CVS commit: [netbsd-8] src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: martin Date: Sat Aug 25 14:33:04 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386 [netbsd-8]: modes.inc Log Message: Pull up following revision(s) (requested by manu in ticket #985): crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc: revision 1.2 crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc: revision 1.3 Add missing defines: https://github.com/openssl/openssl/pull/6828 When ghash-x86.S is generated with -DOPENSSL_IA32_SSE2 we need to compile gcm128.c with the same flags. Reported by manu@ remove -DGHASH_ASM_X86; it is already defined. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.1.8.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc:1.1 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc:1.1.8.1 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc:1.1 Sat May 16 17:32:54 2015 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/modes.inc Sat Aug 25 14:33:04 2018 @@ -1,4 +1,5 @@ .PATH.S: ${.PARSEDIR} MODES_SRCS += ghash-x86.o -MODESCPPFLAGS = -DGHASH_ASM +MODESCPPFLAGS = -DGHASH_ASM -DOPENSSL_IA32_SSE2 + .include "../../modes.inc"
CVS commit: [netbsd-8] src/crypto/external/bsd/openssl/dist/crypto
Module Name:src Committed By: martin Date: Thu Aug 9 13:21:36 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/evp [netbsd-8]: evp.h src/crypto/external/bsd/openssl/dist/crypto/x509 [netbsd-8]: x509_vfy.h Log Message: Pull up following revision(s) (requested by christos in ticket #967): crypto/external/bsd/openssl.old/dist/crypto/evp/evp.h: revision 1.6 crypto/external/bsd/openssl.old/dist/crypto/x509/x509_vfy.h: revision 1.2 (applied to crypto/external/bsd/openssl/) Add missing functions for racoon2 to compile under netbsd-8 >From Chuck Zmudzinski XXX: pullup-8 (to openssl not openssl.old) To generate a diff of this commit: cvs rdiff -u -r1.1.1.9.4.1 -r1.1.1.9.4.2 \ src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h:1.1.1.9.4.1 src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h:1.1.1.9.4.2 --- src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h:1.1.1.9.4.1 Sat Jun 23 10:52:31 2018 +++ src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h Thu Aug 9 13:21:36 2018 @@ -1559,6 +1559,14 @@ static inline RSA *EVP_PKEY_get0_RSA(EVP return pkey->pkey.rsa; } +static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DSA) { + return NULL; + } + return pkey->pkey.dsa; +} + #endif Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h:1.2.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h:1.2 Fri Oct 14 16:23:21 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h Thu Aug 9 13:21:36 2018 @@ -645,6 +645,15 @@ STACK_OF(POLICYQUALINFO) *X509_policy_no *node); const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE *node); +#if OPENSSL_API_COMPAT >= 0x1010L + +static inline X509 * +X509_STORE_CTX_get0_cert(X509_STORE_CTX *x) +{ + return X509_STORE_CTX_get_current_cert(x); +} + +#endif #ifdef __cplusplus }
CVS commit: [netbsd-8] src/crypto/external/bsd/openssl/dist/crypto
Module Name:src Committed By: martin Date: Sat Jun 23 10:52:31 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h src/crypto/external/bsd/openssl/dist/crypto/dh [netbsd-8]: dh.h src/crypto/external/bsd/openssl/dist/crypto/dsa [netbsd-8]: dsa.h src/crypto/external/bsd/openssl/dist/crypto/ecdsa [netbsd-8]: ecdsa.h src/crypto/external/bsd/openssl/dist/crypto/evp [netbsd-8]: evp.h src/crypto/external/bsd/openssl/dist/crypto/hmac [netbsd-8]: hmac.h src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa.h src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]: x509v3.h Log Message: Apply patch, requested by christos in ticket #891: Provide future compatibility API when OPENSSL_API_COMPAT is defined to >= 0x1010L. To generate a diff of this commit: cvs rdiff -u -r1.2.6.1 -r1.2.6.2 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecdsa.h cvs rdiff -u -r1.1.1.9 -r1.1.1.9.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/evp/evp.h cvs rdiff -u -r1.2 -r1.2.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/hmac/hmac.h cvs rdiff -u -r1.4 -r1.4.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/x509v3/x509v3.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.2 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1 Wed Apr 18 13:51:35 2018 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h Sat Jun 23 10:52:30 2018 @@ -1414,6 +1414,14 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE169 +#if OPENSSL_API_COMPAT >= 0x1010L +static inline const unsigned char * +ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return ASN1_STRING_data(__UNCONST(x)); +} +#endif + #ifdef __cplusplus } #endif Index: src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h diff -u src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h:1.2.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h:1.2 Fri Oct 14 16:23:18 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/dh/dh.h Sat Jun 23 10:52:31 2018 @@ -387,6 +387,69 @@ void ERR_load_DH_strings(void); # define DH_R_PEER_KEY_ERROR 113 # define DH_R_SHARED_INFO_ERROR 114 +#if OPENSSL_API_COMPAT >= 0x1010L +static inline void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key) + *pub_key = dh->pub_key; + if (priv_key) + *priv_key = dh->priv_key; +} + +static inline int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (pub_key) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + if (priv_key) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + return 1; +} + +static inline void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, +const BIGNUM **g) +{ + if (p) + *p = dh->p; + if (q) + *q = dh->q; + if (g) + *g = dh->g; +} + +static inline int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if (p) + dh->p = p; + if (q) + dh->q = q; + if (g) + dh->g = g; + return 1; +} + +static inline void +DH_set_length(DH *dh, long length) +{ + dh->length = length; +} + +static inline const char * +DH_meth_get0_name(const DH_METHOD *meth) +{ + return meth->name; +} + + +#endif + #ifdef __cplusplus } #endif Index: src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h diff -u src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h:1.2.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h:1.2 Fri Oct 14 16:23:19 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h Sat Jun 23 10:52:31 2018 @@ -326,6 +326,89 @@ void ERR_load_DSA_strings(void); # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME113 +#if OPENSSL_API_COMPAT >= 0x1010L +static inline void +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **r, const BIGNUM **s) +{ + if (r) + *r = sig->r; + if (s) + *s = sig->s; +} + +static inline int +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r) { + BN_free(r); + sig->r = r; + } + if (s) { +
CVS commit: [netbsd-8] src/crypto/external/bsd/openssl
Module Name:src Committed By: martin Date: Wed Apr 18 13:51:36 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h asn1_err.c tasn_dec.c src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]: rsaz-avx2.pl x86_64-mont5.pl src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]: v3_addr.c src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]: rsaz-avx2.S x86_64-mont5.S Log Message: Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen. Requested by christos in ticket #774. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c cvs rdiff -u -r1.6 -r1.6.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c cvs rdiff -u -r1.5 -r1.5.6.1 \ src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h cvs rdiff -u -r1.2 -r1.2.6.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S cvs rdiff -u -r1.5 -r1.5.4.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 Fri Oct 14 16:23:18 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h Wed Apr 18 13:51:35 2018 @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7.8.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 Mon Mar 23 08:28:38 2015 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c Wed Apr 18 13:51:35 2018 @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, +{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6.6.1 --- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 Fri Oct 14 16:23:18 2016 +++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c Wed Apr 18 13:51:35 2018 @@ -65,6 +65,14 @@ #include #include +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static