Module Name: src
Committed By: martin
Date: Mon Jan 26 11:47:24 UTC 2015
Modified Files:
src/crypto/dist/openssl/apps [netbsd-5-1]: s_client.c s_server.c
speed.c
src/crypto/dist/openssl/crypto [netbsd-5-1]: Makefile
constant_time_locl.h cversion.c
src/crypto/dist/openssl/crypto/asn1 [netbsd-5-1]: a_bitstr.c a_type.c
a_verify.c asn1.h asn1_err.c tasn_dec.c x_algor.c
src/crypto/dist/openssl/crypto/bio [netbsd-5-1]: bio.h bss_dgram.c
src/crypto/dist/openssl/crypto/bn [netbsd-5-1]: bn_asm.c bntest.c
src/crypto/dist/openssl/crypto/bn/asm [netbsd-5-1]: mips3.s
x86_64-gcc.c
src/crypto/dist/openssl/crypto/dsa [netbsd-5-1]: dsa_vrf.c
src/crypto/dist/openssl/crypto/ec [netbsd-5-1]: ec_mult.c ec_pmeth.c
src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-1]: ecs_vrf.c
src/crypto/dist/openssl/crypto/evp [netbsd-5-1]: Makefile evp_enc.c
src/crypto/dist/openssl/crypto/objects [netbsd-5-1]: obj_xref.h
objxref.pl
src/crypto/dist/openssl/crypto/ts [netbsd-5-1]: ts_rsp_sign.c
src/crypto/dist/openssl/crypto/x509 [netbsd-5-1]: x509.h x509_vpm.c
x_all.c
src/crypto/dist/openssl/ssl [netbsd-5-1]: d1_both.c d1_clnt.c d1_enc.c
d1_lib.c d1_pkt.c d1_srvr.c dtls1.h s23_srvr.c s2_enc.c s2_pkt.c
s2_srvr.c s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c
ssl.h ssl_cert.c ssl_lib.c ssl_locl.h
src/crypto/dist/openssl/util [netbsd-5-1]: libeay.num mk1mf.pl
src/distrib/sets/lists/base [netbsd-5-1]: md.amd64 md.sparc64 shl.mi
src/lib/libcrypto [netbsd-5-1]: shlib_version
src/lib/libssl [netbsd-5-1]: shlib_version
Log Message:
Change the following, requested by spz in ticket #1945:
crypto/dist/openssl/apps/s_client.c patch
crypto/dist/openssl/apps/s_server.c patch
crypto/dist/openssl/apps/speed.c patch
crypto/dist/openssl/crypto/Makefile patch
crypto/dist/openssl/crypto/constant_time_locl.h patch
crypto/dist/openssl/crypto/cversion.c patch
crypto/dist/openssl/crypto/asn1/a_bitstr.c patch
crypto/dist/openssl/crypto/asn1/a_type.c patch
crypto/dist/openssl/crypto/asn1/a_verify.c patch
crypto/dist/openssl/crypto/asn1/asn1.h patch
crypto/dist/openssl/crypto/asn1/asn1_err.c patch
crypto/dist/openssl/crypto/asn1/tasn_dec.c patch
crypto/dist/openssl/crypto/asn1/x_algor.c patch
crypto/dist/openssl/crypto/bio/bio.h patch
crypto/dist/openssl/crypto/bio/bss_dgram.c patch
crypto/dist/openssl/crypto/bn/bn_asm.c patch
crypto/dist/openssl/crypto/bn/bntest.c patch
crypto/dist/openssl/crypto/bn/asm/mips3.s patch
crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c patch
crypto/dist/openssl/crypto/dsa/dsa_vrf.c patch
crypto/dist/openssl/crypto/ec/ec_mult.c patch
crypto/dist/openssl/crypto/ec/ec_pmeth.c patch
crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c patch
crypto/dist/openssl/crypto/evp/Makefile patch
crypto/dist/openssl/crypto/evp/evp_enc.c patch
crypto/dist/openssl/crypto/objects/obj_xref.h patch
crypto/dist/openssl/crypto/objects/objxref.pl patch
crypto/dist/openssl/crypto/ts/ts_rsp_sign.c patch
crypto/dist/openssl/crypto/x509/x509.h patch
crypto/dist/openssl/crypto/x509/x509_vpm.c patch
crypto/dist/openssl/crypto/x509/x_all.c patch
crypto/dist/openssl/ssl/d1_both.c patch
crypto/dist/openssl/ssl/d1_clnt.c patch
crypto/dist/openssl/ssl/d1_enc.c patch
crypto/dist/openssl/ssl/d1_lib.c patch
crypto/dist/openssl/ssl/d1_pkt.c patch
crypto/dist/openssl/ssl/d1_srvr.c patch
crypto/dist/openssl/ssl/dtls1.h patch
crypto/dist/openssl/ssl/s23_srvr.c patch
crypto/dist/openssl/ssl/s2_enc.c patch
crypto/dist/openssl/ssl/s2_pkt.c patch
crypto/dist/openssl/ssl/s2_srvr.c patch
crypto/dist/openssl/ssl/s3_both.c patch
crypto/dist/openssl/ssl/s3_clnt.c patch
crypto/dist/openssl/ssl/s3_enc.c patch
crypto/dist/openssl/ssl/s3_lib.c patch
crypto/dist/openssl/ssl/s3_pkt.c patch
crypto/dist/openssl/ssl/s3_srvr.c patch
crypto/dist/openssl/ssl/ssl.h patch
crypto/dist/openssl/ssl/ssl_cert.c patch
crypto/dist/openssl/ssl/ssl_lib.c patch
crypto/dist/openssl/ssl/ssl_locl.h patch
crypto/dist/openssl/util/libeay.num patch
crypto/dist/openssl/util/mk1mf.pl patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/shl.mi patch
lib/libcrypto/shlib_version patch
lib/libssl/shlib_version patch
Apply fixes for the following OpenSSL vulnerabilities:
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Certificate fingerprints can be modified (CVE-2014-8275)
Bignum squaring may produce incorrect results (CVE-2014-3570)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.11.12.1 -r1.1.1.11.12.2 \
src/crypto/dist/openssl/apps/s_client.c
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.12.1 src/crypto/dist/openssl/apps/s_server.c
cvs rdiff -u -r1.8.4.1 -r1.8.4.1.6.1 src/crypto/dist/openssl/apps/speed.c
cvs rdiff -u -r1.1.1.4.12.1 -r1.1.1.4.12.2 \
src/crypto/dist/openssl/crypto/Makefile
cvs rdiff -u -r1.1.4.2 -r1.1.4.3 \
src/crypto/dist/openssl/crypto/constant_time_locl.h
cvs rdiff -u -r1.5 -r1.5.34.1 src/crypto/dist/openssl/crypto/cversion.c
cvs rdiff -u -r1.1.1.9 -r1.1.1.9.12.1 \
src/crypto/dist/openssl/crypto/asn1/a_bitstr.c
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 \
src/crypto/dist/openssl/crypto/asn1/a_type.c \
src/crypto/dist/openssl/crypto/asn1/a_verify.c
cvs rdiff -u -r1.9.4.1.6.1 -r1.9.4.1.6.2 \
src/crypto/dist/openssl/crypto/asn1/asn1.h
cvs rdiff -u -r1.1.1.8.4.1.6.1 -r1.1.1.8.4.1.6.2 \
src/crypto/dist/openssl/crypto/asn1/asn1_err.c
cvs rdiff -u -r1.8.4.1 -r1.8.4.1.6.1 \
src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.12.1 \
src/crypto/dist/openssl/crypto/asn1/x_algor.c
cvs rdiff -u -r1.11 -r1.11.12.1 src/crypto/dist/openssl/crypto/bio/bio.h
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.12.1 \
src/crypto/dist/openssl/crypto/bio/bss_dgram.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.12.1 \
src/crypto/dist/openssl/crypto/bn/bn_asm.c
cvs rdiff -u -r1.6 -r1.6.12.1 src/crypto/dist/openssl/crypto/bn/bntest.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.48.1 \
src/crypto/dist/openssl/crypto/bn/asm/mips3.s
cvs rdiff -u -r1.1.1.4.32.1 -r1.1.1.4.32.2 \
src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.12.1 \
src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c
cvs rdiff -u -r1.1.1.5 -r1.1.1.5.12.1 \
src/crypto/dist/openssl/crypto/ec/ec_mult.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.16.1 \
src/crypto/dist/openssl/crypto/ec/ec_pmeth.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.34.1 \
src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c
cvs rdiff -u -r1.1.1.5.12.1 -r1.1.1.5.12.2 \
src/crypto/dist/openssl/crypto/evp/Makefile
cvs rdiff -u -r1.1.1.8.26.1 -r1.1.1.8.26.2 \
src/crypto/dist/openssl/crypto/evp/evp_enc.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.16.1 \
src/crypto/dist/openssl/crypto/objects/obj_xref.h \
src/crypto/dist/openssl/crypto/objects/objxref.pl
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.16.1 \
src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c
cvs rdiff -u -r1.12 -r1.12.12.1 src/crypto/dist/openssl/crypto/x509/x509.h
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \
src/crypto/dist/openssl/crypto/x509/x509_vpm.c
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 \
src/crypto/dist/openssl/crypto/x509/x_all.c
cvs rdiff -u -r1.3.4.2.2.2 -r1.3.4.2.2.3 \
src/crypto/dist/openssl/ssl/d1_both.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 src/crypto/dist/openssl/ssl/d1_clnt.c \
src/crypto/dist/openssl/ssl/d1_lib.c \
src/crypto/dist/openssl/ssl/d1_srvr.c
cvs rdiff -u -r1.1.1.3.12.1 -r1.1.1.3.12.2 \
src/crypto/dist/openssl/ssl/d1_enc.c
cvs rdiff -u -r1.1.1.5.4.1.2.1 -r1.1.1.5.4.1.2.2 \
src/crypto/dist/openssl/ssl/d1_pkt.c
cvs rdiff -u -r1.3 -r1.3.12.1 src/crypto/dist/openssl/ssl/dtls1.h
cvs rdiff -u -r1.6.12.2 -r1.6.12.3 src/crypto/dist/openssl/ssl/s23_srvr.c
cvs rdiff -u -r1.1.1.10 -r1.1.1.10.12.1 src/crypto/dist/openssl/ssl/s2_enc.c
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 src/crypto/dist/openssl/ssl/s2_pkt.c \
src/crypto/dist/openssl/ssl/s3_both.c
cvs rdiff -u -r1.9.4.1 -r1.9.4.1.6.1 src/crypto/dist/openssl/ssl/s2_srvr.c
cvs rdiff -u -r1.12.4.2.2.4 -r1.12.4.2.2.5 \
src/crypto/dist/openssl/ssl/s3_clnt.c
cvs rdiff -u -r1.1.1.12.4.1.2.2 -r1.1.1.12.4.1.2.3 \
src/crypto/dist/openssl/ssl/s3_enc.c
cvs rdiff -u -r1.14.4.1.2.1 -r1.14.4.1.2.2 \
src/crypto/dist/openssl/ssl/s3_lib.c
cvs rdiff -u -r1.9.4.3.2.2 -r1.9.4.3.2.3 src/crypto/dist/openssl/ssl/s3_pkt.c
cvs rdiff -u -r1.15.4.3.2.3 -r1.15.4.3.2.4 \
src/crypto/dist/openssl/ssl/s3_srvr.c
cvs rdiff -u -r1.18.4.1.2.1 -r1.18.4.1.2.2 src/crypto/dist/openssl/ssl/ssl.h
cvs rdiff -u -r1.13 -r1.13.12.1 src/crypto/dist/openssl/ssl/ssl_cert.c
cvs rdiff -u -r1.5.12.1 -r1.5.12.2 src/crypto/dist/openssl/ssl/ssl_lib.c
cvs rdiff -u -r1.13.4.1 -r1.13.4.1.2.1 src/crypto/dist/openssl/ssl/ssl_locl.h
cvs rdiff -u -r1.1.1.13 -r1.1.1.13.12.1 \
src/crypto/dist/openssl/util/libeay.num
cvs rdiff -u -r1.1.1.12 -r1.1.1.12.12.1 src/crypto/dist/openssl/util/mk1mf.pl
cvs rdiff -u -r1.25.2.8.2.2 -r1.25.2.8.2.3 \
src/distrib/sets/lists/base/md.amd64
cvs rdiff -u -r1.23.2.8.2.2 -r1.23.2.8.2.3 \
src/distrib/sets/lists/base/md.sparc64
cvs rdiff -u -r1.450.2.7.2.2 -r1.450.2.7.2.3 \
src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.14.4.1 -r1.14.4.1.2.1 src/lib/libcrypto/shlib_version
cvs rdiff -u -r1.8 -r1.8.10.1 src/lib/libssl/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/apps/s_client.c
diff -u src/crypto/dist/openssl/apps/s_client.c:1.1.1.11.12.1 src/crypto/dist/openssl/apps/s_client.c:1.1.1.11.12.2
--- src/crypto/dist/openssl/apps/s_client.c:1.1.1.11.12.1 Sun Oct 19 20:10:10 2014
+++ src/crypto/dist/openssl/apps/s_client.c Mon Jan 26 11:47:23 2015
@@ -934,9 +934,21 @@ re_start:
if (socket_mtu > 0)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ BIO_free(sbio);
+ goto shut;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu);
- }
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ BIO_free(sbio);
+ goto shut;
+ }
+ }
else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
Index: src/crypto/dist/openssl/apps/s_server.c
diff -u src/crypto/dist/openssl/apps/s_server.c:1.1.1.8 src/crypto/dist/openssl/apps/s_server.c:1.1.1.8.12.1
--- src/crypto/dist/openssl/apps/s_server.c:1.1.1.8 Fri May 9 21:34:13 2008
+++ src/crypto/dist/openssl/apps/s_server.c Mon Jan 26 11:47:23 2015
@@ -1782,9 +1782,23 @@ static int sv_body(char *hostname, int s
if (socket_mtu > 0)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu);
- }
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
+ }
else
/* want to do MTU discovery */
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
Index: src/crypto/dist/openssl/apps/speed.c
diff -u src/crypto/dist/openssl/apps/speed.c:1.8.4.1 src/crypto/dist/openssl/apps/speed.c:1.8.4.1.6.1
--- src/crypto/dist/openssl/apps/speed.c:1.8.4.1 Tue Jan 20 21:28:09 2009
+++ src/crypto/dist/openssl/apps/speed.c Mon Jan 26 11:47:23 2015
@@ -2664,27 +2664,6 @@ static int do_multi(int multi)
else
rsa_results[k][1]=d;
}
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
else if(!strncmp(buf,"+F3:",4))
{
int k;
Index: src/crypto/dist/openssl/crypto/Makefile
diff -u src/crypto/dist/openssl/crypto/Makefile:1.1.1.4.12.1 src/crypto/dist/openssl/crypto/Makefile:1.1.1.4.12.2
--- src/crypto/dist/openssl/crypto/Makefile:1.1.1.4.12.1 Sun Oct 19 20:10:10 2014
+++ src/crypto/dist/openssl/crypto/Makefile Mon Jan 26 11:47:23 2015
@@ -53,12 +53,7 @@ top:
all: shared
buildinf.h: ../Makefile
- ( echo "#ifndef MK1MF_BUILD"; \
- echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
- echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
- echo ' #define PLATFORM "$(PLATFORM)"'; \
- echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
- echo '#endif' ) >buildinf.h
+ $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
Index: src/crypto/dist/openssl/crypto/constant_time_locl.h
diff -u src/crypto/dist/openssl/crypto/constant_time_locl.h:1.1.4.2 src/crypto/dist/openssl/crypto/constant_time_locl.h:1.1.4.3
--- src/crypto/dist/openssl/crypto/constant_time_locl.h:1.1.4.2 Sun Oct 19 20:10:10 2014
+++ src/crypto/dist/openssl/crypto/constant_time_locl.h Mon Jan 26 11:47:23 2015
@@ -129,17 +129,12 @@ static inline int constant_time_select_i
static inline unsigned int constant_time_msb(unsigned int a)
{
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+ return 0-(a >> (sizeof(a) * 8 - 1));
}
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
{
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
+ return constant_time_msb(a^((a^b)|((a-b)^b)));
}
static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
@@ -149,12 +144,7 @@ static inline unsigned char constant_tim
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
{
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
+ return ~constant_time_lt(a, b);
}
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
@@ -204,7 +194,7 @@ static inline unsigned char constant_tim
return (unsigned char)(constant_time_select(mask, a, b));
}
-inline int constant_time_select_int(unsigned int mask, int a, int b)
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
Index: src/crypto/dist/openssl/crypto/cversion.c
diff -u src/crypto/dist/openssl/crypto/cversion.c:1.5 src/crypto/dist/openssl/crypto/cversion.c:1.5.34.1
--- src/crypto/dist/openssl/crypto/cversion.c:1.5 Fri Nov 25 19:14:11 2005
+++ src/crypto/dist/openssl/crypto/cversion.c Mon Jan 26 11:47:23 2015
@@ -69,10 +69,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_BUILT_ON)
{
#ifdef DATE
- static char buf[sizeof(DATE)+11];
-
- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
- return(buf);
+ return(DATE);
#else
return("built on: date not available");
#endif
@@ -80,10 +77,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_CFLAGS)
{
#ifdef CFLAGS
- static char buf[sizeof(CFLAGS)+11];
-
- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
- return(buf);
+ return(CFLAGS);
#else
return("compiler: information not available");
#endif
@@ -91,10 +85,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_PLATFORM)
{
#ifdef PLATFORM
- static char buf[sizeof(PLATFORM)+11];
-
- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
- return(buf);
+ return(PLATFORM);
#else
return("platform: information not available");
#endif
Index: src/crypto/dist/openssl/crypto/asn1/a_bitstr.c
diff -u src/crypto/dist/openssl/crypto/asn1/a_bitstr.c:1.1.1.9 src/crypto/dist/openssl/crypto/asn1/a_bitstr.c:1.1.1.9.12.1
--- src/crypto/dist/openssl/crypto/asn1/a_bitstr.c:1.1.1.9 Fri May 9 21:34:16 2008
+++ src/crypto/dist/openssl/crypto/asn1/a_bitstr.c Mon Jan 26 11:47:23 2015
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN
p= *pp;
i= *(p++);
+ if (i > 7)
+ {
+ i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+ goto err;
+ }
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
* on output */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
if (len-- > 1) /* using one because of the bits left byte */
{
Index: src/crypto/dist/openssl/crypto/asn1/a_type.c
diff -u src/crypto/dist/openssl/crypto/asn1/a_type.c:1.1.1.7 src/crypto/dist/openssl/crypto/asn1/a_type.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/crypto/asn1/a_type.c:1.1.1.7 Fri May 9 21:34:16 2008
+++ src/crypto/dist/openssl/crypto/asn1/a_type.c Mon Jan 26 11:47:23 2015
@@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
/* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, ASN1_TYPE *b)
{
int result = -1;
Index: src/crypto/dist/openssl/crypto/asn1/a_verify.c
diff -u src/crypto/dist/openssl/crypto/asn1/a_verify.c:1.1.1.7 src/crypto/dist/openssl/crypto/asn1/a_verify.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/crypto/asn1/a_verify.c:1.1.1.7 Fri May 9 21:34:17 2008
+++ src/crypto/dist/openssl/crypto/asn1/a_verify.c Mon Jan 26 11:47:23 2015
@@ -91,6 +91,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_A
goto err;
}
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ goto err;
+ }
+
inl=i2d(data,NULL);
buf_in=OPENSSL_malloc((unsigned int)inl);
if (buf_in == NULL)
@@ -136,6 +142,18 @@ int ASN1_item_verify(const ASN1_ITEM *it
int mdnid, pknid;
+ if (!pkey)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ return -1;
+ }
+
EVP_MD_CTX_init(&ctx);
/* Convert signature OID into digest and public key OIDs */
Index: src/crypto/dist/openssl/crypto/asn1/asn1.h
diff -u src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1.6.1 src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1.6.2
--- src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1.6.1 Wed Aug 27 13:32:35 2014
+++ src/crypto/dist/openssl/crypto/asn1/asn1.h Mon Jan 26 11:47:23 2015
@@ -772,7 +772,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE,
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, ASN1_TYPE *b);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1309,6 +1309,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 205
@@ -1358,6 +1359,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
#define ASN1_R_TOO_LONG 155
#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE 218
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
Index: src/crypto/dist/openssl/crypto/asn1/asn1_err.c
diff -u src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8.4.1.6.1 src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8.4.1.6.2
--- src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8.4.1.6.1 Wed Aug 27 13:32:35 2014
+++ src/crypto/dist/openssl/crypto/asn1/asn1_err.c Mon Jan 26 11:47:23 2015
@@ -240,6 +240,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
@@ -289,6 +290,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
Index: src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
diff -u src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8.4.1 src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8.4.1.6.1
--- src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8.4.1 Mon Mar 30 16:29:38 2009
+++ src/crypto/dist/openssl/crypto/asn1/tasn_dec.c Mon Jan 26 11:47:23 2015
@@ -869,6 +869,14 @@ static int asn1_d2i_ex_primitive(ASN1_VA
}
else if (cst)
{
+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+ || utype == V_ASN1_ENUMERATED)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_PRIMITIVE);
+ return 0;
+ }
buf.length = 0;
buf.max = 0;
buf.data = NULL;
Index: src/crypto/dist/openssl/crypto/asn1/x_algor.c
diff -u src/crypto/dist/openssl/crypto/asn1/x_algor.c:1.1.1.5 src/crypto/dist/openssl/crypto/asn1/x_algor.c:1.1.1.5.12.1
--- src/crypto/dist/openssl/crypto/asn1/x_algor.c:1.1.1.5 Fri May 9 21:34:18 2008
+++ src/crypto/dist/openssl/crypto/asn1/x_algor.c Mon Jan 26 11:47:23 2015
@@ -128,3 +128,13 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj
}
}
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+ {
+ int rv;
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
+ if (rv)
+ return rv;
+ if (!a->parameter && !b->parameter)
+ return 0;
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
+ }
Index: src/crypto/dist/openssl/crypto/bio/bio.h
diff -u src/crypto/dist/openssl/crypto/bio/bio.h:1.11 src/crypto/dist/openssl/crypto/bio/bio.h:1.11.12.1
--- src/crypto/dist/openssl/crypto/bio/bio.h:1.11 Fri May 9 21:49:39 2008
+++ src/crypto/dist/openssl/crypto/bio/bio.h Mon Jan 26 11:47:23 2015
@@ -146,6 +146,7 @@ extern "C" {
/* #endif */
#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
* MTU. want to use this
@@ -158,6 +159,12 @@ extern "C" {
* operation */
#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
+#define BIO_CTRL_DGRAM_GET_PEER 46
+
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
+ * adjust socket timeouts */
+
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
/* modifiers */
@@ -538,6 +545,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
Index: src/crypto/dist/openssl/crypto/bio/bss_dgram.c
diff -u src/crypto/dist/openssl/crypto/bio/bss_dgram.c:1.1.1.2 src/crypto/dist/openssl/crypto/bio/bss_dgram.c:1.1.1.2.12.1
--- src/crypto/dist/openssl/crypto/bio/bss_dgram.c:1.1.1.2 Fri May 9 21:34:19 2008
+++ src/crypto/dist/openssl/crypto/bio/bss_dgram.c Mon Jan 26 11:47:23 2015
@@ -100,7 +100,13 @@ static BIO_METHOD methods_dgramp=
typedef struct bio_dgram_data_st
{
- struct sockaddr peer;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_in6 sa_in6;
+#endif
+ } peer;
unsigned int connected;
unsigned int _errno;
unsigned int mtu;
@@ -171,22 +177,38 @@ static int dgram_read(BIO *b, char *out,
int ret=0;
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
- struct sockaddr peer;
- int peerlen = sizeof(peer);
+ struct {
+ union { size_t s; int i; } len;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_in6 sa_in6;
+#endif
+ } peer;
+ } sa;
+
+ sa.len.s=0;
+ sa.len.i=sizeof(sa.peer);
if (out != NULL)
{
clear_socket_error();
- memset(&peer, 0x00, peerlen);
+ memset(&sa.peer, 0x00, sizeof(sa.peer));
/* Last arg in recvfrom is signed on some platforms and
* unsigned on others. It is of type socklen_t on some
* but this is not universal. Cast to (void *) to avoid
* compiler warnings.
*/
- ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+ {
+ OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
+ sa.len.i = (int)sa.len.s;
+ }
if ( ! data->connected && ret > 0)
- BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
+ BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &sa.peer);
BIO_clear_retry_flags(b);
if (ret <= 0)
@@ -211,9 +233,9 @@ static int dgram_write(BIO *b, const cha
ret=writesocket(b->num,in,inl);
else
#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
#else
- ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
#endif
BIO_clear_retry_flags(b);
@@ -234,6 +256,36 @@ static int dgram_write(BIO *b, const cha
return(ret);
}
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+ {
+ long ret;
+
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ break;
+#if OPENSSL_USE_IPV6
+ case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ else
+#endif
+ /* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+ ret = 48;
+ break;
+#endif
+ default:
+ /* We don't know. Go with the historical default */
+ ret = 28;
+ break;
+ }
+ return ret;
+ }
+
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
@@ -309,7 +361,7 @@ static long dgram_ctrl(BIO *b, int cmd,
break;
#endif
case BIO_CTRL_DGRAM_QUERY_MTU:
- sockopt_len = sizeof(sockopt_val);
+ sockopt_len = sizeof(sockopt_val);
if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
&sockopt_len)) < 0 || sockopt_val < 0)
{ ret = 0; }
@@ -319,6 +371,29 @@ static long dgram_ctrl(BIO *b, int cmd,
ret = data->mtu;
}
break;
+ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = -dgram_get_mtu_overhead(data);
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ ret += 576;
+ break;
+#if OPENSSL_USE_IPV6
+ case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6
+_addr))
+ ret += 576;
+ else
+#endif
+ ret += 1280;
+ break;
+#endif
+ default:
+ ret += 576;
+ break;
+ }
+ break;
case BIO_CTRL_DGRAM_GET_MTU:
return data->mtu;
break;
@@ -391,6 +466,9 @@ static long dgram_ctrl(BIO *b, int cmd,
ret = 0;
break;
#endif
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ ret = dgram_get_mtu_overhead(data);
+ break;
default:
ret=0;
break;
Index: src/crypto/dist/openssl/crypto/bn/bn_asm.c
diff -u src/crypto/dist/openssl/crypto/bn/bn_asm.c:1.1.1.6 src/crypto/dist/openssl/crypto/bn/bn_asm.c:1.1.1.6.12.1
--- src/crypto/dist/openssl/crypto/bn/bn_asm.c:1.1.1.6 Fri May 9 21:34:19 2008
+++ src/crypto/dist/openssl/crypto/bn/bn_asm.c Mon Jan 26 11:47:23 2015
@@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#ifdef BN_LLONG
#define mul_add_c(a,b,c0,c1,c2) \
t=(BN_ULLONG)a*b; \
@@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const
#define mul_add_c2(a,b,c0,c1,c2) { \
BN_ULONG ta=(a),tb=(b),t0; \
BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
@@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
Index: src/crypto/dist/openssl/crypto/bn/bntest.c
diff -u src/crypto/dist/openssl/crypto/bn/bntest.c:1.6 src/crypto/dist/openssl/crypto/bn/bntest.c:1.6.12.1
--- src/crypto/dist/openssl/crypto/bn/bntest.c:1.6 Fri May 9 21:49:39 2008
+++ src/crypto/dist/openssl/crypto/bn/bntest.c Mon Jan 26 11:47:23 2015
@@ -676,44 +676,98 @@ int test_mul(BIO *bp)
int test_sqr(BIO *bp, BN_CTX *ctx)
{
- BIGNUM a,c,d,e;
- int i;
+ BIGNUM *a,*c,*d,*e;
+ int i, ret = 0;;
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
+ {
+ goto err;
+ }
for (i=0; i<num0; i++)
{
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
+ BN_bntest_rand(a,40+i*10,0,0);
+ a->neg=rand_neg();
+ BN_sqr(c,a,ctx);
if (bp != NULL)
{
if (!results)
{
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," * ");
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," - ");
}
- BN_print(bp,&c);
+ BN_print(bp,c);
BIO_puts(bp,"\n");
}
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
+ BN_div(d,e,c,a,ctx);
+ BN_sub(d,d,a);
+ if(!BN_is_zero(d) || !BN_is_zero(e))
{
fprintf(stderr,"Square test failed!\n");
return 0;
}
}
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+err:
+ if (a != NULL) BN_free(a);
+ if (c != NULL) BN_free(c);
+ if (d != NULL) BN_free(d);
+ if (e != NULL) BN_free(e);
+ return ret;
}
int test_mont(BIO *bp, BN_CTX *ctx)
Index: src/crypto/dist/openssl/crypto/bn/asm/mips3.s
diff -u src/crypto/dist/openssl/crypto/bn/asm/mips3.s:1.1.1.4 src/crypto/dist/openssl/crypto/bn/asm/mips3.s:1.1.1.4.48.1
--- src/crypto/dist/openssl/crypto/bn/asm/mips3.s:1.1.1.4 Wed Jul 11 03:55:04 2001
+++ src/crypto/dist/openssl/crypto/bn/asm/mips3.s Mon Jan 26 11:47:23 2015
@@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,56(a0)
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,72(a0)
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,88(a0)
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,104(a0)
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4)
.set reorder
ld a_0,0(a1)
ld a_1,8(a1)
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
ld a_2,16(a1)
ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
mflo c_1
mfhi c_2
sd c_1,0(a0)
@@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -2118,48 +2118,48 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -2174,17 +2174,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
Index: src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c
diff -u src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c:1.1.1.4.32.1 src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c:1.1.1.4.32.2
--- src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c:1.1.1.4.32.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c Mon Jan 26 11:47:23 2015
@@ -264,6 +264,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#if 0
/* original macros are kept for reference purposes */
#define mul_add_c(a,b,c0,c1,c2) { \
@@ -278,10 +282,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#else
#define mul_add_c(a,b,c0,c1,c2) do { \
@@ -319,21 +323,13 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL
: "=a"(t1),"=d"(t2) \
: "a"(a),"m"(b) \
: "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
: "cc"); \
} while (0)
#endif
Index: src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c
diff -u src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c:1.1.1.6 src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c:1.1.1.6.12.1
--- src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c:1.1.1.6 Fri May 9 21:34:25 2008
+++ src/crypto/dist/openssl/crypto/dsa/dsa_vrf.c Mon Jan 26 11:47:23 2015
@@ -77,13 +77,25 @@ int DSA_verify(int type, const unsigned
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
DSA_SIG_free(s);
return(ret);
}
Index: src/crypto/dist/openssl/crypto/ec/ec_mult.c
diff -u src/crypto/dist/openssl/crypto/ec/ec_mult.c:1.1.1.5 src/crypto/dist/openssl/crypto/ec/ec_mult.c:1.1.1.5.12.1
--- src/crypto/dist/openssl/crypto/ec/ec_mult.c:1.1.1.5 Fri May 9 21:34:26 2008
+++ src/crypto/dist/openssl/crypto/ec/ec_mult.c Mon Jan 26 11:47:23 2015
@@ -444,14 +444,15 @@ int ec_wNAF_mul(const EC_GROUP *group, E
wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+ /* Ensure wNAF is initialised in case we end up going to err */
+ if (wNAF) wNAF[0] = NULL; /* preliminary pivot */
+
if (!wsize || !wNAF_len || !wNAF || !val_sub)
{
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
- wNAF[0] = NULL; /* preliminary pivot */
-
/* num_val will be the total number of temporarily precomputed points */
num_val = 0;
Index: src/crypto/dist/openssl/crypto/ec/ec_pmeth.c
diff -u src/crypto/dist/openssl/crypto/ec/ec_pmeth.c:1.1.1.1 src/crypto/dist/openssl/crypto/ec/ec_pmeth.c:1.1.1.1.16.1
--- src/crypto/dist/openssl/crypto/ec/ec_pmeth.c:1.1.1.1 Fri May 9 21:34:26 2008
+++ src/crypto/dist/openssl/crypto/ec/ec_pmeth.c Mon Jan 26 11:47:23 2015
@@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *
return ret;
}
+#ifndef OPENSSL_NO_ECDH
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int ret;
@@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *
*keylen = ret;
return 1;
}
+#endif
static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
@@ -332,7 +334,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
0,0,
0,
+#ifndef OPENSSL_NO_ECDH
pkey_ec_derive,
+#else
+ 0,
+#endif
pkey_ec_ctrl,
pkey_ec_ctrl_str
Index: src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c
diff -u src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c:1.1.1.1 src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c:1.1.1.1.34.1
--- src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c:1.1.1.1 Fri Nov 25 03:05:50 2005
+++ src/crypto/dist/openssl/crypto/ecdsa/ecs_vrf.c Mon Jan 26 11:47:23 2015
@@ -57,6 +57,7 @@
*/
#include "ecs_locl.h"
+#include <string.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigne
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
ECDSA_SIG_free(s);
return(ret);
}
Index: src/crypto/dist/openssl/crypto/evp/Makefile
diff -u src/crypto/dist/openssl/crypto/evp/Makefile:1.1.1.5.12.1 src/crypto/dist/openssl/crypto/evp/Makefile:1.1.1.5.12.2
--- src/crypto/dist/openssl/crypto/evp/Makefile:1.1.1.5.12.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/crypto/evp/Makefile Mon Jan 26 11:47:24 2015
@@ -327,7 +327,7 @@ evp_enc.o: ../../include/openssl/obj_mac
evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_enc.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+evp_enc.o: ../../include/openssl/symhacks.h
evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
Index: src/crypto/dist/openssl/crypto/evp/evp_enc.c
diff -u src/crypto/dist/openssl/crypto/evp/evp_enc.c:1.1.1.8.26.1 src/crypto/dist/openssl/crypto/evp/evp_enc.c:1.1.1.8.26.2
--- src/crypto/dist/openssl/crypto/evp/evp_enc.c:1.1.1.8.26.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/crypto/evp/evp_enc.c Mon Jan 26 11:47:24 2015
@@ -64,7 +64,6 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
-#include "constant_time_locl.h"
#include "evp_locl.h"
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
@@ -433,11 +432,11 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- unsigned int i, b;
- unsigned char pad, padding_good;
+ int i,n;
+ unsigned int b;
*outl=0;
- b=(unsigned int)(ctx->cipher->block_size);
+ b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
if(ctx->buf_len)
@@ -456,34 +455,28 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
- pad=ctx->final[b-1];
-
- padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
- padding_good &= constant_time_ge_8(b, pad);
-
- for (i = 1; i < b; ++i)
+ n=ctx->final[b-1];
+ if (n == 0 || n > (int)b)
{
- unsigned char is_pad_index = constant_time_lt_8(i, pad);
- unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
- padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
- }
-
- /*
- * At least 1 byte is always padding, so we always write b - 1
- * bytes to avoid a timing leak. The caller is required to have |b|
- * bytes space in |out| by the API contract.
- */
- for (i = 0; i < b - 1; ++i)
- out[i] = ctx->final[i] & padding_good;
- /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- *outl = padding_good & ((unsigned char)(b - pad));
- return padding_good & 1;
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ for (i=0; i<n; i++)
+ {
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ }
+ n=ctx->cipher->block_size-n;
+ for (i=0; i<n; i++)
+ out[i]=ctx->final[i];
+ *outl=n;
}
else
- {
- *outl = 0;
- return 1;
- }
+ *outl=0;
+ return 1;
}
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
Index: src/crypto/dist/openssl/crypto/objects/obj_xref.h
diff -u src/crypto/dist/openssl/crypto/objects/obj_xref.h:1.1.1.1 src/crypto/dist/openssl/crypto/objects/obj_xref.h:1.1.1.1.16.1
--- src/crypto/dist/openssl/crypto/objects/obj_xref.h:1.1.1.1 Fri May 9 21:34:31 2008
+++ src/crypto/dist/openssl/crypto/objects/obj_xref.h Mon Jan 26 11:47:24 2015
@@ -36,8 +36,6 @@ static const nid_triple sigoid_srt[] =
static const nid_triple * const sigoid_srt_xref[] =
{
- &sigoid_srt[17],
- &sigoid_srt[18],
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
Index: src/crypto/dist/openssl/crypto/objects/objxref.pl
diff -u src/crypto/dist/openssl/crypto/objects/objxref.pl:1.1.1.1 src/crypto/dist/openssl/crypto/objects/objxref.pl:1.1.1.1.16.1
--- src/crypto/dist/openssl/crypto/objects/objxref.pl:1.1.1.1 Fri May 9 21:34:31 2008
+++ src/crypto/dist/openssl/crypto/objects/objxref.pl Mon Jan 26 11:47:24 2015
@@ -74,7 +74,10 @@ EOF
foreach (@srt2)
{
- my $x = $xref_tbl{$_}[2];
+ my ($p1, $p2, $x) = @{$xref_tbl{$_}};
+ # If digest or signature algorithm is "undef" then the algorithm
+ # needs special handling and is excluded from the cross reference table.
+ next if $p1 eq "undef" || $p2 eq "undef";
print "\t\&sigoid_srt\[$x\],\n";
}
Index: src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c
diff -u src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c:1.1.1.1 src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c:1.1.1.1.16.1
--- src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c:1.1.1.1 Fri May 9 21:34:36 2008
+++ src/crypto/dist/openssl/crypto/ts/ts_rsp_sign.c Mon Jan 26 11:47:24 2015
@@ -977,7 +977,7 @@ TS_RESP_set_genTime_with_precision(ASN1_
if (precision > 0)
{
/* Add fraction of seconds (leave space for dot and null). */
- BIO_snprintf(p, 2 + precision, ".%ld", usec);
+ BIO_snprintf(p, 2 + precision, ".%06ld", usec);
/* We cannot use the snprintf return value,
because it might have been truncated. */
p += strlen(p);
Index: src/crypto/dist/openssl/crypto/x509/x509.h
diff -u src/crypto/dist/openssl/crypto/x509/x509.h:1.12 src/crypto/dist/openssl/crypto/x509/x509.h:1.12.12.1
--- src/crypto/dist/openssl/crypto/x509/x509.h:1.12 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/crypto/x509/x509.h Mon Jan 26 11:47:24 2015
@@ -749,6 +749,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *x
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
Index: src/crypto/dist/openssl/crypto/x509/x509_vpm.c
diff -u src/crypto/dist/openssl/crypto/x509/x509_vpm.c:1.1.1.3 src/crypto/dist/openssl/crypto/x509/x509_vpm.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/crypto/x509/x509_vpm.c:1.1.1.3 Fri May 9 21:34:38 2008
+++ src/crypto/dist/openssl/crypto/x509/x509_vpm.c Mon Jan 26 11:47:24 2015
@@ -88,6 +88,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new
{
X509_VERIFY_PARAM *param;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
memset(param, 0, sizeof(X509_VERIFY_PARAM));
x509_verify_param_zero(param);
return param;
Index: src/crypto/dist/openssl/crypto/x509/x_all.c
diff -u src/crypto/dist/openssl/crypto/x509/x_all.c:1.1.1.7 src/crypto/dist/openssl/crypto/x509/x_all.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/crypto/x509/x_all.c:1.1.1.7 Fri May 9 21:34:38 2008
+++ src/crypto/dist/openssl/crypto/x509/x_all.c Mon Jan 26 11:47:24 2015
@@ -72,6 +72,8 @@
int X509_verify(X509 *a, EVP_PKEY *r)
{
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+ return 0;
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
a->signature,a->cert_info,r));
}
Index: src/crypto/dist/openssl/ssl/d1_both.c
diff -u src/crypto/dist/openssl/ssl/d1_both.c:1.3.4.2.2.2 src/crypto/dist/openssl/ssl/d1_both.c:1.3.4.2.2.3
--- src/crypto/dist/openssl/ssl/d1_both.c:1.3.4.2.2.2 Wed Aug 27 13:32:35 2014
+++ src/crypto/dist/openssl/ssl/d1_both.c Mon Jan 26 11:47:24 2015
@@ -125,10 +125,9 @@
/* XDTLS: figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+static const unsigned int g_probable_mtu[] = {1500, 512, 256};
-static unsigned int dtls1_min_mtu(void);
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
+static unsigned int dtls1_min_mtu(SSL *);
static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
unsigned long frag_len);
static unsigned char *dtls1_write_message_header(SSL *s,
@@ -166,71 +165,71 @@ dtls1_hm_fragment_new(unsigned long frag
return frag;
}
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
+void dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->fragment) OPENSSL_free(frag->fragment);
OPENSSL_free(frag);
}
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
- {
- int ret;
- int curr_mtu;
- unsigned int len, frag_off;
+static int dtls1_query_mtu(SSL *s)
+{
+ if(s->d1->link_mtu)
+ {
+ s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+ s->d1->link_mtu = 0;
+ }
/* AHA! Figure out the MTU, and stick to the right size */
- if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ if (s->d1->mtu < dtls1_min_mtu(s))
{
- s->d1->mtu =
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
- /* I've seen the kernel return bogus numbers when it doesn't know
- * (initial write), so just make sure we have a reasonable number */
- if ( s->d1->mtu < dtls1_min_mtu())
- {
- s->d1->mtu = 0;
- s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ {
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+ /* I've seen the kernel return bogus numbers when it doesn't know
+ * (initial write), so just make sure we have a reasonable number */
+ if (s->d1->mtu < dtls1_min_mtu(s))
+ {
+ /* Set to min mtu */
+ s->d1->mtu = dtls1_min_mtu(s);
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+ s->d1->mtu, NULL);
+ }
}
+ else
+ return 0;
}
-#if 0
- mtu = s->d1->mtu;
-
- fprintf(stderr, "using MTU = %d\n", mtu);
-
- mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
-
- curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
-
- if ( curr_mtu > 0)
- mtu = curr_mtu;
- else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
- return ret;
+ return 1;
+}
- if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
- {
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
- }
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int dtls1_do_write(SSL *s, int type)
+ {
+ int ret;
+ unsigned int curr_mtu;
+ int retry = 1;
+ unsigned int len, frag_off, mac_size, blocksize, used_len;
- OPENSSL_assert(mtu > 0); /* should have something reasonable now */
+ if(!dtls1_query_mtu(s))
+ return -1;
-#endif
+ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something reasonable now */
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
frag_off = 0;
- while( s->init_num)
+ /* s->init_num shouldn't ever be < 0...but just in case */
+ while(s->init_num > 0)
{
- curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH;
+ used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+ + mac_size + blocksize;
+ if(s->d1->mtu > used_len)
+ curr_mtu = s->d1->mtu - used_len;
+ else
+ curr_mtu = 0;
if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
{
@@ -238,14 +237,27 @@ int dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
- curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
+ used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+ if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH)
+ {
+ curr_mtu = s->d1->mtu - used_len;
+ }
+ else
+ {
+ /* Shouldn't happen */
+ return -1;
+ }
}
- if ( s->init_num > curr_mtu)
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
/* XDTLS: this function is too long. split out the CCS part */
if ( type == SSL3_RT_HANDSHAKE)
@@ -256,17 +268,29 @@ int dtls1_do_write(SSL *s, int type)
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
- /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
- if ( len <= DTLS1_HM_HEADER_LENGTH)
- len += DTLS1_HM_HEADER_LENGTH;
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
+ len = curr_mtu;
+ else
+ len = s->init_num;
}
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
+
+ if ( len < DTLS1_HM_HEADER_LENGTH )
+ {
+ /*
+ * len is so small that we really can't do anything sensible
+ * so fail
+ */
+ return -1;
+ }
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
- OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
@@ -279,12 +303,23 @@ int dtls1_do_write(SSL *s, int type)
* is fine and wait for an alert to handle the
* retransmit
*/
- if ( BIO_ctrl(SSL_get_wbio(s),
+ if ( retry && BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+ {
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ {
+ if(!dtls1_query_mtu(s))
+ return -1;
+ /* Have one more go */
+ retry = 0;
+ }
+ else
+ return -1;
+ }
else
+ {
return(-1);
+ }
}
else
{
@@ -1184,26 +1219,17 @@ dtls1_write_message_header(SSL *s, unsig
return p;
}
-static unsigned int
-dtls1_min_mtu(void)
- {
- return (g_probable_mtu[(sizeof(g_probable_mtu) /
+unsigned int
+dtls1_link_min_mtu(void)
+ {
+ return (g_probable_mtu[(sizeof(g_probable_mtu) /
sizeof(g_probable_mtu[0])) - 1]);
}
static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
+dtls1_min_mtu(SSL *s)
{
- unsigned int i;
-
- if ( curr_mtu == 0 )
- return g_probable_mtu[0] ;
-
- for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
- if ( curr_mtu > g_probable_mtu[i])
- return g_probable_mtu[i];
-
- return curr_mtu;
+ return dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
}
void
Index: src/crypto/dist/openssl/ssl/d1_clnt.c
diff -u src/crypto/dist/openssl/ssl/d1_clnt.c:1.1.1.3 src/crypto/dist/openssl/ssl/d1_clnt.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/ssl/d1_clnt.c:1.1.1.3 Fri May 9 21:34:43 2008
+++ src/crypto/dist/openssl/ssl/d1_clnt.c Mon Jan 26 11:47:24 2015
@@ -1142,6 +1142,12 @@ int dtls1_send_client_certificate(SSL *s
s->state=SSL3_ST_CW_CERT_D;
l=dtls1_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
Index: src/crypto/dist/openssl/ssl/d1_lib.c
diff -u src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3 src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3 Fri May 9 21:34:43 2008
+++ src/crypto/dist/openssl/ssl/d1_lib.c Mon Jan 26 11:47:24 2015
@@ -104,6 +104,9 @@ int dtls1_new(SSL *s)
d1->cookie_len = sizeof(s->d1->cookie);
}
+ d1->link_mtu = 0;
+ d1->mtu = 0;
+
if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
|| ! d1->buffered_messages || ! d1->sent_messages)
{
@@ -144,8 +147,7 @@ void dtls1_free(SSL *s)
while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
pqueue_free(s->d1->buffered_messages);
@@ -153,8 +155,7 @@ void dtls1_free(SSL *s)
while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
pqueue_free(s->d1->sent_messages);
Index: src/crypto/dist/openssl/ssl/d1_srvr.c
diff -u src/crypto/dist/openssl/ssl/d1_srvr.c:1.1.1.3 src/crypto/dist/openssl/ssl/d1_srvr.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/ssl/d1_srvr.c:1.1.1.3 Fri May 9 21:34:43 2008
+++ src/crypto/dist/openssl/ssl/d1_srvr.c Mon Jan 26 11:47:24 2015
@@ -205,6 +205,7 @@ int dtls1_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -322,24 +323,15 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
+ if (0
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -1128,6 +1120,11 @@ int dtls1_send_server_certificate(SSL *s
}
l=dtls1_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
Index: src/crypto/dist/openssl/ssl/d1_enc.c
diff -u src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3.12.1 src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3.12.2
--- src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3.12.1 Tue May 22 18:53:42 2012
+++ src/crypto/dist/openssl/ssl/d1_enc.c Mon Jan 26 11:47:24 2015
@@ -228,7 +228,8 @@ int dtls1_enc(SSL *s, int send)
}
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
#ifdef KSSL_DEBUG
{
Index: src/crypto/dist/openssl/ssl/d1_pkt.c
diff -u src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.4.1.2.1 src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.4.1.2.2
--- src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.4.1.2.1 Wed Jan 25 18:54:43 2012
+++ src/crypto/dist/openssl/ssl/d1_pkt.c Mon Jan 26 11:47:24 2015
@@ -229,14 +229,6 @@ dtls1_buffer_record(SSL *s, record_pqueu
item->data = rdata;
- /* insert should not fail, since duplicates are dropped */
- if (pqueue_insert(queue->q, item) == NULL)
- {
- OPENSSL_free(rdata);
- pitem_free(item);
- return(0);
- }
-
s->packet = NULL;
s->packet_length = 0;
memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -245,11 +237,24 @@ dtls1_buffer_record(SSL *s, record_pqueu
if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
+ /* insert should not fail, since duplicates are dropped */
+ if (pqueue_insert(queue->q, item) == NULL)
+ {
+ SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
+ OPENSSL_free(rdata);
+ pitem_free(item);
+ return(-1);
+ }
+
return(1);
}
@@ -306,8 +311,9 @@ dtls1_process_buffered_records(SSL *s)
dtls1_get_unprocessed_record(s);
if ( ! dtls1_process_record(s))
return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->processed_rcds),
+ s->s3->rrec.seq_num)<0)
+ return -1;
}
}
@@ -501,7 +507,6 @@ printf("\n");
/* we have pulled in a full packet so zero things */
s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
f_err:
@@ -536,8 +541,8 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- if ( ! dtls1_process_buffered_records(s))
- return 0;
+ if(dtls1_process_buffered_records(s)<0)
+ return -1;
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -610,8 +615,6 @@ again:
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
i=rr->length;
n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
/* this packet contained a partial record, dump it */
if ( n != i)
{
@@ -632,10 +635,19 @@ again:
goto again; /* get another record */
}
- /* check whether this is a repeat, or aged record */
- if ( ! dtls1_record_replay_check(s, bitmap))
+ /* Check whether this is a repeat, or aged record.
+ * Don't check if we're listening and this message is
+ * a ClientHello. They can look as if they're replayed,
+ * since they arrive from different connections and
+ * would be dropped unnecessarily.
+ */
+ if (!(s->server && rr->type == SSL3_RT_HANDSHAKE &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
+ !dtls1_record_replay_check(s, bitmap))
{
- s->packet_length=0; /* dump this record */
+ rr->length = 0;
+ s->packet_length=0; /* dump this record */
goto again; /* get another record */
}
@@ -650,13 +662,22 @@ again:
if (is_next_epoch)
{
dtls1_record_bitmap_update(s, bitmap);
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
+ {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
s->packet_length = 0;
goto again;
}
- if ( ! dtls1_process_record(s))
- return(0);
+ if (!dtls1_process_record(s))
+ {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
dtls1_clear_timeouts(s); /* done waiting */
return(1);
@@ -1436,7 +1457,7 @@ int do_dtls1_write(SSL *s, int type, con
wr->length += bs;
}
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA ||
Index: src/crypto/dist/openssl/ssl/dtls1.h
diff -u src/crypto/dist/openssl/ssl/dtls1.h:1.3 src/crypto/dist/openssl/ssl/dtls1.h:1.3.12.1
--- src/crypto/dist/openssl/ssl/dtls1.h:1.3 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/ssl/dtls1.h Mon Jan 26 11:47:24 2015
@@ -68,6 +68,9 @@ extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
+#define DTLS_MAX_VERSION DTLS1_VERSION
+
+#define DTLS1_BAD_VER 0x0100
#if 0
#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
@@ -87,6 +90,8 @@ extern "C" {
#define DTLS1_AL_HEADER_LENGTH 7
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+#define DTLS1_MAX_MTU_OVERHEAD 48
typedef struct dtls1_bitmap_st
{
@@ -174,6 +179,7 @@ typedef struct dtls1_state_st
/* Buffered (sent) handshake records */
pqueue sent_messages;
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max wire packet size */
struct hm_header_st w_msg_hdr;
Index: src/crypto/dist/openssl/ssl/s23_srvr.c
diff -u src/crypto/dist/openssl/ssl/s23_srvr.c:1.6.12.2 src/crypto/dist/openssl/ssl/s23_srvr.c:1.6.12.3
--- src/crypto/dist/openssl/ssl/s23_srvr.c:1.6.12.2 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s23_srvr.c Mon Jan 26 11:47:24 2015
@@ -185,6 +185,7 @@ int ssl23_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -556,12 +557,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ const SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
Index: src/crypto/dist/openssl/ssl/s2_enc.c
diff -u src/crypto/dist/openssl/ssl/s2_enc.c:1.1.1.10 src/crypto/dist/openssl/ssl/s2_enc.c:1.1.1.10.12.1
--- src/crypto/dist/openssl/ssl/s2_enc.c:1.1.1.10 Fri May 9 21:34:43 2008
+++ src/crypto/dist/openssl/ssl/s2_enc.c Mon Jan 26 11:47:24 2015
@@ -117,8 +117,9 @@ err:
/* read/writes from s->s2->mac_data using length for encrypt and
* decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
+ * if we are encrypting
+ * Returns 0 on error and 1 on success */
+int ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
unsigned long l;
@@ -136,7 +137,7 @@ void ssl2_enc(SSL *s, int send)
}
/* check for NULL cipher */
- if (ds == NULL) return;
+ if (ds == NULL) return 1;
bs=ds->cipher->block_size;
@@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
if (bs == 8)
l=(l+7)/8*8;
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+ if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
+ return 0;
+
+ return 1;
}
void ssl2_mac(SSL *s, unsigned char *md, int send)
Index: src/crypto/dist/openssl/ssl/s2_pkt.c
diff -u src/crypto/dist/openssl/ssl/s2_pkt.c:1.1.1.7 src/crypto/dist/openssl/ssl/s2_pkt.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/ssl/s2_pkt.c:1.1.1.7 Fri May 9 21:34:44 2008
+++ src/crypto/dist/openssl/ssl/s2_pkt.c Mon Jan 26 11:47:24 2015
@@ -263,7 +263,11 @@ static int ssl2_read_internal(SSL *s, vo
if ((!s->s2->clear_text) &&
(s->s2->rlength >= mac_size))
{
- ssl2_enc(s,0);
+ if(!ssl2_enc(s,0))
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
+ return(-1);
+ }
s->s2->ract_data_length-=mac_size;
ssl2_mac(s,mac,0);
s->s2->ract_data_length-=s->s2->padding;
@@ -610,7 +614,8 @@ static int do_ssl_write(SSL *s, const un
s->s2->wact_data_length=len+p;
ssl2_mac(s,s->s2->mac_data,1);
s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
+ if(ssl2_enc(s,1) < 1)
+ return -1;
}
/* package up the header */
Index: src/crypto/dist/openssl/ssl/s3_both.c
diff -u src/crypto/dist/openssl/ssl/s3_both.c:1.1.1.7 src/crypto/dist/openssl/ssl/s3_both.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/ssl/s3_both.c:1.1.1.7 Fri May 9 21:34:44 2008
+++ src/crypto/dist/openssl/ssl/s3_both.c Mon Jan 26 11:47:24 2015
@@ -374,6 +374,7 @@ long ssl3_get_message(SSL *s, int st1, i
goto f_err;
}
*ok=1;
+ s->state = stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
Index: src/crypto/dist/openssl/ssl/s2_srvr.c
diff -u src/crypto/dist/openssl/ssl/s2_srvr.c:1.9.4.1 src/crypto/dist/openssl/ssl/s2_srvr.c:1.9.4.1.6.1
--- src/crypto/dist/openssl/ssl/s2_srvr.c:1.9.4.1 Tue Jan 20 21:28:09 2009
+++ src/crypto/dist/openssl/ssl/s2_srvr.c Mon Jan 26 11:47:24 2015
@@ -188,13 +188,21 @@ int ssl2_accept(SSL *s)
s->version=SSL2_VERSION;
s->type=SSL_ST_ACCEPT;
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
+ if(s->init_buf == NULL)
+ {
+ if ((buf=BUF_MEM_new()) == NULL)
+ {
+ ret= -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+ {
+ BUF_MEM_free(buf);
+ ret= -1;
+ goto end;
+ }
+ s->init_buf=buf;
+ }
s->init_num=0;
s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
Index: src/crypto/dist/openssl/ssl/s3_clnt.c
diff -u src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.4 src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.5
--- src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.4 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s3_clnt.c Mon Jan 26 11:47:24 2015
@@ -1126,6 +1126,8 @@ int ssl3_get_key_exchange(SSL *s)
int encoded_pt_len = 0;
#endif
+ EVP_MD_CTX_init(&md_ctx);
+
/* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */
n=s->method->ssl_get_message(s,
@@ -1136,14 +1138,26 @@ int ssl3_get_key_exchange(SSL *s)
&ok);
if (!ok) return((int)n);
+ alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg_k & (SSL_kEDH|SSL_kEECDH))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
#ifndef OPENSSL_NO_PSK
/* In plain PSK ciphersuite, ServerKeyExchange can be
omitted if no identity hint is sent. Set
session->sess_cert anyway to avoid problems
later.*/
- if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+ if (alg_k & SSL_kPSK)
{
s->session->sess_cert=ssl_sess_cert_new();
if (s->ctx->psk_identity_hint)
@@ -1188,9 +1202,7 @@ int ssl3_get_key_exchange(SSL *s)
/* Total length of the parameters including the length prefix */
param_len=0;
- alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
- EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR;
@@ -1251,6 +1263,13 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA)
{
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
if ((rsa=RSA_new()) == NULL)
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
@@ -2864,6 +2883,12 @@ int ssl3_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=ssl3_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
}
Index: src/crypto/dist/openssl/ssl/s3_enc.c
diff -u src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.4.1.2.2 src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.4.1.2.3
--- src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.4.1.2.2 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s3_enc.c Mon Jan 26 11:47:24 2015
@@ -522,7 +522,8 @@ int ssl3_enc(SSL *s, int send)
/* otherwise, rec->length >= bs */
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
if ((bs != 1) && !send)
{
Index: src/crypto/dist/openssl/ssl/s3_lib.c
diff -u src/crypto/dist/openssl/ssl/s3_lib.c:1.14.4.1.2.1 src/crypto/dist/openssl/ssl/s3_lib.c:1.14.4.1.2.2
--- src/crypto/dist/openssl/ssl/s3_lib.c:1.14.4.1.2.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s3_lib.c Mon Jan 26 11:47:24 2015
@@ -3047,6 +3047,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
}
ok = ok && ec_ok;
}
+#ifndef OPENSSL_NO_ECDH
if (
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
(alg_k & SSL_kEECDH)
@@ -3094,6 +3095,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
}
ok = ok && ec_ok;
}
+#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
Index: src/crypto/dist/openssl/ssl/s3_pkt.c
diff -u src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.4.3.2.2 src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.4.3.2.3
--- src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.4.3.2.2 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s3_pkt.c Mon Jan 26 11:47:24 2015
@@ -137,6 +137,7 @@ int ssl3_read_n(SSL *s, int n, int max,
if (n <= 0) return n;
rb = &(s->s3->rbuf);
+
left = rb->left;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
@@ -173,9 +174,10 @@ int ssl3_read_n(SSL *s, int n, int max,
}
/* extend reads should not span multiple packets for DTLS */
- if ( SSL_version(s) == DTLS1_VERSION &&
- extend)
+ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
+ if (left == 0 && extend)
+ return 0;
if ( left > 0 && n > left)
n = left;
}
@@ -763,8 +765,7 @@ static int do_ssl3_write(SSL *s, int typ
wr->data=p;
}
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
/* record length after mac and block padding */
s2n(wr->length,plen);
Index: src/crypto/dist/openssl/ssl/s3_srvr.c
diff -u src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.3 src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.4
--- src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.3 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/s3_srvr.c Mon Jan 26 11:47:24 2015
@@ -247,6 +247,7 @@ int ssl3_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -367,20 +368,11 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange, fortezza or
@@ -394,7 +386,7 @@ int ssl3_accept(SSL *s)
* server certificate contains the server's
* public key for key exchange.
*/
- if (s->s3->tmp.use_rsa_tmp
+ if (0
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
@@ -1837,6 +1829,7 @@ int ssl3_get_client_key_exchange(SSL *s)
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
int decrypt_len;
unsigned char decrypt_good, version_good;
+ size_t j;
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
@@ -1875,8 +1868,9 @@ int ssl3_get_client_key_exchange(SSL *s)
{
if (!(s->options & SSL_OP_TLS_D5_BUG))
{
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
+ goto f_err;
}
else
p-=2;
@@ -1885,6 +1879,20 @@ int ssl3_get_client_key_exchange(SSL *s)
n=i;
}
+ /*
+ * Reject overly short RSA ciphertext because we want to be sure
+ * that the buffer size makes it safe to iterate over the entire
+ * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
+ * actual expected size is larger due to RSA padding, but the
+ * bound is sufficient to be safe.
+ */
+ if (n < SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+ goto f_err;
+ }
+
/* We must not leak whether a decryption failure occurs because
* of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
* RFC 2246, section 7.4.7.1). The code follows that advice of
@@ -1932,19 +1940,23 @@ int ssl3_get_client_key_exchange(SSL *s)
* to remain non-zero (0xff). */
decrypt_good &= version_good;
- /* Now copy rand_premaster_secret over p using
- * decrypt_good_mask. */
- for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+ /*
+ * Now copy rand_premaster_secret over from p using
+ * decrypt_good_mask. If decryption failed, then p does not
+ * contain valid plaintext, however, a check above guarantees
+ * it is still sufficiently large to read from.
+ */
+ for (j = 0; j < sizeof(rand_premaster_secret); j++)
{
- p[i] = constant_time_select_8(decrypt_good, p[i],
- rand_premaster_secret[i]);
+ p[j] = constant_time_select_8(decrypt_good, p[j],
+ rand_premaster_secret[j]);
}
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
+ p,sizeof(rand_premaster_secret));
+ OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
}
else
#endif
@@ -2534,7 +2546,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
+ if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2864,6 +2876,11 @@ int ssl3_send_server_certificate(SSL *s)
}
l=ssl3_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
Index: src/crypto/dist/openssl/ssl/ssl.h
diff -u src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.1 src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.2
--- src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/ssl.h Mon Jan 26 11:47:24 2015
@@ -549,9 +549,8 @@ typedef struct ssl_session_st
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibility */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -591,8 +590,13 @@ typedef struct ssl_session_st
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
@@ -618,6 +622,10 @@ typedef struct ssl_session_st
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+#define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -1365,6 +1373,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+#define DTLS_CTRL_SET_LINK_MTU 120
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121
+
#define SSL_CTRL_CHECK_PROTO_VERSION 119
#endif
@@ -1578,9 +1589,9 @@ const SSL_METHOD *SSLv3_method(void); /
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
Index: src/crypto/dist/openssl/ssl/ssl_cert.c
diff -u src/crypto/dist/openssl/ssl/ssl_cert.c:1.13 src/crypto/dist/openssl/ssl/ssl_cert.c:1.13.12.1
--- src/crypto/dist/openssl/ssl/ssl_cert.c:1.13 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/ssl/ssl_cert.c Mon Jan 26 11:47:24 2015
@@ -271,35 +271,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
}
}
Index: src/crypto/dist/openssl/ssl/ssl_lib.c
diff -u src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.1 src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.2
--- src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/ssl_lib.c Mon Jan 26 11:47:24 2015
@@ -373,13 +373,7 @@ SSL *SSL_new(SSL_CTX *ctx)
return(s);
err:
if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
+ SSL_free(s);
SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
@@ -1032,13 +1026,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
l=s->max_cert_list;
s->max_cert_list=larg;
return(l);
- case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
- {
- s->d1->mtu = larg;
- return larg;
- }
- return 0;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
@@ -1447,6 +1434,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
+ p += n;
continue;
}
Index: src/crypto/dist/openssl/ssl/ssl_locl.h
diff -u src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1 src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1.2.1
--- src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1 Tue Jan 12 09:07:51 2010
+++ src/crypto/dist/openssl/ssl/ssl_locl.h Mon Jan 26 11:47:24 2015
@@ -799,7 +799,7 @@ void ssl_load_ciphers(void);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
Index: src/crypto/dist/openssl/util/libeay.num
diff -u src/crypto/dist/openssl/util/libeay.num:1.1.1.13 src/crypto/dist/openssl/util/libeay.num:1.1.1.13.12.1
--- src/crypto/dist/openssl/util/libeay.num:1.1.1.13 Fri May 9 21:34:48 2008
+++ src/crypto/dist/openssl/util/libeay.num Mon Jan 26 11:47:24 2015
@@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get
X509_REQ_digest 2362 EXIST::FUNCTION:EVP
X509_CRL_digest 2391 EXIST::FUNCTION:EVP
d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
+X509_ALGOR_cmp 2398 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
Index: src/crypto/dist/openssl/util/mk1mf.pl
diff -u src/crypto/dist/openssl/util/mk1mf.pl:1.1.1.12 src/crypto/dist/openssl/util/mk1mf.pl:1.1.1.12.12.1
--- src/crypto/dist/openssl/util/mk1mf.pl:1.1.1.12 Fri May 9 21:34:48 2008
+++ src/crypto/dist/openssl/util/mk1mf.pl Mon Jan 26 11:47:24 2015
@@ -588,7 +588,7 @@ open (OUT,">>crypto/buildinf.h") || die
printf OUT <<EOF;
#ifdef $platform_cpp_symbol
/* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
- #define CFLAGS "$cc $cflags"
+ #define CFLAGS "compiler: $cc $cflags"
#define PLATFORM "$platform"
EOF
printf OUT " #define DATE \"%s\"\n", scalar gmtime();
@@ -624,12 +624,6 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
Index: src/distrib/sets/lists/base/md.amd64
diff -u src/distrib/sets/lists/base/md.amd64:1.25.2.8.2.2 src/distrib/sets/lists/base/md.amd64:1.25.2.8.2.3
--- src/distrib/sets/lists/base/md.amd64:1.25.2.8.2.2 Fri Jul 8 21:04:05 2011
+++ src/distrib/sets/lists/base/md.amd64 Mon Jan 26 11:47:24 2015
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.25.2.8.2.2 2011/07/08 21:04:05 sborrill Exp $
+# $NetBSD: md.amd64,v 1.25.2.8.2.3 2015/01/26 11:47:24 martin Exp $
./@MODULEDIR@/adosfs base-kernel-modules
./@MODULEDIR@/adosfs/adosfs.kmod base-kernel-modules
./@MODULEDIR@/azalia base-kernel-modules
@@ -131,7 +131,7 @@
./usr/lib/i386/libcrypt.so.0 base-compat-shlib compat,pic
./usr/lib/i386/libcrypt.so.0.2 base-compat-shlib compat,pic
./usr/lib/i386/libcrypto.so.4 base-compat-shlib compat,pic
-./usr/lib/i386/libcrypto.so.4.2 base-compat-shlib compat,pic
+./usr/lib/i386/libcrypto.so.4.3 base-compat-shlib compat,pic
./usr/lib/i386/librefuse.so.0 base-compat-shlib compat,pic
./usr/lib/i386/librefuse.so.0.0 base-compat-shlib compat,pic
./usr/lib/i386/libp2k.so.0 base-compat-shlib compat,pic
@@ -247,7 +247,7 @@
./usr/lib/i386/libssh.so.10 base-compat-shlib compat,pic
./usr/lib/i386/libssh.so.10.0 base-compat-shlib compat,pic
./usr/lib/i386/libssl.so.6 base-compat-shlib compat,pic
-./usr/lib/i386/libssl.so.6.0 base-compat-shlib compat,pic
+./usr/lib/i386/libssl.so.6.1 base-compat-shlib compat,pic
./usr/lib/i386/libstdc++.so.6 base-compat-shlib compat,pic
./usr/lib/i386/libstdc++.so.6.0 base-compat-shlib compat,pic
./usr/lib/i386/libsupc++.so.0 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/md.sparc64
diff -u src/distrib/sets/lists/base/md.sparc64:1.23.2.8.2.2 src/distrib/sets/lists/base/md.sparc64:1.23.2.8.2.3
--- src/distrib/sets/lists/base/md.sparc64:1.23.2.8.2.2 Fri Jul 8 21:04:05 2011
+++ src/distrib/sets/lists/base/md.sparc64 Mon Jan 26 11:47:24 2015
@@ -1,4 +1,4 @@
-# $NetBSD: md.sparc64,v 1.23.2.8.2.2 2011/07/08 21:04:05 sborrill Exp $
+# $NetBSD: md.sparc64,v 1.23.2.8.2.3 2015/01/26 11:47:24 martin Exp $
./sbin/edlabel base-sysutil-root
./usr/bin/fdformat base-util-bin
./usr/lib/sparc base-compat-lib compat
@@ -68,7 +68,7 @@
./usr/lib/sparc/libcrypt.so.0 base-compat-shlib compat,pic
./usr/lib/sparc/libcrypt.so.0.2 base-compat-shlib compat,pic
./usr/lib/sparc/libcrypto.so.4 base-compat-shlib compat,pic
-./usr/lib/sparc/libcrypto.so.4.2 base-compat-shlib compat,pic
+./usr/lib/sparc/libcrypto.so.4.3 base-compat-shlib compat,pic
./usr/lib/sparc/libcurses.so.6 base-compat-shlib compat,pic
./usr/lib/sparc/libcurses.so.6.4 base-compat-shlib compat,pic
./usr/lib/sparc/libdes.so.7 base-compat-shlib compat,pic
@@ -182,7 +182,7 @@
./usr/lib/sparc/libssh.so.10 base-compat-shlib compat,pic
./usr/lib/sparc/libssh.so.10.0 base-compat-shlib compat,pic
./usr/lib/sparc/libssl.so.6 base-compat-shlib compat,pic
-./usr/lib/sparc/libssl.so.6.0 base-compat-shlib compat,pic
+./usr/lib/sparc/libssl.so.6.1 base-compat-shlib compat,pic
./usr/lib/sparc/libstdc++.so.6 base-compat-shlib compat,pic
./usr/lib/sparc/libstdc++.so.6.0 base-compat-shlib compat,pic
./usr/lib/sparc/libsupc++.so.0 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.450.2.7.2.2 src/distrib/sets/lists/base/shl.mi:1.450.2.7.2.3
--- src/distrib/sets/lists/base/shl.mi:1.450.2.7.2.2 Fri Jul 8 21:04:05 2011
+++ src/distrib/sets/lists/base/shl.mi Mon Jan 26 11:47:24 2015
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.450.2.7.2.2 2011/07/08 21:04:05 sborrill Exp $
+# $NetBSD: shl.mi,v 1.450.2.7.2.3 2015/01/26 11:47:24 martin Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -15,7 +15,7 @@
#
./lib/libc.so.12.164 base-sys-shlib dynamicroot
./lib/libcrypt.so.0.2 base-sys-shlib dynamicroot
-./lib/libcrypto.so.4.2 base-crypto-shlib crypto,dynamicroot
+./lib/libcrypto.so.4.3 base-crypto-shlib crypto,dynamicroot
./lib/libedit.so.2.11 base-sys-shlib dynamicroot
./lib/libevent.so.2.1 base-sys-shlib dynamicroot
./lib/libipsec.so.2.2 base-net-shlib dynamicroot
@@ -61,7 +61,7 @@
./usr/lib/libc.so.12.164 base-sys-shlib
./usr/lib/libcom_err.so.5.0 base-krb5-shlib kerberos
./usr/lib/libcrypt.so.0.2 base-sys-shlib
-./usr/lib/libcrypto.so.4.2 base-crypto-shlib crypto
+./usr/lib/libcrypto.so.4.3 base-crypto-shlib crypto
./usr/lib/libcurses.so.6.4 base-sys-shlib
./usr/lib/libdes.so.7.0 base-crypto-shlib crypto
./usr/lib/libdns.so.1.4 base-bind-shlib
@@ -138,7 +138,7 @@
./usr/lib/libsl.so.3.0 base-krb5-shlib kerberos
./usr/lib/libss.so.5.0 base-krb5-shlib kerberos
./usr/lib/libssh.so.10.0 base-secsh-shlib crypto
-./usr/lib/libssl.so.6.0 base-crypto-shlib crypto
+./usr/lib/libssl.so.6.1 base-crypto-shlib crypto
./usr/lib/libstdc++.so.5.0 base-sys-shlib gcc=3
./usr/lib/libstdc++.so.6.0 base-sys-shlib gcc=4
./usr/lib/libtermcap.so.0.6 base-sys-shlib
Index: src/lib/libcrypto/shlib_version
diff -u src/lib/libcrypto/shlib_version:1.14.4.1 src/lib/libcrypto/shlib_version:1.14.4.1.2.1
--- src/lib/libcrypto/shlib_version:1.14.4.1 Tue Jul 14 19:48:04 2009
+++ src/lib/libcrypto/shlib_version Mon Jan 26 11:47:24 2015
@@ -1,7 +1,7 @@
-# $NetBSD: shlib_version,v 1.14.4.1 2009/07/14 19:48:04 snj Exp $
+# $NetBSD: shlib_version,v 1.14.4.1.2.1 2015/01/26 11:47:24 martin Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
# Things to do on the next major bump:
# - Make openssl/sha.h and sha2.h compatible.
major=4
-minor=2
+minor=3
Index: src/lib/libssl/shlib_version
diff -u src/lib/libssl/shlib_version:1.8 src/lib/libssl/shlib_version:1.8.10.1
--- src/lib/libssl/shlib_version:1.8 Sun May 11 19:17:07 2008
+++ src/lib/libssl/shlib_version Mon Jan 26 11:47:24 2015
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.8 2008/05/11 19:17:07 he Exp $
+# $NetBSD: shlib_version,v 1.8.10.1 2015/01/26 11:47:24 martin Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=6
-minor=0
+minor=1
