Author: jkim
Date: Thu Sep 22 13:05:59 2016
New Revision: 306191
URL: https://svnweb.freebsd.org/changeset/base/306191

Log:
  Import OpenSSL 1.0.1u.

Added:
  vendor-crypto/openssl/dist-1.0.1/doc/crypto/d2i_PrivateKey.pod
Modified:
  vendor-crypto/openssl/dist-1.0.1/CHANGES
  vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING
  vendor-crypto/openssl/dist-1.0.1/Configure
  vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade
  vendor-crypto/openssl/dist-1.0.1/Makefile
  vendor-crypto/openssl/dist-1.0.1/NEWS
  vendor-crypto/openssl/dist-1.0.1/README
  vendor-crypto/openssl/dist-1.0.1/apps/apps.c
  vendor-crypto/openssl/dist-1.0.1/apps/enc.c
  vendor-crypto/openssl/dist-1.0.1/apps/passwd.c
  vendor-crypto/openssl/dist-1.0.1/apps/s_server.c
  vendor-crypto/openssl/dist-1.0.1/apps/x509.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_object.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_set.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn_mime.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/d2i_pr.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_enum.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_int.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_string.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbe.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbev2.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_prn.c
  vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c
  vendor-crypto/openssl/dist-1.0.1/crypto/bio/bf_nbio.c
  vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_lib.c
  vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_print.c
  vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_rand.c
  vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_enc.c
  vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_ess.c
  vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_pwri.c
  vendor-crypto/openssl/dist-1.0.1/crypto/des/des.c
  vendor-crypto/openssl/dist-1.0.1/crypto/des/enc_writ.c
  vendor-crypto/openssl/dist-1.0.1/crypto/dsa/dsa_gen.c
  vendor-crypto/openssl/dist-1.0.1/crypto/dsa/dsa_ossl.c
  vendor-crypto/openssl/dist-1.0.1/crypto/evp/bio_ok.c
  vendor-crypto/openssl/dist-1.0.1/crypto/evp/digest.c
  vendor-crypto/openssl/dist-1.0.1/crypto/evp/e_seed.c
  vendor-crypto/openssl/dist-1.0.1/crypto/md2/md2_dgst.c
  vendor-crypto/openssl/dist-1.0.1/crypto/md32_common.h
  vendor-crypto/openssl/dist-1.0.1/crypto/mdc2/mdc2dgst.c
  vendor-crypto/openssl/dist-1.0.1/crypto/ocsp/ocsp_ext.c
  vendor-crypto/openssl/dist-1.0.1/crypto/opensslv.h
  vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem.h
  vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_err.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pem/pem_lib.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pem/pvkfmt.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_mutl.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_npas.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/p12_utl.c
  vendor-crypto/openssl/dist-1.0.1/crypto/pkcs12/pkcs12.h
  vendor-crypto/openssl/dist-1.0.1/crypto/pkcs7/pk7_doit.c
  vendor-crypto/openssl/dist-1.0.1/crypto/rand/rand_unix.c
  vendor-crypto/openssl/dist-1.0.1/crypto/srp/srp_lib.c
  vendor-crypto/openssl/dist-1.0.1/crypto/srp/srp_vfy.c
  vendor-crypto/openssl/dist-1.0.1/crypto/ts/ts_lib.c
  vendor-crypto/openssl/dist-1.0.1/crypto/whrlpool/wp_dgst.c
  vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509.h
  vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_err.c
  vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_txt.c
  vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_vfy.c
  vendor-crypto/openssl/dist-1.0.1/crypto/x509/x509_vfy.h
  vendor-crypto/openssl/dist-1.0.1/crypto/x509v3/v3_addr.c
  vendor-crypto/openssl/dist-1.0.1/doc/apps/cms.pod
  vendor-crypto/openssl/dist-1.0.1/doc/apps/smime.pod
  vendor-crypto/openssl/dist-1.0.1/doc/apps/verify.pod
  vendor-crypto/openssl/dist-1.0.1/doc/crypto/X509_verify_cert.pod
  vendor-crypto/openssl/dist-1.0.1/ssl/d1_both.c
  vendor-crypto/openssl/dist-1.0.1/ssl/d1_clnt.c
  vendor-crypto/openssl/dist-1.0.1/ssl/d1_lib.c
  vendor-crypto/openssl/dist-1.0.1/ssl/d1_pkt.c
  vendor-crypto/openssl/dist-1.0.1/ssl/d1_srvr.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s23_clnt.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s2_clnt.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s2_srvr.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s3_both.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s3_clnt.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s3_lib.c
  vendor-crypto/openssl/dist-1.0.1/ssl/s3_srvr.c
  vendor-crypto/openssl/dist-1.0.1/ssl/ssl.h
  vendor-crypto/openssl/dist-1.0.1/ssl/ssl_err.c
  vendor-crypto/openssl/dist-1.0.1/ssl/ssl_lib.c
  vendor-crypto/openssl/dist-1.0.1/ssl/ssl_locl.h
  vendor-crypto/openssl/dist-1.0.1/ssl/ssl_sess.c
  vendor-crypto/openssl/dist-1.0.1/ssl/t1_lib.c

Modified: vendor-crypto/openssl/dist-1.0.1/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/CHANGES    Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/CHANGES    Thu Sep 22 13:05:59 2016        
(r306191)
@@ -2,6 +2,166 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1t and 1.0.1u [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+     A malicious client can send an excessively large OCSP Status Request
+     extension. If that client continually requests renegotiation, sending a
+     large OCSP Status Request extension each time, then there will be 
unbounded
+     memory growth on the server. This will eventually lead to a Denial Of
+     Service attack through memory exhaustion. Servers with a default
+     configuration are vulnerable even if they do not support OCSP. Builds 
using
+     the "no-ocsp" build time option are not affected.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6304)
+     [Matt Caswell]
+
+  *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
+     HIGH to MEDIUM.
+
+     This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
+     Leurent (INRIA)
+     (CVE-2016-2183)
+     [Rich Salz]
+
+  *) OOB write in MDC2_Update()
+
+     An overflow can occur in MDC2_Update() either if called directly or
+     through the EVP_DigestUpdate() function using MDC2. If an attacker
+     is able to supply very large amounts of input data after a previous
+     call to EVP_EncryptUpdate() with a partial block then a length check
+     can overflow resulting in a heap corruption.
+
+     The amount of data needed is comparable to SIZE_MAX which is impractical
+     on most platforms.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6303)
+     [Stephen Henson]
+
+  *) Malformed SHA512 ticket DoS
+
+     If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
+     DoS attack where a malformed ticket will result in an OOB read which will
+     ultimately crash.
+
+     The use of SHA512 in TLS session tickets is comparatively rare as it 
requires
+     a custom server callback and ticket lookup mechanism.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6302)
+     [Stephen Henson]
+
+  *) OOB write in BN_bn2dec()
+
+     The function BN_bn2dec() does not check the return value of BN_div_word().
+     This can cause an OOB write if an application uses this function with an
+     overly large BIGNUM. This could be a problem if an overly large 
certificate
+     or CRL is printed out from an untrusted source. TLS is not affected 
because
+     record limits will reject an oversized certificate before it is parsed.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-2182)
+     [Stephen Henson]
+
+  *) OOB read in TS_OBJ_print_bio()
+
+     The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
+     the total length the OID text representation would use and not the amount
+     of data written. This will result in OOB reads when large OIDs are
+     presented.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-2180)
+     [Stephen Henson]
+
+  *) Pointer arithmetic undefined behaviour
+
+     Avoid some undefined pointer arithmetic
+
+     A common idiom in the codebase is to check limits in the following manner:
+     "p + len > limit"
+
+     Where "p" points to some malloc'd data of SIZE bytes and
+     limit == p + SIZE
+
+     "len" here could be from some externally supplied data (e.g. from a TLS
+     message).
+
+     The rules of C pointer arithmetic are such that "p + len" is only well
+     defined where len <= SIZE. Therefore the above idiom is actually
+     undefined behaviour.
+
+     For example this could cause problems if some malloc implementation
+     provides an address for "p" such that "p + len" actually overflows for
+     values of len that are too big and therefore p + len < limit.
+
+     This issue was reported to OpenSSL by Guido Vranken
+     (CVE-2016-2177)
+     [Matt Caswell]
+
+  *) Constant time flag not preserved in DSA signing
+
+     Operations in the DSA signing algorithm should run in constant time in
+     order to avoid side channel attacks. A flaw in the OpenSSL DSA
+     implementation means that a non-constant time codepath is followed for
+     certain operations. This has been demonstrated through a cache-timing
+     attack to be sufficient for an attacker to recover the private DSA key.
+
+     This issue was reported by César Pereida (Aalto University), Billy Brumley
+     (Tampere University of Technology), and Yuval Yarom (The University of
+     Adelaide and NICTA).
+     (CVE-2016-2178)
+     [César Pereida]
+
+  *) DTLS buffered message DoS
+
+     In a DTLS connection where handshake messages are delivered out-of-order
+     those messages that OpenSSL is not yet ready to process will be buffered
+     for later use. Under certain circumstances, a flaw in the logic means that
+     those messages do not get removed from the buffer even though the 
handshake
+     has been completed. An attacker could force up to approx. 15 messages to
+     remain in the buffer when they are no longer required. These messages will
+     be cleared when the DTLS connection is closed. The default maximum size 
for
+     a message is 100k. Therefore the attacker could force an additional 1500k
+     to be consumed per connection. By opening many simulataneous connections 
an
+     attacker could cause a DoS attack through memory exhaustion.
+
+     This issue was reported to OpenSSL by Quan Luo.
+     (CVE-2016-2179)
+     [Matt Caswell]
+
+  *) DTLS replay protection DoS
+
+     A flaw in the DTLS replay attack protection mechanism means that records
+     that arrive for future epochs update the replay protection "window" before
+     the MAC for the record has been validated. This could be exploited by an
+     attacker by sending a record for the next epoch (which does not have to
+     decrypt or have a valid MAC), with a very large sequence number. This 
means
+     that all subsequent legitimate packets are dropped causing a denial of
+     service for a specific DTLS connection.
+
+     This issue was reported to OpenSSL by the OCAP audit team.
+     (CVE-2016-2181)
+     [Matt Caswell]
+
+  *) Certificate message OOB reads
+
+     In OpenSSL 1.0.2 and earlier some missing message length checks can result
+     in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
+     theoretical DoS risk but this has not been observed in practice on common
+     platforms.
+
+     The messages affected are client certificate, client certificate request
+     and server certificate. As a result the attack can only be performed
+     against a client or a server which enables client authentication.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6306)
+     [Stephen Henson]
+
  Changes between 1.0.1s and 1.0.1t [3 May 2016]
 
   *) Prevent padding oracle in AES-NI CBC MAC check

Modified: vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING       Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/CONTRIBUTING       Thu Sep 22 13:05:59 
2016        (r306191)
@@ -1,38 +1,75 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
+HOW TO CONTRIBUTE TO PATCHES OpenSSL
+------------------------------------
 
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to r...@openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to r...@openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
 
+Development is coordinated on the openssl-dev mailing list (see the
+above link or https://mta.openssl.org for information on subscribing).
 If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
-
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first.  Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
+
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to r...@openssl.org to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
+
+You can also submit patches by sending it as mail to r...@openssl.org.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line.  If you do this, our preferred format is "git
+format-patch" output. For example to provide a patch file containing the
+last commit in your local git repository use the following command:
 
-# git format-patch --stdout HEAD^ >mydiffs.patch
+    % git format-patch --stdout HEAD^ >mydiffs.patch
 
 Another method of creating an acceptable patch file without using git is as
 follows:
 
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch
+    % cd openssl-work
+    ...make your changes...
+    % ./Configure dist; make clean
+    % cd ..
+    % diff -ur openssl-orig openssl-work >mydiffs.patch
+
+Note that pull requests are generally easier for the team, and community, to
+work with.  Pull requests benefit from all of the standard GitHub features,
+including code review tools, simpler integration, and CI build support.
+
+No matter how a patch is submitted, the following items will help make
+the acceptance and review process faster:
+
+    1. Anything other than trivial contributions will require a contributor
+    licensing agreement, giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible.  When using GitHub, please
+    expect to have to rebase and update often. Note that we do not accept merge
+    commits. You will be asked to remove them before a patch is considered
+    acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile without
+    warnings. Where gcc or clang is availble you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.
+
+    5.  When at all possible, patches should include tests. These can either be
+    added to an existing test, or completely new.  Please see test/README
+    for information on the test framework.
+
+    6.  New features or changed functionality must include documentation. 
Please
+    look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+    our style.

Modified: vendor-crypto/openssl/dist-1.0.1/Configure
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/Configure  Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/Configure  Thu Sep 22 13:05:59 2016        
(r306191)
@@ -741,7 +741,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 
-DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 
-DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST 
-DOPENSSL_NO_WEAK_SSL_CIPHERS";
 
 # Explicit "no-..." options will be collected in %disabled along with the 
defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's 
experimental).

Modified: vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade    Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/FREEBSD-upgrade    Thu Sep 22 13:05:59 
2016        (r306191)
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/Subv
 # Xlist
 setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
 setenv FSVN "svn+ssh://svn.freebsd.org/base"
-setenv OSSLVER 1.0.1t
-# OSSLTAG format: v1_0_1t
+setenv OSSLVER 1.0.1u
+# OSSLTAG format: v1_0_1u
 
 ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
 

Modified: vendor-crypto/openssl/dist-1.0.1/Makefile
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/Makefile   Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/Makefile   Thu Sep 22 13:05:59 2016        
(r306191)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1t
+VERSION=1.0.1u
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0

Modified: vendor-crypto/openssl/dist-1.0.1/NEWS
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/NEWS       Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/NEWS       Thu Sep 22 13:05:59 2016        
(r306191)
@@ -5,6 +5,20 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SWEET32 Mitigation (CVE-2016-2183)
+      o OOB write in MDC2_Update() (CVE-2016-6303)
+      o Malformed SHA512 ticket DoS (CVE-2016-6302)
+      o OOB write in BN_bn2dec() (CVE-2016-2182)
+      o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
+      o Pointer arithmetic undefined behaviour (CVE-2016-2177)
+      o Constant time flag not preserved in DSA signing (CVE-2016-2178)
+      o DTLS buffered message DoS (CVE-2016-2179)
+      o DTLS replay protection DoS (CVE-2016-2181)
+      o Certificate message OOB reads (CVE-2016-6306)
+
   Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]
 
       o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Modified: vendor-crypto/openssl/dist-1.0.1/README
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/README     Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/README     Thu Sep 22 13:05:59 2016        
(r306191)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1t 3 May 2016
+ OpenSSL 1.0.1u 22 Sep 2016
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: vendor-crypto/openssl/dist-1.0.1/apps/apps.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/apps.c        Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/apps/apps.c        Thu Sep 22 13:05:59 
2016        (r306191)
@@ -2241,6 +2241,8 @@ int args_verify(char ***pargs, int *parg
         flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
     else if (!strcmp(arg, "-no_alt_chains"))
         flags |= X509_V_FLAG_NO_ALT_CHAINS;
+    else if (!strcmp(arg, "-allow_proxy_certs"))
+        flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
     else
         return 0;
 

Modified: vendor-crypto/openssl/dist-1.0.1/apps/enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/enc.c Thu Sep 22 13:04:51 2016        
(r306190)
+++ vendor-crypto/openssl/dist-1.0.1/apps/enc.c Thu Sep 22 13:05:59 2016        
(r306191)
@@ -509,7 +509,7 @@ int MAIN(int argc, char **argv)
                             BIO_printf(bio_err, "invalid hex salt value\n");
                             goto end;
                         }
-                    } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+                    } else if (RAND_bytes(salt, sizeof salt) <= 0)
                         goto end;
                     /*
                      * If -P option then don't bother writing

Modified: vendor-crypto/openssl/dist-1.0.1/apps/passwd.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/passwd.c      Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/apps/passwd.c      Thu Sep 22 13:05:59 
2016        (r306191)
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, ch
                 if (*salt_malloc_p == NULL)
                     goto err;
             }
-            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+            if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
                 goto err;
             (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
             (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, ch
                 if (*salt_malloc_p == NULL)
                     goto err;
             }
-            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+            if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
                 goto err;
 
             for (i = 0; i < 8; i++)

Modified: vendor-crypto/openssl/dist-1.0.1/apps/s_server.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/s_server.c    Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/apps/s_server.c    Thu Sep 22 13:05:59 
2016        (r306191)
@@ -2968,7 +2968,7 @@ static int generate_session_id(const SSL
 {
     unsigned int count = 0;
     do {
-        if (RAND_pseudo_bytes(id, *id_len) < 0)
+        if (RAND_bytes(id, *id_len) <= 0)
             return 0;
         /*
          * Prefix the session_id with the required prefix. NB: If our prefix

Modified: vendor-crypto/openssl/dist-1.0.1/apps/x509.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/apps/x509.c        Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/apps/x509.c        Thu Sep 22 13:05:59 
2016        (r306191)
@@ -1053,6 +1053,10 @@ static int x509_certify(X509_STORE *ctx,
     EVP_PKEY *upkey;
 
     upkey = X509_get_pubkey(xca);
+    if (upkey == NULL)  {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
     EVP_PKEY_copy_parameters(upkey, pkey);
     EVP_PKEY_free(upkey);
 
@@ -1161,6 +1165,8 @@ static int sign(X509 *x, EVP_PKEY *pkey,
     EVP_PKEY *pktmp;
 
     pktmp = X509_get_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
     EVP_PKEY_copy_parameters(pktmp, pkey);
     EVP_PKEY_save_parameters(pktmp, 1);
     EVP_PKEY_free(pktmp);

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c      Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_bytes.c      Thu Sep 22 
13:05:59 2016        (r306191)
@@ -60,7 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
+                                  int depth);
+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
+                                       const unsigned char **pp, long length,
+                                       int Ptag, int Pclass, int depth,
+                                       int *perr);
 /*
  * type is a 'bitmap' of acceptable string types.
  */
@@ -99,7 +104,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_ST
         ret = (*a);
 
     if (len != 0) {
-        s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+        s = OPENSSL_malloc((int)len + 1);
         if (s == NULL) {
             i = ERR_R_MALLOC_FAILURE;
             goto err;
@@ -154,15 +159,38 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsig
     return (r);
 }
 
+/*
+ * Maximum recursion depth of d2i_ASN1_bytes(): much more than should be
+ * encountered in pratice.
+ */
+
+#define ASN1_BYTES_MAXDEPTH 20
+
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
                             long length, int Ptag, int Pclass)
 {
+    int err = 0;
+    ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err);
+    if (err != 0)
+        ASN1err(ASN1_F_D2I_ASN1_BYTES, err);
+    return s;
+}
+
+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
+                                       const unsigned char **pp, long length,
+                                       int Ptag, int Pclass,
+                                       int depth, int *perr)
+{
     ASN1_STRING *ret = NULL;
     const unsigned char *p;
     unsigned char *s;
     long len;
     int inf, tag, xclass;
-    int i = 0;
+
+    if (depth > ASN1_BYTES_MAXDEPTH) {
+        *perr = ASN1_R_NESTED_ASN1_STRING;
+        return NULL;
+    }
 
     if ((a == NULL) || ((*a) == NULL)) {
         if ((ret = ASN1_STRING_new()) == NULL)
@@ -173,18 +201,19 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING 
     p = *pp;
     inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
     if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
+        *perr = ASN1_R_BAD_OBJECT_HEADER;
         goto err;
     }
 
     if (tag != Ptag) {
-        i = ASN1_R_WRONG_TAG;
+        *perr = ASN1_R_WRONG_TAG;
         goto err;
     }
 
     if (inf & V_ASN1_CONSTRUCTED) {
         ASN1_const_CTX c;
 
+        c.error = 0;
         c.pp = pp;
         c.p = p;
         c.inf = inf;
@@ -192,17 +221,18 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING 
         c.tag = Ptag;
         c.xclass = Pclass;
         c.max = (length == 0) ? 0 : (p + length);
-        if (!asn1_collate_primitive(ret, &c))
+        if (!asn1_collate_primitive(ret, &c, depth)) {
+            *perr = c.error;
             goto err;
-        else {
+        } else {
             p = c.p;
         }
     } else {
         if (len != 0) {
             if ((ret->length < len) || (ret->data == NULL)) {
-                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+                s = OPENSSL_malloc((int)len + 1);
                 if (s == NULL) {
-                    i = ERR_R_MALLOC_FAILURE;
+                    *perr = ERR_R_MALLOC_FAILURE;
                     goto err;
                 }
                 if (ret->data != NULL)
@@ -230,7 +260,6 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING 
  err:
     if ((ret != NULL) && ((a == NULL) || (*a != ret)))
         ASN1_STRING_free(ret);
-    ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
     return (NULL);
 }
 
@@ -242,7 +271,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING 
  * There have been a few bug fixes for this function from Paul Keogh
  * <paul.ke...@sse.ie>, many thanks to him
  */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
+                                  int depth)
 {
     ASN1_STRING *os = NULL;
     BUF_MEM b;
@@ -270,9 +300,8 @@ static int asn1_collate_primitive(ASN1_S
         }
 
         c->q = c->p;
-        if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
-            == NULL) {
-            c->error = ERR_R_ASN1_LIB;
+        if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass,
+                               depth + 1, &c->error) == NULL) {
             goto err;
         }
 
@@ -297,7 +326,6 @@ static int asn1_collate_primitive(ASN1_S
         ASN1_STRING_free(os);
     return (1);
  err:
-    ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
     if (os != NULL)
         ASN1_STRING_free(os);
     if (b.data != NULL)

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_object.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_object.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_object.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -73,7 +73,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsi
         return (0);
 
     objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
-    if (pp == NULL)
+    if (pp == NULL || objsize == -1)
         return objsize;
 
     p = *pp;
@@ -174,8 +174,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, 
                 if (!tmp)
                     goto err;
             }
-            while (blsize--)
-                tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+            while (blsize--) {
+                BN_ULONG t = BN_div_word(bl, 0x80L);
+                if (t == (BN_ULONG)-1)
+                    goto err;
+                tmp[i++] = (unsigned char)t;
+            }
         } else {
 
             for (;;) {

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_set.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_set.c        Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/a_set.c        Thu Sep 22 
13:05:59 2016        (r306191)
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>
 
@@ -98,10 +99,14 @@ int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK)
 
     if (a == NULL)
         return (0);
-    for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
+    for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
+        int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+        if (tmplen > INT_MAX - ret)
+            return -1;
         ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+    }
     r = ASN1_object_size(1, ret, ex_tag);
-    if (pp == NULL)
+    if (pp == NULL || r == -1)
         return (r);
 
     p = *pp;

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn1_lib.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -256,26 +256,30 @@ static void asn1_put_length(unsigned cha
 
 int ASN1_object_size(int constructed, int length, int tag)
 {
-    int ret;
-
-    ret = length;
-    ret++;
+    int ret = 1;
+    if (length < 0)
+        return -1;
     if (tag >= 31) {
         while (tag > 0) {
             tag >>= 7;
             ret++;
         }
     }
-    if (constructed == 2)
-        return ret + 3;
-    ret++;
-    if (length > 127) {
-        while (length > 0) {
-            length >>= 8;
-            ret++;
+    if (constructed == 2) {
+        ret += 3;
+    } else {
+        ret++;
+        if (length > 127) {
+            int tmplen = length;
+            while (tmplen > 0) {
+                tmplen >>= 8;
+                ret++;
+            }
         }
     }
-    return (ret);
+    if (ret >= INT_MAX - length)
+        return -1;
+    return ret + length;
 }
 
 static int _asn1_Finish(ASN1_const_CTX *c)
@@ -324,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, 
         return (0);
     }
     if (c->inf == (1 | V_ASN1_CONSTRUCTED))
-        c->slen = *length + *(c->pp) - c->p;
+        c->slen = *length;
     c->eos = 0;
     return (1);
 }
@@ -366,7 +370,7 @@ int ASN1_STRING_set(ASN1_STRING *str, co
         else
             len = strlen(data);
     }
-    if ((str->length < len) || (str->data == NULL)) {
+    if ((str->length <= len) || (str->data == NULL)) {
         c = str->data;
         if (c == NULL)
             str->data = OPENSSL_malloc(len + 1);

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn_mime.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn_mime.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/asn_mime.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALU
     if ((flags & SMIME_DETACHED) && data) {
         /* We want multipart/signed */
         /* Generate a random boundary */
-        if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
+        if (RAND_bytes((unsigned char *)bound, 32) <= 0)
             return 0;
         for (i = 0; i < 32; i++) {
             c = bound[i] & 0xf;

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/d2i_pr.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/d2i_pr.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/d2i_pr.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_P
     if (!ret->ameth->old_priv_decode ||
         !ret->ameth->old_priv_decode(ret, &p, length)) {
         if (ret->ameth->priv_decode) {
+            EVP_PKEY *tmp;
             PKCS8_PRIV_KEY_INFO *p8 = NULL;
             p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
             if (!p8)
                 goto err;
-            EVP_PKEY_free(ret);
-            ret = EVP_PKCS82PKEY(p8);
+            tmp = EVP_PKCS82PKEY(p8);
             PKCS8_PRIV_KEY_INFO_free(p8);
-            if (ret == NULL)
+            if (tmp == NULL)
                 goto err;
+            EVP_PKEY_free(ret);
+            ret = tmp;
         } else {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
             goto err;

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_enum.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_enum.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_enum.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -160,8 +160,6 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_EN
                                                       i * 2);
             if (sp == NULL) {
                 ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
                 goto err;
             }
             s = sp;
@@ -199,5 +197,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_EN
  err_sl:
         ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
     }
+    if (ret != 1)
+        OPENSSL_free(s);
     return (ret);
 }

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_int.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_int.c        Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_int.c        Thu Sep 22 
13:05:59 2016        (r306191)
@@ -172,8 +172,6 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
                 sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
             if (sp == NULL) {
                 ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
                 goto err;
             }
             s = sp;
@@ -211,5 +209,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
  err_sl:
         ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
     }
+    if (ret != 1)
+        OPENSSL_free(s);
     return (ret);
 }

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_string.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_string.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/f_string.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -166,8 +166,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
                                                       i * 2);
             if (sp == NULL) {
                 ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
                 goto err;
             }
             s = sp;
@@ -205,5 +203,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING
  err_sl:
         ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
     }
+    if (ret != 1)
+        OPENSSL_free(s);
     return (ret);
 }

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbe.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbe.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbe.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *alg
     sstr = ASN1_STRING_data(pbe->salt);
     if (salt)
         memcpy(sstr, salt, saltlen);
-    else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+    else if (RAND_bytes(sstr, saltlen) <= 0)
         goto err;
 
     if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbev2.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbev2.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/p5_pbev2.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -120,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_
     if (EVP_CIPHER_iv_length(cipher)) {
         if (aiv)
             memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-        else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
             goto err;
     }
 
@@ -225,7 +225,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, u
 
     if (salt)
         memcpy(osalt->data, salt, saltlen);
-    else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+    else if (RAND_bytes(osalt->data, saltlen) <= 0)
         goto merr;
 
     if (iter <= 0)

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_enc.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -59,6 +59,7 @@
 
 #include <stddef.h>
 #include <string.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
@@ -216,17 +217,19 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, 
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
             const ASN1_TEMPLATE *seqtt;
             ASN1_VALUE **pseqval;
+            int tmplen;
             seqtt = asn1_do_adb(pval, tt, 1);
             if (!seqtt)
                 return 0;
             pseqval = asn1_get_field_ptr(pval, seqtt);
-            /* FIXME: check for errors in enhanced version */
-            seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-                                               -1, aclass);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+                return -1;
+            seqcontlen += tmplen;
         }
 
         seqlen = ASN1_object_size(ndef, seqcontlen, tag);
-        if (!out)
+        if (!out || seqlen == -1)
             return seqlen;
         /* Output SEQUENCE header */
         ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
@@ -339,19 +342,24 @@ static int asn1_template_ex_i2d(ASN1_VAL
         /* Determine total length of items */
         skcontlen = 0;
         for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
             skitem = sk_ASN1_VALUE_value(sk, i);
-            skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
-                                          ASN1_ITEM_ptr(tt->item),
-                                          -1, iclass);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+                return -1;
+            skcontlen += tmplen;
         }
         sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        if (sklen == -1)
+            return -1;
         /* If EXPLICIT need length of surrounding tag */
         if (flags & ASN1_TFLG_EXPTAG)
             ret = ASN1_object_size(ndef, sklen, ttag);
         else
             ret = sklen;
 
-        if (!out)
+        if (!out || ret == -1)
             return ret;
 
         /* Now encode this lot... */
@@ -380,7 +388,7 @@ static int asn1_template_ex_i2d(ASN1_VAL
             return 0;
         /* Find length of EXPLICIT tag */
         ret = ASN1_object_size(ndef, i, ttag);
-        if (out) {
+        if (out && ret != -1) {
             /* Output tag and item */
             ASN1_put_object(out, ndef, i, ttag, tclass);
             ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_prn.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_prn.c     Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/tasn_prn.c     Thu Sep 22 
13:05:59 2016        (r306191)
@@ -446,6 +446,8 @@ static int asn1_print_integer_ctx(BIO *o
     char *s;
     int ret = 1;
     s = i2s_ASN1_INTEGER(NULL, str);
+    if (s == NULL)
+        return 0;
     if (BIO_puts(out, s) <= 0)
         ret = 0;
     OPENSSL_free(s);

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/asn1/x_name.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE *
     int i, j, ret;
     STACK_OF(X509_NAME_ENTRY) *entries;
     X509_NAME_ENTRY *entry;
-    if (len > X509_NAME_MAX) {
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
-        return 0;
-    }
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
     q = p;
 
     /* Get internal representation of Name */

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bio/bf_nbio.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bio/bf_nbio.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bio/bf_nbio.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -139,7 +139,7 @@ static int nbiof_read(BIO *b, char *out,
 
     BIO_clear_retry_flags(b);
 #if 1
-    if (RAND_pseudo_bytes(&n, 1) < 0)
+    if (RAND_bytes(&n, 1) <= 0)
         return -1;
     num = (n & 0x07);
 
@@ -179,7 +179,7 @@ static int nbiof_write(BIO *b, const cha
         num = nt->lwn;
         nt->lwn = 0;
     } else {
-        if (RAND_pseudo_bytes(&n, 1) < 0)
+        if (RAND_bytes(&n, 1) <= 0)
             return -1;
         num = (n & 7);
     }

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_lib.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_lib.c Thu Sep 22 13:04:51 
2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_lib.c Thu Sep 22 13:05:59 
2016        (r306191)
@@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
     a->top = 0;
     a->neg = 0;
 }

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_print.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_print.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_print.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a)
     char *p;
     BIGNUM *t = NULL;
     BN_ULONG *bn_data = NULL, *lp;
+    int bn_data_num;
 
     /*-
      * get an upper bound for the length of the decimal integer
@@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a)
      */
     i = BN_num_bits(a) * 3;
     num = (i / 10 + i / 1000 + 1) + 1;
-    bn_data =
-        (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
-    buf = (char *)OPENSSL_malloc(num + 3);
+    bn_data_num = num / BN_DEC_NUM + 1;
+    bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+    buf = OPENSSL_malloc(num + 3);
     if ((buf == NULL) || (bn_data == NULL)) {
         BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -140,9 +141,12 @@ char *BN_bn2dec(const BIGNUM *a)
         if (BN_is_negative(t))
             *p++ = '-';
 
-        i = 0;
         while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
             *lp = BN_div_word(t, BN_DEC_CONV);
+            if (*lp == (BN_ULONG)-1)
+                goto err;
             lp++;
         }
         lp--;

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_rand.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_rand.c        Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/bn/bn_rand.c        Thu Sep 22 
13:05:59 2016        (r306191)
@@ -145,13 +145,9 @@ static int bnrand(int pseudorand, BIGNUM
     time(&tim);
     RAND_add(&tim, sizeof(tim), 0.0);
 
-    if (pseudorand) {
-        if (RAND_pseudo_bytes(buf, bytes) == -1)
-            goto err;
-    } else {
-        if (RAND_bytes(buf, bytes) <= 0)
-            goto err;
-    }
+    /* We ignore the value of pseudorand and always call RAND_bytes */
+    if (RAND_bytes(buf, bytes) <= 0)
+        goto err;
 
 #if 1
     if (pseudorand == 2) {

Modified: vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_enc.c
==============================================================================
--- vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_enc.c       Thu Sep 22 
13:04:51 2016        (r306190)
+++ vendor-crypto/openssl/dist-1.0.1/crypto/cms/cms_enc.c       Thu Sep 22 
13:05:59 2016        (r306191)
@@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_E
         /* Generate a random IV if we need one */
         ivlen = EVP_CIPHER_CTX_iv_length(ctx);
         if (ivlen > 0) {
-            if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+            if (RAND_bytes(iv, ivlen) <= 0)
                 goto err;
             piv = iv;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to