Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src Apply patch (requested by spz in ticket #1260):
details: https://anonhg.NetBSD.org/src/rev/3d3873ba80c7
branches: netbsd-7
changeset: 799991:3d3873ba80c7
user: snj <snj%NetBSD.org@localhost>
date: Thu Oct 06 05:51:13 2016 +0000
description:
Apply patch (requested by spz in ticket #1260):
Update OpenSSL to 1.0.1u. Changes:
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
o SWEET32 Mitigation (CVE-2016-2183)
o OOB write in MDC2_Update() (CVE-2016-6303)
o Malformed SHA512 ticket DoS (CVE-2016-6302)
o OOB write in BN_bn2dec() (CVE-2016-2182)
o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
o Pointer arithmetic undefined behaviour (CVE-2016-2177)
o Constant time flag not preserved in DSA signing (CVE-2016-2178)
o DTLS buffered message DoS (CVE-2016-2179)
o DTLS replay protection DoS (CVE-2016-2181)
o Certificate message OOB reads (CVE-2016-6306)
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 160 ++++++++
crypto/external/bsd/openssl/dist/CONTRIBUTING | 93 +++-
crypto/external/bsd/openssl/dist/Configure | 2 +-
crypto/external/bsd/openssl/dist/Makefile | 2 +-
crypto/external/bsd/openssl/dist/NEWS | 14 +
crypto/external/bsd/openssl/dist/README | 2 +-
crypto/external/bsd/openssl/dist/apps/apps.c | 2 +
crypto/external/bsd/openssl/dist/apps/enc.c | 2 +-
crypto/external/bsd/openssl/dist/apps/passwd.c | 4 +-
crypto/external/bsd/openssl/dist/apps/s_server.c | 2 +-
crypto/external/bsd/openssl/dist/apps/x509.c | 6 +
crypto/external/bsd/openssl/dist/crypto/asn1/a_bytes.c | 58 ++-
crypto/external/bsd/openssl/dist/crypto/asn1/a_object.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_set.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_lib.c | 32 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/asn1/d2i_pr.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/asn1/f_enum.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/f_int.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/f_string.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/p5_pbe.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/asn1/p5_pbev2.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c | 26 +-
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_prn.c | 2 +
crypto/external/bsd/openssl/dist/crypto/asn1/x_name.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/bio/bf_nbio.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_enc.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_ess.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/des/des.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/des/enc_writ.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_gen.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c | 7 +-
crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/evp/digest.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_seed.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/md2/md2_dgst.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/md32_common.h | 10 +-
crypto/external/bsd/openssl/dist/crypto/mdc2/mdc2dgst.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_ext.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem.h | 1 +
crypto/external/bsd/openssl/dist/crypto/pem/pem_err.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c | 7 +
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_mutl.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_npas.c | 111 ++---
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_utl.c | 4 +
crypto/external/bsd/openssl/dist/crypto/pkcs12/pkcs12.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/srp/srp_lib.c | 20 +-
crypto/external/bsd/openssl/dist/crypto/srp/srp_vfy.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/ts/ts_lib.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/whrlpool/wp_dgst.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_err.c | 1 +
crypto/external/bsd/openssl/dist/crypto/x509/x509_txt.c | 6 +
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 146 ++++++-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h | 24 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c | 6 +
crypto/external/bsd/openssl/dist/doc/apps/cms.pod | 3 +
crypto/external/bsd/openssl/dist/doc/apps/smime.pod | 3 +
crypto/external/bsd/openssl/dist/doc/apps/verify.pod | 5 +
crypto/external/bsd/openssl/dist/doc/crypto/X509_verify_cert.pod | 13 +-
crypto/external/bsd/openssl/dist/doc/crypto/d2i_PrivateKey.pod | 59 +++
crypto/external/bsd/openssl/dist/openssl.spec | 2 +-
crypto/external/bsd/openssl/dist/ssl/d1_both.c | 43 +-
crypto/external/bsd/openssl/dist/ssl/d1_clnt.c | 1 +
crypto/external/bsd/openssl/dist/ssl/d1_lib.c | 43 +-
crypto/external/bsd/openssl/dist/ssl/d1_pkt.c | 92 ++++-
crypto/external/bsd/openssl/dist/ssl/d1_srvr.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/s23_clnt.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/s2_clnt.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c | 12 +-
crypto/external/bsd/openssl/dist/ssl/s3_both.c | 38 +-
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c | 30 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 34 +-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 27 +-
crypto/external/bsd/openssl/dist/ssl/ssl.h | 1 +
crypto/external/bsd/openssl/dist/ssl/ssl_err.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 3 +-
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 89 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa1.pem | 75 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa2.pem | 75 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa3.pem | 75 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smroot.pem | 75 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa1.pem | 74 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa2.pem | 74 ++-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa3.pem | 74 ++-
crypto/external/bsd/openssl/lib/libcrypto/man.inc | 10 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ASN1_OBJECT_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ASN1_STRING_length.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ASN1_STRING_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ASN1_STRING_print_ex.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ASN1_generate_nconf.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_ctrl.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_base64.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_buffer.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_cipher.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_md.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_null.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_f_ssl.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_find_type.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_new_CMS.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_push.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_read.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_accept.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_bio.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_connect.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_fd.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_file.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_mem.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_null.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_s_socket.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_set_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BIO_should_retry.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_BLINDING_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_CTX_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_CTX_start.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_add.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_add_word.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_bn2bin.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_cmp.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_copy.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_generate_prime.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_mod_inverse.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_mod_mul_montgomery.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_num_bytes.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_rand.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_set_bit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_swap.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/BN_zero.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_add0_cert.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_add1_recipient_cert.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_add1_signer.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_compress.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_decrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_encrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_final.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_get0_RecipientInfos.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_get0_SignerInfos.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_get0_type.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_sign_receipt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_uncompress.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_verify.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CMS_verify_receipt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CONF_modules_free.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CONF_modules_load_file.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/CRYPTO_set_ex_data.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_generate_key.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_generate_parameters.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_set_method.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DH_size.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_SIG_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_do_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_dup_DH.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_generate_key.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_generate_parameters.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_set_method.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/DSA_size.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_GET_LIB.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_clear_error.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_error_string.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_get_error.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_load_crypto_strings.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_load_strings.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_print_errors.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_put_error.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_remove_state.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ERR_set_mark.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_BytesToKey.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_DigestInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_DigestSignInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_DigestVerifyInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_EncodeInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_EncryptInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_OpenInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_CTX_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_cmp.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_decrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_derive.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_encrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_keygen.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_print_private.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_verify.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_PKEY_verify_recover.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_SealInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_SignInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/EVP_VerifyInit.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OBJ_nid2obj.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OPENSSL_Applink.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OPENSSL_config.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OPENSSL_ia32cap.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS12_create.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS12_parse.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS7_decrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS7_encrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS7_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS7_sign_add_signer.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/PKCS7_verify.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_add.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_bytes.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_cleanup.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_egd.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_load_file.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RAND_set_rand_method.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_blinding_on.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_check_key.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_generate_key.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_print.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_private_encrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_public_encrypt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_set_method.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_sign.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/RSA_size.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SMIME_read_CMS.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SMIME_read_PKCS7.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SMIME_write_CMS.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SMIME_write_PKCS7.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CIPHER_get_name.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_COMP_add_compression_method.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_add_session.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_ctrl.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_flush_sessions.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_free.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_sess_number.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_sessions.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_cert_store.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_info_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_mode.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_options.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_timeout.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_set_verify.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_use_certificate.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_SESSION_free.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_SESSION_get_time.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_accept.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_alert_type_string.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_clear.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_connect.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_do_handshake.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_free.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_SSL_CTX.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_ciphers.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_client_CA_list.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_current_cipher.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_default_timeout.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_error.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_fd.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_peer_cert_chain.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_peer_certificate.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_psk_identity.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_rbio.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_session.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_verify_result.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_get_version.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_library_init.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_load_client_CA_file.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_pending.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_read.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_rstate_string.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_session_reused.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_bio.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_connect_state.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_fd.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_session.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_shutdown.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_set_verify_result.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_shutdown.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_state_string.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_want.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/SSL_write.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_NAME_print_ex.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_STORE_CTX_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_new.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/X509_verify_cert.3 | 39 +-
crypto/external/bsd/openssl/lib/libcrypto/man/crypto.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_ASN1_OBJECT.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_CMS_ContentInfo.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_DHparams.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_DSAPublicKey.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_ECPrivateKey.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_PrivateKey.3 | 191 ++++++++++
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_RSAPublicKey.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_SSL_SESSION.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509_ALGOR.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509_CRL.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509_NAME.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509_REQ.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/d2i_X509_SIG.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/des_modes.7 | 24 +-
crypto/external/bsd/openssl/lib/libcrypto/man/i2d_CMS_bio_stream.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/lh_stats.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl.cnf.5 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_CA.pl.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_asn1parse.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_bio.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_blowfish.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_bn.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_bn_internal.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_buffer.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_c_rehash.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ca.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ciphers.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_cms.1 | 29 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_crl.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_crl2pkcs7.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_des.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dgst.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dh.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dhparam.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dsa.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dsa.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_dsaparam.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ec.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ecdsa.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ecparam.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_enc.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_engine.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_err.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_errstr.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_evp.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_gendsa.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_genpkey.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_genrsa.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_hmac.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_lhash.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_md5.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_mdc2.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_nseq.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ocsp.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_passwd.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pem.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkcs12.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkcs7.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkcs8.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkey.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkeyparam.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_pkeyutl.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rand.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rand.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rc4.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_req.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ripemd.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rsa.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rsa.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_rsautl.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_s_client.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_s_server.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_s_time.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_sess_id.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_sha.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_smime.1 | 29 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_speed.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_spkac.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_threads.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ts.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_tsget.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ui.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_ui_compat.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_verify.1 | 30 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_version.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_x509.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_x509.3 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/openssl_x509v3_config.1 | 26 +-
crypto/external/bsd/openssl/lib/libcrypto/man/ssl.3 | 26 +-
distrib/sets/lists/comp/mi | 20 +-
distrib/sets/lists/man/mi | 8 +-
doc/3RDPARTY | 6 +-
441 files changed, 5354 insertions(+), 5742 deletions(-)
diffs (truncated from 24261 to 300 lines):
diff -r 217d8f0f0a63 -r 3d3873ba80c7 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Wed Oct 05 10:52:52 2016 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Thu Oct 06 05:51:13 2016 +0000
@@ -2,6 +2,166 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1t and 1.0.1u [22 Sep 2016]
+
+ *) OCSP Status Request extension unbounded memory growth
+
+ A malicious client can send an excessively large OCSP Status Request
+ extension. If that client continually requests renegotiation, sending a
+ large OCSP Status Request extension each time, then there will be unbounded
+ memory growth on the server. This will eventually lead to a Denial Of
+ Service attack through memory exhaustion. Servers with a default
+ configuration are vulnerable even if they do not support OCSP. Builds using
+ the "no-ocsp" build time option are not affected.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6304)
+ [Matt Caswell]
+
+ *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
+ HIGH to MEDIUM.
+
+ This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
+ Leurent (INRIA)
+ (CVE-2016-2183)
+ [Rich Salz]
+
+ *) OOB write in MDC2_Update()
+
+ An overflow can occur in MDC2_Update() either if called directly or
+ through the EVP_DigestUpdate() function using MDC2. If an attacker
+ is able to supply very large amounts of input data after a previous
+ call to EVP_EncryptUpdate() with a partial block then a length check
+ can overflow resulting in a heap corruption.
+
+ The amount of data needed is comparable to SIZE_MAX which is impractical
+ on most platforms.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6303)
+ [Stephen Henson]
+
+ *) Malformed SHA512 ticket DoS
+
+ If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
+ DoS attack where a malformed ticket will result in an OOB read which will
+ ultimately crash.
+
+ The use of SHA512 in TLS session tickets is comparatively rare as it requires
+ a custom server callback and ticket lookup mechanism.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6302)
+ [Stephen Henson]
+
+ *) OOB write in BN_bn2dec()
+
+ The function BN_bn2dec() does not check the return value of BN_div_word().
+ This can cause an OOB write if an application uses this function with an
+ overly large BIGNUM. This could be a problem if an overly large certificate
+ or CRL is printed out from an untrusted source. TLS is not affected because
+ record limits will reject an oversized certificate before it is parsed.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-2182)
+ [Stephen Henson]
+
+ *) OOB read in TS_OBJ_print_bio()
+
+ The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
+ the total length the OID text representation would use and not the amount
+ of data written. This will result in OOB reads when large OIDs are
+ presented.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-2180)
+ [Stephen Henson]
+
+ *) Pointer arithmetic undefined behaviour
+
+ Avoid some undefined pointer arithmetic
+
+ A common idiom in the codebase is to check limits in the following manner:
+ "p + len > limit"
+
+ Where "p" points to some malloc'd data of SIZE bytes and
+ limit == p + SIZE
+
+ "len" here could be from some externally supplied data (e.g. from a TLS
+ message).
+
+ The rules of C pointer arithmetic are such that "p + len" is only well
+ defined where len <= SIZE. Therefore the above idiom is actually
+ undefined behaviour.
+
+ For example this could cause problems if some malloc implementation
+ provides an address for "p" such that "p + len" actually overflows for
+ values of len that are too big and therefore p + len < limit.
+
+ This issue was reported to OpenSSL by Guido Vranken
+ (CVE-2016-2177)
+ [Matt Caswell]
+
+ *) Constant time flag not preserved in DSA signing
+
+ Operations in the DSA signing algorithm should run in constant time in
+ order to avoid side channel attacks. A flaw in the OpenSSL DSA
+ implementation means that a non-constant time codepath is followed for
+ certain operations. This has been demonstrated through a cache-timing
+ attack to be sufficient for an attacker to recover the private DSA key.
+
+ This issue was reported by César Pereida (Aalto University), Billy Brumley
+ (Tampere University of Technology), and Yuval Yarom (The University of
+ Adelaide and NICTA).
+ (CVE-2016-2178)
+ [César Pereida]
+
+ *) DTLS buffered message DoS
+
+ In a DTLS connection where handshake messages are delivered out-of-order
+ those messages that OpenSSL is not yet ready to process will be buffered
+ for later use. Under certain circumstances, a flaw in the logic means that
+ those messages do not get removed from the buffer even though the handshake
+ has been completed. An attacker could force up to approx. 15 messages to
+ remain in the buffer when they are no longer required. These messages will
+ be cleared when the DTLS connection is closed. The default maximum size for
+ a message is 100k. Therefore the attacker could force an additional 1500k
+ to be consumed per connection. By opening many simulataneous connections an
+ attacker could cause a DoS attack through memory exhaustion.
+
+ This issue was reported to OpenSSL by Quan Luo.
+ (CVE-2016-2179)
+ [Matt Caswell]
+
+ *) DTLS replay protection DoS
+
+ A flaw in the DTLS replay attack protection mechanism means that records
+ that arrive for future epochs update the replay protection "window" before
+ the MAC for the record has been validated. This could be exploited by an
+ attacker by sending a record for the next epoch (which does not have to
+ decrypt or have a valid MAC), with a very large sequence number. This means
+ that all subsequent legitimate packets are dropped causing a denial of
+ service for a specific DTLS connection.
+
+ This issue was reported to OpenSSL by the OCAP audit team.
+ (CVE-2016-2181)
+ [Matt Caswell]
+
+ *) Certificate message OOB reads
+
+ In OpenSSL 1.0.2 and earlier some missing message length checks can result
+ in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
+ theoretical DoS risk but this has not been observed in practice on common
+ platforms.
+
+ The messages affected are client certificate, client certificate request
+ and server certificate. As a result the attack can only be performed
+ against a client or a server which enables client authentication.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6306)
+ [Stephen Henson]
+
Changes between 1.0.1s and 1.0.1t [3 May 2016]
*) Prevent padding oracle in AES-NI CBC MAC check
diff -r 217d8f0f0a63 -r 3d3873ba80c7 crypto/external/bsd/openssl/dist/CONTRIBUTING
--- a/crypto/external/bsd/openssl/dist/CONTRIBUTING Wed Oct 05 10:52:52 2016 +0000
+++ b/crypto/external/bsd/openssl/dist/CONTRIBUTING Thu Oct 06 05:51:13 2016 +0000
@@ -1,38 +1,75 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
+HOW TO CONTRIBUTE TO PATCHES OpenSSL
+------------------------------------
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to rt%openssl.org@localhost with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt%openssl.org@localhost with a brief description and a link to the PR so
-that we can more easily keep track of it.
-
+Development is coordinated on the openssl-dev mailing list (see the
+above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first. Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag. OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to rt%openssl.org@localhost to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
+You can also submit patches by sending it as mail to rt%openssl.org@localhost.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line. If you do this, our preferred format is "git
+format-patch" output. For example to provide a patch file containing the
+last commit in your local git repository use the following command:
-# git format-patch --stdout HEAD^ >mydiffs.patch
+ % git format-patch --stdout HEAD^ >mydiffs.patch
Another method of creating an acceptable patch file without using git is as
follows:
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch
+ % cd openssl-work
+ ...make your changes...
+ % ./Configure dist; make clean
+ % cd ..
+ % diff -ur openssl-orig openssl-work >mydiffs.patch
+
+Note that pull requests are generally easier for the team, and community, to
+work with. Pull requests benefit from all of the standard GitHub features,
+including code review tools, simpler integration, and CI build support.
+
+No matter how a patch is submitted, the following items will help make
+the acceptance and review process faster:
+
+ 1. Anything other than trivial contributions will require a contributor
+ licensing agreement, giving us permission to use your code. See
+ https://www.openssl.org/policies/cla.html for details.
+
+ 2. All source files should start with the following text (with
+ appropriate comment characters at the start of each line and the
+ year(s) updated):
+
+ Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+ Licensed under the OpenSSL license (the "License"). You may not use
+ this file except in compliance with the License. You can obtain a copy
+ in the file LICENSE in the source distribution or at
+ https://www.openssl.org/source/license.html
+
+ 3. Patches should be as current as possible. When using GitHub, please
+ expect to have to rebase and update often. Note that we do not accept merge
+ commits. You will be asked to remove them before a patch is considered
+ acceptable.
+
+ 4. Patches should follow our coding style (see
+ https://www.openssl.org/policies/codingstyle.html) and compile without
+ warnings. Where gcc or clang is availble you should use the
+ --strict-warnings Configure option. OpenSSL compiles on many varied
+ platforms: try to ensure you only use portable features.
+
+ 5. When at all possible, patches should include tests. These can either be
+ added to an existing test, or completely new. Please see test/README
+ for information on the test framework.
+
+ 6. New features or changed functionality must include documentation. Please
+ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+ our style.
diff -r 217d8f0f0a63 -r 3d3873ba80c7 crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure Wed Oct 05 10:52:52 2016 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure Thu Oct 06 05:51:13 2016 +0000
@@ -741,7 +741,7 @@
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE
-DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2
-DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
diff -r 217d8f0f0a63 -r 3d3873ba80c7 crypto/external/bsd/openssl/dist/Makefile
--- a/crypto/external/bsd/openssl/dist/Makefile Wed Oct 05 10:52:52 2016 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile Thu Oct 06 05:51:13 2016 +0000
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1t
+VERSION=1.0.1u
MAJOR=1
MINOR=0.1
Home |
Main Index |
Thread Index |
Old Index