Module Name: src
Committed By: christos
Date: Sun Dec 27 00:48:56 UTC 2009
Modified Files:
src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c speed.c
src/crypto/external/bsd/openssl/dist/crypto/bio: b_sock.c bss_file.c
src/crypto/external/bsd/openssl/dist/crypto/cast: cast.h
src/crypto/external/bsd/openssl/dist/crypto/dso: dso_dlfcn.c
src/crypto/external/bsd/openssl/dist/crypto/pkcs12: p12_decr.c
src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c
src/crypto/external/bsd/openssl/dist/ssl: s23_clnt.c s3_lib.c s3_pkt.c
s3_srvr.c ssl_ciph.c
src/crypto/external/bsd/openssl/lib/libcrypto: cms.inc shlib_version
src/crypto/external/bsd/openssl/lib/libssl: shlib_version ssl.inc
Log Message:
merge conflicts and undo the session renegotiation disabling code.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/apps/ca.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/ocsp.c \
src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c \
src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c \
src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c \
src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/lib/libssl/shlib_version
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssl/lib/libssl/ssl.inc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ca.c:1.3 src/crypto/external/bsd/openssl/dist/apps/ca.c:1.4
--- src/crypto/external/bsd/openssl/dist/apps/ca.c:1.3 Wed Aug 5 14:38:21 2009
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c Sat Dec 26 19:48:55 2009
@@ -215,7 +215,6 @@
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
@@ -1263,7 +1262,12 @@
BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
(void)BIO_flush(bio_err);
buf[0][0]='\0';
- fgets(buf[0],10,stdin);
+ if (!fgets(buf[0],10,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
+ ret=0;
+ goto err;
+ }
if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
{
BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
@@ -1403,7 +1407,12 @@
if (!tmptm) goto err;
X509_gmtime_adj(tmptm,0);
X509_CRL_set_lastUpdate(crl, tmptm);
- X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL);
+ if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
+ NULL))
+ {
+ BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+ goto err;
+ }
X509_CRL_set_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
@@ -2117,7 +2126,12 @@
BIO_printf(bio_err,"Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0]='\0';
- fgets(buf,sizeof(buf)-1,stdin);
+ if (!fgets(buf,sizeof(buf)-1,stdin))
+ {
+ BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+ ok=0;
+ goto err;
+ }
if (!((buf[0] == 'y') || (buf[0] == 'Y')))
{
BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
@@ -2319,25 +2333,9 @@
continue;
}
- /*
- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
- continue;
- */
-
- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
- if (fix_data(nid, &j) == 0)
- {
- BIO_printf(bio_err,
- "invalid characters in string %s\n",buf);
- goto err;
- }
-
- if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
- (unsigned char *)buf,
- strlen(buf))) == NULL)
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, 0))
goto err;
-
- if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
@@ -2380,21 +2378,6 @@
return(ok);
}
-static int fix_data(int nid, int *type)
- {
- if (nid == NID_pkcs9_emailAddress)
- *type=V_ASN1_IA5STRING;
- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
- return(0);
- if (nid == NID_pkcs9_unstructuredName)
- *type=V_ASN1_IA5STRING;
- return(1);
- }
-
static int check_time_format(const char *str)
{
return ASN1_TIME_set_string(NULL, str);
Index: src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.2 src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.3
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.2 Fri Aug 14 21:03:03 2009
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c Sat Dec 26 19:48:55 2009
@@ -75,6 +75,7 @@
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include <openssl/x509v3.h>
#if defined(NETWARE_CLIB)
# ifdef NETWARE_BSDSOCK
@@ -113,6 +114,7 @@
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout);
#undef PROG
@@ -131,6 +133,7 @@
char *rsignfile = NULL, *rkeyfile = NULL;
char *outfile = NULL;
int add_nonce = 1, noverify = 0, use_ssl = -1;
+ STACK_OF(CONF_VALUE) *headers = NULL;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_BASICRESP *bs = NULL;
@@ -230,6 +233,16 @@
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-header"))
+ {
+ if (args[1] && args[2])
+ {
+ if (!X509V3_add_value(args[1], args[2], &headers))
+ goto end;
+ args += 2;
+ }
+ else badarg = 1;
+ }
else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
@@ -756,7 +769,7 @@
{
#ifndef OPENSSL_NO_SOCK
resp = process_responder(bio_err, req, host, path,
- port, use_ssl, req_timeout);
+ port, use_ssl, headers, req_timeout);
if (!resp)
goto end;
#else
@@ -905,6 +918,7 @@
sk_OCSP_CERTID_free(ids);
sk_X509_pop_free(sign_other, X509_free);
sk_X509_pop_free(verify_other, X509_free);
+ sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
if (use_ssl != -1)
{
@@ -1260,10 +1274,12 @@
}
static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout)
{
int fd;
int rv;
+ int i;
OCSP_REQ_CTX *ctx = NULL;
OCSP_RESPONSE *rsp = NULL;
fd_set confds;
@@ -1280,16 +1296,13 @@
return NULL;
}
- if (req_timeout == -1)
- return OCSP_sendreq_bio(cbio, path, req);
-
if (BIO_get_fd(cbio, &fd) <= 0)
{
BIO_puts(err, "Can't get connection fd\n");
goto err;
}
- if (rv <= 0)
+ if (req_timeout != -1 && rv <= 0)
{
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
@@ -1304,15 +1317,27 @@
}
- ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
if (!ctx)
return NULL;
+
+ for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
+ {
+ CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+ if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+ goto err;
+ }
+
+ if (!OCSP_REQ_CTX_set1_req(ctx, req))
+ goto err;
for (;;)
{
rv = OCSP_sendreq_nbio(&rsp, ctx);
if (rv != -1)
break;
+ if (req_timeout == -1)
+ continue;
FD_ZERO(&confds);
openssl_fdset(fd, &confds);
tv.tv_usec = 0;
@@ -1336,7 +1361,7 @@
BIO_puts(err, "Select error\n");
break;
}
-
+
}
err:
if (ctx)
@@ -1347,6 +1372,7 @@
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
char *host, char *path, char *port, int use_ssl,
+ STACK_OF(CONF_VALUE) *headers,
int req_timeout)
{
BIO *cbio = NULL;
@@ -1381,14 +1407,14 @@
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
}
- resp = query_responder(err, cbio, path, req, req_timeout);
+ resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
BIO_printf(bio_err, "Error querying OCSP responsder\n");
end:
- if (ctx)
- SSL_CTX_free(ctx);
if (cbio)
BIO_free_all(cbio);
+ if (ctx)
+ SSL_CTX_free(ctx);
return resp;
}
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.2 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.3
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.2 Sun Jul 19 19:30:38 2009
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Sat Dec 26 19:48:55 2009
@@ -184,8 +184,12 @@
#include <openssl/ecdh.h>
#endif
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 1
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+# define NO_FORK 1
+#elif HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK 1
#endif
#undef BUFSIZE
@@ -200,7 +204,7 @@
static void pkey_print_message(const char *str, const char *str2,
long num, int bits, int sec);
static void print_result(int alg,int run_no,int count,double time_used);
-#ifdef HAVE_FORK
+#ifndef NO_FORK
static int do_multi(int multi);
#endif
@@ -587,7 +591,7 @@
const EVP_CIPHER *evp_cipher=NULL;
const EVP_MD *evp_md=NULL;
int decrypt=0;
-#ifdef HAVE_FORK
+#ifndef NO_FORK
int multi=0;
#endif
@@ -715,7 +719,7 @@
j--;
}
#endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
{
argc--;
@@ -1103,7 +1107,7 @@
BIO_printf(bio_err,"-evp e use EVP e.\n");
BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
BIO_printf(bio_err,"-mr produce machine readable output.\n");
-#ifdef HAVE_FORK
+#ifndef NO_FORK
BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
#endif
goto end;
@@ -1113,7 +1117,7 @@
j++;
}
-#ifdef HAVE_FORK
+#ifndef NO_FORK
if(multi && do_multi(multi))
goto show_res;
#endif
@@ -2332,7 +2336,7 @@
}
if (rnd_fake) RAND_cleanup();
#endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
show_res:
#endif
if(!mr)
@@ -2558,7 +2562,7 @@
results[alg][run_no]=((double)count)/time_used*lengths[run_no];
}
-#ifdef HAVE_FORK
+#ifndef NO_FORK
static char *sstrsep(char **string, const char *delim)
{
char isdelim[256];
Index: src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c:1.2 Fri Aug 14 21:25:54 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c Sat Dec 26 19:48:55 2009
@@ -88,11 +88,6 @@
static int wsa_init_done=0;
#endif
-#if defined(OPENSSL_SYS_BEOS_BONE)
-/* BONE's IP6 support is incomplete */
-#undef AF_INET6
-#endif
-
#if 0
static unsigned long BIO_ghbn_hits=0L;
static unsigned long BIO_ghbn_miss=0L;
@@ -593,8 +588,13 @@
int BIO_get_accept_socket(char *host, int bind_mode)
{
int ret=0;
- struct sockaddr server,client;
- struct sockaddr_in *sa_in;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_in6 sa_in6;
+#endif
+ } server,client;
int s=INVALID_SOCKET,cs;
unsigned char ip[4];
unsigned short port;
@@ -654,7 +654,7 @@
if (strchr(h,':'))
{
if (h[1]=='\0') h=NULL;
-#ifdef AF_INET6
+#if OPENSSL_USE_IPV6
hint.ai_family = AF_INET6;
#else
h=NULL;
@@ -667,7 +667,10 @@
hint.ai_family = AF_INET;
if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
- server = *res->ai_addr;
+
+ memcpy(&server, res->ai_addr,
+ res->ai_addrlen<=sizeof(server)?res->ai_addrlen:sizeof(server));
+
(*p_freeaddrinfo.f)(res);
goto again;
} while (0);
@@ -676,12 +679,11 @@
if (!BIO_get_port(p,&port)) goto err;
memset((char *)&server,0,sizeof(server));
- sa_in = (struct sockaddr_in *)&server;
- sa_in->sin_family=AF_INET;
- sa_in->sin_port=htons(port);
+ server.sa_in.sin_family=AF_INET;
+ server.sa_in.sin_port=htons(port);
if (h == NULL || strcmp(h,"*") == 0)
- sa_in->sin_addr.s_addr=INADDR_ANY;
+ server.sa_in.sin_addr.s_addr=INADDR_ANY;
else
{
if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
@@ -690,11 +692,11 @@
((unsigned long)ip[1]<<16L)|
((unsigned long)ip[2]<< 8L)|
((unsigned long)ip[3]);
- sa_in->sin_addr.s_addr=htonl(l);
+ server.sa_in.sin_addr.s_addr=htonl(l);
}
again:
- s=socket(server.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
+ s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
if (s == INVALID_SOCKET)
{
SYSerr(SYS_F_SOCKET,get_last_socket_error());
@@ -712,7 +714,7 @@
bind_mode=BIO_BIND_NORMAL;
}
#endif
- if (bind(s,&server,sizeof(server)) == -1)
+ if (bind(s,&server.sa,sizeof(server)) == -1)
{
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
@@ -722,30 +724,25 @@
client = server;
if (h == NULL || strcmp(h,"*") == 0)
{
-#ifdef AF_INET6
- if (client.sa_family == AF_INET6)
+#if OPENSSL_USE_IPV6
+ if (client.sa.sa_family == AF_INET6)
{
- struct sockaddr_in6 *sin6 =
- (struct sockaddr_in6 *)&client;
- memset(&sin6->sin6_addr,0,sizeof(sin6->sin6_addr));
- sin6->sin6_addr.s6_addr[15]=1;
+ memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr));
+ client.sa_in6.sin6_addr.s6_addr[15]=1;
}
else
#endif
- if (client.sa_family == AF_INET)
+ if (client.sa.sa_family == AF_INET)
{
- struct sockaddr_in *sin4 =
- (struct sockaddr_in *)&client;
- sin4->sin_addr.s_addr=htonl(0x7F000001);
+ client.sa_in.sin_addr.s_addr=htonl(0x7F000001);
}
else goto err;
}
- cs=socket(client.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
+ cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
if (cs != INVALID_SOCKET)
{
int ii;
- ii=connect(cs,(struct sockaddr *)&client,
- sizeof(client));
+ ii=connect(cs,&client.sa,sizeof(client));
closesocket(cs);
if (ii == INVALID_SOCKET)
{
@@ -784,21 +781,52 @@
int BIO_accept(int sock, char **addr)
{
int ret=INVALID_SOCKET;
- struct sockaddr from;
- struct sockaddr_in *sa_in;
unsigned long l;
unsigned short port;
- int len;
char *p;
- memset(&from,0,sizeof(from));
- len=sizeof(from);
- /* Note: under VMS with SOCKETSHR the fourth parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
+ struct {
+ /*
+ * As for following union. Trouble is that there are platforms
+ * that have socklen_t and there are platforms that don't, on
+ * some platforms socklen_t is int and on some size_t. So what
+ * one can do? One can cook #ifdef spaghetti, which is nothing
+ * but masochistic. Or one can do union between int and size_t.
+ * One naturally does it primarily for 64-bit platforms where
+ * sizeof(int) != sizeof(size_t). But would it work? Note that
+ * if size_t member is initialized to 0, then later int member
+ * assignment naturally does the job on little-endian platforms
+ * regardless accept's expectations! What about big-endians?
+ * If accept expects int*, then it works, and if size_t*, then
+ * length value would appear as unreasonably large. But this
+ * won't prevent it from filling in the address structure. The
+ * trouble of course would be if accept returns more data than
+ * actual buffer can accomodate and overwrite stack... That's
+ * where early OPENSSL_assert comes into picture. Besides, the
+ * only 64-bit big-endian platform found so far that expects
+ * size_t* is HP-UX, where stack grows towards higher address.
+ * <appro>
*/
- ret=accept(sock,&from,(void *)&len);
+ union { size_t s; int i; } len;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_in6 sa_in6;
+#endif
+ } from;
+ } sa;
+
+ sa.len.s=0;
+ sa.len.i=sizeof(sa.from);
+ memset(&sa.from,0,sizeof(sa.from));
+ ret=accept(sock,&sa.from.sa,(void *)&sa.len);
+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+ {
+ OPENSSL_assert(sa.len.s<=sizeof(sa.from));
+ sa.len.i = (int)sa.len.s;
+ /* use sa.len.i from this point */
+ }
if (ret == INVALID_SOCKET)
{
if(BIO_sock_should_retry(ret)) return -2;
@@ -830,9 +858,9 @@
}
if (p_getnameinfo.p==(void *)-1) break;
- if ((*p_getnameinfo.f)(&from,sizeof(from),h,sizeof(h),s,sizeof(s),
+ if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s),
NI_NUMERICHOST|NI_NUMERICSERV)) break;
- nl = strlen(h)+strlen(s)+2; if (len<24) len=24;
+ nl = strlen(h)+strlen(s)+2;
p = *addr;
if (p) { *p = '\0'; p = OPENSSL_realloc(p,nl); }
else { p = OPENSSL_malloc(nl); }
@@ -846,10 +874,9 @@
goto end;
} while(0);
#endif
- if (from.sa_family != AF_INET) goto end;
- sa_in = (struct sockaddr_in *)&from;
- l=ntohl(sa_in->sin_addr.s_addr);
- port=ntohs(sa_in->sin_port);
+ if (sa.from.sa.sa_family != AF_INET) goto end;
+ l=ntohl(sa.from.sa_in.sin_addr.s_addr);
+ port=ntohs(sa.from.sa_in.sin_port);
if (*addr == NULL)
{
if ((p=OPENSSL_malloc(24)) == NULL)
Index: src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c:1.2 Sun Jul 19 19:30:38 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c Sat Dec 26 19:48:55 2009
@@ -403,11 +403,18 @@
buf[0]='\0';
if (bp->flags&BIO_FLAGS_UPLINK)
- UP_fgets(buf,size,bp->ptr);
+ {
+ if (!UP_fgets(buf,size,bp->ptr))
+ goto err;
+ }
else
- fgets(buf,size,(FILE *)bp->ptr);
+ {
+ if (!fgets(buf,size,(FILE *)bp->ptr))
+ goto err;
+ }
if (buf[0] != '\0')
ret=strlen(buf);
+ err:
return(ret);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h:1.2 Sun Jul 19 19:30:38 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/cast/cast.h Sat Dec 26 19:48:55 2009
@@ -90,17 +90,17 @@
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
int enc);
-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- CAST_KEY *ks, unsigned char *iv, int enc);
+ const CAST_KEY *ks, unsigned char *iv, int enc);
void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, CAST_KEY *schedule, unsigned char *ivec,
+ long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num, int enc);
void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, CAST_KEY *schedule, unsigned char *ivec,
+ long length, const CAST_KEY *schedule, unsigned char *ivec,
int *num);
#ifdef __cplusplus
Index: src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.3 src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.4
--- src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c:1.3 Wed Aug 5 14:38:21 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/dso/dso_dlfcn.c Sat Dec 26 19:48:56 2009
@@ -257,7 +257,10 @@
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
{
void *ptr;
- DSO_FUNC_TYPE sym, *tsym = &sym;
+ union {
+ DSO_FUNC_TYPE sym;
+ void *dlret;
+ } u;
if((dso == NULL) || (symname == NULL))
{
@@ -275,14 +278,14 @@
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
- *(void **)(tsym) = dlsym(ptr, symname);
- if(sym == NULL)
+ u.dlret = dlsym(ptr, symname);
+ if(u.dlret == NULL)
{
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
return(NULL);
}
- return(sym);
+ return u.sym;
}
static char *dlfcn_merger(DSO *dso, const char *filespec1,
Index: src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c:1.2 Sun Jul 19 19:30:40 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c Sat Dec 26 19:48:56 2009
@@ -89,7 +89,14 @@
goto err;
}
- EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+ if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen))
+ {
+ OPENSSL_free(out);
+ out = NULL;
+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB);
+ goto err;
+ }
+
outlen = i;
if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
OPENSSL_free(out);
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.2 Sun Jul 19 19:30:42 2009
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c Sat Dec 26 19:48:56 2009
@@ -295,7 +295,7 @@
/* Declare static functions */
#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static void read_till_nl(FILE *);
+static int read_till_nl(FILE *);
static void recsig(int);
static void pushsig(void);
static void popsig(void);
@@ -388,14 +388,16 @@
#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
/* Internal functions to read a string without echoing */
-static void read_till_nl(FILE *in)
+static int read_till_nl(FILE *in)
{
#define SIZE 4
char buf[SIZE+1];
do {
- fgets(buf,SIZE,in);
+ if (!fgets(buf,SIZE,in))
+ return 0;
} while (strchr(buf,'\n') == NULL);
+ return 1;
}
static volatile sig_atomic_t intr_signal;
@@ -443,7 +445,8 @@
*p='\0';
}
else
- read_till_nl(tty_in);
+ if (!read_till_nl(tty_in))
+ goto error;
if (UI_set_result(ui, uis, result) >= 0)
ok=1;
Index: src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c:1.2
--- src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c:1.1.1.2 Sat Dec 26 18:34:18 2009
+++ src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c Sat Dec 26 19:48:56 2009
@@ -620,7 +620,11 @@
#endif
}
else if (p[1] == SSL3_VERSION_MAJOR &&
- (p[2] >= SSL3_VERSION_MINOR && p[2] <= TLS1_1_VERSION_MINOR) &&
+ (
+#if SSL3_VERSION_MINOR > 0
+ p[2] >= SSL3_VERSION_MINOR &&
+#endif
+ p[2] <= TLS1_1_VERSION_MINOR) &&
((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
(p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
{
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.3
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.2 Thu Dec 3 18:44:33 2009
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Sat Dec 26 19:48:56 2009
@@ -2211,6 +2211,7 @@
wlen = s->s3->wbuf.len;
if (s->s3->handshake_buffer) {
BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
}
if (s->s3->handshake_dgst) {
ssl3_free_digest_list(s);
@@ -3297,8 +3298,6 @@
if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
- if (1)
- return(0);
s->s3->renegotiate=1;
return(1);
}
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.3
--- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.2 Thu Dec 3 18:44:33 2009
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Sat Dec 26 19:48:56 2009
@@ -776,13 +776,6 @@
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
- if (s->new_session)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto f_err;
- }
-
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
@@ -823,6 +816,21 @@
goto f_err;
}
+ /* If we require cookies and this ClientHello doesn't
+ * contain one, just return since we do not want to
+ * allocate any memory yet. So check cookie length...
+ */
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
+ {
+ unsigned int session_length, cookie_length;
+
+ session_length = *(p + SSL3_RANDOM_SIZE);
+ cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+
+ if (cookie_length == 0)
+ return 1;
+ }
+
/* load the client random */
memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
@@ -862,23 +870,11 @@
p+=j;
- if (s->version == DTLS1_VERSION)
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
{
/* cookie stuff */
cookie_len = *(p++);
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
- s->d1->send_cookie == 0)
- {
- /* HelloVerifyMessage has already been sent */
- if ( cookie_len != s->d1->cookie_len)
- {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
- }
-
/*
* The ClientHello may contain a cookie even if the
* HelloVerify message has not been sent--make sure that it
@@ -893,7 +889,7 @@
}
/* verify the cookie if appropriate option is set. */
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
+ if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
cookie_len > 0)
{
memcpy(s->d1->rcvd_cookie, p, cookie_len);
@@ -918,6 +914,8 @@
SSL_R_COOKIE_MISMATCH);
goto f_err;
}
+
+ ret = 2;
}
p += cookie_len;
@@ -1017,7 +1015,7 @@
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
- if (s->version > SSL3_VERSION)
+ if (s->version >= SSL3_VERSION)
{
if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
{
@@ -1192,7 +1190,7 @@
* s->tmp.new_cipher - the new cipher to use.
*/
- ret=1;
+ if (ret < 0) ret=1;
if (0)
{
f_err:
@@ -2975,6 +2973,7 @@
unsigned int hlen;
EVP_CIPHER_CTX ctx;
HMAC_CTX hctx;
+ SSL_CTX *tctx = s->initial_ctx;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char key_name[16];
@@ -3013,9 +3012,9 @@
* it does all the work otherwise use generated values
* from parent ctx.
*/
- if (s->ctx->tlsext_ticket_key_cb)
+ if (tctx->tlsext_ticket_key_cb)
{
- if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
&hctx, 1) < 0)
{
OPENSSL_free(senc);
@@ -3026,10 +3025,10 @@
{
RAND_pseudo_bytes(iv, 16);
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- s->ctx->tlsext_tick_aes_key, iv);
- HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+ tctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
tlsext_tick_md(), NULL);
- memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+ memcpy(key_name, tctx->tlsext_tick_key_name, 16);
}
l2n(s->session->tlsext_tick_lifetime_hint, p);
/* Skip ticket length for now */
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.3
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.2 Sun Jul 19 19:30:42 2009
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Sat Dec 26 19:48:56 2009
@@ -558,7 +558,7 @@
i= -1;
break;
}
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
{
*md=NULL;
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
@@ -1451,7 +1451,7 @@
return(cipherstack);
}
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
const char *ver,*exp_str;
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.4 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.5
--- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.4 Thu Dec 3 18:44:33 2009
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Sat Dec 26 19:48:56 2009
@@ -115,6 +115,7 @@
#include "ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
+#include <openssl/rand.h>
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len, int create_empty_fragment);
@@ -630,6 +631,7 @@
unsigned char *p,*plen;
int i,mac_size,clear=0;
int prefix_len=0;
+ int eivlen;
long align=0;
SSL3_RECORD *wr;
SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -739,9 +741,18 @@
/* field where we are to write out packet length */
plen=p;
p+=2;
+ /* Explicit IV length, block ciphers and TLS version 1.1 or later */
+ if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+ {
+ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+ if (eivlen <= 1)
+ eivlen = 0;
+ }
+ else
+ eivlen = 0;
/* lets setup the record stuff. */
- wr->data=p;
+ wr->data=p + eivlen;
wr->length=(int)len;
wr->input=(unsigned char *)buf;
@@ -769,11 +780,19 @@
if (mac_size != 0)
{
- if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
+ if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
goto err;
wr->length+=mac_size;
- wr->input=p;
- wr->data=p;
+ }
+
+ wr->input=p;
+ wr->data=p;
+
+ if (eivlen)
+ {
+ /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
+ goto err; */
+ wr->length += eivlen;
}
/* ssl3_enc can only have an error on read */
@@ -1084,13 +1103,9 @@
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
-#if 0
if (SSL_is_init_finished(s) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
-#else
- if (0)
-#endif
{
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
@@ -1125,7 +1140,25 @@
* now try again to obtain the (application) data we were asked for */
goto start;
}
-
+ /* If we are a server and get a client hello when renegotiation isn't
+ * allowed send back a no renegotiation alert and carry on.
+ * WARNING: experimental code, needs reviewing (steve)
+ */
+ if (s->server &&
+ SSL_is_init_finished(s) &&
+ !s->s3->send_connection_binding &&
+ (s->version > SSL3_VERSION) &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+ (s->session != NULL) && (s->session->cipher != NULL) &&
+ !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+
+ {
+ /*s->s3->handshake_fragment_len = 0;*/
+ rr->length = 0;
+ ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ goto start;
+ }
if (s->s3->alert_fragment_len >= 2)
{
int alert_level = s->s3->alert_fragment[0];
@@ -1155,6 +1188,21 @@
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return(0);
}
+ /* This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with
+ * a fatal alert because if application tried to
+ * renegotiatie it presumably had a good reason and
+ * expects it to succeed.
+ *
+ * In future we might have a renegotiation where we
+ * don't care if the peer refused it where we carry on.
+ */
+ else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
+ goto f_err;
+ }
}
else if (alert_level == 2) /* fatal */
{
@@ -1221,12 +1269,8 @@
/* Unexpected handshake message (Client Hello, or protocol violation) */
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
{
-#if 0
if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
-#else
- if (0)
-#endif
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
@@ -1271,7 +1315,7 @@
default:
#ifndef OPENSSL_NO_TLS
/* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
+ if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
{
rr->length = 0;
goto start;
Index: src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc:1.1 src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc:1.2
--- src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc:1.1 Sun Jul 19 19:30:43 2009
+++ src/crypto/external/bsd/openssl/lib/libcrypto/cms.inc Sat Dec 26 19:48:56 2009
@@ -1,4 +1,4 @@
-# $NetBSD: cms.inc,v 1.1 2009/07/19 23:30:43 christos Exp $
+# $NetBSD: cms.inc,v 1.2 2009/12/27 00:48:56 christos Exp $
#
# @(#) Copyright (c) 1995 Simon J. Gcmsaty
#
@@ -9,7 +9,7 @@
CMS_SRCS = cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
- cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+ cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c
SRCS += ${CMS_SRCS}
.for cryptosrc in ${CMS_SRCS}
Index: src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version:1.2 src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version:1.3
--- src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version:1.2 Mon Jul 20 13:30:52 2009
+++ src/crypto/external/bsd/openssl/lib/libcrypto/shlib_version Sat Dec 26 19:48:56 2009
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.2 2009/07/20 17:30:52 christos Exp $
+# $NetBSD: shlib_version,v 1.3 2009/12/27 00:48:56 christos Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=6
-minor=0
+minor=1
Index: src/crypto/external/bsd/openssl/lib/libssl/shlib_version
diff -u src/crypto/external/bsd/openssl/lib/libssl/shlib_version:1.2 src/crypto/external/bsd/openssl/lib/libssl/shlib_version:1.3
--- src/crypto/external/bsd/openssl/lib/libssl/shlib_version:1.2 Mon Jul 20 13:30:52 2009
+++ src/crypto/external/bsd/openssl/lib/libssl/shlib_version Sat Dec 26 19:48:56 2009
@@ -1,5 +1,5 @@
-# $NetBSD: shlib_version,v 1.2 2009/07/20 17:30:52 christos Exp $
+# $NetBSD: shlib_version,v 1.3 2009/12/27 00:48:56 christos Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=8
-minor=0
+minor=1
Index: src/crypto/external/bsd/openssl/lib/libssl/ssl.inc
diff -u src/crypto/external/bsd/openssl/lib/libssl/ssl.inc:1.1 src/crypto/external/bsd/openssl/lib/libssl/ssl.inc:1.2
--- src/crypto/external/bsd/openssl/lib/libssl/ssl.inc:1.1 Sun Jul 19 19:30:58 2009
+++ src/crypto/external/bsd/openssl/lib/libssl/ssl.inc Sat Dec 26 19:48:56 2009
@@ -1,4 +1,4 @@
-# $NetBSD: ssl.inc,v 1.1 2009/07/19 23:30:58 christos Exp $
+# $NetBSD: ssl.inc,v 1.2 2009/12/27 00:48:56 christos Exp $
#
# @(#) Copyright (c) 1995 Simon J. Gerraty
#
@@ -17,7 +17,7 @@
SRCS+= s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
+ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_reneg.c \
ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
ssl_ciph.c ssl_stat.c ssl_rsa.c \
ssl_asn1.c ssl_txt.c ssl_algs.c \
