Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist merge conflicts
details: https://anonhg.NetBSD.org/src/rev/8e64312b8e8f
branches: trunk
changeset: 850510:8e64312b8e8f
user: christos <christos%NetBSD.org@localhost>
date: Sun Apr 05 21:53:44 2020 +0000
description:
merge conflicts
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 18 +++++++++++++++++
crypto/external/bsd/openssl/dist/NEWS | 6 +++++
crypto/external/bsd/openssl/dist/README | 4 +-
crypto/external/bsd/openssl/dist/apps/s_server.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ex_data.c | 6 ++--
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 10 ++------
crypto/external/bsd/openssl/dist/ssl/ssl_err.c | 4 +--
7 files changed, 35 insertions(+), 17 deletions(-)
diffs (153 lines):
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Sun Apr 05 21:53:44 2020 +0000
@@ -7,6 +7,24 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
+
+ *) Revert the change of EOF detection while reading in libssl to avoid
+ regressions in applications depending on the current way of reporting
+ the EOF. As the existing method is not fully accurate the change to
+ reporting the EOF via SSL_ERROR_SSL is kept on the current development
+ branch and will be present in the 3.0 release.
+ [Tomas Mraz]
+
+ *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
+ when primes for RSA keys are computed.
+ Since we previously always generated primes == 2 (mod 3) for RSA keys,
+ the 2-prime and 3-prime RSA modules were easy to distinguish, since
+ N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+ 2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
+ This avoids possible fingerprinting of newly generated RSA modules.
+ [Bernd Edlinger]
+
Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
*) Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS Sun Apr 05 21:53:44 2020 +0000
@@ -5,10 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+ o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
+ o Properly detect unexpected EOF while reading in libssl and report
+ it via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/README
--- a/crypto/external/bsd/openssl/dist/README Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/README Sun Apr 05 21:53:44 2020 +0000
@@ -1,7 +1,7 @@
- OpenSSL 1.1.1e 17 Mar 2020
+ OpenSSL 1.1.1f 31 Mar 2020
- Copyright (c) 1998-2019 The OpenSSL Project
+ Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/apps/s_server.c
--- a/crypto/external/bsd/openssl/dist/apps/s_server.c Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_server.c Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1904,7 +1904,7 @@
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
+ ssl_ctx_security_debug(ctx2, sdebug);
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/crypto/ex_data.c
--- a/crypto/external/bsd/openssl/dist/crypto/ex_data.c Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/ex_data.c Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -235,7 +235,7 @@
return 0;
}
for (i = 0; i < mx; i++) {
- if (storage[i] && storage[i]->new_func) {
+ if (storage[i] != NULL && storage[i]->new_func != NULL) {
ptr = CRYPTO_get_ex_data(ad, i);
storage[i]->new_func(obj, ptr, ad, i,
storage[i]->argl, storage[i]->argp);
@@ -299,7 +299,7 @@
for (i = 0; i < mx; i++) {
ptr = CRYPTO_get_ex_data(from, i);
- if (storage[i] && storage[i]->dup_func)
+ if (storage[i] != NULL && storage[i]->dup_func != NULL)
if (!storage[i]->dup_func(to, from, &ptr, i,
storage[i]->argl, storage[i]->argp))
goto err;
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
--- a/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sun Apr 05 21:53:44 2020 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -107,12 +107,8 @@
/* Return 1 is a certificate is self signed */
static int cert_self_signed(X509 *x)
{
- /*
- * FIXME: x509v3_cache_extensions() needs to detect more failures and not
- * set EXFLAG_SET when that happens. Especially, if the failures are
- * parse errors, rather than memory pressure!
- */
- X509_check_purpose(x, -1, 0);
+ if (X509_check_purpose(x, -1, 0) != 1)
+ return 0;
if (x->ex_flags & EXFLAG_SS)
return 1;
else
diff -r 2b90a1cd758f -r 8e64312b8e8f crypto/external/bsd/openssl/dist/ssl/ssl_err.c
--- a/crypto/external/bsd/openssl/dist/ssl/ssl_err.c Sun Apr 05 21:50:44 2020 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/ssl_err.c Sun Apr 05 21:53:44 2020 +0000
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1205,8 +1205,6 @@
"unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
"unexpected end of early data"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
- "unexpected eof while reading"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
Home |
Main Index |
Thread Index |
Old Index