[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated
via cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 (commit)
via e2cf18c635ba54c20410b63041d6651e7c5ff523 (commit)
from df00b6eb5e86870e0e7f2029038f027c5359a9da (commit)


- Log -----------------------------------------------------------------
commit cc74177e715513e4050ee6e11c9f5fc3e8e65ad4
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 28 15:44:20 2015 +0100

check for error when creating PKCS#8 structure

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)

commit e2cf18c635ba54c20410b63041d6651e7c5ff523
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 28 15:45:57 2015 +0100

PEM doc fixes

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983)

-----------------------------------------------------------------------

Summary of changes:
crypto/pem/pem_pk8.c | 2 ++
doc/crypto/pem.pod | 27 +++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index b98c76c..5747c73 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
if (kstr == buf)
OPENSSL_cleanse(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (p8 == NULL)
+ return 0;
if (isder)
ret = i2d_PKCS8_bio(bp, p8);
else
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index 21e9fe3..763eb6f 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -2,7 +2,29 @@

=head1 NAME

-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509,
PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
+PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
+PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
+PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
+PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
+PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
+PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
+PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
+PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
+PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
+PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
+PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
+PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
+PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
+PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
+PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
+PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
+PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
+PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
+PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
+PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines

=head1 SYNOPSIS

@@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public
key is not DSA.

The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
+structure. The parameters are encoded using a Dss-Parms structure
+as defined in RFC2459.

The B<DHparams> functions process DH parameters using a DH
structure. The parameters are encoded using a PKCS#3 DHparameter
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via f3e85f43598a1511b72c3813a71e403f19ddf458 (commit)
from cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 (commit)


- Log -----------------------------------------------------------------
commit f3e85f43598a1511b72c3813a71e403f19ddf458
Author: Matt Caswell <ma...@openssl.org>
Date: Fri May 29 17:05:01 2015 +0100

Check the message type requested is the type received in DTLS

dtls1_get_message has an |mt| variable which is the type of the message that
is being requested. If it is negative then any message type is allowed.
However the value of |mt| is not checked in one of the main code paths, so a
peer can send a message of a completely different type and it will be
processed as if it was the message type that we were expecting. This has
very little practical consequences because the current behaviour will still
fail when the format of the message isn't as expected.

Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6)

-----------------------------------------------------------------------

Summary of changes:
ssl/d1_both.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 68218e7..c5b2e99 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -485,6 +485,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
return i;
}

+ if (mt >= 0 && s->s3->tmp.message_type != mt) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
p = (unsigned char *)s->init_buf->data;
msg_len = msg_hdr->msg_len;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 (commit)
from f3e85f43598a1511b72c3813a71e403f19ddf458 (commit)


- Log -----------------------------------------------------------------
commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Mar 9 16:09:04 2015 +0000

Clear state in DTLSv1_listen

This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/d1_lib.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 94acb15..011d7b7 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;

+ /* Ensure there is no state left over from a previous invocation */
+ SSL_clear(s);
+
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 939b4960276b040fc0ed52232238fcc9e2e9ec21 (commit)
from cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 (commit)


- Log -----------------------------------------------------------------
commit 939b4960276b040fc0ed52232238fcc9e2e9ec21
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 18 16:27:48 2015 +0100

Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)

Conflicts:
ssl/ssl.h
ssl/ssl_err.c

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 32 +++++++++++++++
ssl/ssl.h | 1 +
ssl/ssl_err.c | 1 +
ssl/ssl_locl.h | 1 +
ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 158 insertions(+)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 012905b..eb7b94e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2139,6 +2139,38 @@ int ssl3_get_new_session_ticket(SSL *s)
}

p = d = (unsigned char *)s->init_msg;
+
+ if (s->session->session_id_length > 0) {
+ int i = s->session_ctx->session_cache_mode;
+ SSL_SESSION *new_sess;
+ /*
+ * We reused an existing session, so we need to replace it with a new
+ * one
+ */
+ if (i & SSL_SESS_CACHE_CLIENT) {
+ /*
+ * Remove the old session from the cache
+ */
+ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+ if (s->session_ctx->remove_session_cb != NULL)
+ s->session_ctx->remove_session_cb(s->session_ctx,
+ s->session);
+ } else {
+ /* We carry on if this fails */
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);

+ goto f_err;
+ }
+

+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
/* ticket_lifetime_hint + ticket_length + ticket */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 32e27c6..d2ab0c0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2410,6 +2410,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
+# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index fef324d..88621b7 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -299,6 +299,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index aff3b65..a7f3f8d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -865,6 +865,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
const unsigned char *limit);
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eb7936b..e673f9c 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -227,6 +227,129 @@ SSL_SESSION *SSL_SESSION_new(void)
return (ss);
}

+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *dest;
+
+ dest = OPENSSL_malloc(sizeof(*src));
+ if (dest == NULL) {
+ goto err;
+ }
+ memcpy(dest, src, sizeof(*dest));
+
+#ifndef OPENSSL_NO_KRB5
+ dest->krb5_client_princ_len = dest->krb5_client_princ_len;
+ if (src->krb5_client_princ_len > 0)
+ memcpy(dest->krb5_client_princ, src->krb5_client_princ,
+ src->krb5_client_princ_len);
+#endif
+
+#ifndef OPENSSL_NO_PSK
+ if (src->psk_identity_hint) {
+ dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
+ if (dest->psk_identity_hint == NULL) {
+ goto err;
+ }
+ } else {
+ dest->psk_identity_hint = NULL;
+ }
+ if (src->psk_identity) {
+ dest->psk_identity = BUF_strdup(src->psk_identity);
+ if (dest->psk_identity == NULL) {
+ goto err;
+ }
+ } else {
+ dest->psk_identity = NULL;
+ }
+#endif
+
+ if (src->sess_cert != NULL)
+ CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
+
+ if (src->peer != NULL)
+ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+
+ dest->references = 1;
+
+ if(src->ciphers != NULL) {
+ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+ if (dest->ciphers == NULL)
+ goto err;
+ } else {
+ dest->ciphers = NULL;
+ }
+
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+ &dest->ex_data, &src->ex_data)) {
+ goto err;
+ }
+
+ /* We deliberately don't copy the prev and next pointers */
+ dest->prev = NULL;
+ dest->next = NULL;
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (src->tlsext_hostname) {
+ dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
+ if (dest->tlsext_hostname == NULL) {
+ goto err;
+ }
+ } else {
+ dest->tlsext_hostname = NULL;
+ }
+# ifndef OPENSSL_NO_EC
+ if (src->tlsext_ecpointformatlist) {
+ dest->tlsext_ecpointformatlist =
+ BUF_memdup(src->tlsext_ecpointformatlist,
+ src->tlsext_ecpointformatlist_length);
+ if (dest->tlsext_ecpointformatlist == NULL)
+ goto err;
+ dest->tlsext_ecpointformatlist_length =
+ src->tlsext_ecpointformatlist_length;
+ }
+ if (src->tlsext_ellipticcurvelist) {
+ dest->tlsext_ellipticcurvelist =
+ BUF_memdup(src->tlsext_ellipticcurvelist,
+ src->tlsext_ellipticcurvelist_length);
+ if (dest->tlsext_ellipticcurvelist == NULL)
+ goto err;
+ dest->tlsext_ellipticcurvelist_length =
+ src->tlsext_ellipticcurvelist_length;
+ }
+# endif
+#endif
+
+ if (ticket != 0) {
+ dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint;
+ dest->tlsext_ticklen = src->tlsext_ticklen;
+ if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) {
+ goto err;
+ }
+ }
+
+#ifndef OPENSSL_NO_SRP
+ dest->srp_username = NULL;
+ if (src->srp_username) {
+ dest->srp_username = BUF_strdup(src->srp_username);
+ if (dest->srp_username == NULL) {
+ goto err;
+ }
+ } else {
+ dest->srp_username = NULL;
+ }
+#endif
+
+ return dest;
+err:
+ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(dest);
+ return NULL;
+}
+
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
unsigned int *len)
{

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 1977240204fbb85087d15a75c4a2169820eff787 (commit)
from 939b4960276b040fc0ed52232238fcc9e2e9ec21 (commit)


- Log -----------------------------------------------------------------
commit 1977240204fbb85087d15a75c4a2169820eff787
Author: Richard Levitte <lev...@openssl.org>
Date: Sun May 31 17:47:31 2015 +0200

Add the macro OPENSSL_SYS_WIN64

This is for consistency.
Additionally, have its presence define OPENSSL_SYS_WINDOWS as well.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c)

Conflicts:
e_os2.h

-----------------------------------------------------------------------

Summary of changes:
e_os2.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/e_os2.h b/e_os2.h
index d400ac7..2b1b78f 100644
--- a/e_os2.h
+++ b/e_os2.h
@@ -109,6 +109,12 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32
# endif
+# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
+# undef OPENSSL_SYS_UNIX
+# if !defined(OPENSSL_SYS_WIN64)
+# define OPENSSL_SYS_WIN64
+# endif
+# endif
# if defined(OPENSSL_SYSNAME_WINNT)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINNT
@@ -121,7 +127,7 @@ extern "C" {
# endif

/* Anything that tries to look like Microsoft is "Windows" */
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINDOWS
# ifndef OPENSSL_SYS_MSDOS

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388 (commit)
from 1977240204fbb85087d15a75c4a2169820eff787 (commit)


- Log -----------------------------------------------------------------
commit 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388
Author: Annie Yousar <a.yo...@informatik.hu-berlin.de>
Date: Sun May 3 09:05:47 2015 -0400

RT3230: Better test for C identifier

objects.pl only looked for a space to see if the name could be
used as a C identifier. Improve the test to match the real C
rules.

Signed-off-by: Rich Salz <rs...@akamai.com>
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 591b7aef05b22cba09b179e5787a9bf40dfc9508)

-----------------------------------------------------------------------

Summary of changes:
crypto/objects/objects.README | 8 ++++----
crypto/objects/objects.pl | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README
index 4d74550..cb1d216 100644
--- a/crypto/objects/objects.README
+++ b/crypto/objects/objects.README
@@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows:

1 2 3 4 : shortName : Long Name

- If the long name doesn't contain spaces, or no short name
- exists, the long name is used as basis for the base name
- in C. Otherwise, the short name is used.
+ If Long Name contains only word characters and hyphen-minus
+ (0x2D) or full stop (0x2E) then Long Name is used as basis
+ for the base name in C. Otherwise, the shortName is used.

The base name (let's call it 'base') will then be used to
create the C macros SN_base, LN_base, NID_base and OBJ_base.
@@ -22,7 +22,7 @@ Then there are some extra commands:

!Alias foo 1 2 3 4

- This juts makes a name foo for an OID. The C macro
+ This just makes a name foo for an OID. The C macro
OBJ_foo will be created as a result.

!Cname foo
diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl
index d0ed459..389dc34 100644
--- a/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
@@ -67,7 +67,7 @@ while (<IN>)
$myoid = &process_oid($myoid);
}

- if ($Cname eq "" && !($myln =~ / /))
+ if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ ))
{
$Cname = $myln;
$Cname =~ s/\./_/g;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 05bdebb6e011459555795bab20f2e95786153dcc (commit)
from 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388 (commit)


- Log -----------------------------------------------------------------
commit 05bdebb6e011459555795bab20f2e95786153dcc
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 19 13:59:47 2015 +0100

Fix off-by-one error in BN_bn2hex

A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit c56353071d9849220714d8a556806703771b9269)

Conflicts:
crypto/bn/bn_print.c

-----------------------------------------------------------------------

Summary of changes:
crypto/bn/bn_print.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 4dcaae3..ab10b95 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf;
char *p;

- buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+ if (a->neg && BN_is_zero(a)) {
+ /* "-0" == 3 bytes including NULL terminator */
+ buf = OPENSSL_malloc(3);
+ } else {
+ buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+ }
if (buf == NULL) {
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd (commit)
from 05bdebb6e011459555795bab20f2e95786153dcc (commit)


- Log -----------------------------------------------------------------
commit c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 4 11:41:30 2015 +0100

Clean Kerberos pre-master secret

Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e)

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_srvr.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cb6ef0a..d07f768 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2423,6 +2423,7 @@ int ssl3_get_client_key_exchange(SSL *s)
int padl, outl;
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
+ int kerr = 0;

EVP_CIPHER_CTX_init(&ciph_ctx);

@@ -2526,23 +2527,27 @@ int ssl3_get_client_key_exchange(SSL *s)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
- goto err;
+ kerr = 1;
+ goto kclean;
}
outl += padl;
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (!((pms[0] == (s->client_version >> 8))
&& (pms[1] == (s->client_version & 0xff)))) {
@@ -2559,7 +2564,8 @@ int ssl3_get_client_key_exchange(SSL *s)
if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_AD_DECODE_ERROR);
- goto err;
+ kerr = 1;
+ goto kclean;
}
}

@@ -2585,6 +2591,11 @@ int ssl3_get_client_key_exchange(SSL *s)
* kssl_ctx = kssl_ctx_free(kssl_ctx);
* if (s->kssl_ctx) s->kssl_ctx = NULL;
*/
+
+ kclean:
+ OPENSSL_cleanse(pms, sizeof(pms));
+ if (kerr)
+ goto err;
} else
#endif /* OPENSSL_NO_KRB5 */

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via c22ed559bbb6e75d03ce4e8cb3655988fc123d4f (commit)
via 4b6f33a5c284168ef3aa49d1a37cbcc6565bc0e5 (commit)
from c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd (commit)


- Log -----------------------------------------------------------------
commit c22ed559bbb6e75d03ce4e8cb3655988fc123d4f
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 4 11:18:55 2015 +0100

Remove misleading comment

Remove a comment that suggested further clean up was required.
DH_free() performs the necessary cleanup.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rs...@openssl.org>

(cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907)

commit 4b6f33a5c284168ef3aa49d1a37cbcc6565bc0e5
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 4 11:16:16 2015 +0100

Clean premaster_secret for GOST

Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rs...@openssl.org>

(cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea)

Conflicts:
ssl/s3_srvr.c

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 2 --
ssl/s3_srvr.c | 1 +
2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index eb7b94e..f435899 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2595,8 +2595,6 @@ int ssl3_send_client_key_exchange(SSL *s)
n += 2;

DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY */
}
#endif

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d07f768..9aa3292 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2914,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s)
s->
session->master_key,
premaster_secret, 32);
+ OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
/* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)

[Emilia Kasper]

The branch OpenSSL_1_0_1-stable has been updated

via ba5693686e7bc408c2fcdb4d258e9410028dcfb4 (commit)
via 59b5ab4aa72527ce74dbe1a83988f194053293de (commit)
from c22ed559bbb6e75d03ce4e8cb3655988fc123d4f (commit)


- Log -----------------------------------------------------------------
commit ba5693686e7bc408c2fcdb4d258e9410028dcfb4
Author: Emilia Kasper <emi...@openssl.org>
Date: Mon Jun 8 15:04:28 2015 +0200

Use CRYPTO_memcmp in s3_cbc.c

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 05627d57e55517eae21c251fe287760bd1137218)

commit 59b5ab4aa72527ce74dbe1a83988f194053293de
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed May 27 17:12:13 2015 +0200

Use CRYPTO_memcmp when comparing authenticators

Pointed out by Victor Vasiliev (vas...@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 1e4a355dcabe2f75df5bb8b41b394d37037169d2)
(cherry picked from commit ac32a77cd69784568090e934a31622ddfee49ca7)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/e_aes.c | 5 +++--
crypto/evp/e_rc4_hmac_md5.c | 3 ++-
crypto/modes/gcm128.c | 2 +-
crypto/pkcs12/p12_mutl.c | 3 ++-
ssl/s3_cbc.c | 2 +-
5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index bde4804..1ede7bd 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -50,6 +50,7 @@

#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_AES
+#include <openssl/crypto.h>
# include <openssl/evp.h>
# include <openssl/err.h>
# include <string.h>
@@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Retrieve tag */
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
/* If tag mismatch wipe buffer */
- if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+ if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
OPENSSL_cleanse(out, len);
goto err;
}
@@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
- if (!memcmp(tag, ctx->buf, cctx->M))
+ if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
rv = len;
}
}
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index e6b0cdf..2da1117 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -54,6 +54,7 @@

#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)

+# include <openssl/crypto.h>
# include <openssl/evp.h>
# include <openssl/objects.h>
# include <openssl/rc4.h>
@@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
MD5_Final(mac, &key->md);

- if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+ if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
return 0;
} else {
MD5_Update(&key->md, out + md5_off, len - md5_off);
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index f69f2c9..0ee569f 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1622,7 +1622,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
ctx->Xi.u[1] ^= ctx->EK0.u[1];

if (tag && len <= sizeof(ctx->Xi))
- return memcmp(ctx->Xi.c, tag, len);
+ return CRYPTO_memcmp(ctx->Xi.c, tag, len);
else
return -1;
}
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 256b210..5ab4bf2 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -60,6 +60,7 @@
#ifndef OPENSSL_NO_HMAC
# include <stdio.h>
# include "cryptlib.h"
+# include <openssl/crypto.h>
# include <openssl/hmac.h>
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
@@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
return 0;
}
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
- || memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+ || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
return 0;
return 1;
}
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 00b534f..2fb71f2 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s,
*/
if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
/* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+ if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
!(padding_length & 1)) {
s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1 (commit)
from ba5693686e7bc408c2fcdb4d258e9410028dcfb4 (commit)


- Log -----------------------------------------------------------------
commit 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Jun 8 13:23:00 2015 +0100

return correct NID for undefined object

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b)

-----------------------------------------------------------------------

Summary of changes:
crypto/objects/obj_dat.c | 3 +++

1 file changed, 3 insertions(+)

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 5ff1294..aca382a 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -417,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
if (a->nid != 0)
return (a->nid);

+ if (a->length == 0)
+ return NID_undef;
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via cb972a4fe710c3e07300cdd3e3c3d41a42fc9672 (commit)
via ee2d14be9411c46242bdbe87c10c3bd58137332a (commit)
from 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1 (commit)


- Log -----------------------------------------------------------------
commit cb972a4fe710c3e07300cdd3e3c3d41a42fc9672
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Jun 9 23:06:23 2015 +0200

When making libcrypto from apps or test, make sure to include engines

For librypto to be complete, the stuff in both crypto/ and engines/
have to be built. Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit acaff3b797f50a0a0e17a0be45b7fafad962004e)

commit ee2d14be9411c46242bdbe87c10c3bd58137332a
Author: Richard Levitte <lev...@openssl.org>
Date: Wed Jun 10 01:34:26 2015 +0200

Add and rearrange building of libraries

There's a need for a target that will build all of libcrypto, so let's
add 'build_libcrypto' that does this. For ortogonality, let's also
add 'build_libssl'. Have both also depend on 'libcrypto.pc' and
'libssl.pc' so those get built together with the libraries.
This makes 'all' depend on fewer things directly.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 177b5f9c82e1152d6ce20a83556db629697fff65)

Conflicts:
Makefile.org

-----------------------------------------------------------------------

Summary of changes:
Makefile.org | 7 +++++--
apps/Makefile | 4 ++--
test/Makefile | 4 ++--
3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Makefile.org b/Makefile.org
index 8b4de74..cf82487 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h

-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+all: Makefile build_all

# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,7 +270,10 @@ reflect:
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools

-build_libs: build_crypto build_ssl build_engines
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc

build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
diff --git a/apps/Makefile b/apps/Makefile
index 963780f..a2c1565 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -147,10 +147,10 @@ clean:
rm -f req

$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
+ (cd ..; $(MAKE) build_libssl)

$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
+ (cd ..; $(MAKE) build_libcrypto)

$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
diff --git a/test/Makefile b/test/Makefile
index 6205d80..0ee4ec2 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -355,10 +355,10 @@ clean:
rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest

$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
+ (cd ..; $(MAKE) build_libssl)

$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
+ (cd ..; $(MAKE) build_libcrypto)

BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 106a9a5d7e26e728a654d7424849081bd988d4a5 (commit)
from cb972a4fe710c3e07300cdd3e3c3d41a42fc9672 (commit)


- Log -----------------------------------------------------------------
commit 106a9a5d7e26e728a654d7424849081bd988d4a5
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jun 10 09:32:34 2015 +0100

Fix Kerberos issue in ssl_session_dup

The fix for CVE-2015-1791 introduced an error in ssl_session_dup for
Kerberos.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158)

-----------------------------------------------------------------------

Summary of changes:
ssl/ssl_sess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index e673f9c..8325cb3 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -242,7 +242,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
memcpy(dest, src, sizeof(*dest));

#ifndef OPENSSL_NO_KRB5
- dest->krb5_client_princ_len = dest->krb5_client_princ_len;
+ dest->krb5_client_princ_len = src->krb5_client_princ_len;
if (src->krb5_client_princ_len > 0)
memcpy(dest->krb5_client_princ, src->krb5_client_princ,
src->krb5_client_princ_len);

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 72df35acf268e21adfe5b90b89f90e35e9db29bf (commit)
via f92b1967234fd7926b476768584fa5573eaadd72 (commit)
via e94118ae2a6aff6427ade82e843d683d4913bcec (commit)
from 106a9a5d7e26e728a654d7424849081bd988d4a5 (commit)


- Log -----------------------------------------------------------------
commit 72df35acf268e21adfe5b90b89f90e35e9db29bf
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 30 15:20:25 2015 +0100

Tighten extension handling

This adds additional checks to the processing of extensions in a ClientHello
to ensure that either no extensions are present, or if they are then they
take up the exact amount of space expected.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <st...@openssl.org>

Conflicts:
ssl/t1_lib.c

commit f92b1967234fd7926b476768584fa5573eaadd72
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 30 14:51:10 2015 +0100

Fix memory leaks in BIO_dup_chain()

This fixes a memory leak that can occur whilst duplicating a BIO chain if
the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak
where if a failure occurs after successfully creating the first BIO in the
chain, then the beginning of the new chain was not freed.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <st...@openssl.org>

Conflicts:
crypto/bio/bio_lib.c

commit e94118ae2a6aff6427ade82e843d683d4913bcec
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 30 14:04:30 2015 +0100

Replace memset with OPENSSL_cleanse()

BUF_MEM_free() attempts to cleanse memory using memset immediately prior
to a free. This is at risk of being optimised away by the compiler, so
replace with a call to OPENSSL_cleanse() instead.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/bio/bio_lib.c | 8 ++-
crypto/buffer/buffer.c | 2 +-
ssl/t1_lib.c | 158 ++++++++++++++++++++-----------------------------
3 files changed, 70 insertions(+), 98 deletions(-)

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 5267010..07934f8 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)

/* copy app data */
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
- &bio->ex_data))
+ &bio->ex_data)) {
+ BIO_free(new_bio);
goto err;
+ }

if (ret == NULL) {
eoc = new_bio;
@@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
}
return (ret);
err:
- if (ret != NULL)
- BIO_free(ret);
+ BIO_free_all(ret);
+
return (NULL);
}

diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index d287e34..eff3e08 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
return;

if (a->data != NULL) {
- memset(a->data, 0, (unsigned int)a->max);
+ OPENSSL_cleanse(a->data, a->max);
OPENSSL_free(a->data);
}
OPENSSL_free(a);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 36ea9b0..c2d7d72 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1016,19 +1016,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

s->srtp_profile = NULL;

- if (data >= (d + n - 2))
- goto ri_check;
+ if (data >= (d + n - 2)) {
+ if (data != d + n)

+ goto err;
+ else

+ goto ri_check;
+ }
n2s(data, len);

if (data > (d + n - len))
- goto ri_check;
+ goto err;

while (data <= (d + n - 4)) {
n2s(data, type);
n2s(data, size);

if (data + size > (d + n))
- goto ri_check;
+ goto err;
# if 0
fprintf(stderr, "Received extension type %d size %d\n", type, size);
# endif
@@ -1064,16 +1068,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
int servname_type;
int dsize;

- if (size < 2) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (size < 2)
+ goto err;
n2s(data, dsize);
size -= 2;
- if (dsize > size) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize > size)
+ goto err;

sdata = data;
while (dsize > 3) {
@@ -1081,18 +1081,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
n2s(sdata, len);
dsize -= 3;

- if (len > dsize) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (len > dsize)
+ goto err;
+
if (s->servername_done == 0)
switch (servname_type) {
case TLSEXT_NAMETYPE_host_name:
if (!s->hit) {
- if (s->session->tlsext_hostname) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (s->session->tlsext_hostname)
+ goto err;
+
if (len > TLSEXT_MAXLEN_host_name) {
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
@@ -1126,31 +1124,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

dsize -= len;
}
- if (dsize != 0) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize != 0)
+ goto err;

}
# ifndef OPENSSL_NO_SRP
else if (type == TLSEXT_TYPE_srp) {
- if (size == 0 || ((len = data[0])) != (size - 1)) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (s->srp_ctx.login != NULL) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (size == 0 || ((len = data[0])) != (size - 1))
+ goto err;
+ if (s->srp_ctx.login != NULL)
+ goto err;
if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
return -1;
memcpy(s->srp_ctx.login, &data[1], len);
s->srp_ctx.login[len] = '\0';

- if (strlen(s->srp_ctx.login) != len) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (strlen(s->srp_ctx.login) != len)
+ goto err;
}
# endif

@@ -1159,10 +1149,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++);

- if (ecpointformatlist_length != size - 1) {
- *al = TLS1_AD_DECODE_ERROR;
- return 0;
- }
+ if (ecpointformatlist_length != size - 1)
+ goto err;
if (!s->hit) {
if (s->session->tlsext_ecpointformatlist) {
OPENSSL_free(s->session->tlsext_ecpointformatlist);
@@ -1196,15 +1184,13 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
if (ellipticcurvelist_length != size - 2 ||
ellipticcurvelist_length < 1 ||
/* Each NamedCurve is 2 bytes. */
- ellipticcurvelist_length & 1) {
- *al = TLS1_AD_DECODE_ERROR;
- return 0;
- }
+ ellipticcurvelist_length & 1)
+ goto err;
+
if (!s->hit) {
- if (s->session->tlsext_ellipticcurvelist) {
- *al = TLS1_AD_DECODE_ERROR;
- return 0;
- }
+ if (s->session->tlsext_ellipticcurvelist)
+ goto err;
+
s->session->tlsext_ellipticcurvelist_length = 0;
if ((s->session->tlsext_ellipticcurvelist =
OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {
@@ -1273,28 +1259,20 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
renegotiate_seen = 1;
} else if (type == TLSEXT_TYPE_signature_algorithms) {
int dsize;
- if (sigalg_seen || size < 2) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (sigalg_seen || size < 2)
+ goto err;
sigalg_seen = 1;
n2s(data, dsize);
size -= 2;
- if (dsize != size || dsize & 1) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (!tls1_process_sigalgs(s, data, dsize)) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize != size || dsize & 1)
+ goto err;
+ if (!tls1_process_sigalgs(s, data, dsize))
+ goto err;
} else if (type == TLSEXT_TYPE_status_request &&
s->version != DTLS1_VERSION) {

- if (size < 5) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (size < 5)
+ goto err;

s->tlsext_status_type = *data++;
size--;
@@ -1304,35 +1282,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
/* Read in responder_id_list */
n2s(data, dsize);
size -= 2;
- if (dsize > size) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize > size)
+ goto err;
while (dsize > 0) {
OCSP_RESPID *id;
int idsize;
- if (dsize < 4) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize < 4)
+ goto err;
n2s(data, idsize);
dsize -= 2 + idsize;
size -= 2 + idsize;
- if (dsize < 0) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize < 0)
+ goto err;
sdata = data;
data += idsize;
id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
- if (!id) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (!id)
+ goto err;
if (data != sdata) {
OCSP_RESPID_free(id);
- *al = SSL_AD_DECODE_ERROR;
- return 0;
+ goto err;
}
if (!s->tlsext_ocsp_ids
&& !(s->tlsext_ocsp_ids =
@@ -1349,16 +1318,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}

/* Read in request_extensions */
- if (size < 2) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (size < 2)
+ goto err;
n2s(data, dsize);
size -= 2;
- if (dsize != size) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (dsize != size)
+ goto err;
sdata = data;
if (dsize > 0) {
if (s->tlsext_ocsp_exts) {
@@ -1368,10 +1333,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

s->tlsext_ocsp_exts =
d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
- if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
+ if (!s->tlsext_ocsp_exts || (data + dsize != sdata))
+ goto err;
}
}
/*
@@ -1432,6 +1395,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
data += size;
}

+ /* Spurious data on the end */
+ if (data != d + n)
+ goto err;
+
*p = data;

ri_check:
@@ -1447,6 +1414,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}

return 1;
+err:
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
}

# ifndef OPENSSL_NO_NEXTPROTONEG

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via d163a2cc46709ba31e91887c65d32743913d3db3 (commit)
from 72df35acf268e21adfe5b90b89f90e35e9db29bf (commit)


- Log -----------------------------------------------------------------
commit d163a2cc46709ba31e91887c65d32743913d3db3
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 4 14:22:00 2015 +0100

EC_POINT_is_on_curve does not return a boolean

The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <ku...@openssl.org>
(cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d)

-----------------------------------------------------------------------

Summary of changes:
crypto/ec/ec2_oct.c | 2 +-
crypto/ec/ec_check.c | 2 +-
crypto/ec/ec_key.c | 2 +-
crypto/ec/ec_lib.c | 7 +++++++
crypto/ec/ecp_oct.c | 2 +-
crypto/ec/ectest.c | 24 ++++++++++++------------
6 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index c245d88..0d04cc6 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}

/* test required by X9.62 */
- if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index d3f5349..dd6f0ac 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
goto err;
}
- if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+ if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index ebdffc8..55ce3fe 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
goto err;

/* testing whether the pub_key is on the elliptic curve */
- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+ if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 9a54f41..e227520 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
return group->meth->is_at_infinity(group, point);
}

+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ * 1: The point is on the curve
+ * 0: The point is not on the curve
+ * -1: An error occurred
+ */
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx)
{
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
index e5cec8b..1bc3f39 100644
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}

/* test required by X9.62 */
- if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index a18b327..fede530 100644
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -412,7 +412,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
ABORT;
fprintf(stderr, "Point is not on curve: x = 0x");
@@ -544,7 +544,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
ABORT;
@@ -593,7 +593,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
ABORT;
@@ -646,7 +646,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn
(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
@@ -705,7 +705,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
"84F3B9CAC2FC632551"))
@@ -761,7 +761,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
@@ -820,7 +820,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
@@ -864,7 +864,7 @@ static void prime_field_tests(void)
ABORT;
if (!EC_POINT_dbl(group, P, P, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */
@@ -1008,7 +1008,7 @@ static void prime_field_tests(void)
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1026,7 +1026,7 @@ static void prime_field_tests(void)
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!BN_hex2bn(&y, _y)) ABORT; \
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1157,7 +1157,7 @@ static void char2_field_tests(void)
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
ABORT;
# endif
- if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
@@ -1378,7 +1378,7 @@ static void char2_field_tests(void)
ABORT;
if (!EC_POINT_dbl(group, P, P, ctx))
ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx))
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT;
if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 418df5ea232811dc7339380c1aa5e07c28c6c6dc (commit)
from d163a2cc46709ba31e91887c65d32743913d3db3 (commit)


- Log -----------------------------------------------------------------
commit 418df5ea232811dc7339380c1aa5e07c28c6c6dc
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jun 8 09:29:56 2015 +0100

Fix leak in HMAC error path

In the event of an error in the HMAC function, leaks can occur because the
HMAC_CTX does not get cleaned up.

Thanks to the BoringSSL project for reporting this issue.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit e43a13c807e42688c72c4f3d001112bf0a110464)

-----------------------------------------------------------------------

Summary of changes:
crypto/hmac/hmac.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index b1f7317..5925467 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -251,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
HMAC_CTX_cleanup(&c);
return md;
err:
+ HMAC_CTX_cleanup(&c);
return NULL;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via d46de4ce483d684ecbec2aa967618f06865ae74a (commit)
from 418df5ea232811dc7339380c1aa5e07c28c6c6dc (commit)


- Log -----------------------------------------------------------------
commit d46de4ce483d684ecbec2aa967618f06865ae74a
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jun 1 17:25:29 2015 +0100

DTLS handshake message fragments musn't span packets

It should not be possible for DTLS message fragments to span multiple
packets. However previously if the message header fitted exactly into one
packet, and the fragment body was in the next packet then this would work.
Obviously this would fail if packets get re-ordered mid-flight.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
ssl/d1_both.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index c5b2e99..8dd8ea3 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -875,6 +875,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
/* parse the message fragment header */
dtls1_get_message_header(wire, &msg_hdr);

+ len = msg_hdr.msg_len;
+ frag_off = msg_hdr.frag_off;
+ frag_len = msg_hdr.frag_len;
+
+ /*
+ * We must have at least frag_len bytes left in the record to be read.
+ * Fragments must not span records.
+ */
+ if (frag_len > s->s3->rrec.length) {
+ al = SSL3_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);

+ goto f_err;
+ }
+

/*
* if this is a future (or stale) message it gets buffered
* (or dropped)--no further processing at this time
@@ -885,10 +899,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
&& !(s->d1->listen && msg_hdr.seq == 1))
return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);

- len = msg_hdr.msg_len;
- frag_off = msg_hdr.frag_off;
- frag_len = msg_hdr.frag_len;
-
if (frag_len && frag_len < len)
return dtls1_reassemble_fragment(s, &msg_hdr, ok);

@@ -919,17 +929,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
goto f_err;

- /* XDTLS: ressurect this when restart is in place */
- s->state = stn;
-
if (frag_len > 0) {
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;

i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
&p[frag_off], frag_len, 0);
+
/*
- * XDTLS: fix this--message fragments cannot span multiple packets
+ * This shouldn't ever fail due to NBIO because we already checked
+ * that we have enough data in the record
*/
if (i <= 0) {
s->rwstate = SSL_READING;
@@ -950,6 +959,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
}

*ok = 1;
+ s->state = stn;

/*
* Note that s->init_num is *not* used as current offset in

[Kurt Roeckx]

The branch OpenSSL_1_0_1-stable has been updated

via f3b355fec3b38e9f345a226d7defab146f446100 (commit)
via c4ce10773fc4a8d055fe7643c83e5a1187597838 (commit)
from d46de4ce483d684ecbec2aa967618f06865ae74a (commit)


- Log -----------------------------------------------------------------
commit f3b355fec3b38e9f345a226d7defab146f446100
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat Apr 18 19:15:48 2015 +0200

Only allow a temporary rsa key exchange when they key is larger than 512.

Reviewed-by: Rich Salz <rs...@openssl.org>
MR #838

(cherry picked from commit 57e477b9ec66542afc8c9c13ae7c4271209fb88f)

commit c4ce10773fc4a8d055fe7643c83e5a1187597838
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat Jun 6 13:42:34 2015 +0200

Properly check certificate in case of export ciphers.

Reviewed-by: Rich Salz <rs...@openssl.org>
MR #838

(cherry picked from commit 39a298a1c0e7a76e301b9f2ebe8d33d90ad0a3b4)

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 49 insertions(+), 12 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f435899..0879a0f 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -341,7 +341,7 @@ int ssl3_connect(SSL *s)
if (!
(s->s3->tmp.
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
ret = ssl3_get_server_certificate(s);
if (ret <= 0)
goto end;
@@ -1596,6 +1596,13 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
+
+ if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);

+ goto f_err;
+ }
+

s->session->sess_cert->peer_rsa_tmp = rsa;
rsa = NULL;
}
@@ -3266,6 +3273,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh;
#endif
+ int al = SSL_AD_HANDSHAKE_FAILURE;

alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -3319,15 +3327,32 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_RSA
- if ((alg_k & SSL_kRSA) &&
- !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
- SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
+ if (alg_k & SSL_kRSA) {
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ goto f_err;
+ } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
+ if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ goto f_err;
+ }
+ if (rsa != NULL) {
+ /* server key exchange is not allowed. */
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);

+ goto f_err;
+ }
+ }

+ }
}
#endif
#ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kEDH) && dh == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
goto f_err;
}
@@ -3359,9 +3384,14 @@ int ssl3_check_cert_and_algorithm(SSL *s)
pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
- if (rsa == NULL
- || RSA_size(rsa) * 8 >
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+ goto f_err;
+ } else if (BN_num_bits(rsa->n) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ /* We have a temporary RSA key but it's too large. */
+ al = SSL_AD_EXPORT_RESTRICTION;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@@ -3369,14 +3399,21 @@ int ssl3_check_cert_and_algorithm(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
- if (dh == NULL
- || DH_size(dh) * 8 >
+ if (alg_k & SSL_kEDH) {
+ if (BN_num_bits(dh->p) >
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ /* We have a temporary DH key but it's too large. */
+ al = SSL_AD_EXPORT_RESTRICTION;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
}
+ } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
+ /* The cert should have had an export DH key. */
+ al = SSL_AD_EXPORT_RESTRICTION;
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+ goto f_err;
} else
#endif
{
@@ -3387,7 +3424,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
return (1);
f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (0);

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 907f04a30354615e54beaa2bc0b986083f7793ee (commit)
from f3b355fec3b38e9f345a226d7defab146f446100 (commit)


- Log -----------------------------------------------------------------
commit 907f04a30354615e54beaa2bc0b986083f7793ee
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 11 01:30:06 2015 +0100

More ssl_session_dup fixes

Fix error handling in ssl_session_dup, as well as incorrect setting up of
the session ticket. Follow on from CVE-2015-1791.

Thanks to LibreSSL project for reporting these issues.

Conflicts:
ssl/ssl_sess.c

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/ssl_sess.c | 73 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 37 insertions(+), 36 deletions(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 8325cb3..1ad9dc7 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -241,12 +241,39 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
}
memcpy(dest, src, sizeof(*dest));

-#ifndef OPENSSL_NO_KRB5
- dest->krb5_client_princ_len = src->krb5_client_princ_len;
- if (src->krb5_client_princ_len > 0)
- memcpy(dest->krb5_client_princ, src->krb5_client_princ,
- src->krb5_client_princ_len);
+ /*
+ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+ * the case of an error whilst halfway through constructing dest
+ */
+#ifndef OPENSSL_NO_PSK

+ dest->psk_identity_hint = NULL;

+ dest->psk_identity = NULL;
+#endif

+ dest->ciphers = NULL;

+#ifndef OPENSSL_NO_TLSEXT

+ dest->tlsext_hostname = NULL;

+# ifndef OPENSSL_NO_EC
+ dest->tlsext_ecpointformatlist = NULL;
+ dest->tlsext_ellipticcurvelist = NULL;
+# endif
+#endif
+ dest->tlsext_tick = NULL;

+#ifndef OPENSSL_NO_SRP
+ dest->srp_username = NULL;

#endif
+ memset(&dest->ex_data, 0, sizeof(dest->ex_data));

+
+ /* We deliberately don't copy the prev and next pointers */
+ dest->prev = NULL;
+ dest->next = NULL;
+

+ dest->references = 1;
+

+ if (src->sess_cert != NULL)
+ CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
+
+ if (src->peer != NULL)
+ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);

#ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) {
@@ -254,33 +281,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)

if (dest->psk_identity_hint == NULL) {

goto err;
}
- } else {
- dest->psk_identity_hint = NULL;
}
if (src->psk_identity) {

dest->psk_identity = BUF_strdup(src->psk_identity);

if (dest->psk_identity == NULL) {

goto err;
}
- } else {
- dest->psk_identity = NULL;
}
#endif

- if (src->sess_cert != NULL)
- CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
-
- if (src->peer != NULL)
- CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
-
- dest->references = 1;
-
if(src->ciphers != NULL) {

dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);

if (dest->ciphers == NULL)

goto err;
- } else {
- dest->ciphers = NULL;
}

if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
@@ -288,18 +301,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
goto err;
}

- /* We deliberately don't copy the prev and next pointers */
- dest->prev = NULL;
- dest->next = NULL;
-
#ifndef OPENSSL_NO_TLSEXT
if (src->tlsext_hostname) {

dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);

if (dest->tlsext_hostname == NULL) {

goto err;
}
- } else {
- dest->tlsext_hostname = NULL;
}
# ifndef OPENSSL_NO_EC
if (src->tlsext_ecpointformatlist) {
@@ -308,8 +315,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
src->tlsext_ecpointformatlist_length);

if (dest->tlsext_ecpointformatlist == NULL)

goto err;
- dest->tlsext_ecpointformatlist_length =
- src->tlsext_ecpointformatlist_length;
}
if (src->tlsext_ellipticcurvelist) {
dest->tlsext_ellipticcurvelist =
@@ -317,29 +322,25 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
src->tlsext_ellipticcurvelist_length);

if (dest->tlsext_ellipticcurvelist == NULL)

goto err;
- dest->tlsext_ellipticcurvelist_length =
- src->tlsext_ellipticcurvelist_length;
}
# endif
#endif

if (ticket != 0) {
- dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint;
- dest->tlsext_ticklen = src->tlsext_ticklen;
- if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) {
+ dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
+ if(dest->tlsext_tick == NULL)
goto err;
- }
+ } else {
+ dest->tlsext_tick_lifetime_hint = 0;
+ dest->tlsext_ticklen = 0;
}

#ifndef OPENSSL_NO_SRP
- dest->srp_username = NULL;
if (src->srp_username) {

dest->srp_username = BUF_strdup(src->srp_username);

if (dest->srp_username == NULL) {

goto err;
}
- } else {
- dest->srp_username = NULL;
}
#endif

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 176b59d157d1cbfd0b10f9f7be12eaf9896410f2 (commit)
from 907f04a30354615e54beaa2bc0b986083f7793ee (commit)


- Log -----------------------------------------------------------------
commit 176b59d157d1cbfd0b10f9f7be12eaf9896410f2
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jun 11 15:41:25 2015 +0200

Correction of make depend merge error

$(PROGS) was mistakenly removed, adding it back.

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd)

-----------------------------------------------------------------------

Summary of changes:
apps/Makefile | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/Makefile b/apps/Makefile
index a2c1565..cafe554 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \

dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 3adca975dc1175e76bc079306896a09692ed4c15 (commit)
via 517899e6c8af47d4972dcf9b375386631f6c93f1 (commit)
via f61bbf8da532038ed0eae16a9a11771f3da22d30 (commit)
via 1f31458a77c1e35e9ac80a43c55e7ed78ac248c2 (commit)
via 5fbc59cac60db4d7c3172152b8bdafe0c675fabd (commit)
via 370ac320301e28bb615cee80124c042649c95d14 (commit)
via dd90a91d8771fd1ad5083fd46a2b3da16a587757 (commit)
from 176b59d157d1cbfd0b10f9f7be12eaf9896410f2 (commit)


- Log -----------------------------------------------------------------
commit 3adca975dc1175e76bc079306896a09692ed4c15
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 11 15:08:34 2015 +0100

Prepare for 1.0.1o-dev

Reviewed-by: Stephen Henson <st...@openssl.org>

commit 517899e6c8af47d4972dcf9b375386631f6c93f1
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 11 15:05:11 2015 +0100

Prepare for 1.0.1n release

Reviewed-by: Stephen Henson <st...@openssl.org>

commit f61bbf8da532038ed0eae16a9a11771f3da22d30
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu Jun 11 00:18:01 2015 +0200

bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.

CVE-2015-1788

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932)

commit 1f31458a77c1e35e9ac80a43c55e7ed78ac248c2
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jun 10 11:49:31 2015 +0100

Update CHANGES and NEWS

Updates to CHANGES and NEWS to take account of the latest security fixes.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 5fbc59cac60db4d7c3172152b8bdafe0c675fabd
Author: Emilia Kasper <emi...@openssl.org>
Date: Tue May 12 19:00:30 2015 +0200

PKCS#7: Fix NULL dereference with missing EncryptedContent.

CVE-2015-1790

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 370ac320301e28bb615cee80124c042649c95d14
Author: Emilia Kasper <emi...@openssl.org>
Date: Wed Apr 8 16:56:43 2015 +0200

Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>

commit dd90a91d8771fd1ad5083fd46a2b3da16a587757

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jun 5 12:11:25 2015 +0100

Fix infinite loop in CMS

Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 72 ++++++++++++++++++++++++++++++++++++++++++++++++-
NEWS | 10 ++++++-
README | 2 +-
crypto/bn/bn_gf2m.c | 15 +++++++----
crypto/cms/cms_smime.c | 2 +-
crypto/opensslv.h | 6 ++---
crypto/pkcs7/pk7_doit.c | 16 ++++++++++-
crypto/x509/x509_vfy.c | 57 ++++++++++++++++++++++++++++++++-------
openssl.spec | 2 +-
9 files changed, 158 insertions(+), 24 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9d2f9f9..06601b4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,77 @@
OpenSSL CHANGES
_______________

- Changes between 1.0.1m and 1.0.1n [xx XXX xxxx]
+ Changes between 1.0.1n and 1.0.1o [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+
+ *) Malformed ECParameters causes infinite loop
+
+ When processing an ECParameters structure OpenSSL enters an infinite loop
+ if the curve specified is over a specially malformed binary polynomial
+ field.
+
+ This can be used to perform denial of service against any
+ system which processes public keys, certificate requests or
+ certificates. This includes TLS clients and TLS servers with
+ client authentication enabled.
+
+ This issue was reported to OpenSSL by Joseph Barr-Pixton.
+ (CVE-2015-1788)
+ [Andy Polyakov]
+
+ *) Exploitable out-of-bounds read in X509_cmp_time
+
+ X509_cmp_time does not properly check the length of the ASN1_TIME
+ string and can read a few bytes out of bounds. In addition,
+ X509_cmp_time accepts an arbitrary number of fractional seconds in the
+ time string.
+
+ An attacker can use this to craft malformed certificates and CRLs of
+ various sizes and potentially cause a segmentation fault, resulting in
+ a DoS on applications that verify certificates or CRLs. TLS clients
+ that verify CRLs are affected. TLS clients and servers with client
+ authentication enabled may be affected if they use custom verification
+ callbacks.
+
+ This issue was reported to OpenSSL by Robert Swiecki (Google), and
+ independently by Hanno Böck.
+ (CVE-2015-1789)
+ [Emilia Käsper]
+
+ *) PKCS7 crash with missing EnvelopedContent
+
+ The PKCS#7 parsing code does not handle missing inner EncryptedContent
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+ with missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+ structures from untrusted sources are affected. OpenSSL clients and
+ servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-1790)
+ [Emilia Käsper]
+
+ *) CMS verify infinite loop with unknown hash function
+
+ When verifying a signedData message the CMS code can enter an infinite loop
+ if presented with an unknown hash function OID. This can be used to perform
+ denial of service against any system which verifies signedData messages using
+ the CMS code.
+ This issue was reported to OpenSSL by Johannes Bauer.
+ (CVE-2015-1792)
+ [Stephen Henson]
+
+ *) Race condition handling NewSessionTicket
+
+ If a NewSessionTicket is received by a multi-threaded client when attempting to
+ reuse a previous ticket then a race condition can occur potentially leading to
+ a double free of the ticket data.
+ (CVE-2015-1791)
+ [Matt Caswell]

*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
diff --git a/NEWS b/NEWS
index aa72ab0..286059c 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,18 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

- Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [under development]
+ Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [under development]

o

+ Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
+
+ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ o Race condition handling NewSessionTicket (CVE-2015-1791)
+
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]

o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
diff --git a/README b/README
index caddc93..d379b03 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@

- OpenSSL 1.0.1n-dev
+ OpenSSL 1.0.1o-dev

Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index aeee49a..a0ba8de 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
}
# else
{
- int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
- * of p */
- top = p->top;
+ int i;
+ int ubits = BN_num_bits(u);
+ int vbits = BN_num_bits(v); /* v is copy of p */
+ int top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp;

bn_wexpand(u, top);
@@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
ubits--;
}

- if (ubits <= BN_BITS2 && udp[0] == 1)
- break;
+ if (ubits <= BN_BITS2) {
+ if (udp[0] == 0) /* poly was reducible */
+ goto err;
+ if (udp[0] == 1)
+ break;
+ }

if (ubits < vbits) {
i = ubits;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8851603..8b37560 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
BIO_free(f);
f = tbio;
}
- while (f != upto);
+ while (f && f != upto);
} else
BIO_free_all(f);
}
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index d40d5da..14bc8bd 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100010e0L
+# define OPENSSL_VERSION_NUMBER 0x100010f0L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-dev xx XXX xxxx"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 31a1b98..c8d7db0 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -445,6 +445,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)

switch (i) {
case NID_pkcs7_signed:
+ /*
+ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+ * field and optional content.
+ * data_body is NULL if that structure has no (=detached) content
+ * or if the contentType is wrong (i.e., not "data").
+ */
data_body = PKCS7_get_octet_string(p7->d.sign->contents);
if (!PKCS7_is_detached(p7) && data_body == NULL) {
PKCS7err(PKCS7_F_PKCS7_DATADECODE,
@@ -456,6 +462,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
case NID_pkcs7_signedAndEnveloped:
rsk = p7->d.signed_and_enveloped->recipientinfo;
md_sk = p7->d.signed_and_enveloped->md_algs;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -468,6 +475,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
case NID_pkcs7_enveloped:
rsk = p7->d.enveloped->recipientinfo;
enc_alg = p7->d.enveloped->enc_data->algorithm;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body = p7->d.enveloped->enc_data->enc_data;
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL) {
@@ -481,6 +489,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
goto err;
}

+ /* Detached content must be supplied via in_bio instead. */
+ if (data_body == NULL && in_bio == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);

+ goto err;
+ }
+

/* We will be checking the signature */
if (md_sk != NULL) {
for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
@@ -623,7 +637,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
etmp = NULL;
}
#if 1
- if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+ if (in_bio != NULL) {
bio = in_bio;
} else {
# if 0
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 29dd86c..16db4c0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1637,47 +1637,84 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
ASN1_TIME atm;
long offset;
char buff1[24], buff2[24], *p;
- int i, j;
+ int i, j, remaining;

p = buff1;
- i = ctm->length;
+ remaining = ctm->length;
str = (char *)ctm->data;
+ /*
+ * Note that the following (historical) code allows much more slack in the
+ * time format than RFC5280. In RFC5280, the representation is fixed:
+ * UTCTime: YYMMDDHHMMSSZ
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
+ */
if (ctm->type == V_ASN1_UTCTIME) {
- if ((i < 11) || (i > 17))
+ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+ int min_length = sizeof("YYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
return 0;
memcpy(p, str, 10);
p += 10;
str += 10;
+ remaining -= 10;
} else {
- if (i < 13)
+ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
return 0;
memcpy(p, str, 12);
p += 12;
str += 12;
+ remaining -= 12;
}

if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
*(p++) = '0';
*(p++) = '0';
} else {
+ /* SS (seconds) */
+ if (remaining < 2)
+ return 0;
*(p++) = *(str++);
*(p++) = *(str++);
- /* Skip any fractional seconds... */
- if (*str == '.') {
+ remaining -= 2;
+ /*
+ * Skip any (up to three) fractional seconds...
+ * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+ * Can we just kill them altogether?
+ */
+ if (remaining && *str == '.') {
str++;
- while ((*str >= '0') && (*str <= '9'))
- str++;
+ remaining--;
+ for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+ if (*str < '0' || *str > '9')
+ break;
+ }
}

}
*(p++) = 'Z';
*(p++) = '\0';

- if (*str == 'Z')
+ /* We now need either a terminating 'Z' or an offset. */
+ if (!remaining)
+ return 0;
+ if (*str == 'Z') {
+ if (remaining != 1)
+ return 0;
offset = 0;
- else {
+ } else {
+ /* (+-)HHMM */
if ((*str != '+') && (*str != '-'))
return 0;
+ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+ if (remaining != 5)
+ return 0;
+ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+ return 0;
offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
offset += (str[3] - '0') * 10 + (str[4] - '0');
if (*str == '-')
diff --git a/openssl.spec b/openssl.spec
index 71e907e..3e8f3a9 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1n
+Version: 1.0.1o
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via fffcf87a550f76f83e4a17dd190c9c74833046e8 (commit)
from 3adca975dc1175e76bc079306896a09692ed4c15 (commit)


- Log -----------------------------------------------------------------
commit fffcf87a550f76f83e4a17dd190c9c74833046e8
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 12 13:08:04 2015 +0100

Fix ABI break with HMAC

Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.

Conflicts:
crypto/hmac/hmac.c

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/hmac/hmac.c | 19 +++++++------------
crypto/hmac/hmac.h | 1 -
crypto/hmac/hmactest.c | 7 ++++++-
3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 5925467..33d88be 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -87,6 +87,9 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
}
#endif
+ /* If we are changing MD then we must have a key */
+ if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+ return 0;

if (md != NULL) {
reset = 1;
@@ -97,9 +100,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
return 0;
}

- if (!ctx->key_init && key == NULL)
- return 0;
-
if (key != NULL) {
reset = 1;
j = EVP_MD_block_size(md);
@@ -121,7 +121,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
memset(&ctx->key[ctx->key_length], 0,
HMAC_MAX_MD_CBLOCK - ctx->key_length);
- ctx->key_init = 1;
}

if (reset) {
@@ -159,7 +158,7 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
if (FIPS_mode() && !ctx->i_ctx.engine)
return FIPS_hmac_update(ctx, data, len);
#endif
- if (!ctx->key_init)
+ if (!ctx->md)
return 0;

return EVP_DigestUpdate(&ctx->md_ctx, data, len);
@@ -174,7 +173,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
return FIPS_hmac_final(ctx, md, len);
#endif

- if (!ctx->key_init)
+ if (!ctx->md)
goto err;

if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
@@ -195,7 +194,6 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx);
- ctx->key_init = 0;
ctx->md = NULL;
}

@@ -207,11 +205,8 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
goto err;
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
goto err;
- dctx->key_init = sctx->key_init;
- if (sctx->key_init) {
- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
- dctx->key_length = sctx->key_length;
- }
+ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+ dctx->key_length = sctx->key_length;
dctx->md = sctx->md;
return 1;
err:
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index f8e9f5e..b8b55cd 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -79,7 +79,6 @@ typedef struct hmac_ctx_st {
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
- int key_init;
} HMAC_CTX;

# define HMAC_size(e) (EVP_MD_size((e)->md))
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 86b6c25..271d0eb 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -233,7 +233,12 @@ test5:
err++;
goto test6;
}
- if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ printf("Should disallow changing MD without a new key (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 6cbc78906b24cd274f61d205d7f43d66ca08e808 (commit)
from fffcf87a550f76f83e4a17dd190c9c74833046e8 (commit)


- Log -----------------------------------------------------------------
commit 6cbc78906b24cd274f61d205d7f43d66ca08e808
Author: Adam Langley <a...@google.com>
Date: Fri Jun 12 08:05:49 2015 +0100

Allow a zero length extension block

It is valid for an extension block to be present in a ClientHello, but to
be of zero length.

Reviewed-by: Richard Levitte <lev...@openssl.org>

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/t1_lib.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c2d7d72..d70b93f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1016,12 +1016,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

s->srtp_profile = NULL;

- if (data >= (d + n - 2)) {

- if (data != d + n)
- goto err;
- else
- goto ri_check;
- }
+ if (data == d + n)
+ goto ri_check;
+
+ if (data > (d + n - 2))
+ goto err;

+
n2s(data, len);

if (data > (d + n - len))

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 2ad310ffde8c751586b6b5a8b93086fdf79eb815 (commit)
from 6cbc78906b24cd274f61d205d7f43d66ca08e808 (commit)


- Log -----------------------------------------------------------------
commit 2ad310ffde8c751586b6b5a8b93086fdf79eb815
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 12 15:56:51 2015 +0100

Updated CHANGES and NEWS entries for new release

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 4 +++-
NEWS | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 06601b4..3ad6093 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,9 @@

Changes between 1.0.1n and 1.0.1o [xx XXX xxxx]

- *)
+ *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+ incompatibility in the handling of HMAC. The previous ABI has now been
+ restored.

Changes between 1.0.1m and 1.0.1n [11 Jun 2015]

diff --git a/NEWS b/NEWS
index 286059c..4452d22 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@

Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [under development]

- o
+ o Fix HMAC ABI incompatibility

Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 902795b2f19c8ed91aa13ad471526b0c3f5c674b (commit)
via 2a8c2799e1227a020d60a32ff8d0a12544e35c50 (commit)
from 2ad310ffde8c751586b6b5a8b93086fdf79eb815 (commit)


- Log -----------------------------------------------------------------
commit 902795b2f19c8ed91aa13ad471526b0c3f5c674b
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 12 16:24:26 2015 +0100

Prepare for 1.0.1p-dev

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 2a8c2799e1227a020d60a32ff8d0a12544e35c50
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 12 16:20:59 2015 +0100

Prepare for 1.0.1o release

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 6 +++++-
NEWS | 6 +++++-
README | 2 +-
crypto/opensslv.h | 6 +++---
openssl.spec | 2 +-
5 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3ad6093..af27f3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,11 @@
OpenSSL CHANGES
_______________

- Changes between 1.0.1n and 1.0.1o [xx XXX xxxx]
+ Changes between 1.0.1o and 1.0.1p [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.1n and 1.0.1o [12 Jun 2015]

*) Fix HMAC ABI incompatibility. The previous version introduced an ABI

incompatibility in the handling of HMAC. The previous ABI has now been

diff --git a/NEWS b/NEWS
index 4452d22..1d81d4c 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,11 @@

This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

- Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [under development]
+ Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [under development]
+
+ o
+
+ Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]

o Fix HMAC ABI incompatibility

diff --git a/README b/README
index d379b03..7b9ff6e 100644

--- a/README
+++ b/README
@@ -1,5 +1,5 @@

- OpenSSL 1.0.1o-dev
+ OpenSSL 1.0.1p-dev

Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 14bc8bd..f86e324 100644

--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/

-# define OPENSSL_VERSION_NUMBER 0x100010f0L
+# define OPENSSL_VERSION_NUMBER 0x10001100L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-dev xx XXX xxxx"

# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

diff --git a/openssl.spec b/openssl.spec
index 3e8f3a9..67a6074 100644

--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}

-Version: 1.0.1o
+Version: 1.0.1p

Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 347fc5d8cd2cf14f943a15f8ff8ba2698211e503 (commit)
via a5d8c1c291293105f1c4b0336c0569d25b2b468d (commit)
from 902795b2f19c8ed91aa13ad471526b0c3f5c674b (commit)


- Log -----------------------------------------------------------------
commit 347fc5d8cd2cf14f943a15f8ff8ba2698211e503
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Jun 15 09:59:25 2015 +0200

Make preprocessor error into real preprocessor error

Reviewed-by: Kurt Roeckx <ku...@openssl.org>
(cherry picked from commit b4f0d1a4a89b964dba80036a6348ca0a1913c526)

commit a5d8c1c291293105f1c4b0336c0569d25b2b468d
Author: Richard Levitte <lev...@openssl.org>
Date: Sat Jun 13 13:13:55 2015 +0200

Remove one extraneous parenthesis

Reviewed-by: Kurt Roeckx <ku...@openssl.org>
(cherry picked from commit 30cf91784bfde82622f79d87d17d20ce73329532)

-----------------------------------------------------------------------

Summary of changes:
crypto/bio/bio.h | 2 +-
crypto/opensslconf.h.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
index be9cd0e..d583cc1 100644
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -290,7 +290,7 @@ void BIO_clear_flags(BIO *b, int flags);
* BIO_CB_RETURN flag indicates if it is after the call
*/
# define BIO_CB_RETURN 0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)

diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
index 97e3745..814309b 100644
--- a/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
@@ -101,7 +101,7 @@
#endif

#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif

/* Unroll the inner loop, this sometimes helps, sometimes hinders.

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 83d6620986ab351b02ec2f5bbc30d2c4cac21f63 (commit)
from 347fc5d8cd2cf14f943a15f8ff8ba2698211e503 (commit)


- Log -----------------------------------------------------------------
commit 83d6620986ab351b02ec2f5bbc30d2c4cac21f63
Author: Rich Salz <rs...@akamai.com>
Date: Sun Jun 21 15:12:20 2015 -0400

RT1688: Add dependencies for parallel make

Backport to 1.0.1 and 1.0.2 to fix RT 3905

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 8e6bb99979b95ee8b878e22e043ceb78d79c32a1)

-----------------------------------------------------------------------

Summary of changes:
Makefile.org | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/Makefile.org b/Makefile.org
index cf82487..55a3700 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -268,6 +268,7 @@ reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

sub_all: build_all
+

build_all: build_libs build_apps build_tests build_tools

build_libs: build_libcrypto build_libssl openssl.pc
@@ -277,15 +278,15 @@ build_libssl: build_ssl libssl.pc

build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)

all_testapps: build_libs build_testapps

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via f4961dc2af340f87747c739269fa2b3b704bfe3f (commit)
via 40ced6c1871e48910cb981c6033c6874129f6632 (commit)
via f1817dd4d05004359940eaf87805f91a77517d95 (commit)
via 5891dae67c93d53e79bfa2bdc31d9bd72ba9da73 (commit)
via 1d6d4efea56c8b03a4fbb2b1b9e1f25447e752aa (commit)
via 0fee33440466df4296da37f255788f9711e36747 (commit)
via 141f7d263b6b4e2c5871d9cd1cd85746e601a69a (commit)
via ae3254a52d1ee77c1930a863fb98f7f3723a9d9b (commit)
via 9720dd4314470c8504d9e7038540ccd3635b3602 (commit)
from 83d6620986ab351b02ec2f5bbc30d2c4cac21f63 (commit)


- Log -----------------------------------------------------------------
commit f4961dc2af340f87747c739269fa2b3b704bfe3f
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 21:35:59 2015 +0200

Cleanup mttest.c : because we no longer use stdio here, don't include it

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 8ca96efd24b73f917837fdd45b1c22d7b8ff8cbd)

commit 40ced6c1871e48910cb981c6033c6874129f6632
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:19:59 2015 +0200

Add -ldl to the build of mttest.c

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit d62c98c81c7b47b7b1878fd7e91e5fd33818faf0)

commit f1817dd4d05004359940eaf87805f91a77517d95
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:16:50 2015 +0200

Cleanup mttest.c : do not try to output reference counts when threads are done

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 964626957f79e07ed97756527cdc7e84007c60c9)

commit 5891dae67c93d53e79bfa2bdc31d9bd72ba9da73
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:13:57 2015 +0200

Cleanup mttest.c : better error reporting when certs are missing

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 7a1789d254c561bd3024c971b5cfeeedd12d63f3)

commit 1d6d4efea56c8b03a4fbb2b1b9e1f25447e752aa
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:12:33 2015 +0200

Cleanup mttest.c : make ssl_method a pointer to const

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit f4c73bfe0ab7a0e8f82fe2947c0f77fe3d98acab)

Conflicts:
crypto/threads/mttest.c

commit 0fee33440466df4296da37f255788f9711e36747
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:19:17 2015 +0200

Cleanup mttest.c : more output changes

More fprintf()s and printf()s to turn into BIO calls.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 141f7d263b6b4e2c5871d9cd1cd85746e601a69a
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:11:43 2015 +0200

Cleanup mttest.c : modernise output

Construct bio_err and bio_stdout from file handles instead of FILE
pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO
is defined).
Convert all output to use BIO_printf.
Change lh_foo to lh_SSL_SESSION_foo.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit bb8abd6735e198de36c1eb9098a7f1516d156220)

Conflicts:
crypto/threads/mttest.c

commit ae3254a52d1ee77c1930a863fb98f7f3723a9d9b
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 19:03:44 2015 +0200

Cleanup mttest.c : modernise the threads setup

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 5c78e1835285ce4acdc7cc4f4c06aa7d6661c9b4)

Conflicts:
crypto/threads/mttest.c

commit 9720dd4314470c8504d9e7038540ccd3635b3602
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 21 18:51:18 2015 +0200

Cleanup mttest.c : remove MS_CALLBACK

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit a3f9286556d6d78c1800caae97a9328afb2557e6)

-----------------------------------------------------------------------

Summary of changes:
crypto/threads/mttest.c | 365 +++++++++++++++++++++++----------------------
crypto/threads/pthread2.sh | 3 +-
2 files changed, 185 insertions(+), 183 deletions(-)

diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c
index 8f67db6..dbff4a6 100644
--- a/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
@@ -56,7 +56,6 @@
* [including the GNU Public Licence.]
*/

-#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
@@ -86,17 +85,11 @@
#include <openssl/lhash.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
-#include "../../e_os.h"
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>

-#ifdef OPENSSL_NO_FP_API
-# define APPS_WIN16
-# include "../buffer/bss_file.c"
-#endif
-
#ifdef OPENSSL_SYS_NETWARE
# define TEST_SERVER_CERT "/openssl/apps/server.pem"
# define TEST_CLIENT_CERT "/openssl/apps/client.pem"
@@ -107,23 +100,23 @@

#define MAX_THREAD_NUMBER 100

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+int verify_callback(int ok, X509_STORE_CTX *xs);
void thread_setup(void);
void thread_cleanup(void);
void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx);

-void irix_locking_callback(int mode, int type, char *file, int line);
-void solaris_locking_callback(int mode, int type, char *file, int line);
-void win32_locking_callback(int mode, int type, char *file, int line);
-void pthreads_locking_callback(int mode, int type, char *file, int line);
-void netware_locking_callback(int mode, int type, char *file, int line);
+void irix_locking_callback(int mode, int type, const char *file, int line);
+void solaris_locking_callback(int mode, int type, const char *file, int line);
+void win32_locking_callback(int mode, int type, const char *file, int line);
+void pthreads_locking_callback(int mode, int type, const char *file, int line);
+void netware_locking_callback(int mode, int type, const char *file, int line);
void beos_locking_callback(int mode, int type, const char *file, int line);

-unsigned long irix_thread_id(void);
-unsigned long solaris_thread_id(void);
-unsigned long pthreads_thread_id(void);
-unsigned long netware_thread_id(void);
-unsigned long beos_thread_id(void);
+void irix_thread_id(CRYPTO_THREADID *tid);
+void solaris_thread_id(CRYPTO_THREADID *tid);
+void pthreads_thread_id(CRYPTO_THREADID *tid);
+void netware_thread_id(CRYPTO_THREADID *tid);
+void beos_thread_id(CRYPTO_THREADID *tid);

#if defined(OPENSSL_SYS_NETWARE)
static MPKMutex *lock_cs;
@@ -149,39 +142,39 @@ static const char rnd_seed[] =
"string to make the random number generator think it has entropy";

int doit(char *ctx[4]);
-static void print_stats(FILE *fp, SSL_CTX *ctx)
+static void print_stats(BIO *bio, SSL_CTX *ctx)
{
- fprintf(fp, "%4ld items in the session cache\n",
- SSL_CTX_sess_number(ctx));
- fprintf(fp, "%4d client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ctx));
- fprintf(fp, "%4d client connects that finished\n",
- SSL_CTX_sess_connect_good(ctx));
- fprintf(fp, "%4d server connects (SSL_accept())\n",
- SSL_CTX_sess_accept(ctx));
- fprintf(fp, "%4d server connects that finished\n",
- SSL_CTX_sess_accept_good(ctx));
- fprintf(fp, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
- fprintf(fp, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
- fprintf(fp, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
+ BIO_printf(bio, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ctx));
+ BIO_printf(bio, "%4d client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ctx));
+ BIO_printf(bio, "%4d client connects that finished\n",
+ SSL_CTX_sess_connect_good(ctx));
+ BIO_printf(bio, "%4d server connects (SSL_accept())\n",
+ SSL_CTX_sess_accept(ctx));
+ BIO_printf(bio, "%4d server connects that finished\n",
+ SSL_CTX_sess_accept_good(ctx));
+ BIO_printf(bio, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
+ BIO_printf(bio, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
+ BIO_printf(bio, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
}

static void sv_usage(void)
{
- fprintf(stderr, "usage: ssltest [args ...]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " -server_auth - check server certificate\n");
- fprintf(stderr, " -client_auth - do client authentication\n");
- fprintf(stderr, " -v - more output\n");
- fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr, " -threads arg - number of threads\n");
- fprintf(stderr, " -loops arg - number of 'connections', per thread\n");
- fprintf(stderr, " -reconnect - reuse session-id's\n");
- fprintf(stderr, " -stats - server session-id cache stats\n");
- fprintf(stderr, " -cert arg - server certificate/key\n");
- fprintf(stderr, " -ccert arg - client certificate/key\n");
- fprintf(stderr, " -ssl3 - just SSLv3n\n");
+ BIO_printf(bio_err, "usage: ssltest [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -server_auth - check server certificate\n");
+ BIO_printf(bio_err, " -client_auth - do client authentication\n");
+ BIO_printf(bio_err, " -v - more output\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, " -threads arg - number of threads\n");
+ BIO_printf(bio_err, " -loops arg - number of 'connections', per thread\n");
+ BIO_printf(bio_err, " -reconnect - reuse session-id's\n");
+ BIO_printf(bio_err, " -stats - server session-id cache stats\n");
+ BIO_printf(bio_err, " -cert arg - server certificate/key\n");
+ BIO_printf(bio_err, " -ccert arg - client certificate/key\n");
+ BIO_printf(bio_err, " -ssl3 - just SSLv3n\n");
}

int main(int argc, char *argv[])
@@ -195,14 +188,14 @@ int main(int argc, char *argv[])
SSL_CTX *c_ctx = NULL;
char *scert = TEST_SERVER_CERT;
char *ccert = TEST_CLIENT_CERT;
- SSL_METHOD *ssl_method = SSLv23_method();
+ const SSL_METHOD *ssl_method = SSLv23_method();

RAND_seed(rnd_seed, sizeof rnd_seed);

if (bio_err == NULL)
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ bio_err = BIO_new_fd(2, BIO_NOCLOSE);
if (bio_stdout == NULL)
- bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio_stdout = BIO_new_fd(1, BIO_NOCLOSE);
argc--;
argv++;

@@ -250,7 +243,7 @@ int main(int argc, char *argv[])
if (number_of_loops == 0)
number_of_loops = 1;
} else {
- fprintf(stderr, "unknown option %s\n", *argv);
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
break;
}
@@ -284,9 +277,12 @@ int main(int argc, char *argv[])
SSL_SESS_CACHE_SERVER);

if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_certificate_file (%s)\n", scert);
ERR_print_errors(bio_err);
+ goto end;
} else
if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "SSL_CTX_use_RSAPrivateKey_file (%s)\n", scert);
ERR_print_errors(bio_err);
goto end;
}
@@ -300,19 +296,19 @@ int main(int argc, char *argv[])
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
- fprintf(stderr, "SSL_load_verify_locations\n");
+ BIO_printf(bio_err, "SSL_load_verify_locations\n");
ERR_print_errors(bio_err);
goto end;
}

if (client_auth) {
- fprintf(stderr, "client authentication\n");
+ BIO_printf(bio_err, "client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
}
if (server_auth) {
- fprintf(stderr, "server authentication\n");
+ BIO_printf(bio_err, "server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
}

@@ -322,24 +318,24 @@ int main(int argc, char *argv[])
end:

if (c_ctx != NULL) {
- fprintf(stderr, "Client SSL_CTX stats then free it\n");
- print_stats(stderr, c_ctx);
+ BIO_printf(bio_err, "Client SSL_CTX stats then free it\n");
+ print_stats(bio_err, c_ctx);
SSL_CTX_free(c_ctx);
}
if (s_ctx != NULL) {
- fprintf(stderr, "Server SSL_CTX stats then free it\n");
- print_stats(stderr, s_ctx);
+ BIO_printf(bio_err, "Server SSL_CTX stats then free it\n");
+ print_stats(bio_err, s_ctx);
if (cache_stats) {
- fprintf(stderr, "-----\n");
- lh_stats(SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
- /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n"); */
- lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr);
- fprintf(stderr, "-----\n");
+ BIO_printf(bio_err, "-----\n");
+ lh_SSL_SESSION_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
+ /*- lh_SSL_SESSION_node_stats_bio(SSL_CTX_sessions(s_ctx),bio_err);
+ BIO_printf(bio_err,"-----\n"); */
+ lh_SSL_SESSION_node_usage_stats_bio(SSL_CTX_sessions(s_ctx), bio_err);
+ BIO_printf(bio_err, "-----\n");
}
SSL_CTX_free(s_ctx);
- fprintf(stderr, "done free\n");
+ BIO_printf(bio_err, "done free\n");
}
exit(ret);
return (0);
@@ -355,6 +351,7 @@ int ndoit(SSL_CTX *ssl_ctx[2])
int i;
int ret;
char *ctx[4];
+ CRYPTO_THREADID thread_id;

ctx[0] = (char *)ssl_ctx[0];
ctx[1] = (char *)ssl_ctx[1];
@@ -367,22 +364,24 @@ int ndoit(SSL_CTX *ssl_ctx[2])
ctx[3] = NULL;
}

- fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id());
+ CRYPTO_THREADID_current(&thread_id);
+ BIO_printf(bio_stdout, "started thread %lu\n",
+ CRYPTO_THREADID_hash(&thread_id));
for (i = 0; i < number_of_loops; i++) {
-/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
- CRYPTO_thread_id(),i,
- ssl_ctx[0]->references,
- ssl_ctx[1]->references); */
+/*- BIO_printf(bio_err,"%4d %2d ctx->ref (%3d,%3d)\n",
+ CRYPTO_THREADID_hash(&thread_id),i,
+ ssl_ctx[0]->references,
+ ssl_ctx[1]->references); */
/* pthread_delay_np(&tm); */

ret = doit(ctx);
if (ret != 0) {
- fprintf(stdout, "error[%d] %lu - %d\n",
- i, CRYPTO_thread_id(), ret);
+ BIO_printf(bio_stdout, "error[%d] %lu - %d\n",
+ i, CRYPTO_THREADID_hash(&thread_id), ret);
return (ret);
}
}
- fprintf(stdout, "DONE %lu\n", CRYPTO_thread_id());
+ BIO_printf(bio_stdout, "DONE %lu\n", CRYPTO_THREADID_hash(&thread_id));
if (reconnect) {
SSL_free((SSL *)ctx[2]);
SSL_free((SSL *)ctx[3]);
@@ -467,26 +466,26 @@ int doit(char *ctx[4])

if (do_server && verbose) {
if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
+ BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
else if (s_write)
- printf("server:SSL_write()\n");
+ BIO_printf(bio_stdout, "server:SSL_write()\n");
else
- printf("server:SSL_read()\n");
+ BIO_printf(bio_stdout, "server:SSL_read()\n");
}

if (do_client && verbose) {
if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
+ BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
else if (c_write)
- printf("client:SSL_write()\n");
+ BIO_printf(bio_stdout, "client:SSL_write()\n");
else
- printf("client:SSL_read()\n");
+ BIO_printf(bio_stdout, "client:SSL_read()\n");
}

if (!do_client && !do_server) {
- fprintf(stdout, "ERROR IN STARTUP\n");
+ BIO_printf(bio_stdout, "ERROR IN STARTUP\n");
break;
}
if (do_client && !(done & C_DONE)) {
@@ -501,12 +500,12 @@ int doit(char *ctx[4])
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
/* ok */
@@ -523,19 +522,19 @@ int doit(char *ctx[4])
if (BIO_should_write(c_bio))
c_w = 1;
} else {
- fprintf(stderr, "ERROR in CLIENT\n");
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
return (1);
} else {
done |= C_DONE;
#ifdef undef
- fprintf(stdout, "CLIENT:from server:");
- fwrite(cbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "CLIENT:from server:");
+ BIO_write(bio_stdout, cbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
}
@@ -553,20 +552,20 @@ int doit(char *ctx[4])
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 1;
s_w = 1;
#ifdef undef
- fprintf(stdout, "SERVER:from client:");
- fwrite(sbuf, 1, i, stdout);
- fflush(stdout);
+ BIO_printf(bio_stdout, "SERVER:from client:");
+ BIO_write(bio_stdout, sbuf, i);
+ BIO_flush(bio_stdout);
#endif
}
} else {
@@ -580,12 +579,12 @@ int doit(char *ctx[4])
if (BIO_should_write(s_bio))
s_w = 1;
} else {
- fprintf(stderr, "ERROR in SERVER\n");
+ BIO_printf(bio_err, "ERROR in SERVER\n");
ERR_print_errors_fp(stderr);
return (1);
}
} else if (i == 0) {
- fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
return (1);
} else {
s_write = 0;
@@ -606,7 +605,7 @@ int doit(char *ctx[4])
SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);

#ifdef undef
- fprintf(stdout, "DONE\n");
+ BIO_printf(bio_stdout, "DONE\n");
#endif
err:
/*
@@ -640,7 +639,7 @@ int doit(char *ctx[4])
return (0);
}

-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];

@@ -649,9 +648,9 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
buf, 256);
if (s != NULL) {
if (ok)
- fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ BIO_printf(bio_err, "depth=%d %s\n", ctx->error_depth, buf);
else
- fprintf(stderr, "depth=%d error=%d %s\n",
+ BIO_printf(bio_err, "depth=%d error=%d %s\n",
ctx->error_depth, ctx->error, buf);
}
}
@@ -688,7 +687,7 @@ void thread_cleanup(void)
OPENSSL_free(lock_cs);
}

-void win32_locking_callback(int mode, int type, char *file, int line)
+void win32_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
WaitForSingleObject(lock_cs[type], INFINITE);
@@ -717,7 +716,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
(void *)ssl_ctx, 0L, &(thread_id[i]));
}

- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i += 50) {
int j;

@@ -727,7 +726,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
(CONST HANDLE *) & (thread_handle[i]),
TRUE, INFINITE)
== WAIT_FAILED) {
- fprintf(stderr, "WaitForMultipleObjects failed:%d\n",
+ BIO_printf(bio_err, "WaitForMultipleObjects failed:%d\n",
GetLastError());
exit(1);
}
@@ -743,7 +742,7 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
ret = (ret + end.wSecond - start.wSecond);
ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0;

- printf("win32 threads done - %.3f seconds\n", ret);
+ BIO_printf(bio_stdout, "win32 threads done - %.3f seconds\n", ret);
}

#endif /* OPENSSL_SYS_WIN32 */
@@ -768,8 +767,8 @@ void thread_setup(void)
mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
}

- CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
- CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+ CRYPTO_set_id_callback(solaris_thread_id);
+ CRYPTO_set_locking_callback(solaris_locking_callback);
}

void thread_cleanup(void)
@@ -778,34 +777,34 @@ void thread_cleanup(void)

CRYPTO_set_locking_callback(NULL);

- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");

for (i = 0; i < CRYPTO_num_locks(); i++) {
/* rwlock_destroy(&(lock_cs[i])); */
mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);

- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");

}

-void solaris_locking_callback(int mode, int type, char *file, int line)
+void solaris_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif

/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
/*-
@@ -837,21 +836,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
(void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i]));
}

- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
thr_join(thread_ctx[i], NULL, NULL);
}

- printf("solaris threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "solaris threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "solaris threads done\n");
+#endif
}

-unsigned long solaris_thread_id(void)
+void solaris_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)thr_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)thr_self());
}
#endif /* SOLARIS */

@@ -880,8 +880,8 @@ void thread_setup(void)
lock_cs[i] = usnewsema(arena, 1);
}

- CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
- CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+ CRYPTO_set_id_callback(irix_thread_id);
+ CRYPTO_set_locking_callback(irix_locking_callback);
}

void thread_cleanup(void)
@@ -899,13 +899,13 @@ void thread_cleanup(void)
OPENSSL_free(lock_cs);
}

-void irix_locking_callback(int mode, int type, char *file, int line)
+void irix_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
- printf("lock %d\n", type);
+ BIO_printf(bio_stdout, "lock %d\n", type);
uspsema(lock_cs[type]);
} else {
- printf("unlock %d\n", type);
+ BIO_printf(bio_stdout, "unlock %d\n", type);
usvsema(lock_cs[type]);
}
}
@@ -924,21 +924,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
PR_SADDR | PR_SFDS, (void *)ssl_ctx);
}

- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
wait(NULL);
}

- printf("irix threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "irix threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "irix threads done\n");
+#endif
}

unsigned long irix_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)getpid();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)getpid());
}
#endif /* IRIX */

@@ -958,8 +959,8 @@ void thread_setup(void)
pthread_mutex_init(&(lock_cs[i]), NULL);
}

- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+ CRYPTO_THREADID_set_callback(pthreads_thread_id);
+ CRYPTO_set_locking_callback(pthreads_locking_callback);
}

void thread_cleanup(void)
@@ -967,30 +968,30 @@ void thread_cleanup(void)
int i;

CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
pthread_mutex_destroy(&(lock_cs[i]));
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);

- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}

-void pthreads_locking_callback(int mode, int type, char *file, int line)
+void pthreads_locking_callback(int mode, int type, const char *file, int line)
{
# ifdef undef
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
/*-
if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
+ BIO_printf(bio_err,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
*/
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&(lock_cs[type]));
@@ -1017,21 +1018,22 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
(void *(*)())ndoit, (void *)ssl_ctx);
}

- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");
for (i = 0; i < thread_number; i++) {
pthread_join(thread_ctx[i], NULL);
}

- printf("pthreads threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "pthreads threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "pthreads threads done\n");
+#endif
}

-unsigned long pthreads_thread_id(void)
+void pthreads_thread_id(CRYPTO_THREADID *tid)
{
- unsigned long ret;
-
- ret = (unsigned long)pthread_self();
- return (ret);
+ CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self());
}

#endif /* PTHREADS */
@@ -1051,8 +1053,8 @@ void thread_setup(void)

ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0);

- CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
- CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
+ CRYPTO_set_id_callback(netware_thread_id);
+ CRYPTO_set_locking_callback(netware_locking_callback);
}

void thread_cleanup(void)
@@ -1061,21 +1063,21 @@ void thread_cleanup(void)

CRYPTO_set_locking_callback(NULL);

- fprintf(stdout, "thread_cleanup\n");
+ BIO_printf(bio_stdout, "thread_cleanup\n");

for (i = 0; i < CRYPTO_num_locks(); i++) {
MPKMutexFree(lock_cs[i]);
- fprintf(stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);

MPKSemaphoreFree(ThreadSem);

- fprintf(stdout, "done cleanup\n");
+ BIO_printf(bio_stdout, "done cleanup\n");
}

-void netware_locking_callback(int mode, int type, char *file, int line)
+void netware_locking_callback(int mode, int type, const char *file, int line)
{
if (mode & CRYPTO_LOCK) {
MPKMutexLock(lock_cs[type]);
@@ -1097,22 +1099,23 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
ThreadSwitchWithDelay();
}

- printf("reaping\n");
+ BIO_printf(bio_stdout, "reaping\n");

/* loop until all threads have signaled the semaphore */
for (i = 0; i < thread_number; i++) {
MPKSemaphoreWait(ThreadSem);
}
- printf("netware threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+#if 0 /* We can't currently find out the reference amount */
+ BIO_printf(bio_stdout, "netware threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+#else
+ BIO_printf(bio_stdout, "netware threads done\n");
+#endif
}

unsigned long netware_thread_id(void)
{
- unsigned long ret;
-
- ret = (unsigned long)GetThreadID();
- return (ret);
+ CRYPTO_THREADID_set_numeric((unsigned long)GetThreadID());
}
#endif /* NETWARE */

@@ -1144,24 +1147,24 @@ void thread_cleanup(void)
int i;

CRYPTO_set_locking_callback(NULL);
- fprintf(stderr, "cleanup\n");
+ BIO_printf(bio_err, "cleanup\n");
for (i = 0; i < CRYPTO_num_locks(); i++) {
delete lock_cs[i];
- fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ BIO_printf(bio_err, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
}
OPENSSL_free(lock_cs);
OPENSSL_free(lock_count);

- fprintf(stderr, "done cleanup\n");
+ BIO_printf(bio_err, "done cleanup\n");
}

void beos_locking_callback(int mode, int type, const char *file, int line)
{
# if 0
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
+ BIO_printf(bio_err, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
# endif
if (mode & CRYPTO_LOCK) {
lock_cs[type]->Lock();
@@ -1187,14 +1190,14 @@ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
resume_thread(thread_ctx[i]);
}

- printf("waiting...\n");
+ BIO_printf(bio_stdout, "waiting...\n");
for (i = 0; i < thread_number; i++) {
status_t result;
wait_for_thread(thread_ctx[i], &result);
}

- printf("beos threads done (%d,%d)\n",
- s_ctx->references, c_ctx->references);
+ BIO_printf(bio_stdout, "beos threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
}

unsigned long beos_thread_id(void)
diff --git a/crypto/threads/pthread2.sh b/crypto/threads/pthread2.sh
index 41264c6..ec945c4 100755
--- a/crypto/threads/pthread2.sh
+++ b/crypto/threads/pthread2.sh
@@ -3,5 +3,4 @@
# build using pthreads where it's already built into the system
#
/bin/rm -f mttest
-gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
-
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread -ldl

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 9ad2eb6a6e0f75af16078d47df04b1fb16cae143 (commit)
from f4961dc2af340f87747c739269fa2b3b704bfe3f (commit)


- Log -----------------------------------------------------------------
commit 9ad2eb6a6e0f75af16078d47df04b1fb16cae143
Author: Rich Salz <rs...@akamai.com>
Date: Sat Jun 13 17:18:47 2015 -0400

RT3907: avoid "local" in testssl script

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 75ba5c58c6b3b3326a6c3198100830afa120e7c3)

-----------------------------------------------------------------------

Summary of changes:
test/testssl | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/testssl b/test/testssl
index b9b86b3..f41a60c 100644
--- a/test/testssl
+++ b/test/testssl
@@ -120,11 +120,10 @@ echo test sslv2/sslv3 with both client and server authentication via BIO pair an
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

test_cipher() {
- local cipher=$1
- local protocol=$2
+ _cipher=$1
echo "Testing $cipher"
prot=""
- if [ $protocol = "SSLv3" ] ; then
+ if [ $2 = "SSLv3" ] ; then
prot="-ssl3"
fi
$ssltest -cipher $cipher $prot

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via ae2f46597a01f3e7042493d09bd0559028bb5699 (commit)
from 9ad2eb6a6e0f75af16078d47df04b1fb16cae143 (commit)


- Log -----------------------------------------------------------------
commit ae2f46597a01f3e7042493d09bd0559028bb5699
Author: Rich Salz <rs...@akamai.com>
Date: Mon Jun 22 19:26:50 2015 -0400

RT3907-fix

Typo in local variable name; introduced by previous fix.

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit cc3f3fc2b1c94d65824ab8d69595b6d89b17cf8d)

-----------------------------------------------------------------------

Summary of changes:
test/testssl | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/testssl b/test/testssl
index f41a60c..d5b1c9a 100644
--- a/test/testssl
+++ b/test/testssl
@@ -121,14 +121,14 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

test_cipher() {
_cipher=$1
- echo "Testing $cipher"
+ echo "Testing $_cipher"
prot=""

if [ $2 = "SSLv3" ] ; then
prot="-ssl3"
fi

- $ssltest -cipher $cipher $prot
+ $ssltest -cipher $_cipher $prot
if [ $? -ne 0 ] ; then
- echo "Failed $cipher"
+ echo "Failed $_cipher"
exit 1
fi

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via 0d25eb7800cbb2e845b4f38e3c78df437d68ad7c (commit)
from ae2f46597a01f3e7042493d09bd0559028bb5699 (commit)


- Log -----------------------------------------------------------------
commit 0d25eb7800cbb2e845b4f38e3c78df437d68ad7c

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Jun 24 12:28:50 2015 +0100

Don't output bogus errors in PKCS12_parse

PR#3923

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664)

-----------------------------------------------------------------------

Summary of changes:
crypto/pkcs12/p12_kiss.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index ee476c3..9aa3c90 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -135,10 +135,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,

while ((x = sk_X509_pop(ocerts))) {
if (pkey && *pkey && cert && !*cert) {
+ ERR_set_mark();
if (X509_check_private_key(x, *pkey)) {
*cert = x;
x = NULL;
}
+ ERR_pop_to_mark();
}

if (ca && x) {

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via eb0e2a5c5d904c3f74a9387d27bfbad4861469a9 (commit)
from 0d25eb7800cbb2e845b4f38e3c78df437d68ad7c (commit)


- Log -----------------------------------------------------------------
commit eb0e2a5c5d904c3f74a9387d27bfbad4861469a9

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Jun 25 15:07:25 2015 +0100

Check for errors with SRP

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 5fced2395ddfb603a50fd1bd87411e603a59dc6f)

-----------------------------------------------------------------------

Summary of changes:
test/testssl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/testssl b/test/testssl
index d5b1c9a..261097b 100644
--- a/test/testssl
+++ b/test/testssl
@@ -198,16 +198,16 @@ if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
echo skipping SRP tests
else
echo test tls1 with SRP
- $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1

echo test tls1 with SRP via BIO pair
- $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1

echo test tls1 with SRP auth
- $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1

echo test tls1 with SRP auth via BIO pair
- $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123
+ $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
fi

exit 0

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via d6be3124f22870f1888c532523b74ea5d89795eb (commit)
from eb0e2a5c5d904c3f74a9387d27bfbad4861469a9 (commit)


- Log -----------------------------------------------------------------
commit d6be3124f22870f1888c532523b74ea5d89795eb

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Jul 1 23:40:03 2015 +0100

Fix PSK handling.

The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).

Use BUF_strndup when copying identity as it may not be null terminated.

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c)

-----------------------------------------------------------------------

Summary of changes:
ssl/s3_clnt.c | 17 +++--------------
ssl/s3_srvr.c | 2 +-
2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0879a0f..35ad121 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1381,8 +1381,6 @@ int ssl3_get_key_exchange(SSL *s)

#ifndef OPENSSL_NO_PSK
if (alg_k & SSL_kPSK) {
- char tmp_id_hint[PSK_MAX_IDENTITY_LEN + 1];
-
param_len = 2;
if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -1408,17 +1406,8 @@ int ssl3_get_key_exchange(SSL *s)
}
param_len += i;

- /*
- * If received PSK identity hint contains NULL characters, the hint
- * is truncated from the first NULL. p may not be ending with NULL,
- * so create a NULL-terminated string.
- */
- memcpy(tmp_id_hint, p, i);
- memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
- if (s->ctx->psk_identity_hint != NULL)
- OPENSSL_free(s->ctx->psk_identity_hint);
- s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->ctx->psk_identity_hint == NULL) {
+ s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+ if (s->session->psk_identity_hint == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto f_err;
@@ -2951,7 +2940,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}

memset(identity, 0, sizeof(identity));
- psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+ psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
identity, sizeof(identity) - 1,
psk_or_pre_ms,
sizeof(psk_or_pre_ms));
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9aa3292..3a5f71d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2792,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s)

if (s->session->psk_identity != NULL)
OPENSSL_free(s->session->psk_identity);
- s->session->psk_identity = BUF_strdup((char *)p);
+ s->session->psk_identity = BUF_strndup((char *)p, i);
if (s->session->psk_identity == NULL) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
goto psk_err;

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via cb6e0ed17a61ae3711d385f517d61be2b4c33a55 (commit)
via e5d5019a233d15e3ce93e57925c98bd0c8e71f46 (commit)
from d6be3124f22870f1888c532523b74ea5d89795eb (commit)


- Log -----------------------------------------------------------------
commit cb6e0ed17a61ae3711d385f517d61be2b4c33a55

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Jun 9 23:17:06 2015 +0100

Relax CCM tag check.

In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 9cca7be11d62298b2af0722f94345012c86eaed4)

commit e5d5019a233d15e3ce93e57925c98bd0c8e71f46

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Mon Jul 6 14:17:49 2015 +0100

document -2 return value

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 5727582cf51e98e5e0faa435e7da2c8929533c0d)

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/e_aes.c | 2 +-
doc/crypto/X509_NAME_get_index_by_NID.pod | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1ede7bd..a4327fc 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1146,7 +1146,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_CCM_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
- if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+ if (c->encrypt && ptr)
return 0;
if (ptr) {
cctx->tag_set = 1;
diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod
index c8a8128..109f561 100644
--- a/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -29,6 +29,7 @@ and issuer names.
X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
should initially be set to -1. If there are no more entries -1 is returned.
+If B<nid> is invalid (doesn't correspond to a valid OID) then -2 is returned.

X509_NAME_entry_count() returns the total number of entries in B<name>.

@@ -63,6 +64,10 @@ The list of all relevant B<NID_*> and B<OBJ_* codes> can be found in
the source code header files E<lt>openssl/obj_mac.hE<gt> and/or
E<lt>openssl/objects.hE<gt>.

+Applications which could pass invalid NIDs to X509_NAME_get_index_by_NID()
+should check for the return value of -2. Alternatively the NID validity
+can be determined first by checking OBJ_nid2obj(nid) is not NULL.
+
=head1 EXAMPLES

Process all entries:
@@ -95,6 +100,8 @@ Process all commonName entries:

X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
return the index of the next matching entry or -1 if not found.
+X509_NAME_get_index_by_NID() can also return -2 if the supplied
+NID is invalid.

X509_NAME_entry_count() returns the total number of entries.

[Matt Caswell]

The branch OpenSSL_1_0_1-stable has been updated

via 7c17c20a56a76c219dcf35d4956026f021cdee52 (commit)
via 5ab53da9fbc96b9740a48b318aab845d6616eee4 (commit)
via 245daa2b733d66233450bab6880cd0afcddb61de (commit)
via cb22d2ae5a5b6069dbf66dbcce07223ac15a16de (commit)
via b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 (commit)
via d42d1004332f40c1098946b0804791fd3da3e378 (commit)
via 9a0db453ba017ebcaccbee933ee6511a9ae4d1c8 (commit)
from cb6e0ed17a61ae3711d385f517d61be2b4c33a55 (commit)


- Log -----------------------------------------------------------------
commit 7c17c20a56a76c219dcf35d4956026f021cdee52
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 9 13:29:59 2015 +0100

Prepare for 1.0.1q-dev

Reviewed-by: Stephen Henson <st...@openssl.org>

commit 5ab53da9fbc96b9740a48b318aab845d6616eee4
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 9 13:22:23 2015 +0100

Prepare for 1.0.1p release

Reviewed-by: Stephen Henson <st...@openssl.org>

commit 245daa2b733d66233450bab6880cd0afcddb61de
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 2 15:38:32 2015 +0100

Update CHANGES and NEWS for the new release

Reviewed-by: Stephen Henson <st...@openssl.org>

commit cb22d2ae5a5b6069dbf66dbcce07223ac15a16de
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jun 24 00:12:38 2015 +0100

Fix alt chains bug

This is a follow up to the alternate chains certificate forgery issue
(CVE-2015-1793). That issue is exacerbated in 1.0.1 by a related bug which
means that we *always* check for an alternative chain, even if we have
already found a chain. The code is supposed to stop as soon as it has found
one (and does do in master and 1.0.2).

Reviewed-by: Stephen Henson <st...@openssl.org>

commit b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 25 09:47:15 2015 +0100

Reject calls to X509_verify_cert that have not been reinitialised

The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.

With regards to the second of these, we should discount this - it should
not be supported to allow this.

With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.

Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.

Reviewed-by: Stephen Henson <st...@openssl.org>

commit d42d1004332f40c1098946b0804791fd3da3e378
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jul 2 00:15:56 2015 +0100

Add test for CVE-2015-1793

This adds a test for CVE-2015-1793. This adds a new test file
verify_extra_test.c, which could form the basis for additional
verification tests.

Reviewed-by: Stephen Henson <st...@openssl.org>

Conflicts:

test/Makefile

commit 9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jun 24 15:55:36 2015 +0100

Fix alternate chains certificate forgery issue

During certificate verfification, OpenSSL will attempt to find an
alternative certificate chain if the first attempt to build such a chain
fails. An error in the implementation of this logic can mean that an
attacker could cause certain checks on untrusted certificates to be
bypassed, such as the CA flag, enabling them to use a valid leaf
certificate to act as a CA and "issue" an invalid certificate.

This occurs where at least one cert is added to the first chain from the
trust store, but that chain still ends up being untrusted. In that case
ctx->last_untrusted is decremented in error.

Patch provided by the BoringSSL project.

CVE-2015-1793

Reviewed-by: Stephen Henson <st...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 17 +++-
NEWS | 6 +-
README | 2 +-
crypto/opensslv.h | 6 +-
crypto/x509/Makefile | 2 +-
crypto/x509/verify_extra_test.c | 209 ++++++++++++++++++++++++++++++++++++++
crypto/x509/x509_vfy.c | 26 +++--
doc/crypto/X509_STORE_CTX_new.pod | 13 ++-
doc/crypto/X509_verify_cert.pod | 3 +-
openssl.spec | 2 +-
test/Makefile | 31 +++++-
test/certs/bad.key | 27 +++++
test/certs/bad.pem | 21 ++++
test/certs/interCA.key | 27 +++++
test/certs/interCA.pem | 21 ++++
test/certs/leaf.key | 27 +++++
test/certs/leaf.pem | 21 ++++
test/certs/rootCA.key | 27 +++++
test/certs/rootCA.pem | 21 ++++
test/certs/roots.pem | 42 ++++++++
test/certs/subinterCA-ss.pem | 21 ++++
test/certs/subinterCA.key | 27 +++++
test/certs/subinterCA.pem | 21 ++++
test/certs/untrusted.pem | 42 ++++++++
24 files changed, 635 insertions(+), 27 deletions(-)
create mode 100644 crypto/x509/verify_extra_test.c
create mode 100644 test/certs/bad.key
create mode 100644 test/certs/bad.pem
create mode 100644 test/certs/interCA.key
create mode 100644 test/certs/interCA.pem
create mode 100644 test/certs/leaf.key
create mode 100644 test/certs/leaf.pem
create mode 100644 test/certs/rootCA.key
create mode 100644 test/certs/rootCA.pem
create mode 100644 test/certs/roots.pem
create mode 100644 test/certs/subinterCA-ss.pem
create mode 100644 test/certs/subinterCA.key
create mode 100644 test/certs/subinterCA.pem
create mode 100644 test/certs/untrusted.pem

diff --git a/CHANGES b/CHANGES
index af27f3f..38ae89f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,25 @@
OpenSSL CHANGES
_______________

- Changes between 1.0.1o and 1.0.1p [xx XXX xxxx]
+ Changes between 1.0.1p and 1.0.1q [xx XXX xxxx]

*)

+ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+
+ *) Alternate chains certificate forgery
+
+ During certificate verfification, OpenSSL will attempt to find an
+ alternative certificate chain if the first attempt to build such a chain
+ fails. An error in the implementation of this logic can mean that an
+ attacker could cause certain checks on untrusted certificates to be
+ bypassed, such as the CA flag, enabling them to use a valid leaf
+ certificate to act as a CA and "issue" an invalid certificate.
+
+ This issue was reported to OpenSSL by Adam Langley/David Benjamin
+ (Google/BoringSSL).
+ [Matt Caswell]

+
Changes between 1.0.1n and 1.0.1o [12 Jun 2015]

*) Fix HMAC ABI incompatibility. The previous version introduced an ABI

diff --git a/NEWS b/NEWS
index 1d81d4c..ea0c716 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,14 @@

This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

- Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [under development]
+ Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [under development]

o

+ Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
+
+ o Alternate chains certificate forgery (CVE-2015-1793)

+
Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]

o Fix HMAC ABI incompatibility
diff --git a/README b/README

index 7b9ff6e..c3db93a 100644

--- a/README
+++ b/README
@@ -1,5 +1,5 @@

- OpenSSL 1.0.1p-dev
+ OpenSSL 1.0.1q-dev

Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/opensslv.h b/crypto/opensslv.h

index f86e324..78eef03 100644

--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/

-# define OPENSSL_VERSION_NUMBER 0x10001100L
+# define OPENSSL_VERSION_NUMBER 0x10001110L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1p-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-dev xx XXX xxxx"

# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile
index af3c255..aac3ece 100644
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -13,7 +13,7 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)

GENERAL=Makefile README
-TEST=
+TEST=verify_extra_test.c
APPS=

LIB=$(TOP)/libcrypto.a
diff --git a/crypto/x509/verify_extra_test.c b/crypto/x509/verify_extra_test.c
new file mode 100644
index 0000000..a1e41f2
--- /dev/null
+++ b/crypto/x509/verify_extra_test.c
@@ -0,0 +1,209 @@
+/*
+ * Written by Matt Caswell for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openss...@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (e...@cryptsoft.com). This product includes software written by Tim
+ * Hudson (t...@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+static STACK_OF(X509) *load_certs_from_file(const char *filename)
+{
+ STACK_OF(X509) *certs;
+ BIO *bio;
+ X509 *x;
+
+ bio = BIO_new_file(filename, "r");
+
+ if (bio == NULL) {
+ return NULL;
+ }
+
+ certs = sk_X509_new_null();
+ if (certs == NULL) {
+ BIO_free(bio);
+ return NULL;
+ }
+
+ ERR_set_mark();
+ do {
+ x = PEM_read_bio_X509(bio, NULL, 0, NULL);
+ if (x != NULL && !sk_X509_push(certs, x)) {
+ sk_X509_pop_free(certs, X509_free);
+ BIO_free(bio);
+ return NULL;
+ } else if (x == NULL) {
+ /*
+ * We probably just ran out of certs, so ignore any errors
+ * generated
+ */
+ ERR_pop_to_mark();
+ }
+ } while (x != NULL);
+
+ BIO_free(bio);
+
+ return certs;
+}
+
+/*
+ * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery)
+ *
+ * Chain is as follows:
+ *
+ * rootCA (self-signed)
+ * |
+ * interCA
+ * |
+ * subinterCA subinterCA (self-signed)
+ * | |
+ * leaf ------------------
+ * |
+ * bad
+ *
+ * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE
+ * leaf and bad have CA=FALSE
+ *
+ * subinterCA and subinterCA (ss) have the same subject name and keys
+ *
+ * interCA (but not rootCA) and subinterCA (ss) are in the trusted store
+ * (roots.pem)
+ * leaf and subinterCA are in the untrusted list (untrusted.pem)
+ * bad is the certificate being verified (bad.pem)
+ *
+ * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has
+ * CA=FALSE, and will therefore incorrectly verify bad
+ *
+ */
+static int test_alt_chains_cert_forgery(void)
+{
+ int ret = 0;
+ int i;
+ X509 *x = NULL;
+ STACK_OF(X509) *untrusted = NULL;
+ BIO *bio = NULL;
+ X509_STORE_CTX *sctx = NULL;
+ X509_STORE *store = NULL;
+ X509_LOOKUP *lookup = NULL;
+
+ store = X509_STORE_new();
+ if (store == NULL)
+ goto err;
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ goto err;
+ if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM))
+ goto err;
+
+ untrusted = load_certs_from_file("certs/untrusted.pem");
+
+ if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL)
+ goto err;
+
+ if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL)
+ goto err;
+
+ sctx = X509_STORE_CTX_new();
+ if (sctx == NULL)
+ goto err;
+
+ if (!X509_STORE_CTX_init(sctx, store, x, untrusted))
+ goto err;
+
+ i = X509_verify_cert(sctx);
+
+ if(i == 0 && X509_STORE_CTX_get_error(sctx)
+ == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) {
+ /* This is the result we were expecting: Test passed */
+ ret = 1;
+ }
+ err:
+ X509_STORE_CTX_free(sctx);
+ X509_free(x);
+ BIO_free(bio);
+ sk_X509_pop_free(untrusted, X509_free);
+ X509_STORE_free(store);
+ if (ret != 1)
+ ERR_print_errors_fp(stderr);
+ return ret;
+}
+
+int main(void)
+{
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_digests();
+
+ if (!test_alt_chains_cert_forgery()) {
+ fprintf(stderr, "Test alt chains cert forgery failed\n");
+ return 1;
+ }
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ ERR_free_strings();
+ CRYPTO_mem_leaks_fp(stderr);
+
+ printf("PASS\n");
+ return 0;
+}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 16db4c0..7009ae6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -162,6 +162,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
return -1;
}
+ if (ctx->chain != NULL) {
+ /*
+ * This X509_STORE_CTX has already been used to verify a cert. We
+ * cannot do another one.
+ */
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }

cb = ctx->verify_cb;

@@ -169,15 +177,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* first we make sure the chain we are going to build is present and that
* the first entry is in place
*/
- if (ctx->chain == NULL) {
- if (((ctx->chain = sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain, ctx->cert))) {
- X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
- ctx->last_untrusted = 1;
+ if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+ (!sk_X509_push(ctx->chain, ctx->cert))) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
}
+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+ ctx->last_untrusted = 1;

/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
@@ -306,7 +312,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* if the user hasn't switched off alternate chain checking
*/
retry = 0;
- if (j == ctx->last_untrusted &&
+ if (num == ctx->last_untrusted &&
!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
@@ -328,8 +334,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
xtmp = sk_X509_pop(ctx->chain);
X509_free(xtmp);
num--;
- ctx->last_untrusted--;
}
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
retry = 1;
break;
}
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index b17888f..eb38b0a 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
is no longer valid.

X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
-The trusted certificate store is set to B<store>, the end entity certificate
-to be verified is set to B<x509> and a set of additional certificates (which
-will be untrusted but may be used to build the chain) in B<chain>. Any or
-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
+good for one call to X509_verify_cert(); if you want to verify a second
+certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
+and then X509_STORE_CTX_init() again before the second call to
+X509_verify_cert(). The trusted certificate store is set to B<store>, the end
+entity certificate to be verified is set to B<x509> and a set of additional
+certificates (which will be untrusted but may be used to build the chain) in
+B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
+B<NULL>.

X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
to B<sk>. This is an alternative way of specifying trusted certificates
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
index 5253bdc..a22e441 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
@@ -32,7 +32,8 @@ OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.

The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error) or if a retry
+certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
+twice without reinitialising B<ctx> in between; or if a retry
operation is requested during internal lookups (which never happens with
standard lookup methods). It is however recommended that application check
for <= 0 return value on error.
diff --git a/openssl.spec b/openssl.spec
index 67a6074..7ceb322 100644

--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}

-Version: 1.0.1p
+Version: 1.0.1q

Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries

diff --git a/test/Makefile b/test/Makefile
index 0ee4ec2..eca1400 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -66,6 +66,7 @@ SRPTEST= srptest
ASN1TEST= asn1test
HEARTBEATTEST= heartbeat_test
CONSTTIMETEST= constant_time_test
+VERIFYEXTRATEST= verify_extra_test

TESTS= alltests

@@ -77,7 +78,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT)
+ $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT)

# $(METHTEST)$(EXE_EXT)

@@ -90,7 +91,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \
- $(HEARTBEATTEST).o $(CONSTTIMETEST).o
+ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o

SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -100,7 +101,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
- $(HEARTBEATTEST).c $(CONSTTIMETEST).c
+ $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c

EXHEADER=
HEADER= $(EXHEADER)
@@ -143,7 +144,7 @@ alltests: \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat test_constant_time
+ test_jpake test_srp test_cms test_heartbeat test_constant_time test_verify_extra

test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -334,6 +335,10 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
@echo "Test constant time utilites"
../util/shlib_wrap.sh ./$(CONSTTIMETEST)

+test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff

@@ -502,6 +507,9 @@ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
@target=$(CONSTTIMETEST) $(BUILD_CMD)

+$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+ @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c

@@ -792,6 +800,21 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ssltest.o: ../include/openssl/x509v3.h ssltest.c
+verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+verify_extra_test.o: ../include/openssl/objects.h
+verify_extra_test.o: ../include/openssl/opensslconf.h
+verify_extra_test.o: ../include/openssl/opensslv.h
+verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify_extra_test.o: verify_extra_test.c
wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
diff --git a/test/certs/bad.key b/test/certs/bad.key
new file mode 100644
index 0000000..4708495
--- /dev/null
+++ b/test/certs/bad.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi
+HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL
+fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ
+n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh
+7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6
+y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R
+452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO
++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/
+rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9
+ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr
+5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF
+XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr
+YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC
+PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw
+MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ
+AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR
+Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf
+pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP
+kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH
++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur
+WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi
+njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR
+R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR
+8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP
+RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA=
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/bad.pem b/test/certs/bad.pem
new file mode 100644
index 0000000..8769231
--- /dev/null
+++ b/test/certs/bad.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN
+MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
+ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi
+YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8
+nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp
+bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh
+twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB
+cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb
+Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm
+ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4
+9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht
+OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H
+pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR
+VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ
+ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ
+O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE
+-----END CERTIFICATE-----
diff --git a/test/certs/interCA.key b/test/certs/interCA.key
new file mode 100644
index 0000000..c32fe26
--- /dev/null
+++ b/test/certs/interCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q
+xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl
+oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ
+vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj
+m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ
+T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC
+cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww
+CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V
+PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676
+X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO
+674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ
+Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW
+EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L
+/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w
+Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay
+ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm
+R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af
+N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F
+kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr
+fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc
+YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu
+DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U
+fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT
++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe
+nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/interCA.pem b/test/certs/interCA.pem
new file mode 100644
index 0000000..35568ab
--- /dev/null
+++ b/test/certs/interCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa
+Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT
+B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO
+nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6
+iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo
+D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm
+H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+
+2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6
+hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5
+j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239
+MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ
+4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9
+Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U
+7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/
+e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU
+wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb
+-----END CERTIFICATE-----
diff --git a/test/certs/leaf.key b/test/certs/leaf.key
new file mode 100644
index 0000000..a1b1721
--- /dev/null
+++ b/test/certs/leaf.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1
+sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs
+0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR
+yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2
+QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F
+auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT
+uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX
+aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4
+m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn
+q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd
+vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5
+BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE
+L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd
+v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86
+Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D
+lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG
+UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz
+1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu
+z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt
+nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ
+C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF
+RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O
+IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ
+IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh
+t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg==
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/leaf.pem b/test/certs/leaf.pem
new file mode 100644
index 0000000..bb94d12
--- /dev/null
+++ b/test/certs/leaf.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx
+OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD
+VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/
+BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI
+wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB
+ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY
+jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt
+LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK
+fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG
+IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN
+BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT
+6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD
+2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw
+QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV
+mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw
+y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg==
+-----END CERTIFICATE-----
diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key
new file mode 100644
index 0000000..527f3ad
--- /dev/null
+++ b/test/certs/rootCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/
+m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD
+Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7
+w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM
+uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV
+ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE
+qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL
+GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH
+g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM
+VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj
+/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH
+bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+
+LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz
+YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6
+Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ
+iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1
+uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude
+8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP
+Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh
+Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5
+VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ
+f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH
+mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T
+xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g
+AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem
new file mode 100644
index 0000000..ef73d00
--- /dev/null
+++ b/test/certs/rootCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa
+Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
+YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
+BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf
++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i
+xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO
+rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU
+34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL
+r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2
+QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf
+ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w
+DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0
+mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ
+WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI
+qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0
+GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT
+JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ=
+-----END CERTIFICATE-----
diff --git a/test/certs/roots.pem b/test/certs/roots.pem
new file mode 100644
index 0000000..0bc6912
--- /dev/null
+++ b/test/certs/roots.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa
+Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT
+B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO
+nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6
+iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo
+D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm
+H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+
+2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6
+hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5
+j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239
+MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ
+4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9
+Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U
+7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/
+e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU
+wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy
+MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04
+wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG
+64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G
+Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2
+90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh
+6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+
+HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S
+9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2
+QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR
+wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6
+C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF
+sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg==
+-----END CERTIFICATE-----
diff --git a/test/certs/subinterCA-ss.pem b/test/certs/subinterCA-ss.pem
new file mode 100644
index 0000000..a436b4b
--- /dev/null
+++ b/test/certs/subinterCA-ss.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy
+MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
+VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04
+wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG
+64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G
+Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2
+90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh
+6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
+BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+
+HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S
+9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2
+QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR
+wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6
+C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF
+sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg==
+-----END CERTIFICATE-----
diff --git a/test/certs/subinterCA.key b/test/certs/subinterCA.key
new file mode 100644
index 0000000..c867af9
--- /dev/null
+++ b/test/certs/subinterCA.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb
+2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n
+JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C
+pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy
+wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF
+HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg
+nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO
+ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd
+SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5
+P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH
+VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX
+lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh
+ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z
+uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g
+5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im
+S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4
+hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS
+zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc
+cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7
+M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1
+sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW
+aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s
+5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu
+ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S
+zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c=
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/subinterCA.pem b/test/certs/subinterCA.pem
new file mode 100644
index 0000000..2cdf480
--- /dev/null
+++ b/test/certs/subinterCA.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz
+WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD
+EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj
+vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz
+2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW
+VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90
+OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL
+857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ
+Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp
+Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ
+YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8
+8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ
+pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E
+mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq
+YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U
+gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg==
+-----END CERTIFICATE-----
diff --git a/test/certs/untrusted.pem b/test/certs/untrusted.pem
new file mode 100644
index 0000000..d93d312
--- /dev/null
+++ b/test/certs/untrusted.pem
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz
+WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T
+dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD
+EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj
+vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz
+2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW
+VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90
+OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL
+857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ
+Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp
+Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ
+YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8
+8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ
+pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E
+mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq
+YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U
+gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx
+OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t
+ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD
+VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/
+BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI
+wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB
+ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY
+jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt
+LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK
+fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG
+IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN
+BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT
+6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD
+2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw
+QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV
+mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw
+y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg==
+-----END CERTIFICATE-----

[Dr. Stephen Henson]

The branch OpenSSL_1_0_1-stable has been updated

via a15ba3cca394d69dc57b4321902adbe2651bc6f0 (commit)
from 7c17c20a56a76c219dcf35d4956026f021cdee52 (commit)


- Log -----------------------------------------------------------------
commit a15ba3cca394d69dc57b4321902adbe2651bc6f0

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Thu Jul 9 16:56:45 2015 +0100

Sort @sstacklst correctly.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 2a7059c56f885a3fa0842e886f5178def8e5481d)

-----------------------------------------------------------------------

Summary of changes:
util/mkstack.pl | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/mkstack.pl b/util/mkstack.pl
index f708610..a86d91f 100755
--- a/util/mkstack.pl
+++ b/util/mkstack.pl
@@ -97,7 +97,7 @@ while(<IN>) {
EOF
}

- foreach $type_thing (sort @sstacklst) {
+ foreach $type_thing (sort { $a->[0] cmp $b->[0]} @sstacklst) {
my $t1 = $type_thing->[0];
my $t2 = $type_thing->[1];
$new_stackfile .= <<EOF;

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via b5e972fdd3e777c777f45f59bb65f62673412ade (commit)
from a15ba3cca394d69dc57b4321902adbe2651bc6f0 (commit)


- Log -----------------------------------------------------------------
commit b5e972fdd3e777c777f45f59bb65f62673412ade
Author: Peter Waltenberg <pwa...@au1.ibm.com>
Date: Thu Jul 9 14:57:30 2015 -0400

Exit on error in ecparam

Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 99dcd88035330d59ab40b5bc0f551aca7020cd30)

-----------------------------------------------------------------------

Summary of changes:
apps/ecparam.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/ecparam.c b/apps/ecparam.c
index 1f340a9..88ecbc0 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -419,8 +419,9 @@ int MAIN(int argc, char **argv)
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
- } else
- BIO_printf(bio_err, "ok\n");
+ goto end;
+ }
+ BIO_printf(bio_err, "ok\n");

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via be856204195fe57089ba14e6d1c9068994345234 (commit)
from b5e972fdd3e777c777f45f59bb65f62673412ade (commit)


- Log -----------------------------------------------------------------
commit be856204195fe57089ba14e6d1c9068994345234
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jul 10 15:40:53 2015 +0200

Stop using tardy

Instead of piping through tardy, and possibly suffering from bugs in certain
versions, use --transform, --owner and --group directly with GNU tar (we
already expect that tar variant).

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0)

Conflicts:
Makefile.org

-----------------------------------------------------------------------

Summary of changes:
Makefile.org | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/Makefile.org b/Makefile.org
index 55a3700..2a5f45c 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -499,25 +499,28 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-tar:
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
+ --owner openssl --group openssl \
+ --transform 's|^|openssl-$(VERSION)/|' \
+ -cvf -
+
+../$(TARFILE).list:
+ find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
+ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
+ \! -name '*test' \! -name '.#*' \! -name '*~' \
+ | sort > ../$(TARFILE).list
+
+tar: ../$(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
+ $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
+ rm -f ../$(TARFILE).list
ls -l ../$(TARFILE).gz

-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+tar-snap: ../$(TARFILE).list
+ $(TAR_COMMAND) > ../$(TARFILE)
+ rm -f ../$(TARFILE).list
ls -l ../$(TARFILE)

dist:

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 2035e2db681ae3b3b3502892bced0f54d1a2c8c0 (commit)
from be856204195fe57089ba14e6d1c9068994345234 (commit)


- Log -----------------------------------------------------------------
commit 2035e2db681ae3b3b3502892bced0f54d1a2c8c0
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jul 10 18:29:17 2015 +0200

Set numeric IDs for tar as well

Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit da24e6f8a05ea657684094e04c1a54efa04c2962)

-----------------------------------------------------------------------

Summary of changes:
Makefile.org | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.org b/Makefile.org
index 2a5f45c..aa8776e 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -500,7 +500,7 @@ TABLE: Configure

# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.

TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl --group openssl \
+ --owner openssl:0 --group openssl:0 \
--transform 's|^|openssl-$(VERSION)/|' \
-cvf -

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via 2794dec7b21f4faf5095008d3dd9743f41cc19ad (commit)
from 2035e2db681ae3b3b3502892bced0f54d1a2c8c0 (commit)


- Log -----------------------------------------------------------------
commit 2794dec7b21f4faf5095008d3dd9743f41cc19ad
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Jul 13 15:48:57 2015 +0200

Remove extra '; \' in apps/Makefile

Fixes GH#330

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit eeb97bce751296b2e04a92d00c0d0a792ba61834)

Conflicts:
apps/Makefile

-----------------------------------------------------------------------

Summary of changes:
apps/Makefile | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/Makefile b/apps/Makefile
index cafe554..8c3297e 100644

--- a/apps/Makefile
+++ b/apps/Makefile
@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:

- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \

+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)

dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

[Richard Levitte]

The branch OpenSSL_1_0_1-stable has been updated

via a027bba22a095c9a71d1e8b55a786bd0d483f581 (commit)
via 13e742a4393a7353437926db03e09f23766311dc (commit)
from 2794dec7b21f4faf5095008d3dd9743f41cc19ad (commit)


- Log -----------------------------------------------------------------
commit a027bba22a095c9a71d1e8b55a786bd0d483f581
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Jul 14 01:16:17 2015 +0200

Conversion to UTF-8 where needed

This leaves behind files with names ending with '.iso-8859-1'. These
should be safe to remove. If something went wrong when re-encoding,
there will be some files with names ending with '.utf8' left behind.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 13e742a4393a7353437926db03e09f23766311dc
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Jul 13 16:50:16 2015 +0200

Small script to re-encode files that need it to UTF-8

This requires 'iconv' and that 'file' can take the options '-b' and '-i'.

Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit f608b4064d58ca4dfdfdfc921308b51cb96205e2)

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 168 ++++++++++++++++++++--------------------
crypto/aes/asm/aes-586.pl | 6 +-
crypto/bn/asm/armv4-gf2m.pl | 24 +++---
crypto/bn/asm/ia64.S | 2 +-
crypto/bn/asm/s390x-gf2m.pl | 6 +-
crypto/bn/asm/x86-gf2m.pl | 16 ++--
crypto/bn/asm/x86_64-gcc.c | 2 +-
crypto/bn/asm/x86_64-gf2m.pl | 16 ++--
crypto/modes/asm/ghash-armv4.pl | 6 +-
crypto/modes/asm/ghash-x86.pl | 2 +-
crypto/rc4/asm/rc4-x86_64.pl | 2 +-
crypto/sha/asm/sha1-586.pl | 4 +-
crypto/sha/asm/sha256-586.pl | 2 +-
crypto/sha/asm/sha512-586.pl | 2 +-
crypto/sparccpuid.S | 2 +-
crypto/whrlpool/asm/wp-mmx.pl | 2 +-
crypto/x509v3/v3_pci.c | 2 +-
crypto/x509v3/v3_pcia.c | 2 +-
demos/easy_tls/README | 2 +-
util/mkrc.pl | 2 +-
util/toutf8.sh | 17 ++++
21 files changed, 152 insertions(+), 135 deletions(-)
create mode 100644 util/toutf8.sh

diff --git a/CHANGES b/CHANGES
index 38ae89f..c2aba4b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -59,9 +59,9 @@
callbacks.

This issue was reported to OpenSSL by Robert Swiecki (Google), and
- independently by Hanno Böck.
+ independently by Hanno Böck.
(CVE-2015-1789)
- [Emilia Käsper]
+ [Emilia Käsper]

*) PKCS7 crash with missing EnvelopedContent

@@ -75,7 +75,7 @@

This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
- [Emilia Käsper]
+ [Emilia Käsper]

*) CMS verify infinite loop with unknown hash function

@@ -136,7 +136,7 @@

This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-0289)
- [Emilia Käsper]
+ [Emilia Käsper]

*) DoS via reachable assert in SSLv2 servers fix

@@ -144,10 +144,10 @@
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.

- This issue was discovered by Sean Burford (Google) and Emilia Käsper
+ This issue was discovered by Sean Burford (Google) and Emilia Käsper
(OpenSSL development team).
(CVE-2015-0293)
- [Emilia Käsper]
+ [Emilia Käsper]

*) Use After Free following d2i_ECPrivatekey error fix

@@ -292,12 +292,12 @@
version does not match the session's version. Resuming with a different
version, while not strictly forbidden by the RFC, is of questionable
sanity and breaks all known clients.
- [David Benjamin, Emilia Käsper]
+ [David Benjamin, Emilia Käsper]

*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
early CCS messages during renegotiation. (Note that because
renegotiation is encrypted, this early CCS was not exploitable.)
- [Emilia Käsper]
+ [Emilia Käsper]

*) Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
@@ -308,7 +308,7 @@
Similarly, ensure that the client requires a session ticket if one
was advertised in the ServerHello. Previously, a TLS client would
ignore a missing NewSessionTicket message.
- [Emilia Käsper]
+ [Emilia Käsper]

Changes between 1.0.1i and 1.0.1j [15 Oct 2014]

@@ -388,10 +388,10 @@
with a null pointer dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake messages.

- Thanks to Felix Gröbert (Google) for discovering and researching this
+ Thanks to Felix Gröbert (Google) for discovering and researching this
issue.
(CVE-2014-3510)
- [Emilia Käsper]
+ [Emilia Käsper]

*) By sending carefully crafted DTLS packets an attacker could cause openssl
to leak memory. This can be exploited through a Denial of Service attack.
@@ -428,7 +428,7 @@
properly negotiated with the client. This can be exploited through a
Denial of Service attack.

- Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
discovering and researching this issue.
(CVE-2014-5139)
[Steve Henson]
@@ -440,7 +440,7 @@

Thanks to Ivan Fratric (Google) for discovering this issue.
(CVE-2014-3508)
- [Emilia Käsper, and Steve Henson]
+ [Emilia Käsper, and Steve Henson]

*) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
for corner cases. (Certain input points at infinity could lead to
@@ -470,15 +470,15 @@
client or server. This is potentially exploitable to run arbitrary
code on a vulnerable client or server.

- Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
- [Jüri Aedla, Steve Henson]
+ Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+ [Jüri Aedla, Steve Henson]

*) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
are subject to a denial of service attack.

- Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+ Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
this issue. (CVE-2014-3470)
- [Felix Gröbert, Ivan Fratric, Steve Henson]
+ [Felix Gröbert, Ivan Fratric, Steve Henson]

*) Harmonize version and its documentation. -f flag is used to display
compilation flags.
@@ -557,9 +557,9 @@
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia Käsper for the initial patch.
+ Emilia Käsper for the initial patch.
(CVE-2013-0169)
- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]

*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
ciphersuites which can be exploited in a denial of service attack.
@@ -734,7 +734,7 @@
EC_GROUP_new_by_curve_name() will automatically use these (while
EC_GROUP_new_curve_GFp() currently prefers the more flexible
implementations).
- [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+ [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]

*) Use type ossl_ssize_t instad of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public
@@ -1010,7 +1010,7 @@
[Adam Langley (Google)]

*) Fix spurious failures in ecdsatest.c.
- [Emilia Käsper (Google)]
+ [Emilia Käsper (Google)]

*) Fix the BIO_f_buffer() implementation (which was mixing different
interpretations of the '..._len' fields).
@@ -1024,7 +1024,7 @@
lock to call BN_BLINDING_invert_ex, and avoids one use of
BN_BLINDING_update for each BN_BLINDING structure (previously,
the last update always remained unused).
- [Emilia Käsper (Google)]
+ [Emilia Käsper (Google)]

*) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
[Bob Buckholz (Google)]
@@ -1833,7 +1833,7 @@

*) Add RFC 3161 compliant time stamp request creation, response generation
and response verification functionality.
- [Zoltán Glózik <zgl...@opentsa.org>, The OpenTSA Project]
+ [Zoltán Glózik <zgl...@opentsa.org>, The OpenTSA Project]

*) Add initial support for TLS extensions, specifically for the server_name
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
@@ -3001,7 +3001,7 @@

*) BN_CTX_get() should return zero-valued bignums, providing the same
initialised value as BN_new().
- [Geoff Thorpe, suggested by Ulf Möller]
+ [Geoff Thorpe, suggested by Ulf Möller]

*) Support for inhibitAnyPolicy certificate extension.
[Steve Henson]
@@ -3020,7 +3020,7 @@
some point, these tighter rules will become openssl's default to improve
maintainability, though the assert()s and other overheads will remain only
in debugging configurations. See bn.h for more details.
- [Geoff Thorpe, Nils Larsch, Ulf Möller]
+ [Geoff Thorpe, Nils Larsch, Ulf Möller]

*) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
that can only be obtained through BN_CTX_new() (which implicitly
@@ -3087,7 +3087,7 @@
[Douglas Stebila (Sun Microsystems Laboratories)]

*) Add the possibility to load symbols globally with DSO.
- [Götz Babin-Ebell <babin...@trustcenter.de> via Richard Levitte]
+ [Götz Babin-Ebell <babin...@trustcenter.de> via Richard Levitte]

*) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
control of the error stack.
@@ -3802,7 +3802,7 @@
[Steve Henson]

*) Undo Cygwin change.
- [Ulf Möller]
+ [Ulf Möller]

*) Added support for proxy certificates according to RFC 3820.
Because they may be a security thread to unaware applications,
@@ -3835,11 +3835,11 @@
[Stephen Henson, reported by UK NISCC]

*) Use Windows randomness collection on Cygwin.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix hang in EGD/PRNGD query when communication socket is closed
prematurely by EGD/PRNGD.
- [Darren Tucker <dtu...@zip.com.au> via Lutz Jänicke, resolves #1014]
+ [Darren Tucker <dtu...@zip.com.au> via Lutz Jänicke, resolves #1014]

*) Prompt for pass phrases when appropriate for PKCS12 input format.
[Steve Henson]
@@ -4301,7 +4301,7 @@
pointers passed to them whenever necessary. Otherwise it is possible
the caller may have overwritten (or deallocated) the original string
data when a later ENGINE operation tries to use the stored values.
- [Götz Babin-Ebell <babin...@trustcenter.de>]
+ [Götz Babin-Ebell <babin...@trustcenter.de>]

*) Improve diagnostics in file reading and command-line digests.
[Ben Laurie aided and abetted by Solar Designer <so...@openwall.com>]
@@ -6406,7 +6406,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) BN_sqr() bug fix.
- [Ulf Möller, reported by Jim Ellis <jim....@cavium.com>]
+ [Ulf Möller, reported by Jim Ellis <jim....@cavium.com>]

*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
@@ -6566,7 +6566,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) Fix OAEP check.
- [Ulf Möller, Bodo Möller]
+ [Ulf Möller, Bodo Möller]

*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
@@ -6828,10 +6828,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) Use better test patterns in bntest.
- [Ulf Möller]
+ [Ulf Möller]

*) rand_win.c fix for Borland C.
- [Ulf Möller]
+ [Ulf Möller]

*) BN_rshift bugfix for n == 0.
[Bodo Moeller]
@@ -6976,14 +6976,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
BIO_ctrl (for BIO pairs).
- [Bodo Möller]
+ [Bodo Möller]

*) Add DSO method for VMS.
[Richard Levitte]

*) Bug fix: Montgomery multiplication could produce results with the
wrong sign.
- [Ulf Möller]
+ [Ulf Möller]

*) Add RPM specification openssl.spec and modify it to build three
packages. The default package contains applications, application
@@ -7001,7 +7001,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) Don't set the two most significant bits to one when generating a
random number < q in the DSA library.
- [Ulf Möller]
+ [Ulf Möller]

*) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
@@ -7267,7 +7267,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Randomness polling function for Win9x, as described in:
Peter Gutmann, Software Generation of Practically Strong
Random Numbers.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix so PRNG is seeded in req if using an already existing
DSA key.
@@ -7487,7 +7487,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) Eliminate non-ANSI declarations in crypto.h and stack.h.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix for SSL server purpose checking. Server checking was
rejecting certificates which had extended key usage present
@@ -7519,7 +7519,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) Bugfix for linux-elf makefile.one.
- [Ulf Möller]
+ [Ulf Möller]

*) RSA_get_default_method() will now cause a default
RSA_METHOD to be chosen if one doesn't exist already.
@@ -7608,7 +7608,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) des_quad_cksum() byte order bug fix.
- [Ulf Möller, using the problem description in krb4-0.9.7, where
+ [Ulf Möller, using the problem description in krb4-0.9.7, where
the solution is attributed to Derrick J Brashear <sha...@DEMENTIA.ORG>]

*) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
@@ -7709,7 +7709,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Rolf Haberrecker <ro...@suse.de>]

*) Assembler module support for Mingw32.
- [Ulf Möller]
+ [Ulf Möller]

*) Shared library support for HPUX (in shlib/).
[Lutz Jaenicke <Lutz.J...@aet.TU-Cottbus.DE> and Anonymous]
@@ -7728,7 +7728,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
case was implemented. This caused BN_div_recp() to fail occasionally.
- [Ulf Möller]
+ [Ulf Möller]

*) Add an optional second argument to the set_label() in the perl
assembly language builder. If this argument exists and is set
@@ -7758,14 +7758,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) Fix potential buffer overrun problem in BIO_printf().
- [Ulf Möller, using public domain code by Patrick Powell; problem
+ [Ulf Möller, using public domain code by Patrick Powell; problem
pointed out by David Sacerdote <da...@cornell.edu>]

*) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
RAND_egd() and RAND_status(). In the command line application,
the EGD socket can be specified like a seed file using RANDFILE
or -rand.
- [Ulf Möller]
+ [Ulf Möller]

*) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
Some CAs (e.g. Verisign) distribute certificates in this form.
@@ -7798,7 +7798,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
#define OPENSSL_ALGORITHM_DEFINES
#include <openssl/opensslconf.h>
defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
- [Richard Levitte, Ulf and Bodo Möller]
+ [Richard Levitte, Ulf and Bodo Möller]

*) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
record layer.
@@ -7849,17 +7849,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) Bug fix for BN_div_recp() for numerators with an even number of
bits.
- [Ulf Möller]
+ [Ulf Möller]

*) More tests in bntest.c, and changed test_bn output.
- [Ulf Möller]
+ [Ulf Möller]

*) ./config recognizes MacOS X now.
[Andy Polyakov]

*) Bug fix for BN_div() when the first words of num and divsor are
equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
- [Ulf Möller]
+ [Ulf Möller]

*) Add support for various broken PKCS#8 formats, and command line
options to produce them.
@@ -7867,11 +7867,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
get temporary BIGNUMs from a BN_CTX.
- [Ulf Möller]
+ [Ulf Möller]

*) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
for p == 0.
- [Ulf Möller]
+ [Ulf Möller]

*) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
include a #define from the old name to the new. The original intent
@@ -7895,7 +7895,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) Source code cleanups: use const where appropriate, eliminate casts,
use void * instead of char * in lhash.
- [Ulf Möller]
+ [Ulf Möller]

*) Bugfix: ssl3_send_server_key_exchange was not restartable
(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
@@ -7940,13 +7940,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) New function BN_pseudo_rand().
- [Ulf Möller]
+ [Ulf Möller]

*) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
bignum version of BN_from_montgomery() with the working code from
SSLeay 0.9.0 (the word based version is faster anyway), and clean up
the comments.
- [Ulf Möller]
+ [Ulf Möller]

*) Avoid a race condition in s2_clnt.c (function get_server_hello) that
made it impossible to use the same SSL_SESSION data structure in
@@ -7956,25 +7956,25 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) The return value of RAND_load_file() no longer counts bytes obtained
by stat(). RAND_load_file(..., -1) is new and uses the complete file
to seed the PRNG (previously an explicit byte count was required).
- [Ulf Möller, Bodo Möller]
+ [Ulf Möller, Bodo Möller]

*) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
used (char *) instead of (void *) and had casts all over the place.
[Steve Henson]

*) Make BN_generate_prime() return NULL on error if ret!=NULL.
- [Ulf Möller]
+ [Ulf Möller]

*) Retain source code compatibility for BN_prime_checks macro:
BN_is_prime(..., BN_prime_checks, ...) now uses
BN_prime_checks_for_size to determine the appropriate number of
Rabin-Miller iterations.
- [Ulf Möller]
+ [Ulf Möller]

*) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
DH_CHECK_P_NOT_SAFE_PRIME.
(Check if this is true? OpenPGP calls them "strong".)
- [Ulf Möller]
+ [Ulf Möller]

*) Merge the functionality of "dh" and "gendh" programs into a new program
"dhparam". The old programs are retained for now but will handle DH keys
@@ -8030,7 +8030,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
- [Kris Kennaway <kr...@hub.freebsd.org>, modified by Ulf Möller]
+ [Kris Kennaway <kr...@hub.freebsd.org>, modified by Ulf Möller]

*) Precautions against using the PRNG uninitialized: RAND_bytes() now
has a return value which indicates the quality of the random data
@@ -8039,7 +8039,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
guaranteed to be unique but not unpredictable. RAND_add is like
RAND_seed, but takes an extra argument for an entropy estimate
(RAND_seed always assumes full entropy).
- [Ulf Möller]
+ [Ulf Möller]

*) Do more iterations of Rabin-Miller probable prime test (specifically,
3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
@@ -8069,7 +8069,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) Honor the no-xxx Configure options when creating .DEF files.
- [Ulf Möller]
+ [Ulf Möller]

*) Add PKCS#10 attributes to field table: challengePassword,
unstructuredName and unstructuredAddress. These are taken from
@@ -8903,7 +8903,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) More DES library cleanups: remove references to srand/rand and
delete an unused file.
- [Ulf Möller]
+ [Ulf Möller]

*) Add support for the the free Netwide assembler (NASM) under Win32,
since not many people have MASM (ml) and it can be hard to obtain.
@@ -8992,7 +8992,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
worked.

*) Fix problems with no-hmac etc.
- [Ulf Möller, pointed out by Brian Wellington <bwel...@tislabs.com>]
+ [Ulf Möller, pointed out by Brian Wellington <bwel...@tislabs.com>]

*) New functions RSA_get_default_method(), RSA_set_method() and
RSA_get_method(). These allows replacement of RSA_METHODs without having
@@ -9109,7 +9109,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Ben Laurie]

*) DES library cleanups.
- [Ulf Möller]
+ [Ulf Möller]

*) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
@@ -9152,7 +9152,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Christian Forster <f...@hawo.stw.uni-erlangen.de>]

*) config now generates no-xxx options for missing ciphers.
- [Ulf Möller]
+ [Ulf Möller]

*) Support the EBCDIC character set (work in progress).
File ebcdic.c not yet included because it has a different license.
@@ -9265,7 +9265,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) Move openssl.cnf out of lib/.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
-Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
@@ -9322,10 +9322,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Ben Laurie]

*) Support Borland C++ builder.
- [Janez Jere <j...@void.si>, modified by Ulf Möller]
+ [Janez Jere <j...@void.si>, modified by Ulf Möller]

*) Support Mingw32.
- [Ulf Möller]
+ [Ulf Möller]

*) SHA-1 cleanups and performance enhancements.
[Andy Polyakov <ap...@fy.chalmers.se>]
@@ -9334,7 +9334,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Andy Polyakov <ap...@fy.chalmers.se>]

*) Accept any -xxx and +xxx compiler options in Configure.
- [Ulf Möller]
+ [Ulf Möller]

*) Update HPUX configuration.
[Anonymous]
@@ -9367,7 +9367,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Bodo Moeller]

*) OAEP decoding bug fix.
- [Ulf Möller]
+ [Ulf Möller]

*) Support INSTALL_PREFIX for package builders, as proposed by
David Harris.
@@ -9390,21 +9390,21 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Niels Poppe <ni...@netbox.org>]

*) New Configure option no-<cipher> (rsa, idea, rc5, ...).
- [Ulf Möller]
+ [Ulf Möller]

*) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
extension adding in x509 utility.
[Steve Henson]

*) Remove NOPROTO sections and error code comments.
- [Ulf Möller]
+ [Ulf Möller]

*) Partial rewrite of the DEF file generator to now parse the ANSI
prototypes.
[Steve Henson]

*) New Configure options --prefix=DIR and --openssldir=DIR.
- [Ulf Möller]
+ [Ulf Möller]

*) Complete rewrite of the error code script(s). It is all now handled
by one script at the top level which handles error code gathering,
@@ -9433,7 +9433,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) Move the autogenerated header file parts to crypto/opensslconf.h.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
8 of keying material. Merlin has also confirmed interop with this fix
@@ -9451,13 +9451,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Andy Polyakov <ap...@fy.chalmers.se>]

*) Change functions to ANSI C.
- [Ulf Möller]
+ [Ulf Möller]

*) Fix typos in error codes.
- [Martin Kraemer <Martin....@MchP.Siemens.De>, Ulf Möller]
+ [Martin Kraemer <Martin....@MchP.Siemens.De>, Ulf Möller]

*) Remove defunct assembler files from Configure.
- [Ulf Möller]
+ [Ulf Möller]

*) SPARC v8 assembler BIGNUM implementation.
[Andy Polyakov <ap...@fy.chalmers.se>]
@@ -9494,7 +9494,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) New Configure option "rsaref".
- [Ulf Möller]
+ [Ulf Möller]

*) Don't auto-generate pem.h.
[Bodo Moeller]
@@ -9542,7 +9542,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) New functions DSA_do_sign and DSA_do_verify to provide access to
the raw DSA values prior to ASN.1 encoding.
- [Ulf Möller]
+ [Ulf Möller]

*) Tweaks to Configure
[Niels Poppe <ni...@netbox.org>]
@@ -9552,11 +9552,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) New variables $(RANLIB) and $(PERL) in the Makefiles.
- [Ulf Möller]
+ [Ulf Möller]

*) New config option to avoid instructions that are illegal on the 80386.
The default code is faster, but requires at least a 486.
- [Ulf Möller]
+ [Ulf Möller]

*) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
SSL2_SERVER_VERSION (not used at all) macros, which are now the
@@ -10095,7 +10095,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
Hagino <ito...@kame.net>]

*) File was opened incorrectly in randfile.c.
- [Ulf Möller <u...@fitug.de>]
+ [Ulf Möller <u...@fitug.de>]

*) Beginning of support for GeneralizedTime. d2i, i2d, check and print
functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
@@ -10105,7 +10105,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]

*) Correct Linux 1 recognition in config.
- [Ulf Möller <u...@fitug.de>]
+ [Ulf Möller <u...@fitug.de>]

*) Remove pointless MD5 hash when using DSA keys in ca.
[Anonymous <nob...@replay.com>]
@@ -10252,7 +10252,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k

*) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
was already fixed by Eric for 0.9.1 it seems.
- [Ben Laurie - pointed out by Ulf Möller <u...@fitug.de>]
+ [Ben Laurie - pointed out by Ulf Möller <u...@fitug.de>]

*) Autodetect FreeBSD3.
[Ben Laurie]
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 687ed81..51b500d 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -45,7 +45,7 @@
# the undertaken effort was that it appeared that in tight IA-32
# register window little-endian flavor could achieve slightly higher
# Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent µ-archs...
+# better performance on most recent µ-archs...
#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
@@ -223,7 +223,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
$speed_limit=512; # chunks smaller than $speed_limit are
# processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
- # recent µ-archs], but ~5 times smaller!
+ # recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
@@ -562,7 +562,7 @@ sub enctransform()
# Performance is not actually extraordinary in comparison to pure
# x86 code. In particular encrypt performance is virtually the same.
# Decrypt performance on the other hand is 15-20% better on newer
-# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
# better on PIII:-) And additionally on the pros side this code
# eliminates redundant references to stack and thus relieves/
# minimizes the pressure on the memory bus.
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
index c52e0b7..22ad1f8 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -41,13 +41,13 @@ $code=<<___;
.align 5
mul_1x1_neon:
vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a
- vmull.p8 `&Q("d0")`,d16,d17 @ a·bb
+ vmull.p8 `&Q("d0")`,d16,d17 @ a·bb
vshl.u64 `&Dlo("q2")`,d16,#16
- vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb
+ vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb
vshl.u64 `&Dlo("q3")`,d16,#24
- vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb
+ vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb
vshr.u64 `&Dlo("q1")`,#8
- vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb
+ vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb
vshl.u64 `&Dhi("q1")`,#24
veor d0,`&Dlo("q1")`
vshr.u64 `&Dlo("q2")`,#16
@@ -158,7 +158,7 @@ ___
################
# void bn_GF2m_mul_2x2(BN_ULONG *r,
# BN_ULONG a1,BN_ULONG a0,
-# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0
+# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0

($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23));

@@ -184,20 +184,20 @@ bn_GF2m_mul_2x2:

vmov d16,$A1
vmov d17,$B1
- bl mul_1x1_neon @ a1·b1
+ bl mul_1x1_neon @ a1·b1
vmov $A1B1,d0

vmov d16,$A0
vmov d17,$B0
- bl mul_1x1_neon @ a0·b0
+ bl mul_1x1_neon @ a0·b0
vmov $A0B0,d0

veor d16,$A0,$A1
veor d17,$B0,$B1
veor $A0,$A0B0,$A1B1
- bl mul_1x1_neon @ (a0+a1)·(b0+b1)
+ bl mul_1x1_neon @ (a0+a1)·(b0+b1)

- veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
+ veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
vshl.u64 d1,d0,#32
vshr.u64 d0,d0,#32
veor $A0B0,d1
@@ -220,7 +220,7 @@ $code.=<<___;
mov $mask,#7<<2
sub sp,sp,#32 @ allocate tab[8]

- bl mul_1x1_ialu @ a1·b1
+ bl mul_1x1_ialu @ a1·b1
str $lo,[$ret,#8]
str $hi,[$ret,#12]

@@ -230,13 +230,13 @@ $code.=<<___;
eor r2,r2,$a
eor $b,$b,r3
eor $a,$a,r2
- bl mul_1x1_ialu @ a0·b0
+ bl mul_1x1_ialu @ a0·b0
str $lo,[$ret]
str $hi,[$ret,#4]

eor $a,$a,r2
eor $b,$b,r3
- bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
+ bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
___
@r=map("r$_",(6..9));
$code.=<<___;
diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
index 951abc5..c0cee82 100644
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@@ -568,7 +568,7 @@ bn_sqr_comba8:
// I've estimated this routine to run in ~120 ticks, but in reality
// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
// cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium µ-architecture manual? Comments are welcomed and
+// clause in Itanium µ-architecture manual? Comments are welcomed and
// highly appreciated.
//
// On Itanium 2 it takes ~190 ticks. This is because of stalls on
diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
index cd9f13e..9d18d40 100644
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
@@ -172,19 +172,19 @@ ___
if ($SIZE_T==8) {
my @r=map("%r$_",(6..9));
$code.=<<___;
- bras $ra,_mul_1x1 # a1·b1
+ bras $ra,_mul_1x1 # a1·b1
stmg $lo,$hi,16($rp)

lg $a,`$stdframe+128+4*$SIZE_T`($sp)
lg $b,`$stdframe+128+6*$SIZE_T`($sp)
- bras $ra,_mul_1x1 # a0·b0
+ bras $ra,_mul_1x1 # a0·b0
stmg $lo,$hi,0($rp)

lg $a,`$stdframe+128+3*$SIZE_T`($sp)
lg $b,`$stdframe+128+5*$SIZE_T`($sp)
xg $a,`$stdframe+128+4*$SIZE_T`($sp)
xg $b,`$stdframe+128+6*$SIZE_T`($sp)
- bras $ra,_mul_1x1 # (a0+a1)·(b0+b1)
+ bras $ra,_mul_1x1 # (a0+a1)·(b0+b1)
lmg @r[0],@r[3],0($rp)

xgr $lo,$hi
diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
index 808a1e5..b579530 100644
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
@@ -14,7 +14,7 @@
# the time being... Except that it has three code paths: pure integer
# code suitable for any x86 CPU, MMX code suitable for PIII and later
# and PCLMULQDQ suitable for Westmere and later. Improvement varies
-# from one benchmark and µ-arch to another. Below are interval values
+# from one benchmark and µ-arch to another. Below are interval values
# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
# code:
#
@@ -226,22 +226,22 @@ if ($sse2) {
&push ("edi");
&mov ($a,&wparam(1));
&mov ($b,&wparam(3));
- &call ("_mul_1x1_mmx"); # a1·b1
+ &call ("_mul_1x1_mmx"); # a1·b1
&movq ("mm7",$R);

&mov ($a,&wparam(2));
&mov ($b,&wparam(4));
- &call ("_mul_1x1_mmx"); # a0·b0
+ &call ("_mul_1x1_mmx"); # a0·b0
&movq ("mm6",$R);

&mov ($a,&wparam(1));
&mov ($b,&wparam(3));
&xor ($a,&wparam(2));
&xor ($b,&wparam(4));
- &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1)
+ &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1)
&pxor ($R,"mm7");
&mov ($a,&wparam(0));
- &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0
+ &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0

&movq ($A,$R);
&psllq ($R,32);
@@ -266,13 +266,13 @@ if ($sse2) {

&mov ($a,&wparam(1));
&mov ($b,&wparam(3));
- &call ("_mul_1x1_ialu"); # a1·b1
+ &call ("_mul_1x1_ialu"); # a1·b1
&mov (&DWP(8,"esp"),$lo);
&mov (&DWP(12,"esp"),$hi);

&mov ($a,&wparam(2));
&mov ($b,&wparam(4));
- &call ("_mul_1x1_ialu"); # a0·b0
+ &call ("_mul_1x1_ialu"); # a0·b0
&mov (&DWP(0,"esp"),$lo);
&mov (&DWP(4,"esp"),$hi);

@@ -280,7 +280,7 @@ if ($sse2) {
&mov ($b,&wparam(3));
&xor ($a,&wparam(2));
&xor ($b,&wparam(4));
- &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1)
+ &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1)

&mov ("ebp",&wparam(0));
@r=("ebx","ecx","edi","esi");
diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
index 9c5074b..0a5bb28 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -66,7 +66,7 @@
# undef sqr

/*-
- * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
+ * "m"(a), "+m"(r) is the way to favor DirectPath µ-code;
* "g"(0) let the compiler to decide where does it
* want to keep the value of zero;
*/
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
index 226c66c..42bbec2 100644
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
@@ -13,7 +13,7 @@
# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
# the time being... Except that it has two code paths: code suitable
# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
-# later. Improvement varies from one benchmark and µ-arch to another.
+# later. Improvement varies from one benchmark and µ-arch to another.
# Vanilla code path is at most 20% faster than compiler-generated code
# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
@@ -184,13 +184,13 @@ ___
$code.=<<___;
movdqa %xmm0,%xmm4
movdqa %xmm1,%xmm5
- pclmulqdq \$0,%xmm1,%xmm0 # a1·b1
+ pclmulqdq \$0,%xmm1,%xmm0 # a1·b1
pxor %xmm2,%xmm4
pxor %xmm3,%xmm5
- pclmulqdq \$0,%xmm3,%xmm2 # a0·b0
- pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1)
+ pclmulqdq \$0,%xmm3,%xmm2 # a0·b0
+ pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1)
xorps %xmm0,%xmm4
- xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1
+ xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1
movdqa %xmm4,%xmm5
pslldq \$8,%xmm4
psrldq \$8,%xmm5
@@ -225,13 +225,13 @@ $code.=<<___;
mov \$0xf,$mask
mov $a1,$a
mov $b1,$b
- call _mul_1x1 # a1·b1
+ call _mul_1x1 # a1·b1
mov $lo,16(%rsp)
mov $hi,24(%rsp)

mov 48(%rsp),$a
mov 64(%rsp),$b
- call _mul_1x1 # a0·b0
+ call _mul_1x1 # a0·b0
mov $lo,0(%rsp)
mov $hi,8(%rsp)

@@ -239,7 +239,7 @@ $code.=<<___;
mov 56(%rsp),$b
xor 48(%rsp),$a
xor 64(%rsp),$b
- call _mul_1x1 # (a0+a1)·(b0+b1)
+ call _mul_1x1 # (a0+a1)·(b0+b1)
___
@r=("%rbx","%rcx","%rdi","%rsi");
$code.=<<___;
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index d91586e..e46f8e3 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -374,8 +374,8 @@ gcm_ghash_neon:
vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte
.Linner_neon:
subs $cnt,$cnt,#1
- vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i]
- vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i]
+ vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i]
+ vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i]
vext.8 $IN,$zero,#1 @ IN>>=8

veor $Z,$Qpost @ modulo-scheduled part
@@ -388,7 +388,7 @@ gcm_ghash_neon:
vsli.8 $Zo,$T,#1 @ compose the "carry" byte
vext.8 $Z,$zero,#1 @ Z>>=8

- vmull.p8 $R,$Zo,$mod @ "carry"·0xe1
+ vmull.p8 $R,$Zo,$mod @ "carry"·0xe1
vshr.u8 $Zo,$T,#7 @ save Z's bottom bit
vext.8 $Qpost,$Qlo,$zero,#1 @ Qlo>>=8
veor $Z,$Qhi
diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
index 83c727e..2426cd0 100644
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
@@ -346,7 +346,7 @@ $S=12; # shift factor for rem_4bit
# effective address calculation and finally merge of value to Z.hi.
# Reference to rem_4bit is scheduled so late that I had to >>4
# rem_4bit elements. This resulted in 20-45% procent improvement
-# on contemporary µ-archs.
+# on contemporary µ-archs.
{
my $cnt;
my $rem_4bit = "eax";
diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
index 75750db..20722d3 100755
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
@@ -56,7 +56,7 @@
# achieves respectful 432MBps on 2.8GHz processor now. For reference.
# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than
# RC4_INT code-path. While if executed on Opteron, it's only 25%
-# slower than the RC4_INT one [meaning that if CPU µ-arch detection
+# slower than the RC4_INT one [meaning that if CPU µ-arch detection
# is not implemented, then this final RC4_CHAR code-path should be
# preferred, as it provides better *all-round* performance].

diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
index 1084d22..2b119ff 100644
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
@@ -66,9 +66,9 @@
# switch to AVX alone improves performance by as little as 4% in
# comparison to SSSE3 code path. But below result doesn't look like
# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
-# pair of µ-ops, and it's the additional µ-ops, two per round, that
+# pair of µ-ops, and it's the additional µ-ops, two per round, that
# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
-# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
+# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
# cycles per processed byte. But 'sh[rl]d' is not something that used
# to be fast, nor does it appear to be fast in upcoming Bulldozer
diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl
index 928ec53..52a7c7f 100644
--- a/crypto/sha/asm/sha256-586.pl
+++ b/crypto/sha/asm/sha256-586.pl
@@ -21,7 +21,7 @@
# purposes.
#
# Performance improvement over compiler generated code varies from
-# 10% to 40% [see above]. Not very impressive on some µ-archs, but
+# 10% to 40% [see above]. Not very impressive on some µ-archs, but
# it's 5 times smaller and optimizies amount of writes.

$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
index 7eab6a5..9f8c51e 100644
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
@@ -23,7 +23,7 @@
#
# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
# performance improvement over compiler generated code reaches ~60%,
-# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
+# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
# to 50%, but it's less important as they are expected to execute SSE2
# code-path, which is commonly ~2-3x faster [than compiler generated
# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
index 0cc247e..c63d5da 100644
--- a/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
@@ -123,7 +123,7 @@ OPENSSL_wipe_cpu:
fmovs %f1,%f3
fmovs %f0,%f2

- add %fp,BIAS,%i0 ! return pointer to caller´s top of stack
+ add %fp,BIAS,%i0 ! return pointer to caller´s top of stack

ret
restore
diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl
index cb2381c..90c2eca 100644
--- a/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/whrlpool/asm/wp-mmx.pl
@@ -16,7 +16,7 @@
# table]. I stick to value of 2 for two reasons: 1. smaller table
# minimizes cache trashing and thus mitigates the hazard of side-
# channel leakage similar to AES cache-timing one; 2. performance
-# gap among different µ-archs is smaller.
+# gap among different µ-archs is smaller.
#
# Performance table lists rounded amounts of CPU cycles spent by
# whirlpool_block_mmx routine on single 64 byte input block, i.e.
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index fe0d806..48ac095 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -3,7 +3,7 @@
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (ric...@levitte.org)
*/
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c
index 350b398..43fd362 100644
--- a/crypto/x509v3/v3_pcia.c
+++ b/crypto/x509v3/v3_pcia.c
@@ -3,7 +3,7 @@
* Contributed to the OpenSSL Project 2004 by Richard Levitte
* (ric...@levitte.org)
*/
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
diff --git a/demos/easy_tls/README b/demos/easy_tls/README
index 816a580..ee89dfb 100644
--- a/demos/easy_tls/README
+++ b/demos/easy_tls/README
@@ -62,4 +62,4 @@ As noted above, easy_tls.c will be changed to become a library one
day, which means that future revisions will not be fully compatible to
the current version.

-Bodo Möller <bo...@openssl.org>
+Bodo Möller <bo...@openssl.org>
diff --git a/util/mkrc.pl b/util/mkrc.pl
index 0ceadcf..83ee6a4 100755
--- a/util/mkrc.pl
+++ b/util/mkrc.pl
@@ -57,7 +57,7 @@ BEGIN
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ VALUE "LegalCopyright", "Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
diff --git a/util/toutf8.sh b/util/toutf8.sh
new file mode 100644
index 0000000..8a4254b
--- /dev/null
+++ b/util/toutf8.sh
@@ -0,0 +1,17 @@
+#! /bin/sh
+#
+# Very simple script to detect and convert files that we want to re-encode to UTF8
+
+git ls-tree -r --name-only HEAD | \
+ while read F; do
+ charset=`file -bi "$F" | sed -e 's|.*charset=||'`
+ if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
+ iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
+ ( cmp -s "$F" "$F.utf8" || \
+ ( echo "$F"
+ mv "$F" "$F.iso-8859-1"
+ mv "$F.utf8" "$F"
+ )
+ )
+ fi
+ done

[Rich Salz]

The branch OpenSSL_1_0_1-stable has been updated

via 432785095c6605b70ac97df2add1594e9217939c (commit)
from a027bba22a095c9a71d1e8b55a786bd0d483f581 (commit)


- Log -----------------------------------------------------------------
commit 432785095c6605b70ac97df2add1594e9217939c
Author: GitHub User <man...@github.com>
Date: Thu Jul 9 15:02:29 2015 -0400

Missing perldoc markup around < literal

Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit e5c0bc6cc49a23b50a272801c4bd53639c25fca4)

-----------------------------------------------------------------------

Summary of changes:
doc/crypto/BN_rand.pod | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
index 3b2796c..b91231c 100644
--- a/doc/crypto/BN_rand.pod
+++ b/doc/crypto/BN_rand.pod
@@ -33,7 +33,7 @@ non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.

BN_rand_range() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
+number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
and hence numbers generated by it are not necessarily unpredictable.