Module Name: src
Committed By: spz
Date: Fri Jan 27 23:16:21 UTC 2017
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure Makefile NEWS
README openssl.spec
src/crypto/external/bsd/openssl/dist/apps: ca.c s_client.c s_server.c
speed.c
src/crypto/external/bsd/openssl/dist/crypto: opensslv.h
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c
src/crypto/external/bsd/openssl/dist/crypto/ec: ec2_mult.c
src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c
src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_oaep.c
src/crypto/external/bsd/openssl/dist/crypto/ui: ui_lib.c ui_openssl.c
src/crypto/external/bsd/openssl/dist/doc/crypto:
EVP_DigestVerifyInit.pod
src/crypto/external/bsd/openssl/dist/ssl: s2_lib.c s3_clnt.c s3_pkt.c
s3_srvr.c ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c t1_lib.c
Log Message:
merge for OpenSSL 1.0.2k
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README \
src/crypto/external/bsd/openssl/dist/openssl.spec
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/Makefile
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssl/dist/apps/ca.c \
src/crypto/external/bsd/openssl/dist/apps/s_client.c \
src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c \
src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.12 src/crypto/external/bsd/openssl/dist/CHANGES:1.13
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 27 23:16:20 2017
@@ -2,6 +2,67 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
+
+ *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS path is running on a 32-bit host and a specific
+ cipher is being used, then a truncated packet can cause that host to
+ perform an out-of-bounds read, usually resulting in a crash.
+
+ This issue was reported to OpenSSL by Robert Święcki of Google.
+ (CVE-2017-3731)
+ [Andy Polyakov]
+
+ *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+ similar to CVE-2015-3193 but must be treated as a separate problem.
+
+ This issue was reported to OpenSSL by the OSS-Fuzz project.
+ (CVE-2017-3732)
+ [Andy Polyakov]
+
+ *) Montgomery multiplication may produce incorrect results
+
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+ and DH private keys are impossible. This is because the subroutine in
+ question is not used in operations with the private key itself and an input
+ of the attacker's direct choice. Otherwise the bug can manifest itself as
+ transient authentication and key negotiation failures or reproducible
+ erroneous outcome of public-key operations with specially crafted input.
+ Among EC algorithms only Brainpool P-512 curves are affected and one
+ presumably can attack ECDH key negotiation. Impact was not analyzed in
+ detail, because pre-requisites for attack are considered unlikely. Namely
+ multiple clients have to choose the curve in question and the server has to
+ share the private key among them, neither of which is default behaviour.
+ Even then only clients that chose the curve will be affected.
+
+ This issue was publicly reported as transient failures and was not
+ initially recognized as a security issue. Thanks to Richard Morgan for
+ providing reproducible case.
+ (CVE-2016-7055)
+ [Andy Polyakov]
+
+ *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+ or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+ prevent issues where no progress is being made and the peer continually
+ sends unrecognised record types, using up resources processing them.
+ [Matt Caswell]
+
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.12 src/crypto/external/bsd/openssl/dist/NEWS:1.13
--- src/crypto/external/bsd/openssl/dist/NEWS:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/NEWS Fri Jan 27 23:16:20 2017
@@ -5,9 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
+
+ o Truncated packet could crash via OOB read (CVE-2017-3731)
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+ o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
- o Fix Use After Free for large message sizes (CVE-2016-6309)
+ o Missing CRL sanity check (CVE-2016-7052)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.12 src/crypto/external/bsd/openssl/dist/README:1.13
--- src/crypto/external/bsd/openssl/dist/README:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/README Fri Jan 27 23:16:20 2017
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2j 26 Sep 2016
+ OpenSSL 1.0.2k 26 Jan 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -66,13 +66,13 @@
If you have any problems with OpenSSL then please take the following steps
first:
- - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ - Download the latest version from the repository
to see if the problem has already been addressed
- - Remove ASM versions of libraries
+ - Configure with no-asm
- Remove compiler optimisation flags
- If you wish to report a bug then please include the following information in
- any bug report:
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
@@ -84,27 +84,9 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
- Email the report to:
-
- [email protected]
-
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list. Confidential mail
- may be sent to [email protected] (PGP key available from the
- key servers).
-
- Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
- You can also make GitHub pull requests. If you do this, please also send
- mail to [email protected] with a link to the PR so that we can more easily
- keep track of it.
-
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
@@ -113,7 +95,7 @@
LEGALITIES
----------
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
Index: src/crypto/external/bsd/openssl/dist/openssl.spec
diff -u src/crypto/external/bsd/openssl/dist/openssl.spec:1.12 src/crypto/external/bsd/openssl/dist/openssl.spec:1.13
--- src/crypto/external/bsd/openssl/dist/openssl.spec:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/openssl.spec Fri Jan 27 23:16:20 2017
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.2j
+Version: 1.0.2k
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.16 src/crypto/external/bsd/openssl/dist/Configure:1.17
--- src/crypto/external/bsd/openssl/dist/Configure:1.16 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/Configure Fri Jan 27 23:16:20 2017
@@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
require 5.000;
use strict;
+use File::Compare;
# see INSTALL for instructions.
@@ -57,12 +58,13 @@ my $usage="Usage: Configure [no-<cipher>
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
-# 386 generate 80386 code
# enable-weak-ssl-ciphers
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
# default. Note, weak SSLv2 ciphers are unconditionally
# disabled.
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# 386 generate 80386 code in assembly modules
+# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
+# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
@@ -1792,8 +1794,16 @@ while (<IN>)
}
close(IN);
close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+if ((compare($Makefile, "$Makefile.new"))
+ or file_newer('Configure', $Makefile)
+ or file_newer('config', $Makefile)
+ or file_newer('Makefile.org', $Makefile))
+ {
+ rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+ }
+else
+ { unlink("$Makefile.new"); }
print "CC =$cc\n";
print "CFLAG =$cflags\n";
@@ -1985,9 +1995,13 @@ print OUT "#ifdef __cplusplus\n";
print OUT "}\n";
print OUT "#endif\n";
close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
+if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
+ {
+ rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+ rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+ }
+else
+ { unlink("crypto/opensslconf.h.new"); }
# Fix the date
@@ -2289,3 +2303,9 @@ sub test_sanity
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}
+
+sub file_newer
+ {
+ my ($file1, $file2) = @_;
+ return (stat($file1))[9] > (stat($file2))[9]
+ }
Index: src/crypto/external/bsd/openssl/dist/Makefile
diff -u src/crypto/external/bsd/openssl/dist/Makefile:1.13 src/crypto/external/bsd/openssl/dist/Makefile:1.14
--- src/crypto/external/bsd/openssl/dist/Makefile:1.13 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/Makefile Fri Jan 27 23:16:20 2017
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2j
+VERSION=1.0.2k
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -203,7 +203,8 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB}
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
+ $${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
Index: src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ca.c:1.12 src/crypto/external/bsd/openssl/dist/apps/ca.c:1.13
--- src/crypto/external/bsd/openssl/dist/apps/ca.c:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c Fri Jan 27 23:16:20 2017
@@ -319,9 +319,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *tofree = NULL;
DB_ATTR db_attr;
@@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, conf))
goto err;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
/* Lets get the config section we are using */
if (section == NULL) {
@@ -1485,6 +1481,7 @@ int MAIN(int argc, char **argv)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
@@ -2227,7 +2224,6 @@ static int certify_spkac(X509 **xret, ch
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
goto err;
}
Index: src/crypto/external/bsd/openssl/dist/apps/s_client.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.12 src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.13
--- src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/apps/s_client.c Fri Jan 27 23:16:20 2017
@@ -695,12 +695,12 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
int mbuf_len = 0;
struct timeval timeout, *timeoutp;
-#ifndef OPENSSL_NO_ENGINE
char *engine_id = NULL;
+ ENGINE *e = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *ssl_client_engine_id = NULL;
ENGINE *ssl_client_engine = NULL;
#endif
- ENGINE *e = NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
# if defined(OPENSSL_SYS_BEOS_R5)
@@ -1187,8 +1187,8 @@ int MAIN(int argc, char **argv)
next_proto.data = NULL;
#endif
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#ifndef OPENSSL_NO_ENGINE
if (ssl_client_engine_id) {
ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
if (!ssl_client_engine) {
@@ -2134,6 +2134,7 @@ int MAIN(int argc, char **argv)
OPENSSL_cleanse(mbuf, BUFSIZZ);
OPENSSL_free(mbuf);
}
+ release_engine(e);
if (bio_c_out != NULL) {
BIO_free(bio_c_out);
bio_c_out = NULL;
Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.12 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.13
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.12 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c Fri Jan 27 23:16:20 2017
@@ -328,9 +328,7 @@ static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
static int hack = 0;
-#ifndef OPENSSL_NO_ENGINE
static char *engine_id = NULL;
-#endif
static const char *session_id_prefix = NULL;
static int enable_timeouts = 0;
@@ -484,9 +482,7 @@ static void s_server_init(void)
s_quiet = 0;
s_brief = 0;
hack = 0;
-# ifndef OPENSSL_NO_ENGINE
engine_id = NULL;
-# endif
}
#endif
@@ -1603,9 +1599,7 @@ int MAIN(int argc, char *argv[])
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
-#endif
if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -2129,6 +2123,7 @@ int MAIN(int argc, char *argv[])
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
+ release_engine(e);
if (bio_s_out != NULL) {
BIO_free(bio_s_out);
bio_s_out = NULL;
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.10 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.11
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.10 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Fri Jan 27 23:16:21 2017
@@ -372,6 +372,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
unsigned char *buf = NULL, *buf2 = NULL;
int mret = 1;
long count = 0, save_count = 0;
@@ -669,6 +670,10 @@ int MAIN(int argc, char **argv)
ecdh_b[i] = NULL;
}
# endif
+# ifndef OPENSSL_NO_RSA
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_key[i] = NULL;
+# endif
if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
@@ -677,12 +682,6 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
-# ifndef OPENSSL_NO_RSA
- memset(rsa_key, 0, sizeof(rsa_key));
- for (i = 0; i < RSA_NUM; i++)
- rsa_key[i] = NULL;
-# endif
-
if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
BIO_printf(bio_err, "out of memory\n");
goto end;
@@ -749,7 +748,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no engine given\n");
goto end;
}
- setup_engine(bio_err, *argv, 0);
+ e = setup_engine(bio_err, *argv, 0);
/*
* j will be increased again further down. We just don't want
* speed to confuse an engine with an algorithm, especially when
@@ -2526,6 +2525,7 @@ int MAIN(int argc, char **argv)
}
# endif
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(mret);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/opensslv.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.21 src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.22
--- src/crypto/external/bsd/openssl/dist/crypto/opensslv.h:1.21 Fri Oct 14 16:23:17 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/opensslv.h Fri Jan 27 23:16:21 2017
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100020afL
+# define OPENSSL_VERSION_NUMBER 0x100020bfL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.12 Fri Oct 14 16:23:18 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Fri Jan 27 23:16:21 2017
@@ -184,8 +184,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, c
goto err;
}
}
- if (r != rr)
- BN_copy(r, rr);
+ if (r != rr && BN_copy(r, rr) == NULL)
+ goto err;
+
ret = 1;
err:
BN_CTX_end(ctx);
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.3 src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.4
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.3 Mon Mar 23 10:22:47 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c Fri Jan 27 23:16:21 2017
@@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_mult
BN_CTX *ctx)
{
BIGNUM *x1, *x2, *z1, *z2;
- int ret = 0, i;
+ int ret = 0, i, group_top;
BN_ULONG mask, word;
if (r == point) {
@@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_mult
x2 = &r->X;
z2 = &r->Y;
- bn_wexpand(x1, group->field.top);
- bn_wexpand(z1, group->field.top);
- bn_wexpand(x2, group->field.top);
- bn_wexpand(z2, group->field.top);
+ group_top = group->field.top;
+ if (bn_wexpand(x1, group_top) == NULL
+ || bn_wexpand(z1, group_top) == NULL
+ || bn_wexpand(x2, group_top) == NULL
+ || bn_wexpand(z2, group_top) == NULL)
+ goto err;
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
goto err; /* x1 = x */
@@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_mult
for (; i >= 0; i--) {
word = scalar->d[i];
while (mask) {
- BN_consttime_swap(word & mask, x1, x2, group->field.top);
- BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ BN_consttime_swap(word & mask, x1, x2, group_top);
+ BN_consttime_swap(word & mask, z1, z2, group_top);
if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
goto err;
if (!gf2m_Mdouble(group, x1, z1, ctx))
goto err;
- BN_consttime_swap(word & mask, x1, x2, group->field.top);
- BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ BN_consttime_swap(word & mask, x1, x2, group_top);
+ BN_consttime_swap(word & mask, z1, z2, group_top);
mask >>= 1;
}
mask = BN_TBIT;
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.10 src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.11
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.10 Mon Oct 17 00:23:47 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Fri Jan 27 23:16:21 2017
@@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned ch
const unsigned char ivec[AES_BLOCK_SIZE]);
# endif
# ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp, char *out, size_t len,
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp, char *out, size_t len,
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
# endif
Index: src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c:1.4 Fri Oct 14 16:23:20 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c Fri Jan 27 23:16:21 2017
@@ -89,17 +89,21 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsi
}
if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
- return 0;
+ goto err;
for (i = 0; i < emlen - mdlen; i++)
db[i] ^= dbmask[i];
if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
- return 0;
+ goto err;
for (i = 0; i < mdlen; i++)
seed[i] ^= seedmask[i];
OPENSSL_free(dbmask);
return 1;
+
+ err:
+ OPENSSL_free(dbmask);
+ return 0;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c:1.2 Fri Oct 14 16:23:21 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c Fri Jan 27 23:16:21 2017
@@ -164,7 +164,7 @@ static int general_allocate_string(UI *u
UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
type, input_flags, result_buf);
- if (s) {
+ if (s != NULL) {
if (allocate_string_stack(ui) >= 0) {
s->_.string_data.result_minsize = minsize;
s->_.string_data.result_maxsize = maxsize;
@@ -197,8 +197,8 @@ static int general_allocate_boolean(UI *
} else if (cancel_chars == NULL) {
UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
} else {
- for (p = ok_chars; *p; p++) {
- if (strchr(cancel_chars, *p)) {
+ for (p = ok_chars; *p != '\0'; p++) {
+ if (strchr(cancel_chars, *p) != NULL) {
UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
}
@@ -207,7 +207,7 @@ static int general_allocate_boolean(UI *
s = general_allocate_prompt(ui, prompt, prompt_freeable,
type, input_flags, result_buf);
- if (s) {
+ if (s != NULL) {
if (allocate_string_stack(ui) >= 0) {
s->_.boolean_data.action_desc = action_desc;
s->_.boolean_data.ok_chars = ok_chars;
@@ -243,7 +243,7 @@ int UI_dup_input_string(UI *ui, const ch
{
char *prompt_copy = NULL;
- if (prompt) {
+ if (prompt != NULL) {
prompt_copy = BUF_strdup(prompt);
if (prompt_copy == NULL) {
UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
@@ -271,7 +271,7 @@ int UI_dup_verify_string(UI *ui, const c
{
char *prompt_copy = NULL;
- if (prompt) {
+ if (prompt != NULL) {
prompt_copy = BUF_strdup(prompt);
if (prompt_copy == NULL) {
UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
@@ -302,7 +302,7 @@ int UI_dup_input_boolean(UI *ui, const c
char *ok_chars_copy = NULL;
char *cancel_chars_copy = NULL;
- if (prompt) {
+ if (prompt != NULL) {
prompt_copy = BUF_strdup(prompt);
if (prompt_copy == NULL) {
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -310,7 +310,7 @@ int UI_dup_input_boolean(UI *ui, const c
}
}
- if (action_desc) {
+ if (action_desc != NULL) {
action_desc_copy = BUF_strdup(action_desc);
if (action_desc_copy == NULL) {
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -318,7 +318,7 @@ int UI_dup_input_boolean(UI *ui, const c
}
}
- if (ok_chars) {
+ if (ok_chars != NULL) {
ok_chars_copy = BUF_strdup(ok_chars);
if (ok_chars_copy == NULL) {
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -326,7 +326,7 @@ int UI_dup_input_boolean(UI *ui, const c
}
}
- if (cancel_chars) {
+ if (cancel_chars != NULL) {
cancel_chars_copy = BUF_strdup(cancel_chars);
if (cancel_chars_copy == NULL) {
UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
@@ -359,7 +359,7 @@ int UI_dup_info_string(UI *ui, const cha
{
char *text_copy = NULL;
- if (text) {
+ if (text != NULL) {
text_copy = BUF_strdup(text);
if (text_copy == NULL) {
UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
@@ -381,7 +381,7 @@ int UI_dup_error_string(UI *ui, const ch
{
char *text_copy = NULL;
- if (text) {
+ if (text != NULL) {
text_copy = BUF_strdup(text);
if (text_copy == NULL) {
UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
@@ -397,7 +397,7 @@ char *UI_construct_prompt(UI *ui, const
{
char *prompt = NULL;
- if (ui->meth->ui_construct_prompt)
+ if (ui->meth->ui_construct_prompt != NULL)
prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
else {
char prompt1[] = "Enter ";
@@ -408,7 +408,7 @@ char *UI_construct_prompt(UI *ui, const
if (object_desc == NULL)
return NULL;
len = sizeof(prompt1) - 1 + strlen(object_desc);
- if (object_name)
+ if (object_name != NULL)
len += sizeof(prompt2) - 1 + strlen(object_name);
len += sizeof(prompt3) - 1;
@@ -417,7 +417,7 @@ char *UI_construct_prompt(UI *ui, const
return NULL;
BUF_strlcpy(prompt, prompt1, len + 1);
BUF_strlcat(prompt, object_desc, len + 1);
- if (object_name) {
+ if (object_name != NULL) {
BUF_strlcat(prompt, prompt2, len + 1);
BUF_strlcat(prompt, object_name, len + 1);
}
@@ -459,7 +459,8 @@ static int print_error(const char *str,
uis.type = UIT_ERROR;
uis.out_string = str;
- if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
+ if (ui->meth->ui_write_string != NULL
+ && ui->meth->ui_write_string(ui, &uis) <= 0)
return -1;
return 0;
}
@@ -468,24 +469,28 @@ int UI_process(UI *ui)
{
int i, ok = 0;
- if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
- return -1;
+ if (ui->meth->ui_open_session != NULL
+ && ui->meth->ui_open_session(ui) <= 0) {
+ ok = -1;
+ goto err;
+ }
if (ui->flags & UI_FLAG_PRINT_ERRORS)
ERR_print_errors_cb((int (*)(const char *, size_t, void *))
print_error, (void *)ui);
for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
- if (ui->meth->ui_write_string
- && !ui->meth->ui_write_string(ui,
- sk_UI_STRING_value(ui->strings, i)))
+ if (ui->meth->ui_write_string != NULL
+ && (ui->meth->ui_write_string(ui,
+ sk_UI_STRING_value(ui->strings, i))
+ <= 0))
{
ok = -1;
goto err;
}
}
- if (ui->meth->ui_flush)
+ if (ui->meth->ui_flush != NULL)
switch (ui->meth->ui_flush(ui)) {
case -1: /* Interrupt/Cancel/something... */
ok = -2;
@@ -499,7 +504,7 @@ int UI_process(UI *ui)
}
for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
- if (ui->meth->ui_read_string) {
+ if (ui->meth->ui_read_string != NULL) {
switch (ui->meth->ui_read_string(ui,
sk_UI_STRING_value(ui->strings,
i))) {
@@ -516,7 +521,8 @@ int UI_process(UI *ui)
}
}
err:
- if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+ if (ui->meth->ui_close_session != NULL
+ && ui->meth->ui_close_session(ui) <= 0)
return -1;
return ok;
}
@@ -612,49 +618,49 @@ void UI_destroy_method(UI_METHOD *ui_met
int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
{
- if (method) {
+ if (method != NULL) {
method->ui_open_session = opener;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
int UI_method_set_writer(UI_METHOD *method,
int (*writer) (UI *ui, UI_STRING *uis))
{
- if (method) {
+ if (method != NULL) {
method->ui_write_string = writer;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
{
- if (method) {
+ if (method != NULL) {
method->ui_flush = flusher;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
int UI_method_set_reader(UI_METHOD *method,
int (*reader) (UI *ui, UI_STRING *uis))
{
- if (method) {
+ if (method != NULL) {
method->ui_read_string = reader;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
{
- if (method) {
+ if (method != NULL) {
method->ui_close_session = closer;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
int UI_method_set_prompt_constructor(UI_METHOD *method,
@@ -664,55 +670,55 @@ int UI_method_set_prompt_constructor(UI_
const char
*object_name))
{
- if (method) {
+ if (method != NULL) {
method->ui_construct_prompt = prompt_constructor;
return 0;
- } else
- return -1;
+ }
+ return -1;
}
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
- if (method)
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *)
+{
+ if (method != NULL)
return method->ui_open_session;
- else
- return NULL;
+ return NULL;
}
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
- if (method)
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)
+{
+ if (method != NULL)
return method->ui_write_string;
- else
- return NULL;
+ return NULL;
}
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
- if (method)
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)
+{
+ if (method != NULL)
return method->ui_flush;
- else
- return NULL;
+ return NULL;
}
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
- if (method)
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)
+{
+ if (method != NULL)
return method->ui_read_string;
- else
- return NULL;
+ return NULL;
}
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
- if (method)
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *)
+{
+ if (method != NULL)
return method->ui_close_session;
- else
- return NULL;
+ return NULL;
}
char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
const char *,
- const char *) {
- if (method)
+ const char *)
+{
+ if (method != NULL)
return method->ui_construct_prompt;
- else
- return NULL;
+ return NULL;
}
enum UI_string_types UI_get_string_type(UI_STRING *uis)
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.8 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.8 Fri Oct 14 16:23:21 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c Fri Jan 27 23:16:21 2017
@@ -435,7 +435,7 @@ static int read_string_inner(UI *ui, UI_
# else
p = fgets(result, maxsize, tty_in);
# endif
- if (!p)
+ if (p == NULL)
goto error;
if (feof(tty_in))
goto error;
@@ -504,18 +504,31 @@ static int open_console(UI *ui)
is_a_tty = 0;
else
# endif
+# ifdef ENODEV
+ /*
+ * MacOS X returns ENODEV (Operation not supported by device),
+ * which seems appropriate.
+ */
+ if (errno == ENODEV)
+ is_a_tty = 0;
+ else
+# endif
return 0;
}
#endif
#ifdef OPENSSL_SYS_VMS
status = sys$assign(&terminal, &channel, 0, 0);
+
+ /* if there isn't a TT device, something is very wrong */
if (status != SS$_NORMAL)
return 0;
- status =
- sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
- 0, 0);
+
+ status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
+ 0, 0, 0, 0);
+
+ /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
+ is_a_tty = 0;
#endif
return 1;
}
@@ -532,14 +545,15 @@ static int noecho_console(UI *ui)
return 0;
#endif
#ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] | TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status =
- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
- 0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
+ if (is_a_tty) {
+ tty_new[0] = tty_orig[0];
+ tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+ tty_new[2] = tty_orig[2];
+ status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+ 0, 0, 0, 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+ }
#endif
return 1;
}
@@ -556,14 +570,15 @@ static int echo_console(UI *ui)
return 0;
#endif
#ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status =
- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
- 0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
+ if (is_a_tty) {
+ tty_new[0] = tty_orig[0];
+ tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+ tty_new[2] = tty_orig[2];
+ status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+ 0, 0, 0, 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+ }
#endif
return 1;
}
@@ -576,6 +591,8 @@ static int close_console(UI *ui)
fclose(tty_out);
#ifdef OPENSSL_SYS_VMS
status = sys$dassgn(channel);
+ if (status != SS$_NORMAL)
+ return 0;
#endif
CRYPTO_w_unlock(CRYPTO_LOCK_UI);
Index: src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod
diff -u src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod:1.4 src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod:1.5
--- src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod:1.4 Fri Oct 14 16:23:21 2016
+++ src/crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod Fri Jan 27 23:16:21 2017
@@ -10,7 +10,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUp
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
- int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen);
=head1 DESCRIPTION
Index: src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c:1.7 src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c:1.8
--- src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c:1.7 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/s2_lib.c Fri Jan 27 23:16:21 2017
@@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_3DES,
SSL_MD5,
SSL_SSLV2,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
0,
112,
168,
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.19 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.20
--- src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.19 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Fri Jan 27 23:16:21 2017
@@ -1710,12 +1710,6 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;
- if (BN_is_zero(dh->p)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
- goto f_err;
- }
-
-
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1736,11 +1730,6 @@ int ssl3_get_key_exchange(SSL *s)
}
p += i;
- if (BN_is_zero(dh->g)) {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
- goto f_err;
- }
-
if (2 > n - param_len) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1767,6 +1756,39 @@ int ssl3_get_key_exchange(SSL *s)
goto f_err;
}
+ /*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+ {
+ BIGNUM *tmp = NULL;
+
+ if (!BN_is_odd(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+ goto f_err;
+ }
+ if (BN_is_negative(dh->g) || BN_is_zero(dh->g)
+ || BN_is_one(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+ if ((tmp = BN_new()) == NULL
+ || BN_copy(tmp, dh->p) == NULL
+ || !BN_sub_word(tmp, 1)) {
+ BN_free(tmp);
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (BN_cmp(dh->g, tmp) >= 0) {
+ BN_free(tmp);
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+ BN_free(tmp);
+ }
+
# ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey =
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.22 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.23
--- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.22 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Fri Jan 27 23:16:21 2017
@@ -136,6 +136,9 @@ static int do_ssl3_write(SSL *s, int typ
unsigned int len, int create_empty_fragment);
static int ssl3_get_record(SSL *s);
+/*
+ * Return values are as per SSL_read()
+ */
int ssl3_read_n(SSL *s, int n, int max, int extend)
{
/*
@@ -1086,7 +1089,10 @@ static int do_ssl3_write(SSL *s, int typ
return -1;
}
-/* if s->s3->wbuf.left != 0, we need to call this */
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write(), i.e.
+ */
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len)
{
@@ -1126,7 +1132,7 @@ int ssl3_write_pending(SSL *s, int type,
*/
wb->left = 0;
}
- return (i);
+ return i;
}
wb->offset += i;
wb->left -= i;
@@ -1597,16 +1603,13 @@ int ssl3_read_bytes(SSL *s, int type, un
switch (rr->type) {
default:
-#ifndef OPENSSL_NO_TLS
/*
- * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
- * an unexpected message alert.
+ * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+ * TLS 1.2 says you MUST send an unexpected message alert. We use the
+ * TLS 1.2 behaviour for all protocol versions to prevent issues where
+ * no progress is being made and the peer continually sends unrecognised
+ * record types, using up resources processing them.
*/
- if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
- rr->length = 0;
- goto start;
- }
-#endif
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.22 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.23
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.22 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Fri Jan 27 23:16:21 2017
@@ -132,6 +132,9 @@ static int ssl_check_clienthello_tlsext_
int ssl_check_serverhello_tlsext(SSL *s);
#endif
+#define CHECKLEN(curr, val, limit) \
+ (((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val))
+
SSL3_ENC_METHOD TLSv1_enc_data = {
tls1_enc,
tls1_mac,
@@ -1263,8 +1266,7 @@ unsigned char *ssl_add_clienthello_tlsex
if (s->tlsext_hostname != NULL) {
/* Add TLS extension servername to the Client Hello message */
- unsigned long size_str;
- long lenmax;
+ size_t size_str;
/*-
* check for enough space.
@@ -1274,10 +1276,8 @@ unsigned char *ssl_add_clienthello_tlsex
* 2 for hostname length
* + hostname length
*/
-
- if ((lenmax = limit - ret - 9) < 0
- || (size_str =
- strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+ size_str = strlen(s->tlsext_hostname);
+ if (CHECKLEN(ret, 9 + size_str, limit))
return NULL;
/* extension type and length */
@@ -1321,7 +1321,7 @@ unsigned char *ssl_add_clienthello_tlsex
if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
* Client Hello message */
- int login_len = strlen(s->srp_ctx.login);
+ size_t login_len = strlen(s->srp_ctx.login);
if (login_len > 255 || login_len == 0) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
@@ -1333,7 +1333,7 @@ unsigned char *ssl_add_clienthello_tlsex
* 1 for the srp user identity
* + srp user identity length
*/
- if ((limit - ret - 5 - login_len) < 0)
+ if (CHECKLEN(ret, 5 + login_len, limit))
return NULL;
/* fill in the extension */
@@ -1350,20 +1350,23 @@ unsigned char *ssl_add_clienthello_tlsex
/*
* Add TLS extension ECPointFormats to the ClientHello message
*/
- long lenmax;
const unsigned char *pcurves, *pformats;
size_t num_curves, num_formats, curves_list_len;
tls1_get_formatlist(s, &pformats, &num_formats);
- if ((lenmax = limit - ret - 5) < 0)
- return NULL;
- if (num_formats > (size_t)lenmax)
- return NULL;
if (num_formats > 255) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
+ /*-
+ * check for enough space.
+ * 4 bytes for the ec point formats type and extension length
+ * 1 byte for the length of the formats
+ * + formats length
+ */
+ if (CHECKLEN(ret, 5 + num_formats, limit))
+ return NULL;
s2n(TLSEXT_TYPE_ec_point_formats, ret);
/* The point format list has 1-byte length. */
@@ -1379,15 +1382,20 @@ unsigned char *ssl_add_clienthello_tlsex
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves))
return NULL;
- if ((lenmax = limit - ret - 6) < 0)
- return NULL;
- if (num_curves > (size_t)lenmax / 2)
- return NULL;
if (num_curves > 65532 / 2) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
curves_list_len = 2 * num_curves;
+ /*-
+ * check for enough space.
+ * 4 bytes for the ec curves type and extension length
+ * 2 bytes for the curve list length
+ * + curve list length
+ */
+ if (CHECKLEN(ret, 6 + curves_list_len, limit))
+ return NULL;
+
s2n(TLSEXT_TYPE_elliptic_curves, ret);
s2n(curves_list_len + 2, ret);
s2n(curves_list_len, ret);
@@ -1397,7 +1405,7 @@ unsigned char *ssl_add_clienthello_tlsex
# endif /* OPENSSL_NO_EC */
if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
- int ticklen;
+ size_t ticklen;
if (!s->new_session && s->session && s->session->tlsext_tick)
ticklen = s->session->tlsext_ticklen;
else if (s->session && s->tlsext_session_ticket &&
@@ -1418,11 +1426,11 @@ unsigned char *ssl_add_clienthello_tlsex
* Check for enough room 2 for extension type, 2 for len rest for
* ticket
*/
- if ((long)(limit - ret - 4 - ticklen) < 0)
+ if (CHECKLEN(ret, 4 + ticklen, limit))
return NULL;
s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(ticklen, ret);
- if (ticklen) {
+ if (ticklen > 0) {
memcpy(ret, s->session->tlsext_tick, ticklen);
ret += ticklen;
}
@@ -1433,7 +1441,14 @@ unsigned char *ssl_add_clienthello_tlsex
size_t salglen;
const unsigned char *salg;
salglen = tls12_get_psigalgs(s, &salg);
- if ((size_t)(limit - ret) < salglen + 6)
+
+ /*-
+ * check for enough space.
+ * 4 bytes for the sigalgs type and extension length
+ * 2 bytes for the sigalg list length
+ * + sigalg list length
+ */
+ if (CHECKLEN(ret, salglen + 6, limit))
return NULL;
s2n(TLSEXT_TYPE_signature_algorithms, ret);
s2n(salglen + 2, ret);
@@ -1460,30 +1475,42 @@ unsigned char *ssl_add_clienthello_tlsex
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
- long extlen, idlen, itmp;
+ size_t extlen, idlen;
+ int lentmp;
OCSP_RESPID *id;
idlen = 0;
for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
- itmp = i2d_OCSP_RESPID(id, NULL);
- if (itmp <= 0)
+ lentmp = i2d_OCSP_RESPID(id, NULL);
+ if (lentmp <= 0)
return NULL;
- idlen += itmp + 2;
+ idlen += (size_t)lentmp + 2;
}
if (s->tlsext_ocsp_exts) {
- extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
- if (extlen < 0)
+ lentmp = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+ if (lentmp < 0)
return NULL;
+ extlen = (size_t)lentmp;
} else
extlen = 0;
- if ((long)(limit - ret - 7 - extlen - idlen) < 0)
- return NULL;
- s2n(TLSEXT_TYPE_status_request, ret);
if (extlen + idlen > 0xFFF0)
return NULL;
+ /*
+ * 2 bytes for status request type
+ * 2 bytes for status request len
+ * 1 byte for OCSP request type
+ * 2 bytes for length of ids
+ * 2 bytes for length of extensions
+ * + length of ids
+ * + length of extensions
+ */
+ if (CHECKLEN(ret, 9 + idlen + extlen, limit))
+ return NULL;
+
+ s2n(TLSEXT_TYPE_status_request, ret);
s2n(extlen + idlen + 5, ret);
*(ret++) = TLSEXT_STATUSTYPE_ocsp;
s2n(idlen, ret);
@@ -1493,9 +1520,9 @@ unsigned char *ssl_add_clienthello_tlsex
id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
/* skip over id len */
ret += 2;
- itmp = i2d_OCSP_RESPID(id, &ret);
+ lentmp = i2d_OCSP_RESPID(id, &ret);
/* write id len */
- s2n(itmp, q);
+ s2n(lentmp, q);
}
s2n(extlen, ret);
if (extlen > 0)
@@ -1503,8 +1530,15 @@ unsigned char *ssl_add_clienthello_tlsex
}
# ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension */
- if ((limit - ret - 4 - 1) < 0)
+
+ /*-
+ * check for enough space.
+ * 4 bytes for the heartbeat ext type and extension length
+ * 1 byte for the mode
+ */
+ if (CHECKLEN(ret, 5, limit))
return NULL;
+
s2n(TLSEXT_TYPE_heartbeat, ret);
s2n(1, ret);
/*-
@@ -1524,7 +1558,12 @@ unsigned char *ssl_add_clienthello_tlsex
* The client advertises an emtpy extension to indicate its support
* for Next Protocol Negotiation
*/
- if (limit - ret - 4 < 0)
+
+ /*-
+ * check for enough space.
+ * 4 bytes for the NPN ext type and extension length
+ */
+ if (CHECKLEN(ret, 4, limit))
return NULL;
s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(0, ret);
@@ -1532,7 +1571,13 @@ unsigned char *ssl_add_clienthello_tlsex
# endif
if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) {
- if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
+ /*-
+ * check for enough space.
+ * 4 bytes for the ALPN type and extension length
+ * 2 bytes for the ALPN protocol list length
+ * + ALPN protocol list length
+ */
+ if (CHECKLEN(ret, 6 + s->alpn_client_proto_list_len, limit))
return NULL;
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
s2n(2 + s->alpn_client_proto_list_len, ret);
@@ -1547,7 +1592,12 @@ unsigned char *ssl_add_clienthello_tlsex
ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
- if ((limit - ret - 4 - el) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the SRTP type and extension length
+ * + SRTP profiles length
+ */
+ if (CHECKLEN(ret, 4 + el, limit))
return NULL;
s2n(TLSEXT_TYPE_use_srtp, ret);
@@ -1587,6 +1637,17 @@ unsigned char *ssl_add_clienthello_tlsex
else
hlen = 0;
+ /*-
+ * check for enough space. Strictly speaking we know we've already
+ * got enough space because to get here the message size is < 0x200,
+ * but we know that we've allocated far more than that in the buffer
+ * - but for consistency and robustness we're going to check anyway.
+ *
+ * 4 bytes for the padding type and extension length
+ * + padding length
+ */
+ if (CHECKLEN(ret, 4 + hlen, limit))
+ return NULL;
s2n(TLSEXT_TYPE_padding, ret);
s2n(hlen, ret);
memset(ret, 0, hlen);
@@ -1644,7 +1705,12 @@ unsigned char *ssl_add_serverhello_tlsex
return NULL;
}
- if ((limit - ret - 4 - el) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the reneg type and extension length
+ * + reneg data length
+ */
+ if (CHECKLEN(ret, 4 + el, limit))
return NULL;
s2n(TLSEXT_TYPE_renegotiate, ret);
@@ -1664,19 +1730,23 @@ unsigned char *ssl_add_serverhello_tlsex
/*
* Add TLS extension ECPointFormats to the ServerHello message
*/
- long lenmax;
tls1_get_formatlist(s, &plist, &plistlen);
- if ((lenmax = limit - ret - 5) < 0)
- return NULL;
- if (plistlen > (size_t)lenmax)
- return NULL;
if (plistlen > 255) {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL;
}
+ /*-
+ * check for enough space.
+ * 4 bytes for the ec points format type and extension length
+ * 1 byte for the points format list length
+ * + length of points format list
+ */
+ if (CHECKLEN(ret, 5 + plistlen, limit))
+ return NULL;
+
s2n(TLSEXT_TYPE_ec_point_formats, ret);
s2n(plistlen + 1, ret);
*(ret++) = (unsigned char)plistlen;
@@ -1691,14 +1761,22 @@ unsigned char *ssl_add_serverhello_tlsex
# endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
- if ((long)(limit - ret - 4) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the Ticket type and extension length
+ */
+ if (CHECKLEN(ret, 4, limit))
return NULL;
s2n(TLSEXT_TYPE_session_ticket, ret);
s2n(0, ret);
}
if (s->tlsext_status_expected) {
- if ((long)(limit - ret - 4) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the Status request type and extension length
+ */
+ if (CHECKLEN(ret, 4, limit))
return NULL;
s2n(TLSEXT_TYPE_status_request, ret);
s2n(0, ret);
@@ -1726,7 +1804,12 @@ unsigned char *ssl_add_serverhello_tlsex
ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
- if ((limit - ret - 4 - el) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the SRTP profiles type and extension length
+ * + length of the SRTP profiles list
+ */
+ if (CHECKLEN(ret, 4 + el, limit))
return NULL;
s2n(TLSEXT_TYPE_use_srtp, ret);
@@ -1751,16 +1834,23 @@ unsigned char *ssl_add_serverhello_tlsex
0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
};
- if (limit - ret < 36)
+
+ /* check for enough space. */
+ if (CHECKLEN(ret, sizeof(cryptopro_ext), limit))
return NULL;
- memcpy(ret, cryptopro_ext, 36);
- ret += 36;
+ memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
+ ret += sizeof(cryptopro_ext);
}
# ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension if we've received one */
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
- if ((limit - ret - 4 - 1) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the Heartbeat type and extension length
+ * 1 byte for the mode
+ */
+ if (CHECKLEN(ret, 5, limit))
return NULL;
s2n(TLSEXT_TYPE_heartbeat, ret);
s2n(1, ret);
@@ -1789,7 +1879,12 @@ unsigned char *ssl_add_serverhello_tlsex
s->
ctx->next_protos_advertised_cb_arg);
if (r == SSL_TLSEXT_ERR_OK) {
- if ((long)(limit - ret - 4 - npalen) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the NPN type and extension length
+ * + length of protocols list
+ */
+ if (CHECKLEN(ret, 4 + npalen, limit))
return NULL;
s2n(TLSEXT_TYPE_next_proto_neg, ret);
s2n(npalen, ret);
@@ -1804,9 +1899,16 @@ unsigned char *ssl_add_serverhello_tlsex
if (s->s3->alpn_selected) {
const unsigned char *selected = s->s3->alpn_selected;
- unsigned len = s->s3->alpn_selected_len;
+ size_t len = s->s3->alpn_selected_len;
- if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
+ /*-
+ * check for enough space.
+ * 4 bytes for the ALPN type and extension length
+ * 2 bytes for ALPN data length
+ * 1 byte for selected protocol length
+ * + length of the selected protocol
+ */
+ if (CHECKLEN(ret, 7 + len, limit))
return NULL;
s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
s2n(3 + len, ret);
@@ -1966,11 +2068,10 @@ static int tls1_alpn_handle_client_hello
/*
* Process the ALPN extension in a ClientHello.
- * ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_*
* al: a pointer to the alert value to send in the event of a failure.
- * returns 1 on success, 0 on failure: al/ret set only on failure
+ * returns 1 on success, 0 on failure: al set only on failure
*/
-static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
+static int tls1_alpn_handle_client_hello_late(SSL *s, int *al)
{
const unsigned char *selected = NULL;
unsigned char selected_len = 0;
@@ -1986,7 +2087,6 @@ static int tls1_alpn_handle_client_hello
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
if (s->s3->alpn_selected == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
- *ret = SSL_TLSEXT_ERR_ALERT_FATAL;
return 0;
}
memcpy(s->s3->alpn_selected, selected, selected_len);
@@ -3064,10 +3164,12 @@ int tls1_set_server_sigalgs(SSL *s)
return 0;
}
-int ssl_check_clienthello_tlsext_late(SSL *s)
+/*
+ * Upon success, returns 1.
+ * Upon failure, returns 0 and sets |al| to the appropriate fatal alert.
+ */
+int ssl_check_clienthello_tlsext_late(SSL *s, int *al)
{
- int ret = SSL_TLSEXT_ERR_OK;
- int al;
/*
* If status request then ask callback what to do. Note: this must be
@@ -3076,58 +3178,41 @@ int ssl_check_clienthello_tlsext_late(SS
* influence which certificate is sent
*/
if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
- int r;
+ int ret;
CERT_PKEY *certpkey;
certpkey = ssl_get_server_send_pkey(s);
/* If no certificate can't return certificate status */
- if (certpkey == NULL) {
- s->tlsext_status_expected = 0;
- return 1;
- }
- /*
- * Set current certificate to one we will use so SSL_get_certificate
- * et al can pick it up.
- */
- s->cert->key = certpkey;
- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- switch (r) {
- /* We don't want to send a status request response */
- case SSL_TLSEXT_ERR_NOACK:
- s->tlsext_status_expected = 0;
- break;
- /* status request response should be sent */
- case SSL_TLSEXT_ERR_OK:
- if (s->tlsext_ocsp_resp)
- s->tlsext_status_expected = 1;
- else
+ if (certpkey != NULL) {
+ /*
+ * Set current certificate to one we will use so SSL_get_certificate
+ * et al can pick it up.
+ */
+ s->cert->key = certpkey;
+ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ switch (ret) {
+ /* We don't want to send a status request response */
+ case SSL_TLSEXT_ERR_NOACK:
s->tlsext_status_expected = 0;
- break;
- /* something bad happened */
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_INTERNAL_ERROR;
- goto err;
+ break;
+ /* status request response should be sent */
+ case SSL_TLSEXT_ERR_OK:
+ if (s->tlsext_ocsp_resp)
+ s->tlsext_status_expected = 1;
+ break;
+ /* something bad happened */
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ default:
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
}
- } else
- s->tlsext_status_expected = 0;
-
- if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) {
- goto err;
}
- err:
- switch (ret) {
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
-
- case SSL_TLSEXT_ERR_ALERT_WARNING:
- ssl3_send_alert(s, SSL3_AL_WARNING, al);
- return 1;
-
- default:
- return 1;
+ if (!tls1_alpn_handle_client_hello_late(s, al)) {
+ return 0;
}
+
+ return 1;
}
int ssl_check_serverhello_tlsext(SSL *s)
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.25 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.26
--- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.25 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Fri Jan 27 23:16:21 2017
@@ -506,7 +506,7 @@ int ssl3_accept(SSL *s)
* if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
* during re-negotiation:
*/
- ((s->session->peer != NULL) &&
+ (s->s3->tmp.finish_md_len != 0 &&
(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
/*
* never request cert in anonymous ciphersuites (see
@@ -1464,9 +1464,9 @@ int ssl3_get_client_hello(SSL *s)
/* Handles TLS extensions that we couldn't check earlier */
if (s->version >= SSL3_VERSION) {
- if (ssl_check_clienthello_tlsext_late(s) <= 0) {
+ if (!ssl_check_clienthello_tlsext_late(s, &al)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
- goto err;
+ goto f_err;
}
}
@@ -1600,6 +1600,9 @@ int ssl3_send_server_key_exchange(SSL *s
unsigned int u;
#endif
#ifndef OPENSSL_NO_DH
+# ifdef OPENSSL_NO_RSA
+ int j;
+# endif
DH *dh = NULL, *dhp;
#endif
#ifndef OPENSSL_NO_ECDH
@@ -1861,6 +1864,16 @@ int ssl3_send_server_key_exchange(SSL *s
n += 1 + nr[i];
else
#endif
+#ifndef OPENSSL_NO_DH
+ /*
+ * for interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime, so use the length of the prime here
+ */
+ if ((i == 2) && (type & (SSL_kEDH)))
+ n += 2 + nr[0];
+ else
+#endif
n += 2 + nr[i];
}
@@ -1895,6 +1908,20 @@ int ssl3_send_server_key_exchange(SSL *s
p++;
} else
#endif
+#ifndef OPENSSL_NO_DH
+ /*
+ * for interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime
+ */
+ if ((i == 2) && (type & (SSL_kEDH))) {
+ s2n(nr[0], p);
+ for (j = 0; j < (nr[0] - nr[2]); ++j) {
+ *p = 0;
+ ++p;
+ }
+ } else
+#endif
s2n(nr[i], p);
BN_bn2bin(r[i], p);
p += nr[i];
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.11 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.12
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.11 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c Fri Jan 27 23:16:21 2017
@@ -753,6 +753,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
"tls illegal exporter label"},
{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
"tls invalid ecpointformat list"},
+ {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"},
{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
"tls peer did not respond with certificate list"},
{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.8 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.9
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.8 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c Fri Jan 27 23:16:21 2017
@@ -2030,10 +2030,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->rbuf_freelist->len = 0;
ret->rbuf_freelist->head = NULL;
ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
- if (!ret->wbuf_freelist) {
- OPENSSL_free(ret->rbuf_freelist);
+ if (!ret->wbuf_freelist)
goto err;
- }
ret->wbuf_freelist->chunklen = 0;
ret->wbuf_freelist->len = 0;
ret->wbuf_freelist->head = NULL;
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.14 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.15
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.14 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Fri Jan 27 23:16:21 2017
@@ -1384,7 +1384,7 @@ unsigned char *ssl_add_serverhello_tlsex
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
unsigned char *limit);
int tls1_set_server_sigalgs(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s, int *al);
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
unsigned char *d, int n);
int ssl_prepare_clienthello_tlsext(SSL *s);
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.3
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.2 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c Fri Jan 27 23:16:21 2017
@@ -769,6 +769,15 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SS
* obtain the same session from an external cache)
*/
s = NULL;
+ } else if (s == NULL &&
+ lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+ /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+ /*
+ * ... so take back the extra reference and also don't add
+ * the session to the SSL_SESSION_list at this time
+ */
+ s = c;
}
/* Put at the head of the queue unless it is already in the cache */
