Author: delphij
Date: Tue Oct 21 19:00:32 2014
New Revision: 273399
URL: https://svnweb.freebsd.org/changeset/base/273399
Log:
MFS r273149 (jkim): MFC: r273144, r273146
Merge OpenSSL 1.0.1j.
This is part of an upcoming FreeBSD security advisory.
Approved by: re (so@ blanket)
Added:
releng/10.1/crypto/openssl/crypto/constant_time_locl.h
- copied unchanged from r273149,
stable/10/crypto/openssl/crypto/constant_time_locl.h
releng/10.1/crypto/openssl/crypto/constant_time_test.c
- copied unchanged from r273149,
stable/10/crypto/openssl/crypto/constant_time_test.c
releng/10.1/crypto/openssl/doc/apps/c_rehash.pod
- copied unchanged from r273149,
stable/10/crypto/openssl/doc/apps/c_rehash.pod
releng/10.1/crypto/openssl/doc/crypto/CMS_add1_signer.pod
- copied unchanged from r273149,
stable/10/crypto/openssl/doc/crypto/CMS_add1_signer.pod
releng/10.1/secure/lib/libcrypto/man/CMS_add1_signer.3
- copied unchanged from r273149,
stable/10/secure/lib/libcrypto/man/CMS_add1_signer.3
releng/10.1/secure/usr.bin/openssl/man/c_rehash.1
- copied unchanged from r273149,
stable/10/secure/usr.bin/openssl/man/c_rehash.1
Deleted:
releng/10.1/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod
releng/10.1/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
Modified:
releng/10.1/ObsoleteFiles.inc
releng/10.1/crypto/openssl/CHANGES
releng/10.1/crypto/openssl/Configure
releng/10.1/crypto/openssl/Makefile
releng/10.1/crypto/openssl/NEWS
releng/10.1/crypto/openssl/README
releng/10.1/crypto/openssl/apps/s_client.c
releng/10.1/crypto/openssl/crypto/Makefile
releng/10.1/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
releng/10.1/crypto/openssl/crypto/asn1/a_strex.c
releng/10.1/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
releng/10.1/crypto/openssl/crypto/bn/bn_exp.c
releng/10.1/crypto/openssl/crypto/bn/bn_nist.c
releng/10.1/crypto/openssl/crypto/bn/exptest.c
releng/10.1/crypto/openssl/crypto/dsa/dsa_ameth.c
releng/10.1/crypto/openssl/crypto/ebcdic.h
releng/10.1/crypto/openssl/crypto/ec/ec.h
releng/10.1/crypto/openssl/crypto/ec/ec2_smpl.c
releng/10.1/crypto/openssl/crypto/ec/ec_ameth.c
releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c
releng/10.1/crypto/openssl/crypto/ec/ecp_mont.c
releng/10.1/crypto/openssl/crypto/ec/ecp_nist.c
releng/10.1/crypto/openssl/crypto/ec/ecp_smpl.c
releng/10.1/crypto/openssl/crypto/ec/ectest.c
releng/10.1/crypto/openssl/crypto/evp/Makefile
releng/10.1/crypto/openssl/crypto/evp/e_aes.c
releng/10.1/crypto/openssl/crypto/evp/evp_enc.c
releng/10.1/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
releng/10.1/crypto/openssl/crypto/modes/modes.h
releng/10.1/crypto/openssl/crypto/ocsp/ocsp_vfy.c
releng/10.1/crypto/openssl/crypto/opensslconf.h
releng/10.1/crypto/openssl/crypto/opensslv.h
releng/10.1/crypto/openssl/crypto/ossl_typ.h
releng/10.1/crypto/openssl/crypto/pkcs7/pkcs7.h
releng/10.1/crypto/openssl/crypto/pqueue/pqueue.h
releng/10.1/crypto/openssl/crypto/rsa/Makefile
releng/10.1/crypto/openssl/crypto/rsa/rsa.h
releng/10.1/crypto/openssl/crypto/rsa/rsa_err.c
releng/10.1/crypto/openssl/crypto/rsa/rsa_oaep.c
releng/10.1/crypto/openssl/crypto/rsa/rsa_pk1.c
releng/10.1/crypto/openssl/crypto/rsa/rsa_sign.c
releng/10.1/crypto/openssl/crypto/stack/safestack.h
releng/10.1/crypto/openssl/doc/apps/dgst.pod
releng/10.1/crypto/openssl/doc/crypto/BIO_s_accept.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_DigestInit.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod
releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
releng/10.1/crypto/openssl/e_os.h
releng/10.1/crypto/openssl/ssl/Makefile
releng/10.1/crypto/openssl/ssl/d1_both.c
releng/10.1/crypto/openssl/ssl/d1_lib.c
releng/10.1/crypto/openssl/ssl/d1_srtp.c
releng/10.1/crypto/openssl/ssl/dtls1.h
releng/10.1/crypto/openssl/ssl/s23_clnt.c
releng/10.1/crypto/openssl/ssl/s23_srvr.c
releng/10.1/crypto/openssl/ssl/s2_lib.c
releng/10.1/crypto/openssl/ssl/s3_cbc.c
releng/10.1/crypto/openssl/ssl/s3_clnt.c
releng/10.1/crypto/openssl/ssl/s3_enc.c
releng/10.1/crypto/openssl/ssl/s3_lib.c
releng/10.1/crypto/openssl/ssl/s3_pkt.c
releng/10.1/crypto/openssl/ssl/s3_srvr.c
releng/10.1/crypto/openssl/ssl/srtp.h
releng/10.1/crypto/openssl/ssl/ssl.h
releng/10.1/crypto/openssl/ssl/ssl3.h
releng/10.1/crypto/openssl/ssl/ssl_err.c
releng/10.1/crypto/openssl/ssl/ssl_lib.c
releng/10.1/crypto/openssl/ssl/t1_enc.c
releng/10.1/crypto/openssl/ssl/t1_lib.c
releng/10.1/crypto/openssl/ssl/tls1.h
releng/10.1/crypto/openssl/util/mk1mf.pl
releng/10.1/crypto/openssl/util/mkdef.pl
releng/10.1/crypto/openssl/util/ssleay.num
releng/10.1/secure/lib/libcrypto/Makefile.inc
releng/10.1/secure/lib/libcrypto/Makefile.man
releng/10.1/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_length.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_new.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
releng/10.1/secure/lib/libcrypto/man/ASN1_generate_nconf.3
releng/10.1/secure/lib/libcrypto/man/BIO_ctrl.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_base64.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_buffer.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_cipher.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_md.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_null.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_ssl.3
releng/10.1/secure/lib/libcrypto/man/BIO_find_type.3
releng/10.1/secure/lib/libcrypto/man/BIO_new.3
releng/10.1/secure/lib/libcrypto/man/BIO_new_CMS.3
releng/10.1/secure/lib/libcrypto/man/BIO_push.3
releng/10.1/secure/lib/libcrypto/man/BIO_read.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_accept.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_bio.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_connect.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_fd.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_file.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_mem.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_null.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_socket.3
releng/10.1/secure/lib/libcrypto/man/BIO_set_callback.3
releng/10.1/secure/lib/libcrypto/man/BIO_should_retry.3
releng/10.1/secure/lib/libcrypto/man/BN_BLINDING_new.3
releng/10.1/secure/lib/libcrypto/man/BN_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/BN_CTX_start.3
releng/10.1/secure/lib/libcrypto/man/BN_add.3
releng/10.1/secure/lib/libcrypto/man/BN_add_word.3
releng/10.1/secure/lib/libcrypto/man/BN_bn2bin.3
releng/10.1/secure/lib/libcrypto/man/BN_cmp.3
releng/10.1/secure/lib/libcrypto/man/BN_copy.3
releng/10.1/secure/lib/libcrypto/man/BN_generate_prime.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_inverse.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
releng/10.1/secure/lib/libcrypto/man/BN_new.3
releng/10.1/secure/lib/libcrypto/man/BN_num_bytes.3
releng/10.1/secure/lib/libcrypto/man/BN_rand.3
releng/10.1/secure/lib/libcrypto/man/BN_set_bit.3
releng/10.1/secure/lib/libcrypto/man/BN_swap.3
releng/10.1/secure/lib/libcrypto/man/BN_zero.3
releng/10.1/secure/lib/libcrypto/man/CMS_add0_cert.3
releng/10.1/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
releng/10.1/secure/lib/libcrypto/man/CMS_compress.3
releng/10.1/secure/lib/libcrypto/man/CMS_decrypt.3
releng/10.1/secure/lib/libcrypto/man/CMS_encrypt.3
releng/10.1/secure/lib/libcrypto/man/CMS_final.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_type.3
releng/10.1/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
releng/10.1/secure/lib/libcrypto/man/CMS_sign.3
releng/10.1/secure/lib/libcrypto/man/CMS_sign_receipt.3
releng/10.1/secure/lib/libcrypto/man/CMS_uncompress.3
releng/10.1/secure/lib/libcrypto/man/CMS_verify.3
releng/10.1/secure/lib/libcrypto/man/CMS_verify_receipt.3
releng/10.1/secure/lib/libcrypto/man/CONF_modules_free.3
releng/10.1/secure/lib/libcrypto/man/CONF_modules_load_file.3
releng/10.1/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
releng/10.1/secure/lib/libcrypto/man/DH_generate_key.3
releng/10.1/secure/lib/libcrypto/man/DH_generate_parameters.3
releng/10.1/secure/lib/libcrypto/man/DH_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/DH_new.3
releng/10.1/secure/lib/libcrypto/man/DH_set_method.3
releng/10.1/secure/lib/libcrypto/man/DH_size.3
releng/10.1/secure/lib/libcrypto/man/DSA_SIG_new.3
releng/10.1/secure/lib/libcrypto/man/DSA_do_sign.3
releng/10.1/secure/lib/libcrypto/man/DSA_dup_DH.3
releng/10.1/secure/lib/libcrypto/man/DSA_generate_key.3
releng/10.1/secure/lib/libcrypto/man/DSA_generate_parameters.3
releng/10.1/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/DSA_new.3
releng/10.1/secure/lib/libcrypto/man/DSA_set_method.3
releng/10.1/secure/lib/libcrypto/man/DSA_sign.3
releng/10.1/secure/lib/libcrypto/man/DSA_size.3
releng/10.1/secure/lib/libcrypto/man/ERR_GET_LIB.3
releng/10.1/secure/lib/libcrypto/man/ERR_clear_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_error_string.3
releng/10.1/secure/lib/libcrypto/man/ERR_get_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
releng/10.1/secure/lib/libcrypto/man/ERR_load_strings.3
releng/10.1/secure/lib/libcrypto/man/ERR_print_errors.3
releng/10.1/secure/lib/libcrypto/man/ERR_put_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_remove_state.3
releng/10.1/secure/lib/libcrypto/man/ERR_set_mark.3
releng/10.1/secure/lib/libcrypto/man/EVP_BytesToKey.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestSignInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_EncryptInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_OpenInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_derive.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_new.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_sign.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
releng/10.1/secure/lib/libcrypto/man/EVP_SealInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_SignInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_VerifyInit.3
releng/10.1/secure/lib/libcrypto/man/OBJ_nid2obj.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_Applink.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_config.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
releng/10.1/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
releng/10.1/secure/lib/libcrypto/man/PKCS12_create.3
releng/10.1/secure/lib/libcrypto/man/PKCS12_parse.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_decrypt.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_encrypt.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_sign.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_verify.3
releng/10.1/secure/lib/libcrypto/man/RAND_add.3
releng/10.1/secure/lib/libcrypto/man/RAND_bytes.3
releng/10.1/secure/lib/libcrypto/man/RAND_cleanup.3
releng/10.1/secure/lib/libcrypto/man/RAND_egd.3
releng/10.1/secure/lib/libcrypto/man/RAND_load_file.3
releng/10.1/secure/lib/libcrypto/man/RAND_set_rand_method.3
releng/10.1/secure/lib/libcrypto/man/RSA_blinding_on.3
releng/10.1/secure/lib/libcrypto/man/RSA_check_key.3
releng/10.1/secure/lib/libcrypto/man/RSA_generate_key.3
releng/10.1/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/RSA_new.3
releng/10.1/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
releng/10.1/secure/lib/libcrypto/man/RSA_print.3
releng/10.1/secure/lib/libcrypto/man/RSA_private_encrypt.3
releng/10.1/secure/lib/libcrypto/man/RSA_public_encrypt.3
releng/10.1/secure/lib/libcrypto/man/RSA_set_method.3
releng/10.1/secure/lib/libcrypto/man/RSA_sign.3
releng/10.1/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
releng/10.1/secure/lib/libcrypto/man/RSA_size.3
releng/10.1/secure/lib/libcrypto/man/SMIME_read_CMS.3
releng/10.1/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
releng/10.1/secure/lib/libcrypto/man/SMIME_write_CMS.3
releng/10.1/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_print_ex.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
releng/10.1/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
releng/10.1/secure/lib/libcrypto/man/X509_new.3
releng/10.1/secure/lib/libcrypto/man/X509_verify_cert.3
releng/10.1/secure/lib/libcrypto/man/bio.3
releng/10.1/secure/lib/libcrypto/man/blowfish.3
releng/10.1/secure/lib/libcrypto/man/bn.3
releng/10.1/secure/lib/libcrypto/man/bn_internal.3
releng/10.1/secure/lib/libcrypto/man/buffer.3
releng/10.1/secure/lib/libcrypto/man/crypto.3
releng/10.1/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
releng/10.1/secure/lib/libcrypto/man/d2i_DHparams.3
releng/10.1/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_CRL.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_NAME.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_REQ.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_SIG.3
releng/10.1/secure/lib/libcrypto/man/des.3
releng/10.1/secure/lib/libcrypto/man/dh.3
releng/10.1/secure/lib/libcrypto/man/dsa.3
releng/10.1/secure/lib/libcrypto/man/ecdsa.3
releng/10.1/secure/lib/libcrypto/man/engine.3
releng/10.1/secure/lib/libcrypto/man/err.3
releng/10.1/secure/lib/libcrypto/man/evp.3
releng/10.1/secure/lib/libcrypto/man/hmac.3
releng/10.1/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
releng/10.1/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
releng/10.1/secure/lib/libcrypto/man/lh_stats.3
releng/10.1/secure/lib/libcrypto/man/lhash.3
releng/10.1/secure/lib/libcrypto/man/md5.3
releng/10.1/secure/lib/libcrypto/man/mdc2.3
releng/10.1/secure/lib/libcrypto/man/pem.3
releng/10.1/secure/lib/libcrypto/man/rand.3
releng/10.1/secure/lib/libcrypto/man/rc4.3
releng/10.1/secure/lib/libcrypto/man/ripemd.3
releng/10.1/secure/lib/libcrypto/man/rsa.3
releng/10.1/secure/lib/libcrypto/man/sha.3
releng/10.1/secure/lib/libcrypto/man/threads.3
releng/10.1/secure/lib/libcrypto/man/ui.3
releng/10.1/secure/lib/libcrypto/man/ui_compat.3
releng/10.1/secure/lib/libcrypto/man/x509.3
releng/10.1/secure/lib/libssl/man/SSL_CIPHER_get_name.3
releng/10.1/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_add_session.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_ctrl.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_free.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_new.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_number.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sessions.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_options.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_timeout.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_verify.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_use_certificate.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_free.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_time.3
releng/10.1/secure/lib/libssl/man/SSL_accept.3
releng/10.1/secure/lib/libssl/man/SSL_alert_type_string.3
releng/10.1/secure/lib/libssl/man/SSL_clear.3
releng/10.1/secure/lib/libssl/man/SSL_connect.3
releng/10.1/secure/lib/libssl/man/SSL_do_handshake.3
releng/10.1/secure/lib/libssl/man/SSL_free.3
releng/10.1/secure/lib/libssl/man/SSL_get_SSL_CTX.3
releng/10.1/secure/lib/libssl/man/SSL_get_ciphers.3
releng/10.1/secure/lib/libssl/man/SSL_get_client_CA_list.3
releng/10.1/secure/lib/libssl/man/SSL_get_current_cipher.3
releng/10.1/secure/lib/libssl/man/SSL_get_default_timeout.3
releng/10.1/secure/lib/libssl/man/SSL_get_error.3
releng/10.1/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
releng/10.1/secure/lib/libssl/man/SSL_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_get_fd.3
releng/10.1/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
releng/10.1/secure/lib/libssl/man/SSL_get_peer_certificate.3
releng/10.1/secure/lib/libssl/man/SSL_get_psk_identity.3
releng/10.1/secure/lib/libssl/man/SSL_get_rbio.3
releng/10.1/secure/lib/libssl/man/SSL_get_session.3
releng/10.1/secure/lib/libssl/man/SSL_get_verify_result.3
releng/10.1/secure/lib/libssl/man/SSL_get_version.3
releng/10.1/secure/lib/libssl/man/SSL_library_init.3
releng/10.1/secure/lib/libssl/man/SSL_load_client_CA_file.3
releng/10.1/secure/lib/libssl/man/SSL_new.3
releng/10.1/secure/lib/libssl/man/SSL_pending.3
releng/10.1/secure/lib/libssl/man/SSL_read.3
releng/10.1/secure/lib/libssl/man/SSL_rstate_string.3
releng/10.1/secure/lib/libssl/man/SSL_session_reused.3
releng/10.1/secure/lib/libssl/man/SSL_set_bio.3
releng/10.1/secure/lib/libssl/man/SSL_set_connect_state.3
releng/10.1/secure/lib/libssl/man/SSL_set_fd.3
releng/10.1/secure/lib/libssl/man/SSL_set_session.3
releng/10.1/secure/lib/libssl/man/SSL_set_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_set_verify_result.3
releng/10.1/secure/lib/libssl/man/SSL_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_state_string.3
releng/10.1/secure/lib/libssl/man/SSL_want.3
releng/10.1/secure/lib/libssl/man/SSL_write.3
releng/10.1/secure/lib/libssl/man/d2i_SSL_SESSION.3
releng/10.1/secure/lib/libssl/man/ssl.3
releng/10.1/secure/usr.bin/openssl/Makefile.man
releng/10.1/secure/usr.bin/openssl/man/CA.pl.1
releng/10.1/secure/usr.bin/openssl/man/asn1parse.1
releng/10.1/secure/usr.bin/openssl/man/ca.1
releng/10.1/secure/usr.bin/openssl/man/ciphers.1
releng/10.1/secure/usr.bin/openssl/man/cms.1
releng/10.1/secure/usr.bin/openssl/man/crl.1
releng/10.1/secure/usr.bin/openssl/man/crl2pkcs7.1
releng/10.1/secure/usr.bin/openssl/man/dgst.1
releng/10.1/secure/usr.bin/openssl/man/dhparam.1
releng/10.1/secure/usr.bin/openssl/man/dsa.1
releng/10.1/secure/usr.bin/openssl/man/dsaparam.1
releng/10.1/secure/usr.bin/openssl/man/ec.1
releng/10.1/secure/usr.bin/openssl/man/ecparam.1
releng/10.1/secure/usr.bin/openssl/man/enc.1
releng/10.1/secure/usr.bin/openssl/man/errstr.1
releng/10.1/secure/usr.bin/openssl/man/gendsa.1
releng/10.1/secure/usr.bin/openssl/man/genpkey.1
releng/10.1/secure/usr.bin/openssl/man/genrsa.1
releng/10.1/secure/usr.bin/openssl/man/nseq.1
releng/10.1/secure/usr.bin/openssl/man/ocsp.1
releng/10.1/secure/usr.bin/openssl/man/openssl.1
releng/10.1/secure/usr.bin/openssl/man/passwd.1
releng/10.1/secure/usr.bin/openssl/man/pkcs12.1
releng/10.1/secure/usr.bin/openssl/man/pkcs7.1
releng/10.1/secure/usr.bin/openssl/man/pkcs8.1
releng/10.1/secure/usr.bin/openssl/man/pkey.1
releng/10.1/secure/usr.bin/openssl/man/pkeyparam.1
releng/10.1/secure/usr.bin/openssl/man/pkeyutl.1
releng/10.1/secure/usr.bin/openssl/man/rand.1
releng/10.1/secure/usr.bin/openssl/man/req.1
releng/10.1/secure/usr.bin/openssl/man/rsa.1
releng/10.1/secure/usr.bin/openssl/man/rsautl.1
releng/10.1/secure/usr.bin/openssl/man/s_client.1
releng/10.1/secure/usr.bin/openssl/man/s_server.1
releng/10.1/secure/usr.bin/openssl/man/s_time.1
releng/10.1/secure/usr.bin/openssl/man/sess_id.1
releng/10.1/secure/usr.bin/openssl/man/smime.1
releng/10.1/secure/usr.bin/openssl/man/speed.1
releng/10.1/secure/usr.bin/openssl/man/spkac.1
releng/10.1/secure/usr.bin/openssl/man/ts.1
releng/10.1/secure/usr.bin/openssl/man/tsget.1
releng/10.1/secure/usr.bin/openssl/man/verify.1
releng/10.1/secure/usr.bin/openssl/man/version.1
releng/10.1/secure/usr.bin/openssl/man/x509.1
releng/10.1/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
releng/10.1/ (props changed)
Modified: releng/10.1/ObsoleteFiles.inc
==============================================================================
--- releng/10.1/ObsoleteFiles.inc Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/ObsoleteFiles.inc Tue Oct 21 19:00:32 2014
(r273399)
@@ -38,6 +38,8 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20141015: OpenSSL 1.0.1j import
+OLD_FILES+=usr/share/openssl/man/man3/CMS_sign_add1_signer.3.gz
# 20140917: hv_kvpd rc.d script removed in favor of devd configuration
OLD_FILES+=etc/rc.d/hv_kvpd
# 20140814: libopie version bump
Modified: releng/10.1/crypto/openssl/CHANGES
==============================================================================
--- releng/10.1/crypto/openssl/CHANGES Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/CHANGES Tue Oct 21 19:00:32 2014
(r273399)
@@ -2,6 +2,57 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+ *) SRTP Memory Leak.
+
+ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+ sends a carefully crafted handshake message, to cause OpenSSL to fail
+ to free up to 64k of memory causing a memory leak. This could be
+ exploited in a Denial Of Service attack. This issue affects OpenSSL
+ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+ whether SRTP is used or configured. Implementations of OpenSSL that
+ have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+ The fix was developed by the OpenSSL team.
+ (CVE-2014-3513)
+ [OpenSSL team]
+
+ *) Session Ticket Memory Leak.
+
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+
+ *) Build option no-ssl3 is incomplete.
+
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+
+ *) Add additional DigestInfo checks.
+
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+
+ Note: this is a precautionary measure and no attacks are currently known.
+
+ [Steve Henson]
+
Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
*) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
Modified: releng/10.1/crypto/openssl/Configure
==============================================================================
--- releng/10.1/crypto/openssl/Configure Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/Configure Tue Oct 21 19:00:32 2014
(r273399)
@@ -1767,6 +1767,9 @@ open(OUT,'>crypto/opensslconf.h.new') ||
print OUT "/* opensslconf.h */\n";
print OUT "/* WARNING: Generated automatically from opensslconf.h.in by
Configure. */\n\n";
+print OUT "#ifdef __cplusplus\n";
+print OUT "extern \"C\" {\n";
+print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef
OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n#
endif\n#endif/mg;
@@ -1871,6 +1874,9 @@ while (<IN>)
{ print OUT $_; }
}
close(IN);
+print OUT "#ifdef __cplusplus\n";
+print OUT "}\n";
+print OUT "#endif\n";
close(OUT);
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to
rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to
rename crypto/opensslconf.h.new\n";
Modified: releng/10.1/crypto/openssl/Makefile
==============================================================================
--- releng/10.1/crypto/openssl/Makefile Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/Makefile Tue Oct 21 19:00:32 2014
(r273399)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1i
+VERSION=1.0.1j
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
Modified: releng/10.1/crypto/openssl/NEWS
==============================================================================
--- releng/10.1/crypto/openssl/NEWS Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/NEWS Tue Oct 21 19:00:32 2014
(r273399)
@@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
o Fix for CVE-2014-3512
Modified: releng/10.1/crypto/openssl/README
==============================================================================
--- releng/10.1/crypto/openssl/README Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/README Tue Oct 21 19:00:32 2014
(r273399)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1i 6 Aug 2014
+ OpenSSL 1.0.1j 15 Oct 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: releng/10.1/crypto/openssl/apps/s_client.c
==============================================================================
--- releng/10.1/crypto/openssl/apps/s_client.c Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/apps/s_client.c Tue Oct 21 19:00:32 2014
(r273399)
@@ -337,6 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
BIO_printf(bio_err," -mtu - set the link layer MTU\n");
BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 -
turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation
bug workarounds\n");
@@ -617,6 +618,7 @@ int MAIN(int argc, char **argv)
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
@@ -823,6 +825,10 @@ int MAIN(int argc, char **argv)
meth=DTLSv1_client_method();
socket_type=SOCK_DGRAM;
}
+ else if (strcmp(*argv,"-fallback_scsv") == 0)
+ {
+ fallback_scsv = 1;
+ }
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts=1;
else if (strcmp(*argv,"-mtu") == 0)
@@ -1235,6 +1241,10 @@ bad:
SSL_set_session(con, sess);
SSL_SESSION_free(sess);
}
+
+ if (fallback_scsv)
+ SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
#ifndef OPENSSL_NO_TLSEXT
if (servername != NULL)
{
Modified: releng/10.1/crypto/openssl/crypto/Makefile
==============================================================================
--- releng/10.1/crypto/openssl/crypto/Makefile Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/crypto/Makefile Tue Oct 21 19:00:32 2014
(r273399)
@@ -32,6 +32,7 @@ CPUID_OBJ=mem_clr.o
LIBS=
GENERAL=Makefile README crypto-lib.com install.com
+TEST=constant_time_test.c
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
@@ -44,7 +45,8 @@ SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
-HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h
$(EXHEADER)
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
+ constant_time_locl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
Modified: releng/10.1/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
==============================================================================
--- releng/10.1/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl Tue Oct 21
18:31:08 2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl Tue Oct 21
19:00:32 2014 (r273399)
@@ -525,6 +525,16 @@ $code.=<<___;
.type aesni_ecb_encrypt,\@function,5
.align 16
aesni_ecb_encrypt:
+___
+$code.=<<___ if ($win64);
+ lea -0x58(%rsp),%rsp
+ movaps %xmm6,(%rsp)
+ movaps %xmm7,0x10(%rsp)
+ movaps %xmm8,0x20(%rsp)
+ movaps %xmm9,0x30(%rsp)
+.Lecb_enc_body:
+___
+$code.=<<___;
and \$-16,$len
jz .Lecb_ret
@@ -805,6 +815,16 @@ $code.=<<___;
movups $inout5,0x50($out)
.Lecb_ret:
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ lea 0x58(%rsp),%rsp
+.Lecb_enc_ret:
+___
+$code.=<<___;
ret
.size aesni_ecb_encrypt,.-aesni_ecb_encrypt
___
@@ -2730,28 +2750,9 @@ $code.=<<___;
.extern __imp_RtlVirtualUnwind
___
$code.=<<___ if ($PREFIX eq "aesni");
-.type ecb_se_handler,\@abi-omnipotent
-.align 16
-ecb_se_handler:
- push %rsi
- push %rdi
- push %rbx
- push %rbp
- push %r12
- push %r13
- push %r14
- push %r15
- pushfq
- sub \$64,%rsp
-
- mov 152($context),%rax # pull context->Rsp
-
- jmp .Lcommon_seh_tail
-.size ecb_se_handler,.-ecb_se_handler
-
-.type ccm64_se_handler,\@abi-omnipotent
+.type ecb_ccm64_se_handler,\@abi-omnipotent
.align 16
-ccm64_se_handler:
+ecb_ccm64_se_handler:
push %rsi
push %rdi
push %rbx
@@ -2788,7 +2789,7 @@ ccm64_se_handler:
lea 0x58(%rax),%rax # adjust stack pointer
jmp .Lcommon_seh_tail
-.size ccm64_se_handler,.-ccm64_se_handler
+.size ecb_ccm64_se_handler,.-ecb_ccm64_se_handler
.type ctr32_se_handler,\@abi-omnipotent
.align 16
@@ -2993,14 +2994,15 @@ ___
$code.=<<___ if ($PREFIX eq "aesni");
.LSEH_info_ecb:
.byte 9,0,0,0
- .rva ecb_se_handler
+ .rva ecb_ccm64_se_handler
+ .rva .Lecb_enc_body,.Lecb_enc_ret # HandlerData[]
.LSEH_info_ccm64_enc:
.byte 9,0,0,0
- .rva ccm64_se_handler
+ .rva ecb_ccm64_se_handler
.rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[]
.LSEH_info_ccm64_dec:
.byte 9,0,0,0
- .rva ccm64_se_handler
+ .rva ecb_ccm64_se_handler
.rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[]
.LSEH_info_ctr32:
.byte 9,0,0,0
Modified: releng/10.1/crypto/openssl/crypto/asn1/a_strex.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/asn1/a_strex.c Tue Oct 21 18:31:08
2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/asn1/a_strex.c Tue Oct 21 19:00:32
2014 (r273399)
@@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **
mbflag |= MBSTRING_FLAG;
stmp.data = NULL;
stmp.length = 0;
+ stmp.flags = 0;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
B_ASN1_UTF8STRING);
if(ret < 0) return ret;
*out = stmp.data;
Modified: releng/10.1/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Oct 21
18:31:08 2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Oct 21
19:00:32 2014 (r273399)
@@ -189,7 +189,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".p2align 4 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -200,7 +200,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
@@ -212,7 +212,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".p2align 4 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -223,7 +223,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
Modified: releng/10.1/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/bn_exp.c Tue Oct 21 18:31:08
2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/bn/bn_exp.c Tue Oct 21 19:00:32
2014 (r273399)
@@ -874,7 +874,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
bits = BN_num_bits(p);
if (bits == 0)
{
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m))
+ {
+ ret = 1;
+ BN_zero(rr);
+ }
+ else
+ ret = BN_one(rr);
return ret;
}
if (a == 0)
Modified: releng/10.1/crypto/openssl/crypto/bn/bn_nist.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/bn_nist.c Tue Oct 21 18:31:08
2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/bn/bn_nist.c Tue Oct 21 19:00:32
2014 (r273399)
@@ -1088,9 +1088,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIG
/* ... and right shift */
for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
{
- tmp = val>>BN_NIST_521_RSHIFT;
- val = t_d[i+1];
- t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+ t_d[i] = ( val>>BN_NIST_521_RSHIFT |
+ (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
+ val=tmp;
}
t_d[i] = val>>BN_NIST_521_RSHIFT;
/* lower 521 bits */
Modified: releng/10.1/crypto/openssl/crypto/bn/exptest.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/exptest.c Tue Oct 21 18:31:08
2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/bn/exptest.c Tue Oct 21 19:00:32
2014 (r273399)
@@ -71,6 +71,43 @@
static const char rnd_seed[] = "string to make the random number generator
think it has entropy";
+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
+static int test_exp_mod_zero() {
+ BIGNUM a, p, m;
+ BIGNUM r;
+ BN_CTX *ctx = BN_CTX_new();
+ int ret = 1;
+
+ BN_init(&m);
+ BN_one(&m);
+
+ BN_init(&a);
+ BN_one(&a);
+
+ BN_init(&p);
+ BN_zero(&p);
+
+ BN_init(&r);
+ BN_mod_exp(&r, &a, &p, &m, ctx);
+ BN_CTX_free(ctx);
+
+ if (BN_is_zero(&r))
+ ret = 0;
+ else
+ {
+ printf("1**0 mod 1 = ");
+ BN_print_fp(stdout, &r);
+ printf(", should be 0\n");
+ }
+
+ BN_free(&r);
+ BN_free(&a);
+ BN_free(&p);
+ BN_free(&m);
+
+ return ret;
+}
+
int main(int argc, char *argv[])
{
BN_CTX *ctx;
@@ -190,7 +227,13 @@ int main(int argc, char *argv[])
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks(out);
BIO_free(out);
- printf(" done\n");
+ printf("\n");
+
+ if (test_exp_mod_zero() != 0)
+ goto err;
+
+ printf("done\n");
+
EXIT(0);
err:
ERR_load_crypto_strings();
Copied: releng/10.1/crypto/openssl/crypto/constant_time_locl.h (from r273149,
stable/10/crypto/openssl/crypto/constant_time_locl.h)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ releng/10.1/crypto/openssl/crypto/constant_time_locl.h Tue Oct 21
19:00:32 2014 (r273399, copy of r273149,
stable/10/crypto/openssl/crypto/constant_time_locl.h)
@@ -0,0 +1,216 @@
+/* crypto/constant_time_locl.h */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emi...@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (e...@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an
acknowledgement:
+ * "This product includes software written by Tim Hudson
(t...@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+#define HEADER_CONSTANT_TIME_LOCL_H
+
+#include "e_os.h" /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ * c = a;
+ * } else {
+ * c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+
+/*
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a, unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a, unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+ {
+ return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+ }
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+ {
+ unsigned int lt;
+ /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
+ lt = ~(a ^ b) & (a - b);
+ /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
+ lt |= ~a & b;
+ return constant_time_msb(lt);
+ }
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_lt(a, b));
+ }
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+ {
+ unsigned int ge;
+ /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
+ ge = ~((a ^ b) | (a - b));
+ /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
+ ge |= a & ~b;
+ return constant_time_msb(ge);
+ }
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_ge(a, b));
+ }
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+ {
+ return constant_time_msb(~a & (a - 1));
+ }
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+ {
+ return (unsigned char)(constant_time_is_zero(a));
+ }
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+ {
+ return constant_time_is_zero(a ^ b);
+ }
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_eq(a, b));
+ }
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+ {
+ return constant_time_eq((unsigned)(a), (unsigned)(b));
+ }
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+ {
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+ }
+
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a, unsigned int b)
+ {
+ return (mask & a) | (~mask & b);
+ }
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a, unsigned char b)
+ {
+ return (unsigned char)(constant_time_select(mask, a, b));
+ }
+
+inline int constant_time_select_int(unsigned int mask, int a, int b)
+ {
+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+ }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CONSTANT_TIME_LOCL_H */
Copied: releng/10.1/crypto/openssl/crypto/constant_time_test.c (from r273149,
stable/10/crypto/openssl/crypto/constant_time_test.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ releng/10.1/crypto/openssl/crypto/constant_time_test.c Tue Oct 21
19:00:32 2014 (r273399, copy of r273149,
stable/10/crypto/openssl/crypto/constant_time_test.c)
@@ -0,0 +1,330 @@
+/* crypto/constant_time_test.c */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emi...@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (e...@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an
acknowledgement:
+ * "This product includes software written by Tim Hudson
(t...@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "../crypto/constant_time_locl.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
+static const unsigned int CONSTTIME_FALSE = 0;
+static const unsigned char CONSTTIME_TRUE_8 = 0xff;
+static const unsigned char CONSTTIME_FALSE_8 = 0;
+
+static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b),
+ const char* op_name, unsigned int a, unsigned int b, int is_true)
+ {
+ unsigned c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
+ return 1;
+ }
+ else if (!is_true && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int
b),
+ const char* op_name, unsigned int a, unsigned int b, int is_true)
+ {
+ unsigned char c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
+ return 1;
+ }
+ else if (!is_true && c != CONSTTIME_FALSE_8)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_is_zero(unsigned int a)
+ {
+ unsigned int c = constant_time_is_zero(a);
+ if (a == 0 && c != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
+ return 1;
+ }
+ else if (a != 0 && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_is_zero_8(unsigned int a)
+ {
+ unsigned char c = constant_time_is_zero_8(a);
+ if (a == 0 && c != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
+ return 1;
+ }
+ else if (a != 0 && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select(unsigned int a, unsigned int b)
+ {
+ unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(first value), got %du\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select(CONSTTIME_FALSE, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(second value), got %du\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select_8(unsigned char a, unsigned char b)
+ {
+ unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(first value), got %u\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(second value), got %u\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select_int(int a, int b)
+ {
+ int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(first value), got %d\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(second value), got %d\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_eq_int(int a, int b)
+ {
+ unsigned int equal = constant_time_eq_int(a, b);
+ if (a == b && equal != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(TRUE), got %du\n",
+ a, b, CONSTTIME_TRUE, equal);
+ return 1;
+ }
+ else if (a != b && equal != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(FALSE), got %du\n",
+ a, b, CONSTTIME_FALSE, equal);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_eq_int_8(int a, int b)
+ {
+ unsigned char equal = constant_time_eq_int_8(a, b);
+ if (a == b && equal != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d,
%d): "
+ "expected %u(TRUE), got %u\n",
+ a, b, CONSTTIME_TRUE_8, equal);
+ return 1;
+ }
+ else if (a != b && equal != CONSTTIME_FALSE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d,
%d): "
+ "expected %u(FALSE), got %u\n",
+ a, b, CONSTTIME_FALSE_8, equal);
+ return 1;
+ }
+ return 0;
+ }
+
+static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1,
+ UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1,
+ UINT_MAX};
+
+static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
+
+static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345,
+ 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1,
+ INT_MIN+1};
+
+
+int main(int argc, char *argv[])
+ {
+ unsigned int a, b, i, j;
+ int c, d;
+ unsigned char e, f;
+ int num_failed = 0, num_all = 0;
+ fprintf(stdout, "Testing constant time operations...\n");
+
+ for (i = 0; i < sizeof(test_values)/sizeof(int); ++i)
+ {
+ a = test_values[i];
+ num_failed += test_is_zero(a);
+ num_failed += test_is_zero_8(a);
+ num_all += 2;
+ for (j = 0; j < sizeof(test_values)/sizeof(int); ++j)
+ {
+ b = test_values[j];
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt", a, b, a < b);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", a, b, a < b);
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op(&constant_time_ge,
+ "constant_time_ge", a, b, a >= b);
+ num_failed += test_binary_op_8(&constant_time_ge_8,
+ "constant_time_ge_8", a, b, a >= b);
+ num_failed += test_binary_op(&constant_time_ge,
+ "constant_time_ge", b, a, b >= a);
+ num_failed += test_binary_op_8(&constant_time_ge_8,
+ "constant_time_ge_8", b, a, b >= a);
+ num_failed += test_binary_op(&constant_time_eq,
+ "constant_time_eq", a, b, a == b);
+ num_failed += test_binary_op_8(&constant_time_eq_8,
+ "constant_time_eq_8", a, b, a == b);
+ num_failed += test_binary_op(&constant_time_eq,
+ "constant_time_eq", b, a, b == a);
+ num_failed += test_binary_op_8(&constant_time_eq_8,
+ "constant_time_eq_8", b, a, b == a);
+ num_failed += test_select(a, b);
+ num_all += 13;
+ }
+ }
+
+ for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i)
+ {
+ c = signed_test_values[i];
+ for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j)
+ {
+ d = signed_test_values[j];
+ num_failed += test_select_int(c, d);
+ num_failed += test_eq_int(c, d);
+ num_failed += test_eq_int_8(c, d);
+ num_all += 3;
+ }
+ }
+
+ for (i = 0; i < sizeof(test_values_8); ++i)
+ {
+ e = test_values_8[i];
+ for (j = 0; j < sizeof(test_values_8); ++j)
+ {
+ f = test_values_8[j];
+ num_failed += test_select_8(e, f);
+ num_all += 1;
+ }
+ }
+
+ if (!num_failed)
+ {
+ fprintf(stdout, "ok (ran %d tests)\n", num_all);
+ return EXIT_SUCCESS;
+ }
+ else
+ {
+ fprintf(stdout, "%d of %d tests failed!\n", num_failed,
num_all);
+ return EXIT_FAILURE;
+ }
+ }
Modified: releng/10.1/crypto/openssl/crypto/dsa/dsa_ameth.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/dsa/dsa_ameth.c Tue Oct 21 18:31:08
2014 (r273398)
+++ releng/10.1/crypto/openssl/crypto/dsa/dsa_ameth.c Tue Oct 21 19:00:32
2014 (r273399)
@@ -307,6 +307,12 @@ static int dsa_priv_encode(PKCS8_PRIV_KE
unsigned char *dp = NULL;
int dplen;
+ if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key)
+ {
+ DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS);
+ goto err;
+ }
+
params = ASN1_STRING_new();
if (!params)
@@ -701,4 +707,3 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meth
old_dsa_priv_encode
}
};
-
Modified: releng/10.1/crypto/openssl/crypto/ebcdic.h
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ebcdic.h Tue Oct 21 18:31:08 2014
(r273398)
+++ releng/10.1/crypto/openssl/crypto/ebcdic.h Tue Oct 21 19:00:32 2014
(r273399)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
