summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/openssl/Apps-config-host.mk2
-rw-r--r--main/openssl/Apps-config-target.mk2
-rw-r--r--main/openssl/Crypto-config-host.mk2
-rw-r--r--main/openssl/Crypto-config-target.mk2
-rw-r--r--main/openssl/Crypto-config-trusty.mk2
-rw-r--r--main/openssl/Ssl-config-host.mk2
-rw-r--r--main/openssl/Ssl-config-target.mk2
-rw-r--r--main/openssl/apps/apps.c6
-rw-r--r--main/openssl/apps/crl.c18
-rw-r--r--main/openssl/apps/dgst.c4
-rw-r--r--main/openssl/apps/ecparam.c4
-rw-r--r--main/openssl/apps/req.c13
-rw-r--r--main/openssl/build-config-32.mk2
-rw-r--r--main/openssl/build-config-64.mk2
-rw-r--r--main/openssl/build-config-trusty.mk2
-rw-r--r--main/openssl/crypto/aes/asm/vpaes-x86_64.S2
-rw-r--r--main/openssl/crypto/aes/asm/vpaes-x86_64.pl2
-rw-r--r--main/openssl/crypto/asn1/asn1_err.c2
-rw-r--r--main/openssl/crypto/bio/bss_log.c2
-rw-r--r--main/openssl/crypto/bn/bn.h11
-rw-r--r--main/openssl/crypto/bn/bn_lib.c52
-rw-r--r--main/openssl/crypto/cms/cms_lib.c2
-rw-r--r--main/openssl/crypto/cryptlib.c2
-rw-r--r--main/openssl/crypto/ec/ec2_mult.c27
-rw-r--r--main/openssl/crypto/engine/eng_list.c1
-rw-r--r--main/openssl/crypto/evp/bio_b64.c2
-rw-r--r--main/openssl/crypto/modes/gcm128.c88
-rw-r--r--main/openssl/crypto/opensslv.h6
-rw-r--r--main/openssl/crypto/rand/md_rand.c3
-rw-r--r--main/openssl/crypto/rand/rand_win.c2
-rw-r--r--main/openssl/crypto/symhacks.h6
-rw-r--r--main/openssl/crypto/x509/by_dir.c6
-rw-r--r--main/openssl/crypto/x509/x509_vfy.c5
-rw-r--r--main/openssl/e_os.h7
-rw-r--r--main/openssl/include/openssl/bn.h11
-rw-r--r--main/openssl/include/openssl/kssl.h9
-rw-r--r--main/openssl/include/openssl/opensslv.h6
-rw-r--r--main/openssl/include/openssl/ssl.h2
-rw-r--r--main/openssl/include/openssl/symhacks.h6
-rw-r--r--main/openssl/include/openssl/tls1.h10
-rw-r--r--main/openssl/openssl.config1
-rw-r--r--main/openssl/openssl.version2
-rw-r--r--main/openssl/patches/README5
-rw-r--r--main/openssl/ssl/d1_both.c26
-rw-r--r--main/openssl/ssl/kssl.h9
-rw-r--r--main/openssl/ssl/s23_clnt.c7
-rw-r--r--main/openssl/ssl/s3_clnt.c4
-rw-r--r--main/openssl/ssl/s3_srvr.c4
-rw-r--r--main/openssl/ssl/ssl.h2
-rw-r--r--main/openssl/ssl/t1_enc.c3
-rw-r--r--main/openssl/ssl/t1_lib.c25
-rw-r--r--main/openssl/ssl/tls1.h10
52 files changed, 335 insertions, 100 deletions
diff --git a/main/openssl/Apps-config-host.mk b/main/openssl/Apps-config-host.mk
index e9df3e5d..c1e5c6c5 100644
--- a/main/openssl/Apps-config-host.mk
+++ b/main/openssl/Apps-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Apps-config-target.mk b/main/openssl/Apps-config-target.mk
index cedb4900..bccd250d 100644
--- a/main/openssl/Apps-config-target.mk
+++ b/main/openssl/Apps-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Crypto-config-host.mk b/main/openssl/Crypto-config-host.mk
index acae32b2..35013240 100644
--- a/main/openssl/Crypto-config-host.mk
+++ b/main/openssl/Crypto-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Crypto-config-target.mk b/main/openssl/Crypto-config-target.mk
index 260607d7..6dbf1bd3 100644
--- a/main/openssl/Crypto-config-target.mk
+++ b/main/openssl/Crypto-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Crypto-config-trusty.mk b/main/openssl/Crypto-config-trusty.mk
index 0dc70429..dc5b12c2 100644
--- a/main/openssl/Crypto-config-trusty.mk
+++ b/main/openssl/Crypto-config-trusty.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Ssl-config-host.mk b/main/openssl/Ssl-config-host.mk
index d3bffc14..203544df 100644
--- a/main/openssl/Ssl-config-host.mk
+++ b/main/openssl/Ssl-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/Ssl-config-target.mk b/main/openssl/Ssl-config-target.mk
index 24a4aa0d..32439d3f 100644
--- a/main/openssl/Ssl-config-target.mk
+++ b/main/openssl/Ssl-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
# This script will append to the following variables:
#
diff --git a/main/openssl/apps/apps.c b/main/openssl/apps/apps.c
index 1096eee4..b76db10a 100644
--- a/main/openssl/apps/apps.c
+++ b/main/openssl/apps/apps.c
@@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify,
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usertime)
if (proc==NULL)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
GetCurrentProcessId());
if (proc==NULL) proc = (HANDLE)-1;
diff --git a/main/openssl/apps/crl.c b/main/openssl/apps/crl.c
index c395b2af..8797d300 100644
--- a/main/openssl/apps/crl.c
+++ b/main/openssl/apps/crl.c
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old - print old-style (MD5) hash value\n",
+#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old=0;
+#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+#ifndef OPENSSL_NO_MD5
+ else if (strcmp(*argv,"-hash_old") == 0)
+ hash_old= ++num;
+#endif
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
+#ifndef OPENSSL_NO_MD5
+ if (hash_old == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
+ }
+#endif
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
diff --git a/main/openssl/apps/dgst.c b/main/openssl/apps/dgst.c
index 81bd870f..f4aec779 100644
--- a/main/openssl/apps/dgst.c
+++ b/main/openssl/apps/dgst.c
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
diff --git a/main/openssl/apps/ecparam.c b/main/openssl/apps/ecparam.c
index 465480be..976ebef1 100644
--- a/main/openssl/apps/ecparam.c
+++ b/main/openssl/apps/ecparam.c
@@ -105,7 +105,7 @@
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed - if 'explicit' parameters are chosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
+ " parameters are chosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
diff --git a/main/openssl/apps/req.c b/main/openssl/apps/req.c
index 85526581..5e034a85 100644
--- a/main/openssl/apps/req.c
+++ b/main/openssl/apps/req.c
@@ -644,6 +644,11 @@ bad:
if (inrand)
app_RAND_load_files(inrand);
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ {
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
goto end;
}
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;
diff --git a/main/openssl/build-config-32.mk b/main/openssl/build-config-32.mk
index 7f5304f2..4f7484b9 100644
--- a/main/openssl/build-config-32.mk
+++ b/main/openssl/build-config-32.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
openssl_cflags_32 := \
-DOPENSSL_THREADS \
diff --git a/main/openssl/build-config-64.mk b/main/openssl/build-config-64.mk
index b03ed3fb..c0e6f6de 100644
--- a/main/openssl/build-config-64.mk
+++ b/main/openssl/build-config-64.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
openssl_cflags_64 := \
-DOPENSSL_THREADS \
diff --git a/main/openssl/build-config-trusty.mk b/main/openssl/build-config-trusty.mk
index 287f78a1..e5809a3b 100644
--- a/main/openssl/build-config-trusty.mk
+++ b/main/openssl/build-config-trusty.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1g.tar.gz
#
openssl_cflags_trusty := \
-DL_ENDIAN \
diff --git a/main/openssl/crypto/aes/asm/vpaes-x86_64.S b/main/openssl/crypto/aes/asm/vpaes-x86_64.S
index 2b68e615..0162631f 100644
--- a/main/openssl/crypto/aes/asm/vpaes-x86_64.S
+++ b/main/openssl/crypto/aes/asm/vpaes-x86_64.S
@@ -823,6 +823,6 @@ _vpaes_consts:
.Lk_dsbo:
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
+.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
.align 64
.size _vpaes_consts,.-_vpaes_consts
diff --git a/main/openssl/crypto/aes/asm/vpaes-x86_64.pl b/main/openssl/crypto/aes/asm/vpaes-x86_64.pl
index 41f2e46f..bd7f45b8 100644
--- a/main/openssl/crypto/aes/asm/vpaes-x86_64.pl
+++ b/main/openssl/crypto/aes/asm/vpaes-x86_64.pl
@@ -1060,7 +1060,7 @@ _vpaes_consts:
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
___
diff --git a/main/openssl/crypto/asn1/asn1_err.c b/main/openssl/crypto/asn1/asn1_err.c
index 1a30bf11..aa60203b 100644
--- a/main/openssl/crypto/asn1/asn1_err.c
+++ b/main/openssl/crypto/asn1/asn1_err.c
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
diff --git a/main/openssl/crypto/bio/bss_log.c b/main/openssl/crypto/bio/bss_log.c
index b7dce5c1..2227b2b5 100644
--- a/main/openssl/crypto/bio/bss_log.c
+++ b/main/openssl/crypto/bio/bss_log.c
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
static void xopenlog(BIO* bp, char* name, int level)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
bp->ptr = RegisterEventSourceA(NULL,name);
else
bp->ptr = NULL;
diff --git a/main/openssl/crypto/bn/bn.h b/main/openssl/crypto/bn/bn.h
index 9281ce59..e776c07a 100644
--- a/main/openssl/crypto/bn/bn.h
+++ b/main/openssl/crypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -778,11 +780,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
#endif
diff --git a/main/openssl/crypto/bn/bn_lib.c b/main/openssl/crypto/bn/bn_lib.c
index 7a5676de..5461e6ee 100644
--- a/main/openssl/crypto/bn/bn_lib.c
+++ b/main/openssl/crypto/bn/bn_lib.c
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
}
return bn_cmp_words(a,b,cl);
}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
diff --git a/main/openssl/crypto/cms/cms_lib.c b/main/openssl/crypto/cms/cms_lib.c
index b62d1bfa..ba08279a 100644
--- a/main/openssl/crypto/cms/cms_lib.c
+++ b/main/openssl/crypto/cms/cms_lib.c
@@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return 0;
- if (!pcerts)
- return 0;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
{
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
diff --git a/main/openssl/crypto/cryptlib.c b/main/openssl/crypto/cryptlib.c
index 304c6b70..0b77d8b7 100644
--- a/main/openssl/crypto/cryptlib.c
+++ b/main/openssl/crypto/cryptlib.c
@@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...)
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+ if (check_winnt() && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
diff --git a/main/openssl/crypto/ec/ec2_mult.c b/main/openssl/crypto/ec/ec2_mult.c
index 26f4a783..1c575dc4 100644
--- a/main/openssl/crypto/ec/ec2_mult.c
+++ b/main/openssl/crypto/ec/ec2_mult.c
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
return ret;
}
+
/* Computes scalar*point and stores the result in r.
* point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
*/
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
x2 = &r->X;
z2 = &r->Y;
+ bn_wexpand(x1, group->field.top);
+ bn_wexpand(z1, group->field.top);
+ bn_wexpand(x2, group->field.top);
+ bn_wexpand(z2, group->field.top);
+
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
if (!BN_one(z1)) goto err; /* z1 = 1 */
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
word = scalar->d[i];
while (mask)
{
- if (word & mask)
- {
- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
- }
- else
- {
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
- }
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
mask >>= 1;
}
mask = BN_TBIT;
diff --git a/main/openssl/crypto/engine/eng_list.c b/main/openssl/crypto/engine/eng_list.c
index 27846edb..95c85896 100644
--- a/main/openssl/crypto/engine/eng_list.c
+++ b/main/openssl/crypto/engine/eng_list.c
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
load_dir, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
goto notfound;
return iterator;
diff --git a/main/openssl/crypto/evp/bio_b64.c b/main/openssl/crypto/evp/bio_b64.c
index 72a2a672..ac6d441a 100644
--- a/main/openssl/crypto/evp/bio_b64.c
+++ b/main/openssl/crypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
}
/* we fell off the end without starting */
- if (j == i)
+ if ((j == i) && (num == 0))
{
/* Is this is one long chunk?, if so, keep on
* reading until a new line. */
diff --git a/main/openssl/crypto/modes/gcm128.c b/main/openssl/crypto/modes/gcm128.c
index 250063de..e1dc2b0f 100644
--- a/main/openssl/crypto/modes/gcm128.c
+++ b/main/openssl/crypto/modes/gcm128.c
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
GCM_MUL(ctx,Yi);
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
}
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i) {
@@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx,out,GHASH_CHUNK);
@@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
in += i;
@@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK;
@@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += i;
@@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
diff --git a/main/openssl/crypto/opensslv.h b/main/openssl/crypto/opensslv.h
index b27a5bb8..ebe71807 100644
--- a/main/openssl/crypto/opensslv.h
+++ b/main/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000106fL
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/main/openssl/crypto/rand/md_rand.c b/main/openssl/crypto/rand/md_rand.c
index dd291637..aee1c30b 100644
--- a/main/openssl/crypto/rand/md_rand.c
+++ b/main/openssl/crypto/rand/md_rand.c
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
diff --git a/main/openssl/crypto/rand/rand_win.c b/main/openssl/crypto/rand/rand_win.c
index 5d134e18..34ffcd23 100644
--- a/main/openssl/crypto/rand/rand_win.c
+++ b/main/openssl/crypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
int y; /* y-coordinate of screen lines to grab */
int n = 16; /* number of screen lines to grab at a time */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+ if (check_winnt() && OPENSSL_isservice()>0)
return;
/* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/main/openssl/crypto/symhacks.h b/main/openssl/crypto/symhacks.h
index 07a412f8..bd2f000d 100644
--- a/main/openssl/crypto/symhacks.h
+++ b/main/openssl/crypto/symhacks.h
@@ -204,6 +204,12 @@
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
#undef SSL_CTX_set_next_proto_select_cb
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
diff --git a/main/openssl/crypto/x509/by_dir.c b/main/openssl/crypto/x509/by_dir.c
index 27ca5150..c6602dae 100644
--- a/main/openssl/crypto/x509/by_dir.c
+++ b/main/openssl/crypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
s=dir;
p=s;
- for (;;p++)
+ do
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
return 0;
}
}
- if (*p == '\0')
- break;
- }
+ } while (*p++ != '\0');
return 1;
}
diff --git a/main/openssl/crypto/x509/x509_vfy.c b/main/openssl/crypto/x509/x509_vfy.c
index 5195ffef..920066ae 100644
--- a/main/openssl/crypto/x509/x509_vfy.c
+++ b/main/openssl/crypto/x509/x509_vfy.c
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
* a certificate was revoked. This has since been changed since
* critical extension can change the meaning of CRL entries.
*/
- if (crl->flags & EXFLAG_CRITICAL)
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ && (crl->flags & EXFLAG_CRITICAL))
{
- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- return 1;
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok)
diff --git a/main/openssl/e_os.h b/main/openssl/e_os.h
index 79c13925..6a0aad1d 100644
--- a/main/openssl/e_os.h
+++ b/main/openssl/e_os.h
@@ -368,6 +368,13 @@ static unsigned int _strlen31(const char *str)
# define DEFAULT_HOME "C:"
# endif
+/* Avoid Windows 8 SDK GetVersion deprecated problems */
+#if defined(_MSC_VER) && _MSC_VER>=1800
+# define check_winnt() (1)
+#else
+# define check_winnt() (GetVersion() < 0x80000000)
+#endif
+
#else /* The non-microsoft world */
# ifdef OPENSSL_SYS_VMS
diff --git a/main/openssl/include/openssl/bn.h b/main/openssl/include/openssl/bn.h
index 9281ce59..e776c07a 100644
--- a/main/openssl/include/openssl/bn.h
+++ b/main/openssl/include/openssl/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -778,11 +780,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
#endif
diff --git a/main/openssl/include/openssl/kssl.h b/main/openssl/include/openssl/kssl.h
index 8242fd5e..e4df8430 100644
--- a/main/openssl/include/openssl/kssl.h
+++ b/main/openssl/include/openssl/kssl.h
@@ -70,6 +70,15 @@
#include <stdio.h>
#include <ctype.h>
#include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
#ifdef __cplusplus
extern "C" {
diff --git a/main/openssl/include/openssl/opensslv.h b/main/openssl/include/openssl/opensslv.h
index b27a5bb8..ebe71807 100644
--- a/main/openssl/include/openssl/opensslv.h
+++ b/main/openssl/include/openssl/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000106fL
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g 7 Apr 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h
index 4c38f6ed..40c4d9cf 100644
--- a/main/openssl/include/openssl/ssl.h
+++ b/main/openssl/include/openssl/ssl.h
@@ -928,7 +928,7 @@ struct ssl_ctx_st
*/
unsigned int max_send_fragment;
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
/* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
diff --git a/main/openssl/include/openssl/symhacks.h b/main/openssl/include/openssl/symhacks.h
index 07a412f8..bd2f000d 100644
--- a/main/openssl/include/openssl/symhacks.h
+++ b/main/openssl/include/openssl/symhacks.h
@@ -204,6 +204,12 @@
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
#undef SSL_CTX_set_next_proto_select_cb
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
diff --git a/main/openssl/include/openssl/tls1.h b/main/openssl/include/openssl/tls1.h
index 6f031a44..6283c6a7 100644
--- a/main/openssl/include/openssl/tls1.h
+++ b/main/openssl/include/openssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
/* ExtensionType value from RFC5620 */
#define TLSEXT_TYPE_heartbeat 15
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding 21
+
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@@ -254,10 +260,6 @@ extern "C" {
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
-/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
- * Number not yet IANA assigned. */
-#define TLSEXT_TYPE_padding 35655
-
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */
diff --git a/main/openssl/openssl.config b/main/openssl/openssl.config
index a4c5fbec..82481076 100644
--- a/main/openssl/openssl.config
+++ b/main/openssl/openssl.config
@@ -1082,7 +1082,6 @@ fix_clang_build.patch \
tls12_digests.patch \
alpn.patch \
cbc_record_splitting.patch \
-paddingext.patch \
dsa_nonce.patch \
"
diff --git a/main/openssl/openssl.version b/main/openssl/openssl.version
index 87f49ad2..2e849911 100644
--- a/main/openssl/openssl.version
+++ b/main/openssl/openssl.version
@@ -1 +1 @@
-OPENSSL_VERSION=1.0.1f
+OPENSSL_VERSION=1.0.1g
diff --git a/main/openssl/patches/README b/main/openssl/patches/README
index 5348e425..4159a85c 100644
--- a/main/openssl/patches/README
+++ b/main/openssl/patches/README
@@ -43,11 +43,6 @@ cbc_record_splitting.patch
BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
record splitting. Record splitting is disabled by default.
-paddingext.patch
-
-ClientHello padding extension which is added, when needed, to work around bugs
-in F5 terminators.
-
dsa_nonce.patch
Adds an option to mix in hash of message and private key into (EC)DSA nonces to
diff --git a/main/openssl/ssl/d1_both.c b/main/openssl/ssl/d1_both.c
index 7a5596a6..2e8cf681 100644
--- a/main/openssl/ssl/d1_both.c
+++ b/main/openssl/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/main/openssl/ssl/kssl.h b/main/openssl/ssl/kssl.h
index 8242fd5e..e4df8430 100644
--- a/main/openssl/ssl/kssl.h
+++ b/main/openssl/ssl/kssl.h
@@ -70,6 +70,15 @@
#include <stdio.h>
#include <ctype.h>
#include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
#ifdef __cplusplus
extern "C" {
diff --git a/main/openssl/ssl/s23_clnt.c b/main/openssl/ssl/s23_clnt.c
index fefcd167..2bc92141 100644
--- a/main/openssl/ssl/s23_clnt.c
+++ b/main/openssl/ssl/s23_clnt.c
@@ -283,7 +283,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
if (send_time)
{
- unsigned long Time = time(NULL);
+ unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
return RAND_pseudo_bytes(p, len-4);
@@ -487,10 +487,7 @@ static int ssl23_client_hello(SSL *s)
{
/* create Client Hello in SSL 3.0/TLS 1.0 format */
- /* do the record header (5 bytes) and handshake message
- * header (4 bytes) last. Note: the code to add the
- * padding extension in t1_lib.c depends on the size of
- * this prefix. */
+ /* do the record header (5 bytes) and handshake message header (4 bytes) last */
d = p = &(buf[9]);
*(p++) = version_major;
diff --git a/main/openssl/ssl/s3_clnt.c b/main/openssl/ssl/s3_clnt.c
index efbd666b..f71470a3 100644
--- a/main/openssl/ssl/s3_clnt.c
+++ b/main/openssl/ssl/s3_clnt.c
@@ -756,9 +756,7 @@ int ssl3_client_hello(SSL *s)
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
goto err;
- /* Do the message type and length last.
- * Note: the code to add the padding extension in t1_lib.c
- * depends on the size of this prefix. */
+ /* Do the message type and length last */
d=p= &(buf[4]);
/* version indicates the negotiated version: for example from
diff --git a/main/openssl/ssl/s3_srvr.c b/main/openssl/ssl/s3_srvr.c
index 19158850..8692f149 100644
--- a/main/openssl/ssl/s3_srvr.c
+++ b/main/openssl/ssl/s3_srvr.c
@@ -1854,7 +1854,7 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
goto f_err;
}
- for (i=0; r[i] != NULL && i<4; i++)
+ for (i=0; i < 4 && r[i] != NULL; i++)
{
nr[i]=BN_num_bytes(r[i]);
#ifndef OPENSSL_NO_SRP
@@ -1890,7 +1890,7 @@ int ssl3_send_server_key_exchange(SSL *s)
d=(unsigned char *)s->init_buf->data;
p= &(d[4]);
- for (i=0; r[i] != NULL && i<4; i++)
+ for (i=0; i < 4 && r[i] != NULL; i++)
{
#ifndef OPENSSL_NO_SRP
if ((i == 2) && (type & SSL_kSRP))
diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h
index 4c38f6ed..40c4d9cf 100644
--- a/main/openssl/ssl/ssl.h
+++ b/main/openssl/ssl/ssl.h
@@ -928,7 +928,7 @@ struct ssl_ctx_st
*/
unsigned int max_send_fragment;
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
/* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
diff --git a/main/openssl/ssl/t1_enc.c b/main/openssl/ssl/t1_enc.c
index 07cb62bd..2ed2e076 100644
--- a/main/openssl/ssl/t1_enc.c
+++ b/main/openssl/ssl/t1_enc.c
@@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
}
else
{
- EVP_MD_CTX_copy(&hmac,hash);
+ if (!EVP_MD_CTX_copy(&hmac,hash))
+ return -1;
mac_ctx = &hmac;
}
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c
index eba732f1..369e09f4 100644
--- a/main/openssl/ssl/t1_lib.c
+++ b/main/openssl/ssl/t1_lib.c
@@ -684,8 +684,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
}
#endif
+#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
- * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+ * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+ *
+ * NB: because this code works out the length of all existing
+ * extensions it MUST always appear last.
+ */
{
int hlen = ret - (unsigned char *)s->init_buf->data;
/* The code in s23_clnt.c to build ClientHello messages includes the
@@ -707,7 +712,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += hlen;
}
}
-
+#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -1412,7 +1417,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
tls1_process_sigalgs(s, data, dsize);
}
else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+ s->version != DTLS1_VERSION)
{
if (size < 5)
@@ -2744,16 +2749,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
diff --git a/main/openssl/ssl/tls1.h b/main/openssl/ssl/tls1.h
index 6f031a44..6283c6a7 100644
--- a/main/openssl/ssl/tls1.h
+++ b/main/openssl/ssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
/* ExtensionType value from RFC5620 */
#define TLSEXT_TYPE_heartbeat 15
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding 21
+
/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@@ -254,10 +260,6 @@ extern "C" {
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
-/* See https://tools.ietf.org/html/draft-agl-tls-padding-02
- * Number not yet IANA assigned. */
-#define TLSEXT_TYPE_padding 35655
-
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */