Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge conflicts

This commit is contained in:
christos 2020-04-05 21:53:44 +00:00
parent cbd0443d58
commit 84a88c1152
7 changed files with 35 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/external/bsd/openssl/dist/CHANGES vendored
View File

@ -7,6 +7,24 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
*) Revert the change of EOF detection while reading in libssl to avoid
regressions in applications depending on the current way of reporting
the EOF. As the existing method is not fully accurate the change to
reporting the EOF via SSL_ERROR_SSL is kept on the current development
branch and will be present in the 3.0 release.
[Tomas Mraz]
*) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
when primes for RSA keys are computed.
Since we previously always generated primes == 2 (mod 3) for RSA keys,
the 2-prime and 3-prime RSA modules were easy to distinguish, since
N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
This avoids possible fingerprinting of newly generated RSA modules.
[Bernd Edlinger]
Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
*) Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the

6
crypto/external/bsd/openssl/dist/NEWS vendored
View File

@ -5,10 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
o Revert the unexpected EOF reporting via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
o Properly detect unexpected EOF while reading in libssl and report
it via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]

4
crypto/external/bsd/openssl/dist/README vendored
View File

@ -1,7 +1,7 @@
OpenSSL 1.1.1e 17 Mar 2020
OpenSSL 1.1.1f 31 Mar 2020
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

4
crypto/external/bsd/openssl/dist/apps/s_server.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -1904,7 +1904,7 @@ int s_server_main(int argc, char *argv[])
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
ssl_ctx_security_debug(ctx2, sdebug);
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)

6
crypto/external/bsd/openssl/dist/crypto/ex_data.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -235,7 +235,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
return 0;
}
for (i = 0; i < mx; i++) {
if (storage[i] && storage[i]->new_func) {
if (storage[i] != NULL && storage[i]->new_func != NULL) {
ptr = CRYPTO_get_ex_data(ad, i);
storage[i]->new_func(obj, ptr, ad, i,
storage[i]->argl, storage[i]->argp);
@ -299,7 +299,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
for (i = 0; i < mx; i++) {
ptr = CRYPTO_get_ex_data(from, i);
if (storage[i] && storage[i]->dup_func)
if (storage[i] != NULL && storage[i]->dup_func != NULL)
if (!storage[i]->dup_func(to, from, &ptr, i,
storage[i]->argl, storage[i]->argp))
goto err;

10
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -107,12 +107,8 @@ static int null_callback(int ok, X509_STORE_CTX *e)
/* Return 1 is a certificate is self signed */
static int cert_self_signed(X509 *x)
{
/*
* FIXME: x509v3_cache_extensions() needs to detect more failures and not
* set EXFLAG_SET when that happens. Especially, if the failures are
* parse errors, rather than memory pressure!
*/
X509_check_purpose(x, -1, 0);
if (X509_check_purpose(x, -1, 0) != 1)
return 0;
if (x->ex_flags & EXFLAG_SS)
return 1;
else

4
crypto/external/bsd/openssl/dist/ssl/ssl_err.c vendored
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
"unexpected end of early data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
"unexpected eof while reading"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},