Module Name: src
Committed By: christos
Date: Sat Jan 30 17:00:21 UTC 2016
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS
README openssl.spec
src/crypto/external/bsd/openssl/dist/apps: ocsp.c speed.c
src/crypto/external/bsd/openssl/dist/crypto: mem_clr.c opensslv.h
src/crypto/external/bsd/openssl/dist/crypto/aes: aes.h aes_locl.h
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c exptest.c
src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c
src/crypto/external/bsd/openssl/dist/crypto/ec: ectest.c
src/crypto/external/bsd/openssl/dist/crypto/engine: eng_all.c
src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_sign.c
src/crypto/external/bsd/openssl/dist/crypto/sha: sha1test.c
src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/doc/ssl:
SSL_CTX_set_tmp_dh_callback.pod
src/crypto/external/bsd/openssl/dist/ssl: d1_both.c s2_srvr.c s3_clnt.c
s3_lib.c s3_srvr.c ssl.h t1_enc.c t1_lib.c
Log Message:
merge conflicts
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README \
src/crypto/external/bsd/openssl/dist/openssl.spec
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssl/dist/Makefile
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/apps/ocsp.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/ssl/d1_both.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c \
src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/ssl/ssl.h
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.8 src/crypto/external/bsd/openssl/dist/CHANGES:1.9
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.8 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/CHANGES Sat Jan 30 12:00:19 2016
@@ -2,6 +2,30 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
+
+ *) Protection for DH small subgroup attacks
+
+ As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
+ switched on by default and cannot be disabled. This could have some
+ performance impact.
+ [Matt Caswell]
+
+ *) SSLv2 doesn't block disabled ciphers
+
+ A malicious client can negotiate SSLv2 ciphers that have been disabled on
+ the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+ been disabled, provided that the SSLv2 protocol was not also disabled via
+ SSL_OP_NO_SSLv2.
+
+ This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+ and Sebastian Schinzel.
+ (CVE-2015-3197)
+ [Viktor Dukhovni]
+
+ *) Reject DH handshakes with parameters shorter than 1024 bits.
+ [Kurt Roeckx]
+
Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
*) Certificate verify crash with missing PSS parameter
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.8 src/crypto/external/bsd/openssl/dist/NEWS:1.9
--- src/crypto/external/bsd/openssl/dist/NEWS:1.8 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/NEWS Sat Jan 30 12:00:20 2016
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
+
+ o Protection for DH small subgroup attacks
+ o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.8 src/crypto/external/bsd/openssl/dist/README:1.9
--- src/crypto/external/bsd/openssl/dist/README:1.8 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/README Sat Jan 30 12:00:20 2016
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1q 3 Dec 2015
+ OpenSSL 1.0.1r 28 Jan 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -90,11 +90,12 @@
In order to avoid spam, this is a moderated mailing list, and it might
take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
- this address is recorded in the public RT (request tracker) database (see
- https://www.openssl.org/support/rt.html for details) and also forwarded
- the public openssl-dev mailing list. Confidential mail may be sent to
- openssl-secur...@openssl.org (PGP key available from the key servers).
+ that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list. Confidential mail
+ may be sent to openssl-secur...@openssl.org (PGP key available from the
+ key servers).
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
Index: src/crypto/external/bsd/openssl/dist/openssl.spec
diff -u src/crypto/external/bsd/openssl/dist/openssl.spec:1.8 src/crypto/external/bsd/openssl/dist/openssl.spec:1.9
--- src/crypto/external/bsd/openssl/dist/openssl.spec:1.8 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/openssl.spec Sat Jan 30 12:00:20 2016
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1q
+Version: 1.0.1r
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.13 src/crypto/external/bsd/openssl/dist/Configure:1.14
--- src/crypto/external/bsd/openssl/dist/Configure:1.13 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/Configure Sat Jan 30 12:00:20 2016
@@ -105,6 +105,9 @@ my $usage="Usage: Configure [no-<cipher>
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
my $strict_warnings = 0;
@@ -1446,7 +1449,7 @@ if ($target =~ /\-icc$/) # Intel C compi
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
- $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@@ -1953,14 +1956,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
+ $warn_make_depend++;
+ }
}
# create the ms/version32.rc file if needed
@@ -2039,12 +2036,18 @@ EOF
print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'. If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+ make depend
EOF
exit(0);
Index: src/crypto/external/bsd/openssl/dist/Makefile
diff -u src/crypto/external/bsd/openssl/dist/Makefile:1.9 src/crypto/external/bsd/openssl/dist/Makefile:1.10
--- src/crypto/external/bsd/openssl/dist/Makefile:1.9 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/Makefile Sat Jan 30 12:00:20 2016
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1q
+VERSION=1.0.1r
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -181,8 +181,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
+TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@@ -501,38 +500,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl:0 --group openssl:0 \
- --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+ --owner 0 --group 0 \
+ --transform 's|^|$(NAME)/|' \
-cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \! -name '*test' \! -name '.#*' \! -name '*~' \
- | sort > ../$(TARFILE).list
+ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+ \! -name '.#*' \! -name '*~' \! -type l \
+ | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
- $(TAR_COMMAND) > ../$(TARFILE)
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE)
+ $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+ $(TAR_COMMAND) > $(TARFILE)
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE)
dist:
$(PERL) Configure dist
- @$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
Index: src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.10 src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.11
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.10 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c Sat Jan 30 12:00:20 2016
@@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPO
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+ nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.8 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.9
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.8 Mon Mar 23 06:22:45 2015
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
Index: src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c:1.4 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/mem_clr.c Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/mem_clr.c */
/*
* Written by Geoff Thorpe (ge...@geoffthorpe.net) for the OpenSSL project
* 2002.
Index: src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.17 src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.18
--- src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.17 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h Sat Jan 30 12:00:20 2016
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1000111fL
+# define OPENSSL_VERSION_NUMBER 0x1000112fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips 3 Dec 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-fips 28 Jan 2016"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q 3 Dec 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r 28 Jan 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Index: src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h:1.4 src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h:1.4 Mon Mar 23 06:22:45 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/aes/aes.h Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Index: src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h:1.3 src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h:1.4
--- src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h:1.3 Mon Mar 23 06:22:45 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/aes/aes_locl.h Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.9 Sun Dec 6 16:52:35 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Sat Jan 30 12:00:20 2016
@@ -275,9 +275,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
}
bits = BN_num_bits(p);
-
if (bits == 0) {
- ret = BN_one(r);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
@@ -411,7 +416,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
}
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -583,7 +594,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
* precomputation memory layout to limit data-dependency to a minimum to
* protect secret exponents (cf. the hyper-threading timing attacks pointed
* out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
@@ -612,7 +623,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -912,8 +929,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
- } else
+ } else {
ret = BN_one(rr);
+ }
return ret;
}
if (a == 0) {
@@ -1027,9 +1045,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B
}
bits = BN_num_bits(p);
-
- if (bits == 0) {
- ret = BN_one(r);
+ if (bits == 0) {
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c:1.3 src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c:1.4
--- src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c:1.3 Mon Mar 23 06:22:46 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/exptest.c Sat Jan 30 12:00:20 2016
@@ -73,14 +73,34 @@ static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
/*
+ * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
+ * returns zero and prints debug output otherwise.
+ */
+static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
+ const BIGNUM *a) {
+ if (!BN_is_zero(r)) {
+ fprintf(stderr, "%s failed:\n", method);
+ fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
+ fprintf(stderr, "a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, "\nr = ");
+ BN_print_fp(stderr, r);
+ fprintf(stderr, "\n");
+ return 0;
+ }
+ return 1;
+}
+
+/*
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
static int test_exp_mod_zero(void)
{
BIGNUM a, p, m;
BIGNUM r;
+ BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
- int ret = 1;
+ int ret = 1, failed = 0;
BN_init(&m);
BN_one(&m);
@@ -92,21 +112,65 @@ static int test_exp_mod_zero(void)
BN_zero(&p);
BN_init(&r);
- BN_mod_exp(&r, &a, &p, &m, ctx);
- BN_CTX_free(ctx);
- if (BN_is_zero(&r))
- ret = 0;
- else {
- printf("1**0 mod 1 = ");
- BN_print_fp(stdout, &r);
- printf(", should be 0\n");
+ if (!BN_rand(&a, 1024, 0, 0))
+ goto err;
+
+ if (!BN_mod_exp(&r, &a, &p, &m, ctx))
+ goto err;
+
+ if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
+ failed = 1;
+
+ if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
+ goto err;
+
+ if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
+ failed = 1;
+
+ if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
+ goto err;
+
+ if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
+ failed = 1;
+
+ if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
+ goto err;
+
+ if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
+ failed = 1;
+
+ if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
+ goto err;
+ }
+
+ if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
+ failed = 1;
+
+ /*
+ * A different codepath exists for single word multiplication
+ * in non-constant-time only.
+ */
+ if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
+ goto err;
+
+ if (!BN_is_zero(&r)) {
+ fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
+ fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
+ fprintf(stderr, "r = ");
+ BN_print_fp(stderr, &r);
+ fprintf(stderr, "\n");
+ return 0;
}
+ ret = failed;
+
+ err:
BN_free(&r);
BN_free(&a);
BN_free(&p);
BN_free(&m);
+ BN_CTX_free(ctx);
return ret;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.9 Mon Mar 23 06:22:46 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dlfcn.c */
/*
* Written by Geoff Thorpe (ge...@geoffthorpe.net) for the OpenSSL project
* 2000.
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c:1.9 Fri Jun 12 13:01:11 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ectest.c Sat Jan 30 12:00:20 2016
@@ -1591,7 +1591,7 @@ struct nistp_test_params {
int degree;
/*
* Qx, Qy and D are taken from
- * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
* Otherwise, values are standard curve parameters from FIPS 180-3
*/
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
Index: src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.8 src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.8 Mon Mar 23 06:22:47 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* crypto/engine/eng_all.c */
/*
* Written by Richard Levitte <rich...@levitte.org> for the OpenSSL project
* 2000.
Index: src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c:1.4 Sun Dec 6 16:52:36 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c Sat Jan 30 12:00:20 2016
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned ch
return 0;
}
#endif
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ if (rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ if (rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c:1.4 Mon Mar 23 06:22:48 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/sha/sha1test.c Sat Jan 30 12:00:20 2016
@@ -157,8 +157,8 @@ int main(int argc, char *argv[])
if (err)
printf("ERROR: %d\n", err);
# endif
- EXIT(err);
EVP_MD_CTX_cleanup(&c);
+ EXIT(err);
return (0);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.6 Mon Mar 23 06:22:49 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c Sat Jan 30 12:00:20 2016
@@ -1,4 +1,4 @@
-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui_openssl.c */
/*
* Written by Richard Levitte (rich...@levitte.org) and others for the
* OpenSSL project 2001.
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.9 Thu Jul 9 10:31:01 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sat Jan 30 12:00:21 2016
@@ -2026,9 +2026,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
ctx->current_reasons = 0;
ctx->tree = NULL;
ctx->parent = NULL;
+ /* Zero ex_data to make sure we're cleanup-safe */
+ memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
ctx->param = X509_VERIFY_PARAM_new();
-
if (!ctx->param) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
return 0;
@@ -2037,7 +2038,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
/*
* Inherit callbacks and flags from X509_STORE if not set use defaults.
*/
-
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
@@ -2045,6 +2045,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
if (store) {
ctx->verify_cb = store->verify_cb;
+ /* Seems to always be 0 in OpenSSL, else must be idempotent */
ctx->cleanup = store->cleanup;
} else
ctx->cleanup = 0;
@@ -2055,7 +2056,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
if (ret == 0) {
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
if (store && store->check_issued)
@@ -2110,19 +2111,18 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
ctx->check_policy = check_policy;
+ if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+ &ctx->ex_data))
+ return 1;
+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+
+ err:
/*
- * This memset() can't make any sense anyway, so it's removed. As
- * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
- * corresponding "new" here and remove this bogus initialisation.
+ * On error clean up allocated storage, if the store context was not
+ * allocated with X509_STORE_CTX_new() this is our last chance to do so.
*/
- /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
- &(ctx->ex_data))) {
- OPENSSL_free(ctx);
- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
+ X509_STORE_CTX_cleanup(ctx);
+ return 0;
}
/*
@@ -2138,8 +2138,17 @@ void X509_STORE_CTX_trusted_stack(X509_S
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
{
- if (ctx->cleanup)
+ /*
+ * We need to be idempotent because, unfortunately, free() also calls
+ * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
+ * calls cleanup() for the same object twice! Thus we must zero the
+ * pointers below after they're freed!
+ */
+ /* Seems to always be 0 in OpenSSL, do this at most once. */
+ if (ctx->cleanup != NULL) {
ctx->cleanup(ctx);
+ ctx->cleanup = NULL;
+ }
if (ctx->param != NULL) {
if (ctx->parent == NULL)
X509_VERIFY_PARAM_free(ctx->param);
Index: src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
diff -u src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod:1.3 src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod:1.4
--- src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod:1.3 Fri Jun 12 13:01:12 2015
+++ src/crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod Sat Jan 30 12:00:21 2016
@@ -48,25 +48,8 @@ even if he gets hold of the normal (cert
only used for signing.
In order to perform a DH key exchange the server must use a DH group
-(DH parameters) and generate a DH key.
-The server will always generate a new DH key during the negotiation
-if either the DH parameters are supplied via callback or the
-SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both).
-It will immediately create a DH key if DH parameters are supplied via
-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set.
-In this case,
-it may happen that a key is generated on initialization without later
-being needed, while on the other hand the computer time during the
-negotiation is being saved.
-
-If "strong" primes were used to generate the DH parameters, it is not strictly
-necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured that "strong" primes were used,
-SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
-attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
-computer time needed during negotiation, but it is not very large, so
-application authors/users should consider always enabling this option.
-The option is required to implement perfect forward secrecy (PFS).
+(DH parameters) and generate a DH key. The server will always generate
+a new DH key during the negotiation.
As generating DH parameters is extremely time consuming, an application
should not generate the parameters on the fly but supply the parameters.
@@ -93,10 +76,9 @@ can supply the DH parameters via a callb
Previous versions of the callback used B<is_export> and B<keylength>
parameters to control parameter generation for export and non-export
cipher suites. Modern servers that do not support export ciphersuites
-are advised to either use SSL_CTX_set_tmp_dh() in combination with
-SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
-B<keylength> and B<is_export> and simply supply at least 2048-bit
-parameters in the callback.
+are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use
+the callback but ignore B<keylength> and B<is_export> and simply
+supply at least 2048-bit parameters in the callback.
=head1 EXAMPLES
@@ -128,7 +110,6 @@ partly left out.)
if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
/* Error. */
}
- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
...
=head1 RETURN VALUES
Index: src/crypto/external/bsd/openssl/dist/ssl/d1_both.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_both.c:1.6 src/crypto/external/bsd/openssl/dist/ssl/d1_both.c:1.7
--- src/crypto/external/bsd/openssl/dist/ssl/d1_both.c:1.6 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_both.c Sat Jan 30 12:00:21 2016
@@ -291,8 +291,44 @@ int dtls1_do_write(SSL *s, int type)
blocksize = 0;
frag_off = 0;
+ s->rwstate = SSL_NOTHING;
+
/* s->init_num shouldn't ever be < 0...but just in case */
while (s->init_num > 0) {
+ if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) {
+ /* We must be writing a fragment other than the first one */
+
+ if (frag_off > 0) {
+ /* This is the first attempt at writing out this fragment */
+
+ if (s->init_off <= DTLS1_HM_HEADER_LENGTH) {
+ /*
+ * Each fragment that was already sent must at least have
+ * contained the message header plus one other byte.
+ * Therefore |init_off| must have progressed by at least
+ * |DTLS1_HM_HEADER_LENGTH + 1| bytes. If not something went
+ * wrong.
+ */
+ return -1;
+ }
+
+ /*
+ * Adjust |init_off| and |init_num| to allow room for a new
+ * message header for this fragment.
+ */
+ s->init_off -= DTLS1_HM_HEADER_LENGTH;
+ s->init_num += DTLS1_HM_HEADER_LENGTH;
+ } else {
+ /*
+ * We must have been called again after a retry so use the
+ * fragment offset from our last attempt. We do not need
+ * to adjust |init_off| and |init_num| as above, because
+ * that should already have been done before the retry.
+ */
+ frag_off = s->d1->w_msg_hdr.frag_off;
+ }
+ }
+
used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+ mac_size + blocksize;
if (s->d1->mtu > used_len)
@@ -305,8 +341,10 @@ int dtls1_do_write(SSL *s, int type)
* grr.. we could get an error if MTU picked was wrong
*/
ret = BIO_flush(SSL_get_wbio(s));
- if (ret <= 0)
+ if (ret <= 0) {
+ s->rwstate = SSL_WRITING;
return ret;
+ }
used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
curr_mtu = s->d1->mtu - used_len;
@@ -332,25 +370,6 @@ int dtls1_do_write(SSL *s, int type)
* XDTLS: this function is too long. split out the CCS part
*/
if (type == SSL3_RT_HANDSHAKE) {
- if (s->init_off != 0) {
- OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
- s->init_off -= DTLS1_HM_HEADER_LENGTH;
- s->init_num += DTLS1_HM_HEADER_LENGTH;
-
- /*
- * We just checked that s->init_num > 0 so this cast should
- * be safe
- */
- if (((unsigned int)s->init_num) > curr_mtu)
- len = curr_mtu;
- else
- len = s->init_num;
- }
-
- /* Shouldn't ever happen */
- if (len > INT_MAX)
- len = INT_MAX;
-
if (len < DTLS1_HM_HEADER_LENGTH) {
/*
* len is so small that we really can't do anything sensible
@@ -438,7 +457,16 @@ int dtls1_do_write(SSL *s, int type)
}
s->init_off += ret;
s->init_num -= ret;
- frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
+ ret -= DTLS1_HM_HEADER_LENGTH;
+ frag_off += ret;
+
+ /*
+ * We save the fragment offset for the next fragment so we have it
+ * available in case of an IO retry. We don't know the length of the
+ * next fragment yet so just set that to 0 for now. It will be
+ * updated again later.
+ */
+ dtls1_fix_message_header(s, frag_off, 0);
}
}
return (0);
Index: src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c:1.4 src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c:1.5
--- src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c:1.4 Fri Jun 12 13:01:13 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s2_srvr.c Sat Jan 30 12:00:21 2016
@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
}
cp = ssl2_get_cipher_by_char(p);
- if (cp == NULL) {
+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
ssl2_return_error(s, SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
return (-1);
@@ -598,6 +598,11 @@ static int get_client_hello(SSL *s)
s->s2->tmp.cipher_spec_length = i;
n2s(p, i);
s->s2->tmp.session_id_length = i;
+ if ((i < 0) || (i > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ return -1;
+ }
n2s(p, i);
s->s2->challenge_length = i;
if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
@@ -687,8 +692,12 @@ static int get_client_hello(SSL *s)
prio = cs;
allow = cl;
}
+
+ /* Generate list of SSLv2 ciphers shared between client and server */
for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
+ if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
+ sk_SSL_CIPHER_find(allow, cp) < 0) {
(void)sk_SSL_CIPHER_delete(prio, z);
z--;
}
@@ -697,6 +706,13 @@ static int get_client_hello(SSL *s)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = prio;
}
+
+ /* Make sure we have at least one cipher in common */
+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
+ return -1;
+ }
/*
* s->session->ciphers should now have a list of ciphers that are on
* both the client and server. This list is ordered by the order the
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.16 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.17
--- src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.16 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Sat Jan 30 12:00:21 2016
@@ -2255,37 +2255,44 @@ int ssl3_get_cert_status(SSL *s)
n = s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_STATUS_A,
SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS, 16384, &ok);
+ -1, 16384, &ok);
if (!ok)
return ((int)n);
- if (n < 4) {
- /* need at least status type + length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- p = (unsigned char *)s->init_msg;
- if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
- goto f_err;
- }
- n2l3(p, resplen);
- if (resplen + 4 != n) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if (s->tlsext_ocsp_resp)
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
- if (!s->tlsext_ocsp_resp) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
- goto f_err;
+
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_STATUS) {
+ /*
+ * The CertificateStatus message is optional even if
+ * tlsext_status_expected is set
+ */
+ s->s3->tmp.reuse_message = 1;
+ } else {
+ if (n < 4) {
+ /* need at least status type + length */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ p = (unsigned char *)s->init_msg;
+ if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
+ goto f_err;
+ }
+ n2l3(p, resplen);
+ if (resplen + 4 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+ if (s->tlsext_ocsp_resp == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ s->tlsext_ocsp_resplen = resplen;
}
- s->tlsext_ocsp_resplen = resplen;
if (s->ctx->tlsext_status_cb) {
int ret;
ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
@@ -3410,7 +3417,7 @@ int ssl3_check_cert_and_algorithm(SSL *s
/* Check DHE only: static DH not implemented. */
if (alg_k & SSL_kEDH) {
int dh_size = BN_num_bits(dh->p);
- if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
+ if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024)
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.15 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.16
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.15 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Sat Jan 30 12:00:21 2016
@@ -3164,13 +3164,6 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return (ret);
}
- if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
- if (!DH_generate_key(dh)) {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return (ret);
- }
- }
if (s->cert->dh_tmp != NULL)
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
@@ -3221,6 +3214,8 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
+ size_t len;
+
if (s->tlsext_hostname != NULL)
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
@@ -3228,7 +3223,8 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ len = strlen((char *)parg);
+ if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
@@ -3479,13 +3475,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
return 0;
}
- if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
- if (!DH_generate_key(new)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
- DH_free(new);
- return 0;
- }
- }
if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.15 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.16
--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.15 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Sat Jan 30 12:00:21 2016
@@ -1139,7 +1139,7 @@ int tls1_generate_master_secret(SSL *s,
so = s->s3->server_opaque_prf_input;
/*
* must be same as col (see
- * draft-resc-00.txts-opaque-prf-input-00.txt, section 3.1)
+ * draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1)
*/
sol = s->s3->client_opaque_prf_input_len;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.24
--- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.23 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Sat Jan 30 12:00:21 2016
@@ -1,4 +1,4 @@
-/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ssl/s3_srvr.c */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -1071,6 +1071,12 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
+ if ((j < 0) || (j > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
s->hit = 0;
/*
* Versions before 0.9.7 always allow clients to resume sessions in
@@ -1730,20 +1736,9 @@ int ssl3_send_server_key_exchange(SSL *s
}
s->s3->tmp.dh = dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE))) {
- if (!DH_generate_key(dh)) {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
- } else {
- dh->pub_key = BN_dup(dhp->pub_key);
- dh->priv_key = BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
- goto err;
- }
+ if (!DH_generate_key(dh)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
}
r[0] = dh->p;
r[1] = dh->g;
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl.h
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.13 src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.13 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl.h Sat Jan 30 12:00:21 2016
@@ -602,7 +602,7 @@ struct ssl_session_st {
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
/* If set, always create a new key when using tmp_ecdh parameters */
# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
+/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Does nothing: retained for compatibiity */
# define SSL_OP_EPHEMERAL_RSA 0x0
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.19 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.20
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.19 Sun Dec 6 16:52:37 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Sat Jan 30 12:00:21 2016
@@ -2081,22 +2081,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
}
# endif
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = NULL;
+ s->tlsext_ocsp_resplen = -1;
/*
* If we've requested certificate status and we wont get one tell the
* callback
*/
if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
- && s->ctx && s->ctx->tlsext_status_cb) {
+ && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
int r;
/*
- * Set resp to NULL, resplen to -1 so callback knows there is no
- * response.
+ * Call callback with resp == NULL and resplen == -1 so callback
+ * knows there is no response
*/
- if (s->tlsext_ocsp_resp) {
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = NULL;
- }
- s->tlsext_ocsp_resplen = -1;
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
if (r == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
