dist

Christos Zoulas Sun, 05 Apr 2020 14:54:26 -0700

Module Name:    src
Committed By:   christos
Date:           Sun Apr  5 21:53:45 UTC 2020


Modified Files:
        src/crypto/external/bsd/openssl/dist: CHANGES NEWS README
        src/crypto/external/bsd/openssl/dist/apps: s_server.c
        src/crypto/external/bsd/openssl/dist/crypto: ex_data.c
        src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
        src/crypto/external/bsd/openssl/dist/ssl: ssl_err.c

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/CHANGES \
    src/crypto/external/bsd/openssl/dist/NEWS \
    src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.22 -r1.23 \
    src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.6 -r1.7 \
    src/crypto/external/bsd/openssl/dist/crypto/ex_data.c
cvs rdiff -u -r1.18 -r1.19 \
    src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.22 src/crypto/external/bsd/openssl/dist/CHANGES:1.23
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.22	Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/CHANGES	Sun Apr  5 17:53:44 2020
@@ -7,6 +7,24 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
+
+  *) Revert the change of EOF detection while reading in libssl to avoid
+     regressions in applications depending on the current way of reporting
+     the EOF. As the existing method is not fully accurate the change to
+     reporting the EOF via SSL_ERROR_SSL is kept on the current development
+     branch and will be present in the 3.0 release.
+     [Tomas Mraz]
+
+  *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
+     when primes for RSA keys are computed.
+     Since we previously always generated primes == 2 (mod 3) for RSA keys,
+     the 2-prime and 3-prime RSA modules were easy to distinguish, since
+     N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+     2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
+     This avoids possible fingerprinting of newly generated RSA modules.
+     [Bernd Edlinger]
+
  Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
   *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
      while reading in libssl then we would report an error back to the
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.22 src/crypto/external/bsd/openssl/dist/NEWS:1.23
--- src/crypto/external/bsd/openssl/dist/NEWS:1.22	Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/NEWS	Sun Apr  5 17:53:44 2020
@@ -5,10 +5,16 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+      o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
   Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
 
       o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
         used in exponentiation with 512-bit moduli (CVE-2019-1551)
+      o Properly detect unexpected EOF while reading in libssl and report
+        it via SSL_ERROR_SSL
 
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
 
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.22 src/crypto/external/bsd/openssl/dist/README:1.23
--- src/crypto/external/bsd/openssl/dist/README:1.22	Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/README	Sun Apr  5 17:53:44 2020
@@ -1,7 +1,7 @@
 
- OpenSSL 1.1.1e 17 Mar 2020
+ OpenSSL 1.1.1f 31 Mar 2020
 
- Copyright (c) 1998-2019 The OpenSSL Project
+ Copyright (c) 1998-2020 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.22 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.23
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.22	Sun Mar 22 16:01:48 2020
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c	Sun Apr  5 17:53:44 2020
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1904,7 +1904,7 @@ int s_server_main(int argc, char *argv[]
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
         if (sdebug)
-            ssl_ctx_security_debug(ctx, sdebug);
+            ssl_ctx_security_debug(ctx2, sdebug);
 
         if (session_id_prefix) {
             if (strlen(session_id_prefix) >= 32)

Index: src/crypto/external/bsd/openssl/dist/crypto/ex_data.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ex_data.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/ex_data.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/ex_data.c:1.6	Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/ex_data.c	Sun Apr  5 17:53:44 2020
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -235,7 +235,7 @@ int CRYPTO_new_ex_data(int class_index, 
         return 0;
     }
     for (i = 0; i < mx; i++) {
-        if (storage[i] && storage[i]->new_func) {
+        if (storage[i] != NULL && storage[i]->new_func != NULL) {
             ptr = CRYPTO_get_ex_data(ad, i);
             storage[i]->new_func(obj, ptr, ad, i,
                                  storage[i]->argl, storage[i]->argp);
@@ -299,7 +299,7 @@ int CRYPTO_dup_ex_data(int class_index, 
 
     for (i = 0; i < mx; i++) {
         ptr = CRYPTO_get_ex_data(from, i);
-        if (storage[i] && storage[i]->dup_func)
+        if (storage[i] != NULL && storage[i]->dup_func != NULL)
             if (!storage[i]->dup_func(to, from, &ptr, i,
                                       storage[i]->argl, storage[i]->argp))
                 goto err;

Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.18 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.19
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.18	Sat Mar 21 20:53:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c	Sun Apr  5 17:53:45 2020
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -107,12 +107,8 @@ static int null_callback(int ok, X509_ST
 /* Return 1 is a certificate is self signed */
 static int cert_self_signed(X509 *x)
 {
-    /*
-     * FIXME: x509v3_cache_extensions() needs to detect more failures and not
-     * set EXFLAG_SET when that happens.  Especially, if the failures are
-     * parse errors, rather than memory pressure!
-     */
-    X509_check_purpose(x, -1, 0);
+    if (X509_check_purpose(x, -1, 0) != 1)
+        return 0;
     if (x->ex_flags & EXFLAG_SS)
         return 1;
     else

Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.17 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.18
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.17	Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c	Sun Apr  5 17:53:45 2020
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_rea
     "unexpected ccs message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
     "unexpected end of early data"},
-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
-    "unexpected eof while reading"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},

CVS commit: src/crypto/external/bsd/openssl/dist

Reply via email to