unexpected ccs message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
     "unexpected end of early data"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
-    "unexpected eof while reading"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},



Home | Main Index | Thread Index | Old Index