From 3c988e56ae4c7054a133583babf05566785f9ece Mon Sep 17 00:00:00 2001
From: jkim <jkim@FreeBSD.org>
Date: Fri, 16 Jan 2015 21:03:23 +0000
Subject: Merge OpenSSL 1.0.1l.

MFC after:	1 week
Relnotes:	yes
---
 crypto/openssl/CHANGES                  |  5 +++++
 crypto/openssl/Makefile                 |  2 +-
 crypto/openssl/NEWS                     |  4 ++++
 crypto/openssl/README                   |  2 +-
 crypto/openssl/crypto/Makefile          |  2 +-
 crypto/openssl/crypto/ecdsa/Makefile    | 13 ++++++-------
 crypto/openssl/crypto/ecdsa/ecs_vrf.c   |  2 +-
 crypto/openssl/crypto/opensslv.h        |  6 +++---
 crypto/openssl/crypto/x509v3/v3_ncons.c |  2 +-
 crypto/openssl/e_os.h                   |  4 +++-
 crypto/openssl/util/mk1mf.pl            |  2 +-
 11 files changed, 27 insertions(+), 17 deletions(-)

(limited to 'crypto')

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 117ba6d..d4700d9 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,11 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
  Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
 
   *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index 6282bde..f68eab6 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1k
+VERSION=1.0.1l
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 8596913..4ff2775 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
   Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
 
       o Fix for CVE-2014-3571
diff --git a/crypto/openssl/README b/crypto/openssl/README
index df2734d..ef7eec7 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1k 8 Jan 2015
+ OpenSSL 1.0.1l 15 Jan 2015
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile
index d21b88d..b839b55 100644
--- a/crypto/openssl/crypto/Makefile
+++ b/crypto/openssl/crypto/Makefile
@@ -56,7 +56,7 @@ top:
 all: shared
 
 buildinf.h: ../Makefile
-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h
+	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
 
 x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile
index 60c876d..e89e0c0 100644
--- a/crypto/openssl/crypto/ecdsa/Makefile
+++ b/crypto/openssl/crypto/ecdsa/Makefile
@@ -126,16 +126,15 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 ecs_sign.o: ecs_locl.h ecs_sign.c
-ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
-ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
 ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_vrf.c b/crypto/openssl/crypto/ecdsa/ecs_vrf.c
index 2836efe..188b9d5 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_vrf.c
@@ -57,7 +57,7 @@
  */
 
 #include "ecs_locl.h"
-#include "cryptlib.h"
+#include <string.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index a5dd9c46..03adc61 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -29,11 +29,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x100010bfL
+#define OPENSSL_VERSION_NUMBER	0x100010cfL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1k-fips 8 Jan 2015"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l-fips 15 Jan 2015"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1k-freebsd 8 Jan 2015"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l-freebsd 15 Jan 2015"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
diff --git a/crypto/openssl/crypto/x509v3/v3_ncons.c b/crypto/openssl/crypto/x509v3/v3_ncons.c
index a01dc64..3b0f1bd 100644
--- a/crypto/openssl/crypto/x509v3/v3_ncons.c
+++ b/crypto/openssl/crypto/x509v3/v3_ncons.c
@@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
 	if (dns->length > base->length)
 		{
 		dnsptr += dns->length - base->length;
-		if (dnsptr[-1] != '.')
+		if (*baseptr != '.' && dnsptr[-1] != '.')
 			return X509_V_ERR_PERMITTED_VIOLATION;
 		}
 
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index 832272e..4df285b 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -368,11 +368,13 @@ static __inline unsigned int _strlen31(const char *str)
 #    define DEFAULT_HOME  "C:"
 #  endif
 
-/* Avoid Windows 8 SDK GetVersion deprecated problems */
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
 #if defined(_MSC_VER) && _MSC_VER>=1800
 #  define check_winnt() (1)
+#  define check_win_minplat(x) (1)
 #else
 #  define check_winnt() (GetVersion() < 0x80000000)
+#  define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
 #endif
 
 #else /* The non-microsoft world */
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index d3f5424..550ef9f 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -625,7 +625,7 @@ open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
 printf OUT <<EOF;
 #ifdef $platform_cpp_symbol
   /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
-  #define CFLAGS "$cc $cflags"
+  #define CFLAGS "compiler: $cc $cflags"
   #define PLATFORM "$platform"
 EOF
 printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
-- 
cgit v1.1