Module Name: src
Committed By: christos
Date: Thu Jul 9 14:31:02 UTC 2015
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Makefile NEWS README
openssl.spec
src/crypto/external/bsd/openssl/dist/crypto: opensslconf.h opensslv.h
src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c
src/crypto/external/bsd/openssl/dist/crypto/threads: mttest.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/ssl: s3_clnt.c s3_srvr.c
src/crypto/external/bsd/openssl/dist/test: Makefile testssl
Log Message:
merge conflicts
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README \
src/crypto/external/bsd/openssl/dist/openssl.spec
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/Makefile
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/test/Makefile
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/test/testssl
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.6 src/crypto/external/bsd/openssl/dist/CHANGES:1.7
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.6 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/CHANGES Thu Jul 9 10:31:01 2015
@@ -2,6 +2,21 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+
+ *) Alternate chains certificate forgery
+
+ During certificate verfification, OpenSSL will attempt to find an
+ alternative certificate chain if the first attempt to build such a chain
+ fails. An error in the implementation of this logic can mean that an
+ attacker could cause certain checks on untrusted certificates to be
+ bypassed, such as the CA flag, enabling them to use a valid leaf
+ certificate to act as a CA and "issue" an invalid certificate.
+
+ This issue was reported to OpenSSL by Adam Langley/David Benjamin
+ (Google/BoringSSL).
+ [Matt Caswell]
+
Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.6 src/crypto/external/bsd/openssl/dist/NEWS:1.7
--- src/crypto/external/bsd/openssl/dist/NEWS:1.6 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/NEWS Thu Jul 9 10:31:01 2015
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
+
+ o Alternate chains certificate forgery (CVE-2015-1793)
+
Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
o Fix HMAC ABI incompatibility
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.6 src/crypto/external/bsd/openssl/dist/README:1.7
--- src/crypto/external/bsd/openssl/dist/README:1.6 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/README Thu Jul 9 10:31:01 2015
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1o 12 Jun 2015
+ OpenSSL 1.0.1p 9 Jul 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: src/crypto/external/bsd/openssl/dist/openssl.spec
diff -u src/crypto/external/bsd/openssl/dist/openssl.spec:1.6 src/crypto/external/bsd/openssl/dist/openssl.spec:1.7
--- src/crypto/external/bsd/openssl/dist/openssl.spec:1.6 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/openssl.spec Thu Jul 9 10:31:01 2015
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1o
+Version: 1.0.1p
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Index: src/crypto/external/bsd/openssl/dist/Makefile
diff -u src/crypto/external/bsd/openssl/dist/Makefile:1.7 src/crypto/external/bsd/openssl/dist/Makefile:1.8
--- src/crypto/external/bsd/openssl/dist/Makefile:1.7 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/Makefile Thu Jul 9 10:31:01 2015
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1o
+VERSION=1.0.1p
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -270,6 +270,7 @@ reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
+
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
@@ -279,15 +280,15 @@ build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
Index: src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h:1.9 src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h:1.9 Mon Mar 23 06:22:45 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/opensslconf.h Thu Jul 9 10:31:01 2015
@@ -203,7 +203,7 @@ extern "C" {
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
Index: src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.15 src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.16
--- src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.15 Tue Jun 16 16:00:13 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h Thu Jul 9 10:31:01 2015
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100010ffL
+# define OPENSSL_VERSION_NUMBER 0x1000110fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-fips 12 Jun 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips 9 Jul 2015"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o 12 Jun 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p 9 Jul 2015"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.7 src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.8
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.7 Fri Jun 12 13:01:12 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Thu Jul 9 10:31:01 2015
@@ -1146,7 +1146,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *
case EVP_CTRL_CCM_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
- if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+ if (c->encrypt && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
Index: src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c:1.6 Mon Mar 23 06:22:48 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/threads/mttest.c Thu Jul 9 10:31:01 2015
@@ -56,7 +56,6 @@
* [including the GNU Public Licence.]
*/
-#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
@@ -92,11 +91,6 @@
#include <openssl/err.h>
#include <openssl/rand.h>
-#ifdef OPENSSL_NO_FP_API
-# define APPS_WIN16
-# include "../buffer/bss_file.c"
-#endif
-
#ifdef OPENSSL_SYS_NETWARE
# define TEST_SERVER_CERT "/openssl/apps/server.pem"
# define TEST_CLIENT_CERT "/openssl/apps/client.pem"
@@ -107,23 +101,23 @@
#define MAX_THREAD_NUMBER 100
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+int verify_callback(int ok, X509_STORE_CTX *xs);
void thread_setup(void);
void thread_cleanup(void);
void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx);
-void irix_locking_callback(int mode, int type, char *file, int line);
-void solaris_locking_callback(int mode, int type, char *file, int line);
-void win32_locking_callback(int mode, int type, char *file, int line);
-void pthreads_locking_callback(int mode, int type, char *file, int line);
-void netware_locking_callback(int mode, int type, char *file, int line);
+void irix_locking_callback(int mode, int type, const char *file, int line);
+void solaris_locking_callback(int mode, int type, const char *file, int line);
+void win32_locking_callback(int mode, int type, const char *file, int line);
+void pthreads_locking_callback(int mode, int type, const char *file, int line);
+void netware_locking_callback(int mode, int type, const char *file, int line);
void beos_locking_callback(int mode, int type, const char *file, int line);
-unsigned long irix_thread_id(void);
-unsigned long solaris_thread_id(void);
-unsigned long pthreads_thread_id(void);
-unsigned long netware_thread_id(void);
-unsigned long beos_thread_id(void);
+void irix_thread_id(CRYPTO_THREADID *tid);
+void solaris_thread_id(CRYPTO_THREADID *tid);
+void pthreads_thread_id(CRYPTO_THREADID *tid);
+void netware_thread_id(CRYPTO_THREADID *tid);
+void beos_thread_id(CRYPTO_THREADID *tid);
#if defined(OPENSSL_SYS_NETWARE)
static MPKMutex *lock_cs;
@@ -149,39 +143,39 @@ static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
int doit(char *ctx[4]);
-static void print_stats(FILE *fp, SSL_CTX *ctx)
+static void print_stats(BIO *bio, SSL_CTX *ctx)
{
- fprintf(fp, "%4ld items in the session cache\n",
- SSL_CTX_sess_number(ctx));
- fprintf(fp, "%4ld client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ctx));
- fprintf(fp, "%4ld client connects that finished\n",
- SSL_CTX_sess_connect_good(ctx));
- fprintf(fp, "%4ld server connects (SSL_accept())\n",
- SSL_CTX_sess_accept(ctx));
- fprintf(fp, "%4ld server connects that finished\n",
- SSL_CTX_sess_accept_good(ctx));
- fprintf(fp, "%4ld session cache hits\n", SSL_CTX_sess_hits(ctx));
- fprintf(fp, "%4ld session cache misses\n", SSL_CTX_sess_misses(ctx));
- fprintf(fp, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
+ BIO_printf(bio, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ctx));
+ BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ctx));
+ BIO_printf(bio, "%4ld client connects that finished\n",
+ SSL_CTX_sess_connect_good(ctx));
+ BIO_printf(bio, "%4ld server connects (SSL_accept())\n",
+ SSL_CTX_sess_accept(ctx));
+ BIO_printf(bio, "%4ld server connects that finished\n",
+ SSL_CTX_sess_accept_good(ctx));
+ BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ctx));
+ BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ctx));
+ BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
}
static void sv_usage(void)
{
- fprintf(stderr, "usage: ssltest [args ...]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " -server_auth - check server certificate\n");
- fprintf(stderr, " -client_auth - do client authentication\n");
- fprintf(stderr, " -v - more output\n");
- fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr, " -threads arg - number of threads\n");
- fprintf(stderr, " -loops arg - number of 'connections', per thread\n");
- fprintf(stderr, " -reconnect - reuse session-id's\n");
- fprintf(stderr, " -stats - server session-id cache stats\n");
- fprintf(stderr, " -cert arg - server certificate/key\n");
- fprintf(stderr, " -ccert arg - client certificate/key\n");
- fprintf(stderr, " -ssl3 - just SSLv3n\n");
+ BIO_printf(bio_err, "usage: ssltest [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -server_auth - check server certificate\n");
+ BIO_printf(bio_err, " -client_auth - do client authentication\n");
+ BIO_printf(bio_err, " -v - more output\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, " -threads arg - number of threads\n");
+ BIO_printf(bio_err, " -loops arg - number of 'connections', per thread\n");
+ BIO_printf(bio_err, " -reconnect - reuse session-id's\n");
+ BIO_printf(bio_err, " -stats - server session-id cache stats\n");
+ BIO_printf(bio_err, " -cert arg - server certificate/key\n");
+ BIO_printf(bio_err, " -ccert arg - client certificate/key\n");
+ BIO_printf(bio_err, " -ssl3 - just SSLv3n\n");
}
int main(int argc, char *argv[])
@@ -200,9 +194,9 @@ int main(int argc, char *argv[])
RAND_seed(rnd_seed, sizeof rnd_seed);
if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ bio_err = BIO_new_fd(2, BIO_NOCLOSE);
if (bio_stdout == NULL)
- bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio_stdout = BIO_new_fd(1, BIO_NOCLOSE);
argc--;
argv++;
@@ -250,7 +244,7 @@ int main(int argc, char *argv[])
if (number_of_loops == 0)
number_of_loops = 1;
} else {
- fprintf(stderr, "unknown option %s\n", *argv);
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
break;
}
@@ -284,9 +278,12 @@ int main(int argc, char *argv[])
SSL_SESS_CACHE_SERVER);
if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_certificate_file (%s)\n", scert);
ERR_print_errors(bio_err);
+ goto end;
} else
if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_RSAPrivateKey_file (%s)\n", scert);
ERR_print_errors(bio_err);
goto end;
}
@@ -300,19 +297,19 @@ int main(int argc, char *argv[])
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
- fprintf(stderr, "SSL_load_verify_locations\n");
+ BIO_printf(bio_err, "SSL_load_verify_locations\n");
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
- fprintf(stderr, "client authentication\n");
+ BIO_printf(bio_err, "client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
}
if (server_auth) {
- fprintf(stderr, "server authentication\n");
+ BIO_printf(bio_err, "server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
}
@@ -322,24 +319,24 @@ int main(int argc, char *argv[])
end:
if (c_ctx != NULL) {
- fprintf(stderr, "Client SSL_CTX stats then free it\n");
- print_stats(stderr, c_ctx);
+ BIO_printf(bio_err, "Client SSL_CTX stats then free it\n");
+ print_stats(bio_err, c_ctx);
SSL_CTX_free(c_ctx);
}
if (s_ctx != NULL) {
- fprintf(stderr, "Server SSL_CTX stats then free it\n");
- print_stats(stderr, s_ctx);
+ BIO_printf(bio_err, "Server SSL_CTX stats then free it\n");
+ print_stats(bio_err, s_ctx);
if (cache_stats) {
- fprintf(stderr, "-----\n");
- lh_stats((_LHASH *)SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
- /*- lh_node_stats((_LHASH *)SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n"); */
- lh_node_usage_stats((_LHASH *)SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
+ BIO_printf(bio_err, "-----\n");
+ lh_SSL_SESSION_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
+ /*- lh_SSL_SESSION_node_stats_bio(SSL_CTX_sessions(s_ctx),bio_err);
+ BIO_printf(bio_err,"-----\n"); */
+ lh_SSL_SESSION_node_usage_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
}
SSL_CTX_free(s_ctx);
- fprintf(stderr, "done free\n");
+ BIO_printf(bio_err, "done free\n");
}
exit(ret);
return (0);
@@ -355,6 +352,7 @@ static int ndoit(SSL_CTX *ssl_ctx[2])
int i;
int ret;
char *ctx[4];
+ CRYPTO_THREADID thread_id;
ctx[0] = (char *)ssl_ctx[0];
ctx[1] = (char *)ssl_ctx[1];
@@ -367,22 +365,24 @@ static int ndoit(SSL_CTX *ssl_ctx[2])
ctx[3] = NULL;
}
- fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id());
+ CRYPTO_THREADID_current(&thread_id);
+ BIO_printf(bio_stdout, "started thread %lu\n",
+ CRYPTO_THREADID_hash(&thread_id));
for (i = 0; i < number_of_loops; i++) {
-/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
- CRYPTO_thread_id(),i,
- ssl_ctx[0]->references,
- ssl_ctx[1]->references); */
+/*- BIO_printf(bio_err,"%4d %2d ctx->ref (%3d,%3d)\n",
+ CRYPTO_THREADID_hash(&thread_id),i,
+ ssl_ctx[0]->references,
+ ssl_ctx[1]->references); */
/* pthread_delay_np(&tm); */
ret = doit(ctx);
if (ret != 0) {
- fprintf(stdout, "error[%d] %lu - %d\n",
- i, CRYPTO_thread_id(), ret);
+ BIO_printf(bio_stdout, "error[%d] %lu - %d\n",
+ i, CRYPTO_THREADID_hash(&thread_id), ret);
return (ret);
}
}
- fprintf(stdout, "DONE %lu\n", CRYPTO_thread_id());
+ BIO_printf(bio_stdout, "DONE %lu\n", CRYPTO_THREADID_hash(&thread_id));
if (reconnect) {
SSL_free((SSL *)ctx[2]);
SSL_free((SSL *)ctx[3]);
@@ -464,26 +464,26 @@ int doit(char *ctx[4])
if (do_server && verbose) {
if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
+ BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
else if (s_write)
- printf("server:SSL_write()\n");
+ BIO_printf(bio_stdout, "server:SSL_write()\n");
else
- printf("server:SSL_read()\n");
+ BIO_printf(bio_stdout, "server:SSL_read()\n");
}
if (do_client && verbose) {
if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
+ BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
else if (c_write)
- printf("client:SSL_write()\n");
+ BIO_printf(bio_stdout, "client:SSL_write()\n");
else
- printf("client:SSL_read()\n");
+ BIO_printf(bio_stdout, "client:SSL_read()\n");
}
if (!do_client && !do_server) {
- fprintf(stdout, "ERROR IN STARTUP\n");
+ BIO_printf(bio_stdout, "ERROR IN STARTUP\n");
break;
}
if (do_client && !(done & C_DONE)) {
@@ -498,12 +498,12 @@ int doit(char *ctx[4])
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
/* ok */
@@ -520,19 +520,19 @@ int doit(char *ctx[4])
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
done |= C_DONE;
#ifdef undef
- fprintf(stdout, "CLIENT:from server:");
- fwrite(cbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "CLIENT:from server:");
+ BIO_write(bio_stdout, cbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
}
@@ -550,20 +550,20 @@ int doit(char *ctx[4])
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 1;
s_w = 1;
#ifdef undef
- fprintf(stdout, "SERVER:from client:");
- fwrite(sbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "SERVER:from client:");
+ BIO_write(bio_stdout, sbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
} else {
@@ -577,12 +577,12 @@ int doit(char *ctx[4])
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 0;
@@ -603,7 +603,7 @@ int doit(char *ctx[4])
SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
#ifdef undef
- fprintf(stdout, "DONE\n");
+ BIO_printf(bio_stdout, "DONE\n");
#endif
err:
/*
@@ -637,7 +637,7 @@ int doit(char *ctx[4])
return (0);
}
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];
@@ -646,9 +646,9 @@ int MS_CALLBACK verify_callback(int ok,
buf, 256);
if (s != NULL) {
if (ok)
- fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ BIO_printf(bio_err, "depth=%d %s\n", ctx->error_depth, buf);
else
- fprintf(stderr, "depth=%d error=%d %s\n",
+ BIO_printf(bio_err, "depth=%d error=%d %s\n",
ctx->error_depth, ctx->error, buf);
}
}
@@ -685,7 +685,7 @@ void thread_cleanup(void)
OPENSSL_free(lock_cs);
}
-void win32_locking_callback(int mode, int type, char *file, int line)
+void win32_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
WaitForSingleObject(lock_cs[type], INFINITE);
@@ -714,7 +714,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
(void *)ssl_ctx, 0L, &(thread_id[i]));
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i += 50) {
int j;
@@ -724,7 +724,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
(CONST HANDLE *) & (thread_handle[i]),
TRUE, INFINITE)
== WAIT_FAILED) {
- fprintf(stderr, "WaitForMultipleObjects failed:%d\n",
+ BIO_printf(bio_err, "WaitForMultipleObjects failed:%d\n",
GetLastError());
exit(1);
}
@@ -740,7 +740,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
ret = (ret + end.wSecond - start.wSecond);
ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0;
- printf("win32 threads done - %.3f seconds\n", ret);
+ BIO_printf(bio_stdout, "win32 threads done - %.3f seconds\n", ret);
}
#endif /* OPENSSL_SYS_WIN32 */
@@ -775,34 +775,34 @@ void thread_cleanup(void)
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
/* rwlock_destroy(&(lock_cs[i])); */
mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
-void solaris_locking_callback(int mode, int type, char *file, int line)
+void solaris_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
/*-
@@ -834,21 +834,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
(void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i]));
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
thr_join(thread_ctx[i], NULL, NULL);
}
- printf("solaris threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "solaris threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "solaris threads done\n");
+#endif
}
-unsigned long solaris_thread_id(void)
+void solaris_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)thr_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)thr_self());
}
#endif /* SOLARIS */
@@ -896,13 +897,13 @@ void thread_cleanup(void)
OPENSSL_free(lock_cs);
}
-void irix_locking_callback(int mode, int type, char *file, int line)
+void irix_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
- printf("lock %d\n", type);
+ BIO_printf(bio_stdout, "lock %d\n", type);
uspsema(lock_cs[type]);
} else {
- printf("unlock %d\n", type);
+ BIO_printf(bio_stdout, "unlock %d\n", type);
usvsema(lock_cs[type]);
}
}
@@ -921,21 +922,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
PR_SADDR | PR_SFDS, (void *)ssl_ctx);
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
wait(NULL);
}
- printf("irix threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "irix threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "irix threads done\n");
+#endif
}
unsigned long irix_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)getpid();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)getpid());
}
#endif /* IRIX */
@@ -964,30 +966,30 @@ void thread_cleanup(void)
int i;
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
-void pthreads_locking_callback(int mode, int type, char *file, int line)
+void pthreads_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&(lock_cs[type]));
@@ -1014,21 +1016,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
(void *(*)(void *))ndoit, (void *)ssl_ctx);
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
pthread_join(thread_ctx[i], NULL);
}
- printf("pthreads threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "pthreads threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "pthreads threads done\n");
+#endif
}
-unsigned long pthreads_thread_id(void)
+void pthreads_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)pthread_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self());
}
#endif /* PTHREADS */
@@ -1048,8 +1051,8 @@ void thread_setup(void)
ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0);
- CRYPTO_set_id_callback((unsigned long (*)(void))netware_thread_id);
- CRYPTO_set_locking_callback((void (*)(void))netware_locking_callback);
+ CRYPTO_set_id_callback(netware_thread_id);
+ CRYPTO_set_locking_callback(netware_locking_callback);
}
void thread_cleanup(void)
@@ -1058,21 +1061,21 @@ void thread_cleanup(void)
CRYPTO_set_locking_callback(NULL);
- fprintf(stdout, "thread_cleanup\n");
+ BIO_printf(bio_stdout, "thread_cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
MPKMutexFree(lock_cs[i]);
- fprintf(stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
MPKSemaphoreFree(ThreadSem);
- fprintf(stdout, "done cleanup\n");
+ BIO_printf(bio_stdout, "done cleanup\n");
}
-void netware_locking_callback(int mode, int type, char *file, int line)
+void netware_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
MPKMutexLock(lock_cs[type]);
@@ -1094,22 +1097,23 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
ThreadSwitchWithDelay();
}
- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
/* loop until all threads have signaled the semaphore */
for (i = 0; i < thread_number; i++) {
MPKSemaphoreWait(ThreadSem);
}
- printf("netware threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "netware threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "netware threads done\n");
+#endif
}
unsigned long netware_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)GetThreadID();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)GetThreadID());
}
#endif /* NETWARE */
@@ -1141,24 +1145,24 @@ void thread_cleanup(void)
int i;
CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
delete lock_cs[i];
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);
- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}
void beos_locking_callback(int mode, int type, const char *file, int line)
{
# if 0
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
if (mode & CRYPTO_LOCK) {
lock_cs[type]->Lock();
@@ -1184,14 +1188,14 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX
resume_thread(thread_ctx[i]);
}
- printf("waiting...\n");
+ BIO_printf(bio_stdout, "waiting...\n");
for (i = 0; i < thread_number; i++) {
status_t result;
wait_for_thread(thread_ctx[i], &result);
}
- printf("beos threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+ BIO_printf(bio_stdout, "beos threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
}
unsigned long beos_thread_id(void)
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.8 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.8 Fri Jun 12 13:01:12 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Thu Jul 9 10:31:01 2015
@@ -162,6 +162,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
return -1;
}
+ if (ctx->chain != NULL) {
+ /*
+ * This X509_STORE_CTX has already been used to verify a cert. We
+ * cannot do another one.
+ */
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
cb = ctx->verify_cb;
@@ -169,15 +177,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx
* first we make sure the chain we are going to build is present and that
* the first entry is in place
*/
- if (ctx->chain == NULL) {
- if (((ctx->chain = sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain, ctx->cert))) {
- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
- ctx->last_untrusted = 1;
+ if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+ (!sk_X509_push(ctx->chain, ctx->cert))) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
}
+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+ ctx->last_untrusted = 1;
/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
@@ -306,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
* if the user hasn't switched off alternate chain checking
*/
retry = 0;
- if (j == ctx->last_untrusted &&
+ if (num == ctx->last_untrusted &&
!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
@@ -328,8 +334,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx
xtmp = sk_X509_pop(ctx->chain);
X509_free(xtmp);
num--;
- ctx->last_untrusted--;
}
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
retry = 1;
break;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.14 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.15
--- src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.14 Fri Jun 12 13:01:13 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Thu Jul 9 10:31:01 2015
@@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (alg_k & SSL_kPSK) {
- char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
-
param_len = 2;
if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s)
}
param_len += i;
- /*
- * If received PSK identity hint contains NULL characters, the hint
- * is truncated from the first NULL. p may not be ending with NULL,
- * so create a NULL-terminated string.
- */
- memcpy(tmp_id_hint, p, i);
- memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
- if (s->ctx->psk_identity_hint != NULL)
- OPENSSL_free(s->ctx->psk_identity_hint);
- s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->ctx->psk_identity_hint == NULL) {
+ s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+ if (s->session->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s
}
memset(identity, 0, sizeof(identity));
- psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+ psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1,
psk_or_pre_ms,
sizeof(psk_or_pre_ms));
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.21 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.22
--- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.21 Fri Jun 12 13:01:13 2015
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jul 9 10:31:01 2015
@@ -2799,7 +2799,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (s->session->psk_identity != NULL)
OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strdup((char *)p);
+ s->session->psk_identity = BUF_strndup((char *)p, i);
if (s->session->psk_identity == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto psk_err;
Index: src/crypto/external/bsd/openssl/dist/test/Makefile
diff -u src/crypto/external/bsd/openssl/dist/test/Makefile:1.4 src/crypto/external/bsd/openssl/dist/test/Makefile:1.5
--- src/crypto/external/bsd/openssl/dist/test/Makefile:1.4 Fri Jun 12 13:01:13 2015
+++ src/crypto/external/bsd/openssl/dist/test/Makefile Thu Jul 9 10:31:02 2015
@@ -66,6 +66,7 @@ SRPTEST= srptest
ASN1TEST= asn1test
HEARTBEATTEST= heartbeat_test
CONSTTIMETEST= constant_time_test
+VERIFYEXTRATEST= verify_extra_test
TESTS= alltests
@@ -77,7 +78,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT)
+ $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -90,7 +91,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATES
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \
- $(HEARTBEATTEST).o $(CONSTTIMETEST).o
+ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -100,7 +101,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATES
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
- $(HEARTBEATTEST).c $(CONSTTIMETEST).c
+ $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c
EXHEADER=
HEADER= $(EXHEADER)
@@ -143,7 +144,7 @@ alltests: \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat test_constant_time
+ test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra
test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -334,6 +335,10 @@ test_constant_time: $(CONSTTIMETEST)$(EX
@echo "Test constant time utilites"
../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -502,6 +507,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATT
$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
@target=$(CONSTTIMETEST) $(BUILD_CMD)
+$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+ @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -792,6 +800,21 @@ ssltest.o: ../include/openssl/ssl3.h ../
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ssltest.o: ../include/openssl/x509v3.h ssltest.c
+verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+verify_extra_test.o: ../include/openssl/objects.h
+verify_extra_test.o: ../include/openssl/opensslconf.h
+verify_extra_test.o: ../include/openssl/opensslv.h
+verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify_extra_test.o: verify_extra_test.c
wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
Index: src/crypto/external/bsd/openssl/dist/test/testssl
diff -u src/crypto/external/bsd/openssl/dist/test/testssl:1.3 src/crypto/external/bsd/openssl/dist/test/testssl:1.4
--- src/crypto/external/bsd/openssl/dist/test/testssl:1.3 Fri Jun 12 13:01:13 2015
+++ src/crypto/external/bsd/openssl/dist/test/testssl Thu Jul 9 10:31:02 2015
@@ -120,16 +120,15 @@ echo test sslv2/sslv3 with both client a
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
test_cipher() {
- local cipher=$1
- local protocol=$2
- echo "Testing $cipher"
+ _cipher=$1
+ echo "Testing $_cipher"
prot=""
- if [ $protocol = "SSLv3" ] ; then
+ if [ $2 = "SSLv3" ] ; then
prot="-ssl3"
fi
- $ssltest -cipher $cipher $prot
+ $ssltest -cipher $_cipher $prot
if [ $? -ne 0 ] ; then
- echo "Failed $cipher"
+ echo "Failed $_cipher"
exit 1
fi
}
@@ -199,16 +198,16 @@ if ../util/shlib_wrap.sh ../apps/openssl
echo skipping SRP tests
else
echo test tls1 with SRP
- $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP via BIO pair
- $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth
- $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
echo test tls1 with SRP auth via BIO pair
- $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
fi
exit 0
