Skip to content

Commit

Permalink
deps: upgrade to openssl 1.0.1q
Browse files Browse the repository at this point in the history
Contains fixes for:

* CVE-2015-3194 Certificate verify crash with missing PSS parameter
* CVE-2015-3195 X509_ATTRIBUTE memory leak

fixup! character encoding noise

fixup! update opensslconf.h

PR-URL: #4133
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
  • Loading branch information
bnoordhuis authored and Shigeki Ohtsu committed Dec 3, 2015
1 parent 53ef1a7 commit 6ee1536
Show file tree
Hide file tree
Showing 140 changed files with 1,331 additions and 677 deletions.
22 changes: 11 additions & 11 deletions deps/openssl/asm/arm-elf-gas/bn/armv4-gf2m.S
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,13 @@
mul_1x1_neon:
vshl.u64 d2,d16,#8 @ q1-q3 are slided

vmull.p8 q0,d16,d17 @ a·bb
vmull.p8 q0,d16,d17 @ a·bb
vshl.u64 d4,d16,#16
vmull.p8 q1,d2,d17 @ a<<8·bb
vmull.p8 q1,d2,d17 @ a<<8·bb
vshl.u64 d6,d16,#24
vmull.p8 q2,d4,d17 @ a<<16·bb
vmull.p8 q2,d4,d17 @ a<<16·bb
vshr.u64 d2,#8
vmull.p8 q3,d6,d17 @ a<<24·bb
vmull.p8 q3,d6,d17 @ a<<24·bb
vshl.u64 d3,#24
veor d0,d2
vshr.u64 d4,#16
Expand Down Expand Up @@ -132,20 +132,20 @@ bn_GF2m_mul_2x2:

vmov d16,d18
vmov d17,d19
bl mul_1x1_neon @ a1·b1
bl mul_1x1_neon @ a1·b1
vmov d22,d0

vmov d16,d20
vmov d17,d21
bl mul_1x1_neon @ a0·b0
bl mul_1x1_neon @ a0·b0
vmov d23,d0

veor d16,d20,d18
veor d17,d21,d19
veor d20,d23,d22
bl mul_1x1_neon @ (a0+a1)·(b0+b1)
bl mul_1x1_neon @ (a0+a1)·(b0+b1)

veor d0,d20 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
veor d0,d20 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1
vshl.u64 d1,d0,#32
vshr.u64 d0,d0,#32
veor d23,d1
Expand All @@ -165,7 +165,7 @@ bn_GF2m_mul_2x2:
mov r12,#7<<2
sub sp,sp,#32 @ allocate tab[8]

bl mul_1x1_ialu @ a1·b1
bl mul_1x1_ialu @ a1·b1
str r5,[r10,#8]
str r4,[r10,#12]

Expand All @@ -175,13 +175,13 @@ bn_GF2m_mul_2x2:
eor r2,r2,r1
eor r0,r0,r3
eor r1,r1,r2
bl mul_1x1_ialu @ a0·b0
bl mul_1x1_ialu @ a0·b0
str r5,[r10]
str r4,[r10,#4]

eor r1,r1,r2
eor r0,r0,r3
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
bl mul_1x1_ialu @ (a1+a0)·(b1+b0)
ldmia r10,{r6-r9}
eor r5,r5,r4
eor r4,r4,r7
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/asm/arm-elf-gas/modes/ghash-armv4.S
Original file line number Diff line number Diff line change
Expand Up @@ -368,8 +368,8 @@ gcm_ghash_neon:
vdup.8 d4,d28[0] @ broadcast lowest byte
.Linner_neon:
subs r1,r1,#1
vmull.p8 q9,d1,d4 @ H.lo·Xi[i]
vmull.p8 q8,d0,d4 @ H.hi·Xi[i]
vmull.p8 q9,d1,d4 @ H.lo·Xi[i]
vmull.p8 q8,d0,d4 @ H.hi·Xi[i]
vext.8 q14,q12,#1 @ IN>>=8

veor q10,q13 @ modulo-scheduled part
Expand All @@ -382,7 +382,7 @@ gcm_ghash_neon:
vsli.8 d2,d3,#1 @ compose the "carry" byte
vext.8 q10,q12,#1 @ Z>>=8

vmull.p8 q11,d2,d5 @ "carry"·0xe1
vmull.p8 q11,d2,d5 @ "carry"·0xe1
vshr.u8 d2,d3,#7 @ save Z's bottom bit
vext.8 q13,q9,q12,#1 @ Qlo>>=8
veor q10,q8
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/config/opensslconf.h
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@
even newer MIPS CPU's, but at the moment one size fits all for
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
# if defined( sun ) /* Newer Sparc's */
# if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)

dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
Expand Down
9 changes: 5 additions & 4 deletions deps/openssl/openssl/apps/apps.c
Original file line number Diff line number Diff line change
Expand Up @@ -119,9 +119,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
# include <strings.h>
#endif
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
Expand Down Expand Up @@ -1247,7 +1244,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
return set_multi_opts(flags, arg, ex_tbl);
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
if ((*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}

int set_ext_copy(int *copy_type, const char *arg)
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/asn1pars.c
Original file line number Diff line number Diff line change
Expand Up @@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n",
typ == V_ASN1_NULL ? "NULL" : "OBJECT");
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
Expand Down
14 changes: 5 additions & 9 deletions deps/openssl/openssl/apps/ca.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,25 +99,19 @@
#undef PROG
#define PROG ca_main

#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"

#define ENV_DEFAULT_CA "default_ca"

#define STRING_MASK "string_mask"
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"

#define ENV_DIR "dir"
#define ENV_CERTS "certs"
#define ENV_CRL_DIR "crl_dir"
#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
Expand Down Expand Up @@ -2520,6 +2514,8 @@ static int do_updatedb(CA_DB *db)
char **rrow, *a_tm_s;

a_tm = ASN1_UTCTIME_new();
if (a_tm == NULL)
return -1;

/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
Expand Down
7 changes: 3 additions & 4 deletions deps/openssl/openssl/apps/ecparam.c
Original file line number Diff line number Diff line change
Expand Up @@ -413,14 +413,13 @@ int MAIN(int argc, char **argv)
}

if (check) {
if (group == NULL)
BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
} else
BIO_printf(bio_err, "ok\n");
goto end;
}
BIO_printf(bio_err, "ok\n");

}

Expand Down
5 changes: 0 additions & 5 deletions deps/openssl/openssl/apps/engine.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,6 @@ static void identity(char *ptr)

static int append_buf(char **buf, const char *s, int *size, int step)
{
int l = strlen(s);

if (*buf == NULL) {
*size = step;
*buf = OPENSSL_malloc(*size);
Expand All @@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
**buf = '\0';
}

if (**buf != '\0')
l += 2; /* ", " */

if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/md4.c
4 changes: 2 additions & 2 deletions deps/openssl/openssl/apps/ocsp.c
Original file line number Diff line number Diff line change
Expand Up @@ -1220,8 +1220,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
return NULL;
}

if (BIO_get_fd(cbio, &fd) <= 0) {
BIO_puts(err, "Can't get connection fd\n");
if (BIO_get_fd(cbio, &fd) < 0) {
BIO_puts(bio_err, "Can't get connection fd\n");
goto err;
}

Expand Down
14 changes: 7 additions & 7 deletions deps/openssl/openssl/apps/pkcs12.c
Original file line number Diff line number Diff line change
Expand Up @@ -134,20 +134,20 @@ int MAIN(int argc, char **argv)

apps_startup();

# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

if (!load_config(bio_err, NULL))
goto end;

# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

args = argv + 1;

while (*args) {
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/apps/s_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -1899,6 +1899,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
if (pass)
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cbuf != NULL) {
Expand Down
15 changes: 15 additions & 0 deletions deps/openssl/openssl/apps/s_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -2654,6 +2654,21 @@ static int www_body(char *hostname, int s, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
#ifndef OPENSSL_NO_SRP
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
srp_callback_parm.user =
SRP_VBASE_get_by_user(srp_callback_parm.vb,
srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
continue;
}
#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/crypto/aes/asm/aes-586.pl
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
# the undertaken effort was that it appeared that in tight IA-32
# register window little-endian flavor could achieve slightly higher
# Instruction Level Parallelism, and it indeed resulted in up to 15%
# better performance on most recent µ-archs...
# better performance on most recent µ-archs...
#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
Expand Down Expand Up @@ -223,7 +223,7 @@
$speed_limit=512; # chunks smaller than $speed_limit are
# processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
# recent µ-archs], but ~5 times smaller!
# recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
Expand Down Expand Up @@ -562,7 +562,7 @@ ()
# Performance is not actually extraordinary in comparison to pure
# x86 code. In particular encrypt performance is virtually the same.
# Decrypt performance on the other hand is 15-20% better on newer
# µ-archs [but we're thankful for *any* improvement here], and ~50%
# µ-archs [but we're thankful for *any* improvement here], and ~50%
# better on PIII:-) And additionally on the pros side this code
# eliminates redundant references to stack and thus relieves/
# minimizes the pressure on the memory bus.
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
$inout4="xmm6"; $in0="xmm6";
$inout5="xmm7"; $ivec="xmm7";

# AESNI extenstion
# AESNI extension
sub aeskeygenassist
{ my($dst,$src,$imm)=@_;
if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
Expand Down
10 changes: 10 additions & 0 deletions deps/openssl/openssl/crypto/asn1/asn1_par.c
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@
#include <openssl/objects.h>
#include <openssl/asn1.h>

#ifndef ASN1_PARSE_MAXDEPTH
#define ASN1_PARSE_MAXDEPTH 128
#endif

static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent);
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
Expand Down Expand Up @@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif

if (depth > ASN1_PARSE_MAXDEPTH) {
BIO_puts(bp, "BAD RECURSION DEPTH\n");
return 0;
}

p = *pp;
tot = p + length;
op = p - 1;
Expand Down
Loading

0 comments on commit 6ee1536

Please sign in to comment.