diff options
author | jkim <jkim@FreeBSD.org> | 2014-04-08 21:06:58 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2014-04-08 21:06:58 +0000 |
commit | 89b378c4b34c70b60981e17ea385f14c9e285912 (patch) | |
tree | 782ade2dc94388e4ddc56b20d9c7ccf578d61077 /crypto/openssl/crypto | |
parent | 808e531530813c805e5f01db2b51e22340fd77a6 (diff) | |
download | FreeBSD-src-89b378c4b34c70b60981e17ea385f14c9e285912.zip FreeBSD-src-89b378c4b34c70b60981e17ea385f14c9e285912.tar.gz |
Merge OpenSSL 1.0.1g.
Approved by: benl (maintainer)
Diffstat (limited to 'crypto/openssl/crypto')
-rwxr-xr-x | crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/asn1/asn1_err.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/bio/bss_log.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/cms/cms_lib.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/cryptlib.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/engine/eng_list.c | 1 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/bio_b64.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/modes/gcm128.c | 88 | ||||
-rw-r--r-- | crypto/openssl/crypto/opensslv.h | 6 | ||||
-rw-r--r-- | crypto/openssl/crypto/rand/md_rand.c | 3 | ||||
-rw-r--r-- | crypto/openssl/crypto/symhacks.h | 6 | ||||
-rw-r--r-- | crypto/openssl/crypto/x509/by_dir.c | 6 | ||||
-rw-r--r-- | crypto/openssl/crypto/x509/x509_vfy.c | 5 |
13 files changed, 110 insertions, 17 deletions
diff --git a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl index 41f2e46..bd7f45b 100755 --- a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl +++ b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl @@ -1060,7 +1060,7 @@ _vpaes_consts: .Lk_dsbo: # decryption sbox final output .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" +.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" .align 64 .size _vpaes_consts,.-_vpaes_consts ___ diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c index 1a30bf1..aa60203 100644 --- a/crypto/openssl/crypto/asn1/asn1_err.c +++ b/crypto/openssl/crypto/asn1/asn1_err.c @@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, -{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c index b7dce5c..2227b2b 100644 --- a/crypto/openssl/crypto/bio/bss_log.c +++ b/crypto/openssl/crypto/bio/bss_log.c @@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str) static void xopenlog(BIO* bp, char* name, int level) { - if (GetVersion() < 0x80000000) + if (check_winnt()) bp->ptr = RegisterEventSourceA(NULL,name); else bp->ptr = NULL; diff --git a/crypto/openssl/crypto/cms/cms_lib.c b/crypto/openssl/crypto/cms/cms_lib.c index b62d1bf..ba08279 100644 --- a/crypto/openssl/crypto/cms/cms_lib.c +++ b/crypto/openssl/crypto/cms/cms_lib.c @@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return 0; - if (!pcerts) - return 0; for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index 304c6b7..0b77d8b 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) + if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c index 27846ed..95c8589 100644 --- a/crypto/openssl/crypto/engine/eng_list.c +++ b/crypto/openssl/crypto/engine/eng_list.c @@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id) !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) || + !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) goto notfound; return iterator; diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c index 72a2a67..ac6d441 100644 --- a/crypto/openssl/crypto/evp/bio_b64.c +++ b/crypto/openssl/crypto/evp/bio_b64.c @@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl) } /* we fell off the end without starting */ - if (j == i) + if ((j == i) && (num == 0)) { /* Is this is one long chunk?, if so, keep on * reading until a new line. */ diff --git a/crypto/openssl/crypto/modes/gcm128.c b/crypto/openssl/crypto/modes/gcm128.c index 250063d..e1dc2b0 100644 --- a/crypto/openssl/crypto/modes/gcm128.c +++ b/crypto/openssl/crypto/modes/gcm128.c @@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) GCM_MUL(ctx,Yi); if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; } @@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) @@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; for (i=0; i<16/sizeof(size_t); ++i) { @@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; } @@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; GHASH(ctx,out,GHASH_CHUNK); @@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; in += i; @@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else ctr = GETU32(ctx->Yi.c+12); +#endif else ctr = ctx->Yi.d[3]; @@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); ctr += GHASH_CHUNK/16; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; @@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*stream)(in,out,j,key,ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; out += i; @@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); ++ctr; if (is_endian.little) +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else PUTU32(ctx->Yi.c+12,ctr); +#endif else ctx->Yi.d[3] = ctr; while (len--) { diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 12262c9..5f71de1 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000106fL +#define OPENSSL_VERSION_NUMBER 0x1000107fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-freebsd 6 Jan 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-freebsd 7 Apr 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c index dd29163..aee1c30 100644 --- a/crypto/openssl/crypto/rand/md_rand.c +++ b/crypto/openssl/crypto/rand/md_rand.c @@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) EVP_MD_CTX m; int do_not_lock; + if (!num) + return; + /* * (Based on the rand(3) manpage) * diff --git a/crypto/openssl/crypto/symhacks.h b/crypto/openssl/crypto/symhacks.h index 07a412f..bd2f000 100644 --- a/crypto/openssl/crypto/symhacks.h +++ b/crypto/openssl/crypto/symhacks.h @@ -204,6 +204,12 @@ #define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb #undef SSL_CTX_set_next_proto_select_cb #define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb +#undef ssl3_cbc_record_digest_supported +#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support +#undef ssl_check_clienthello_tlsext_late +#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late +#undef ssl_check_clienthello_tlsext_early +#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c index 27ca515..c6602da 100644 --- a/crypto/openssl/crypto/x509/by_dir.c +++ b/crypto/openssl/crypto/x509/by_dir.c @@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) s=dir; p=s; - for (;;p++) + do { if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { @@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 0; } } - if (*p == '\0') - break; - } + } while (*p++ != '\0'); return 1; } diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 5195ffe..920066a 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) * a certificate was revoked. This has since been changed since * critical extension can change the meaning of CRL entries. */ - if (crl->flags & EXFLAG_CRITICAL) + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (crl->flags & EXFLAG_CRITICAL)) { - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ok = ctx->verify_cb(0, ctx); if(!ok) |