Skip to content

Commit

Permalink
deps: upgrade to openssl 1.0.1q
Browse files Browse the repository at this point in the history
Contains fixes for:

* CVE-2015-3194 Certificate verify crash with missing PSS parameter
* CVE-2015-3195 X509_ATTRIBUTE memory leak

fixup! character encoding noise

fixup! update opensslconf.h

PR-URL: #4133
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
bnoordhuis authored and rvagg committed Dec 3, 2015
1 parent dfc6f4a commit 8d24a14
Showing 140 changed files with 1,331 additions and 677 deletions.
22 changes: 11 additions & 11 deletions deps/openssl/asm/arm-elf-gas/bn/armv4-gf2m.S
Original file line number Diff line number Diff line change
@@ -11,13 +11,13 @@
mul_1x1_neon:
vshl.u64 d2,d16,#8 @ q1-q3 are slided

vmull.p8 q0,d16,d17 @ a·bb
vmull.p8 q0,d16,d17 @ a·bb
vshl.u64 d4,d16,#16
vmull.p8 q1,d2,d17 @ a<<8·bb
vmull.p8 q1,d2,d17 @ a<<8·bb
vshl.u64 d6,d16,#24
vmull.p8 q2,d4,d17 @ a<<16·bb
vmull.p8 q2,d4,d17 @ a<<16·bb
vshr.u64 d2,#8
vmull.p8 q3,d6,d17 @ a<<24·bb
vmull.p8 q3,d6,d17 @ a<<24·bb
vshl.u64 d3,#24
veor d0,d2
vshr.u64 d4,#16
@@ -132,20 +132,20 @@ bn_GF2m_mul_2x2:

vmov d16,d18
vmov d17,d19
bl mul_1x1_neon @ a1·b1
bl mul_1x1_neon @ a1·b1
vmov d22,d0

vmov d16,d20
vmov d17,d21
bl mul_1x1_neon @ a0·b0
bl mul_1x1_neon @ a0·b0
vmov d23,d0

veor d16,d20,d18
veor d17,d21,d19
veor d20,d23,d22
bl mul_1x1_neon @ (a0+a1)·(b0+b1)
bl mul_1x1_neon @ (a0+a1)·(b0+b1)

veor d0,d20 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
veor d0,d20 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
vshl.u64 d1,d0,#32
vshr.u64 d0,d0,#32
veor d23,d1
@@ -165,7 +165,7 @@ bn_GF2m_mul_2x2:
mov r12,#7<<2
sub sp,sp,#32 @ allocate tab[8]

bl mul_1x1_ialu @ a1·b1
bl mul_1x1_ialu @ a1·b1
str r5,[r10,#8]
str r4,[r10,#12]

@@ -175,13 +175,13 @@ bn_GF2m_mul_2x2:
eor r2,r2,r1
eor r0,r0,r3
eor r1,r1,r2
bl mul_1x1_ialu @ a0·b0
bl mul_1x1_ialu @ a0·b0
str r5,[r10]
str r4,[r10,#4]

eor r1,r1,r2
eor r0,r0,r3
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
ldmia r10,{r6-r9}
eor r5,r5,r4
eor r4,r4,r7
6 changes: 3 additions & 3 deletions deps/openssl/asm/arm-elf-gas/modes/ghash-armv4.S
Original file line number Diff line number Diff line change
@@ -368,8 +368,8 @@ gcm_ghash_neon:
vdup.8 d4,d28[0] @ broadcast lowest byte
.Linner_neon:
subs r1,r1,#1
vmull.p8 q9,d1,d4 @ H.lo·Xi[i]
vmull.p8 q8,d0,d4 @ H.hi·Xi[i]
vmull.p8 q9,d1,d4 @ H.lo·Xi[i]
vmull.p8 q8,d0,d4 @ H.hi·Xi[i]
vext.8 q14,q12,#1 @ IN>>=8

veor q10,q13 @ modulo-scheduled part
@@ -382,7 +382,7 @@ gcm_ghash_neon:
vsli.8 d2,d3,#1 @ compose the "carry" byte
vext.8 q10,q12,#1 @ Z>>=8

vmull.p8 q11,d2,d5 @ "carry"·0xe1
vmull.p8 q11,d2,d5 @ "carry"·0xe1
vshr.u8 d2,d3,#7 @ save Z's bottom bit
vext.8 q13,q9,q12,#1 @ Qlo>>=8
veor q10,q8
2 changes: 1 addition & 1 deletion deps/openssl/config/opensslconf.h
Original file line number Diff line number Diff line change
@@ -299,7 +299,7 @@
even newer MIPS CPU's, but at the moment one size fits all for
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
# if defined( sun ) /* Newer Sparc's */
# if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/Makefile
Original file line number Diff line number Diff line change
@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)

dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
9 changes: 5 additions & 4 deletions deps/openssl/openssl/apps/apps.c
Original file line number Diff line number Diff line change
@@ -119,9 +119,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
# include <strings.h>
#endif
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
@@ -1247,7 +1244,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
return set_multi_opts(flags, arg, ex_tbl);
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}

int set_ext_copy(int *copy_type, const char *arg)
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/asn1pars.c
Original file line number Diff line number Diff line change
@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n",
typ == V_ASN1_NULL ? "NULL" : "OBJECT");
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
14 changes: 5 additions & 9 deletions deps/openssl/openssl/apps/ca.c
Original file line number Diff line number Diff line change
@@ -99,25 +99,19 @@
#undef PROG
#define PROG ca_main

#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"

#define ENV_DEFAULT_CA "default_ca"

#define STRING_MASK "string_mask"
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"

#define ENV_DIR "dir"
#define ENV_CERTS "certs"
#define ENV_CRL_DIR "crl_dir"
#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
@@ -2520,6 +2514,8 @@ static int do_updatedb(CA_DB *db)
char **rrow, *a_tm_s;

a_tm = ASN1_UTCTIME_new();
if (a_tm == NULL)
return -1;

/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
7 changes: 3 additions & 4 deletions deps/openssl/openssl/apps/ecparam.c
Original file line number Diff line number Diff line change
@@ -413,14 +413,13 @@ int MAIN(int argc, char **argv)
}

if (check) {
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
} else
BIO_printf(bio_err, "ok\n");
goto end;
}
BIO_printf(bio_err, "ok\n");

}

5 changes: 0 additions & 5 deletions deps/openssl/openssl/apps/engine.c
Original file line number Diff line number Diff line change
@@ -99,8 +99,6 @@ static void identity(char *ptr)

static int append_buf(char **buf, const char *s, int *size, int step)
{
int l = strlen(s);

if (*buf == NULL) {
*size = step;
*buf = OPENSSL_malloc(*size);
@@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
**buf = '\0';
}

if (**buf != '\0')
l += 2; /* ", " */

if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/md4.c
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/ocsp.c
Original file line number Diff line number Diff line change
@@ -1220,8 +1220,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
return NULL;
}

if (BIO_get_fd(cbio, &fd) <= 0) {
BIO_puts(err, "Can't get connection fd\n");
if (BIO_get_fd(cbio, &fd) < 0) {
BIO_puts(bio_err, "Can't get connection fd\n");
goto err;
}

14 changes: 7 additions & 7 deletions deps/openssl/openssl/apps/pkcs12.c
Original file line number Diff line number Diff line change
@@ -134,20 +134,20 @@ int MAIN(int argc, char **argv)

apps_startup();

# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

if (!load_config(bio_err, NULL))
goto end;

# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

args = argv + 1;

while (*args) {
3 changes: 3 additions & 0 deletions deps/openssl/openssl/apps/s_client.c
Original file line number Diff line number Diff line change
@@ -1899,6 +1899,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cbuf != NULL) {
15 changes: 15 additions & 0 deletions deps/openssl/openssl/apps/s_server.c
Original file line number Diff line number Diff line change
@@ -2654,6 +2654,21 @@ static int www_body(char *hostname, int s, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
#ifndef OPENSSL_NO_SRP
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
srp_callback_parm.user =
SRP_VBASE_get_by_user(srp_callback_parm.vb,
srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
continue;
}
#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
6 changes: 3 additions & 3 deletions deps/openssl/openssl/crypto/aes/asm/aes-586.pl
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@
# the undertaken effort was that it appeared that in tight IA-32
# register window little-endian flavor could achieve slightly higher
# Instruction Level Parallelism, and it indeed resulted in up to 15%
# better performance on most recent µ-archs...
# better performance on most recent µ-archs...
#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
@@ -223,7 +223,7 @@
$speed_limit=512; # chunks smaller than $speed_limit are
# processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
# recent µ-archs], but ~5 times smaller!
# recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
@@ -562,7 +562,7 @@ ()
# Performance is not actually extraordinary in comparison to pure
# x86 code. In particular encrypt performance is virtually the same.
# Decrypt performance on the other hand is 15-20% better on newer
# µ-archs [but we're thankful for *any* improvement here], and ~50%
# µ-archs [but we're thankful for *any* improvement here], and ~50%
# better on PIII:-) And additionally on the pros side this code
# eliminates redundant references to stack and thus relieves/
# minimizes the pressure on the memory bus.
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
Original file line number Diff line number Diff line change
@@ -74,7 +74,7 @@
$inout4="xmm6"; $in0="xmm6";
$inout5="xmm7"; $ivec="xmm7";

# AESNI extenstion
# AESNI extension
sub aeskeygenassist
{ my($dst,$src,$imm)=@_;
if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
10 changes: 10 additions & 0 deletions deps/openssl/openssl/crypto/asn1/asn1_par.c
Original file line number Diff line number Diff line change
@@ -62,6 +62,10 @@
#include <openssl/objects.h>
#include <openssl/asn1.h>

#ifndef ASN1_PARSE_MAXDEPTH
#define ASN1_PARSE_MAXDEPTH 128
#endif

static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent);
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif

if (depth > ASN1_PARSE_MAXDEPTH) {
BIO_puts(bp, "BAD RECURSION DEPTH\n");
return 0;
}

p = *pp;
tot = p + length;
op = p - 1;
Loading

0 comments on commit 8d24a14

Please sign in to comment.