FreeBSD Bugzilla – Attachment 154535 Details for
Bug 198718
[PATCH] security/libressl: update to 2.1.6, fix vulns and default libtls
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for security/libressl
patch-security_libressl-2.1.6 (text/plain), 20.61 KB, created by
Bernard Spil
on 2015-03-19 19:47:53 UTC
(
hide
)
Description:
svn diff for security/libressl
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2015-03-19 19:47:53 UTC
Size:
20.61 KB
patch
obsolete
>Index: security/libressl/Makefile >=================================================================== >--- security/libressl/Makefile (revision 381677) >+++ security/libressl/Makefile (working copy) >@@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= libressl >-PORTVERSION= 2.1.5 >-PORTREVISION= 1 >+PORTVERSION= 2.1.6 > CATEGORIES= security devel > MASTER_SITES= ${MASTER_SITE_OPENBSD} > MASTER_SITE_SUBDIR= LibreSSL >@@ -17,7 +16,6 @@ > CONFLICTS?= openssl-* > > GNU_CONFIGURE= yes >-CONFIGURE_ARGS= --enable-libtls > USES= cpe libtool pathfix pkgconfig > USE_LDCONFIG= yes > >Index: security/libressl/distinfo >=================================================================== >--- security/libressl/distinfo (revision 381677) >+++ security/libressl/distinfo (working copy) >@@ -1,2 +1,2 @@ >-SHA256 (libressl-2.1.5.tar.gz) = a82379913fd7f4e26e045fcf021aa92a1f683954816bf817b3b696de62e9c3bb >-SIZE (libressl-2.1.5.tar.gz) = 2865527 >+SHA256 (libressl-2.1.6.tar.gz) = 4f826dd97b3b8001707073bde8401493f9cd4668465b481c042d28e3973653a8 >+SIZE (libressl-2.1.6.tar.gz) = 2865936 >Index: security/libressl/files/patch-include-openssl-opensslv.h >=================================================================== >--- security/libressl/files/patch-include-openssl-opensslv.h (revision 381677) >+++ security/libressl/files/patch-include-openssl-opensslv.h (working copy) >@@ -6,6 +6,6 @@ > #define LIBRESSL_VERSION_NUMBER 0x20000000L > -#define OPENSSL_VERSION_NUMBER 0x20000000L > +#define OPENSSL_VERSION_NUMBER 0x1000107fL >- #define OPENSSL_VERSION_TEXT "LibreSSL 2.1.5" >+ #define OPENSSL_VERSION_TEXT "LibreSSL 2.1.6" > #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT > >Index: security/libressl/pkg-plist >=================================================================== >--- security/libressl/pkg-plist (revision 381677) >+++ security/libressl/pkg-plist (working copy) >@@ -62,6 +62,7 @@ > include/openssl/ssl23.h > include/openssl/ssl3.h > include/openssl/stack.h >+include/tls.h > include/openssl/tls1.h > include/openssl/ts.h > include/openssl/txt_db.h >@@ -71,7 +72,6 @@ > include/openssl/x509.h > include/openssl/x509_vfy.h > include/openssl/x509v3.h >-include/tls.h > lib/libcrypto.a > lib/libcrypto.so > lib/libcrypto.so.32 >Index: security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c (working copy) >@@ -1,26 +0,0 @@ >---- crypto/asn1/a_int.c.orig 2015-02-10 14:54:46 UTC >-+++ crypto/asn1/a_int.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: a_int.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */ >-+/* $OpenBSD: a_int.c,v 1.25 2015/02/10 08:33:10 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -268,7 +268,7 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const >- >- err: >- ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); >-- if ((ret != NULL) && ((a == NULL) || (*a != ret))) >-+ if (a == NULL || *a != ret) >- M_ASN1_INTEGER_free(ret); >- return (NULL); >- } >-@@ -335,7 +335,7 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, cons >- >- err: >- ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); >-- if ((ret != NULL) && ((a == NULL) || (*a != ret))) >-+ if (a == NULL || *a != ret) >- M_ASN1_INTEGER_free(ret); >- return (NULL); >- } >Index: security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c (working copy) >@@ -1,17 +0,0 @@ >---- crypto/asn1/a_set.c.orig 2014-12-06 23:15:50 UTC >-+++ crypto/asn1/a_set.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: a_set.c,v 1.15 2014/07/10 13:58:22 jsing Exp $ */ >-+/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -225,7 +225,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a >- return ret; >- >- err: >-- if (ret != NULL && (a == NULL || *a != ret)) { >-+ if (a == NULL || *a != ret) { >- if (free_func != NULL) >- sk_OPENSSL_BLOCK_pop_free(ret, free_func); >- else >Index: security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c (working copy) >@@ -1,19 +0,0 @@ >---- crypto/asn1/a_type.c.orig 2015-02-10 14:54:46 UTC >-+++ crypto/asn1/a_type.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: a_type.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */ >-+/* $OpenBSD: a_type.c,v 1.15 2015/02/10 08:33:10 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -119,7 +119,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b >- case V_ASN1_OBJECT: >- result = OBJ_cmp(a->value.object, b->value.object); >- break; >-- >-+ case V_ASN1_BOOLEAN: >-+ result = a->value.boolean - b->value.boolean; >-+ break; >- case V_ASN1_NULL: >- result = 0; /* They do not have content. */ >- break; >Index: security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c (working copy) >@@ -1,17 +0,0 @@ >---- crypto/asn1/d2i_pr.c.orig 2015-02-11 14:17:41 UTC >-+++ crypto/asn1/d2i_pr.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: d2i_pr.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ >-+/* $OpenBSD: d2i_pr.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -118,7 +118,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, c >- return (ret); >- >- err: >-- if ((ret != NULL) && ((a == NULL) || (*a != ret))) >-+ if (a == NULL || *a != ret) >- EVP_PKEY_free(ret); >- return (NULL); >- } >Index: security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c (working copy) >@@ -1,17 +0,0 @@ >---- crypto/asn1/d2i_pu.c.orig 2014-12-06 23:15:50 UTC >-+++ crypto/asn1/d2i_pu.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: d2i_pu.c,v 1.11 2014/07/10 22:45:56 jsing Exp $ */ >-+/* $OpenBSD: d2i_pu.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -130,7 +130,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, co >- return (ret); >- >- err: >-- if ((ret != NULL) && ((a == NULL) || (*a != ret))) >-+ if (a == NULL || *a != ret) >- EVP_PKEY_free(ret); >- return (NULL); >- } >Index: security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c (working copy) >@@ -1,24 +0,0 @@ >---- crypto/asn1/n_pkey.c.orig 2015-02-11 14:17:41 UTC >-+++ crypto/asn1/n_pkey.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: n_pkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */ >-+/* $OpenBSD: n_pkey.c,v 1.25 2015/02/11 04:00:39 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -340,11 +340,11 @@ d2i_RSA_NET(RSA **a, const unsigned char >- return NULL; >- } >- >-- if ((enckey->os->length != 11) || (strncmp("private-key", >-- (char *)enckey->os->data, 11) != 0)) { >-+ /* XXX 11 == strlen("private-key") */ >-+ if (enckey->os->length != 11 || >-+ memcmp("private-key", enckey->os->data, 11) != 0) { >- ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); >-- NETSCAPE_ENCRYPTED_PKEY_free(enckey); >-- return NULL; >-+ goto err; >- } >- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { >- ASN1err(ASN1_F_D2I_RSA_NET, >Index: security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c (working copy) >@@ -1,47 +0,0 @@ >---- crypto/asn1/tasn_dec.c.orig 2015-02-14 19:09:01 UTC >-+++ crypto/asn1/tasn_dec.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: tasn_dec.c,v 1.24 2014/06/12 15:49:27 deraadt Exp $ */ >-+/* $OpenBSD: tasn_dec.c,v 1.25 2015/02/14 15:23:57 miod Exp $ */ >- /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL >- * project 2000. >- */ >-@@ -238,8 +238,16 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons >- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) >- goto auxerr; >- >-- /* Allocate structure */ >-- if (!*pval && !ASN1_item_ex_new(pval, it)) { >-+ if (*pval) { >-+ /* Free up and zero CHOICE value if initialised */ >-+ i = asn1_get_choice_selector(pval, it); >-+ if ((i >= 0) && (i < it->tcount)) { >-+ tt = it->templates + i; >-+ pchptr = asn1_get_field_ptr(pval, tt); >-+ ASN1_template_free(pchptr, tt); >-+ asn1_set_choice_selector(pval, -1, it); >-+ } >-+ } else if (!ASN1_item_ex_new(pval, it)) { >- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, >- ERR_R_NESTED_ASN1_ERROR); >- goto err; >-@@ -325,6 +333,19 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons >- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) >- goto auxerr; >- >-+ /* Free up and zero any ADB found */ >-+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { >-+ if (tt->flags & ASN1_TFLG_ADB_MASK) { >-+ const ASN1_TEMPLATE *seqtt; >-+ ASN1_VALUE **pseqval; >-+ seqtt = asn1_do_adb(pval, tt, 1); >-+ if (!seqtt) >-+ goto err; >-+ pseqval = asn1_get_field_ptr(pval, seqtt); >-+ ASN1_template_free(pseqval, seqtt); >-+ } >-+ } >-+ >- /* Get each field entry */ >- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { >- const ASN1_TEMPLATE *seqtt; >Index: security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c (working copy) >@@ -1,34 +0,0 @@ >---- crypto/asn1/x_x509.c.orig 2015-02-11 14:17:41 UTC >-+++ crypto/asn1/x_x509.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: x_x509.c,v 1.22 2015/02/11 03:39:51 jsing Exp $ */ >-+/* $OpenBSD: x_x509.c,v 1.23 2015/02/11 04:00:39 jsing Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -313,16 +313,20 @@ d2i_X509_AUX(X509 **a, const unsigned ch >- >- /* Save start position */ >- q = *pp; >-- ret = d2i_X509(a, pp, length); >-+ ret = d2i_X509(NULL, pp, length); >- /* If certificate unreadable then forget it */ >- if (!ret) >- return NULL; >- /* update length */ >- length -= *pp - q; >-- if (!length) >-- return ret; >-- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) >-- goto err; >-+ if (length > 0) { >-+ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) >-+ goto err; >-+ } >-+ if (a != NULL) { >-+ X509_free(*a); >-+ *a = ret; >-+ } >- return ret; >- >- err: >Index: security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c (working copy) >@@ -1,102 +0,0 @@ >---- crypto/ec/ec_asn1.c.orig 2015-02-10 14:54:46 UTC >-+++ crypto/ec/ec_asn1.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: ec_asn1.c,v 1.11 2015/02/10 04:01:26 jsing Exp $ */ >-+/* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */ >- /* >- * Written by Nils Larsch for the OpenSSL project. >- */ >-@@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const >- >- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { >- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); >-- ECPKPARAMETERS_free(params); >-- return NULL; >-+ goto err; >- } >- if ((group = ec_asn1_pkparameters2group(params)) == NULL) { >- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); >-- ECPKPARAMETERS_free(params); >-- return NULL; >-+ goto err; >- } >-- if (a && *a) >-+ >-+ if (a != NULL) { >- EC_GROUP_clear_free(*a); >-- if (a) >- *a = group; >-+ } >- >-+err: >- ECPKPARAMETERS_free(params); >- return (group); >- } >-@@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, u >- EC_KEY * >- d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) >- { >-- int ok = 0; >- EC_KEY *ret = NULL; >- EC_PRIVATEKEY *priv_key = NULL; >- >-@@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi >- } >- if (a == NULL || *a == NULL) { >- if ((ret = EC_KEY_new()) == NULL) { >-- ECerr(EC_F_D2I_ECPRIVATEKEY, >-- ERR_R_MALLOC_FAILURE); >-+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); >- goto err; >- } >-- if (a) >-- *a = ret; >- } else >- ret = *a; >- >-@@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi >- goto err; >- } >- } >-- ok = 1; >-+ >-+ EC_PRIVATEKEY_free(priv_key); >-+ if (a != NULL) >-+ *a = ret; >-+ return (ret); >-+ >- err: >-- if (!ok) { >-- if (ret) >-- EC_KEY_free(ret); >-- ret = NULL; >-- } >-+ if (a == NULL || *a != ret) >-+ EC_KEY_free(ret); >- if (priv_key) >- EC_PRIVATEKEY_free(priv_key); >- >-- return (ret); >-+ return (NULL); >- } >- >- int >-@@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsi >- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); >- return NULL; >- } >-- if (a) >-- *a = ret; >- } else >- ret = *a; >- >-@@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsi >- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); >- return NULL; >- } >-+ >-+ if (a != NULL) >-+ *a = ret; >- return ret; >- } >- >Index: security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c (working copy) >@@ -1,162 +0,0 @@ >---- crypto/pkcs7/pk7_doit.c.orig 2015-02-09 01:31:52 UTC >-+++ crypto/pkcs7/pk7_doit.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: pk7_doit.c,v 1.30 2014/10/22 13:02:04 jsing Exp $ */ >-+/* $OpenBSD: pk7_doit.c,v 1.31 2015/02/07 13:19:15 doug Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -261,6 +261,28 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio) >- PKCS7_RECIP_INFO *ri = NULL; >- ASN1_OCTET_STRING *os = NULL; >- >-+ if (p7 == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); >-+ return NULL; >-+ } >-+ >-+ /* >-+ * The content field in the PKCS7 ContentInfo is optional, >-+ * but that really only applies to inner content (precisely, >-+ * detached signatures). >-+ * >-+ * When reading content, missing outer content is therefore >-+ * treated as an error. >-+ * >-+ * When creating content, PKCS7_content_new() must be called >-+ * before calling this method, so a NULL p7->d is always >-+ * an error. >-+ */ >-+ if (p7->d.ptr == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); >-+ return NULL; >-+ } >-+ >- i = OBJ_obj2nid(p7->type); >- p7->state = PKCS7_S_HEADER; >- >-@@ -417,6 +439,17 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pk >- unsigned char *ek = NULL, *tkey = NULL; >- int eklen = 0, tkeylen = 0; >- >-+ if (p7 == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, >-+ PKCS7_R_INVALID_NULL_POINTER); >-+ return NULL; >-+ } >-+ >-+ if (p7->d.ptr == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); >-+ return NULL; >-+ } >-+ >- i = OBJ_obj2nid(p7->type); >- p7->state = PKCS7_S_HEADER; >- >-@@ -691,6 +724,17 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) >- STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; >- ASN1_OCTET_STRING *os = NULL; >- >-+ if (p7 == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, >-+ PKCS7_R_INVALID_NULL_POINTER); >-+ return 0; >-+ } >-+ >-+ if (p7->d.ptr == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); >-+ return 0; >-+ } >-+ >- EVP_MD_CTX_init(&ctx_tmp); >- i = OBJ_obj2nid(p7->type); >- p7->state = PKCS7_S_HEADER; >-@@ -736,6 +780,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) >- /* If detached data then the content is excluded */ >- if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { >- M_ASN1_OCTET_STRING_free(os); >-+ os = NULL; >- p7->d.sign->contents->d.data = NULL; >- } >- break; >-@@ -750,6 +795,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) >- if (PKCS7_type_is_data(p7->d.digest->contents) && >- p7->detached) { >- M_ASN1_OCTET_STRING_free(os); >-+ os = NULL; >- p7->d.digest->contents->d.data = NULL; >- } >- break; >-@@ -815,22 +861,32 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) >- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); >- } >- >-- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { >-- char *cont; >-- long contlen; >-- btmp = BIO_find_type(bio, BIO_TYPE_MEM); >-- if (btmp == NULL) { >-- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, >-- PKCS7_R_UNABLE_TO_FIND_MEM_BIO); >-+ if (!PKCS7_is_detached(p7)) { >-+ /* >-+ * NOTE: only reach os == NULL here because detached >-+ * digested data support is broken? >-+ */ >-+ if (os == NULL) >- goto err; >-+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { >-+ char *cont; >-+ long contlen; >-+ >-+ btmp = BIO_find_type(bio, BIO_TYPE_MEM); >-+ if (btmp == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, >-+ PKCS7_R_UNABLE_TO_FIND_MEM_BIO); >-+ goto err; >-+ } >-+ contlen = BIO_get_mem_data(btmp, &cont); >-+ /* >-+ * Mark the BIO read only then we can use its copy >-+ * of the data instead of making an extra copy. >-+ */ >-+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); >-+ BIO_set_mem_eof_return(btmp, 0); >-+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen); >- } >-- contlen = BIO_get_mem_data(btmp, &cont); >-- /* Mark the BIO read only then we can use its copy of the data >-- * instead of making an extra copy. >-- */ >-- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); >-- BIO_set_mem_eof_return(btmp, 0); >-- ASN1_STRING_set0(os, (unsigned char *)cont, contlen); >- } >- ret = 1; >- err: >-@@ -905,6 +961,17 @@ PKCS7_dataVerify(X509_STORE *cert_store, >- STACK_OF(X509) *cert; >- X509 *x509; >- >-+ if (p7 == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, >-+ PKCS7_R_INVALID_NULL_POINTER); >-+ return 0; >-+ } >-+ >-+ if (p7->d.ptr == NULL) { >-+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); >-+ return 0; >-+ } >-+ >- if (PKCS7_type_is_signed(p7)) { >- cert = p7->d.sign->cert; >- } else if (PKCS7_type_is_signedAndEnveloped(p7)) { >-@@ -941,6 +1008,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, >- >- return PKCS7_signatureVerify(bio, p7, si, x509); >- err: >-+ >- return ret; >- } >- >Index: security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c >=================================================================== >--- security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c (working copy) >@@ -1,17 +0,0 @@ >---- crypto/pkcs7/pk7_lib.c.orig 2014-12-06 23:15:50 UTC >-+++ crypto/pkcs7/pk7_lib.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: pk7_lib.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ >-+/* $OpenBSD: pk7_lib.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */ >- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) >- * All rights reserved. >- * >-@@ -460,6 +460,8 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD >- STACK_OF(PKCS7_SIGNER_INFO) * >- PKCS7_get_signer_info(PKCS7 *p7) >- { >-+ if (p7 == NULL || p7->d.ptr == NULL) >-+ return (NULL); >- if (PKCS7_type_is_signed(p7)) { >- return (p7->d.sign->signer_info); >- } else if (PKCS7_type_is_signedAndEnveloped(p7)) { >Index: security/libressl/security/libressl/files/patch-ssl_d1__lib.c >=================================================================== >--- security/libressl/security/libressl/files/patch-ssl_d1__lib.c (revision 381677) >+++ security/libressl/security/libressl/files/patch-ssl_d1__lib.c (working copy) >@@ -1,18 +0,0 @@ >---- ssl/d1_lib.c.orig 2015-02-09 23:29:07 UTC >-+++ ssl/d1_lib.c >-@@ -1,4 +1,4 @@ >--/* $OpenBSD: d1_lib.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */ >-+/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */ >- /* >- * DTLS implementation written by Nagendra Modadugu >- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. >-@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *cl >- { >- int ret; >- >-+ /* Ensure there is no state left over from a previous invocation */ >-+ SSL_clear(s); >-+ >- SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); >- s->d1->listen = 1; >-
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 198718
: 154535 |
154536
|
154537
|
154538
|
154539
|
154540