[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Wed Dec 23 19:43:30 UTC 2015
The branch master has been updated
via 0b081fcd08e9501ad0ec86680df60e13789fef74 (commit)
via b9b154d1cfc80d0992613713780a2bf8ee88da41 (commit)
via 3eabad02d682f8cd1521325fb986763e2d7a22e8 (commit)
via 1c9ed1d8a715e70c5e0d8c08f3a47e1a6fa9fd89 (commit)
via 933d10851640014142db0f3b02c2b740c2f0935f (commit)
from c849c6d9d3bf806fecfe0c16eaa55d361979ff7f (commit)
- Log -----------------------------------------------------------------
commit 0b081fcd08e9501ad0ec86680df60e13789fef74
Author: Roumen Petrov <openssl at roumenpetrov.info>
Date: Mon Dec 21 18:45:06 2015 +0200
redundant redeclaration of 'OPENSSL_strlcpy'
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR: #1523
commit b9b154d1cfc80d0992613713780a2bf8ee88da41
Author: Roumen Petrov <openssl at roumenpetrov.info>
Date: Thu Dec 3 23:43:24 2015 +0200
__STDC_VERSION__ is not defined for c89 compilers
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR: #1522
commit 3eabad02d682f8cd1521325fb986763e2d7a22e8
Author: Roumen Petrov <openssl at roumenpetrov.info>
Date: Sat Mar 21 15:29:25 2015 +0200
remove duplicates in util/libeay.num
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
RT: #4195, MR: #1521
commit 1c9ed1d8a715e70c5e0d8c08f3a47e1a6fa9fd89
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Dec 22 13:48:01 2015 +0100
Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.
Suggested by David Benjamin
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users at dukhovni.org>
MR: #1520
commit 933d10851640014142db0f3b02c2b740c2f0935f
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Dec 22 13:11:59 2015 +0100
Avoid using a dangling pointer when removing the last item
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed. So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour. Instead do already what int_thread_release() would do,
and make the call do nothing instead.
Reviewed-by: Rich Salz <rsalz at openssl.org>
RT: #4155, MR: #1519
-----------------------------------------------------------------------
Summary of changes:
crypto/err/err.c | 2 ++
include/openssl/crypto.h | 1 -
include/openssl/e_os2.h | 6 ++++--
include/openssl/ssl.h | 4 ++--
ssl/record/ssl3_buffer.c | 4 ----
ssl/record/ssl3_record.c | 22 ++++------------------
ssl/s3_lib.c | 4 ----
ssl/ssl_locl.h | 2 --
ssl/statem/statem_srvr.c | 14 ++++----------
util/libeay.num | 13 -------------
10 files changed, 16 insertions(+), 56 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index e487e98..9f81768 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -399,8 +399,10 @@ static void int_thread_del_item(const ERR_STATE *d)
if (int_thread_hash_references == 1
&& int_thread_hash
&& lh_ERR_STATE_num_items(int_thread_hash) == 0) {
+ int_thread_hash_references = 0;
lh_ERR_STATE_free(int_thread_hash);
int_thread_hash = NULL;
+ hash = NULL;
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index e71214e..0d88a06 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -332,7 +332,6 @@ int CRYPTO_is_mem_check_on(void);
# define OPENSSL_free(addr) CRYPTO_free(addr)
size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
-size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
size_t OPENSSL_strnlen(const char *str, size_t maxlen);
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
index 07428e9..bbfb48e 100644
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@@ -321,8 +321,10 @@ typedef unsigned __int64 uint64_t;
* some systems (e.g. Mac OS X).
*/
# ifndef PRIu64
-# if (__STDC_VERSION__ >= 199901L)
-# include <inttypes.h>
+# ifdef __STDC_VERSION__
+# if (__STDC_VERSION__ >= 199901L)
+# include <inttypes.h>
+# endif
# endif
# ifndef PRIu64
# define PRIu64 "lu"
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 119b50f..e841360 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -362,11 +362,11 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
/* Dead forever, see CVE-2010-4180. */
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U
# define SSL_OP_TLSEXT_PADDING 0x00000010U
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
/* Ancient SSLeay version, retained for compatibility */
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
-# define SSL_OP_TLS_D5_BUG 0x00000100U
+# define SSL_OP_TLS_D5_BUG 0x0U
/* Removed from OpenSSL 1.1.0 */
# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U
diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c
index 7685e69..17719c2 100644
--- a/ssl/record/ssl3_buffer.c
+++ b/ssl/record/ssl3_buffer.c
@@ -159,10 +159,6 @@ int ssl3_setup_read_buffer(SSL *s)
if (b->buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH
+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
- s->s3->init_extra = 1;
- len += SSL3_RT_MAX_EXTRA;
- }
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 99c655e..fd98213 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -193,25 +193,11 @@ int ssl3_get_record(SSL *s)
unsigned char md[EVP_MAX_MD_SIZE];
short version;
unsigned mac_size;
- size_t extra;
unsigned empty_record_count = 0;
rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session;
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra = SSL3_RT_MAX_EXTRA;
- else
- extra = 0;
- if (extra && !s->s3->init_extra) {
- /*
- * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after
- * ssl3_setup_buffers() was done
- */
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
again:
/* check if we have the header */
if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
@@ -349,7 +335,7 @@ int ssl3_get_record(SSL *s)
*/
/* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
goto f_err;
@@ -453,7 +439,7 @@ int ssl3_get_record(SSL *s)
if (i < 0 || mac == NULL
|| CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = -1;
}
@@ -473,7 +459,7 @@ int ssl3_get_record(SSL *s)
/* r->length is now just compressed */
if (s->expand != NULL) {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
goto f_err;
@@ -485,7 +471,7 @@ int ssl3_get_record(SSL *s)
}
}
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
+ if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
goto f_err;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c02b545..4fc4426 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3402,8 +3402,6 @@ void ssl3_free(SSL *s)
void ssl3_clear(SSL *s)
{
- int init_extra;
-
ssl3_cleanup_key_block(s);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
@@ -3427,7 +3425,6 @@ void ssl3_clear(SSL *s)
s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */
- init_extra = s->s3->init_extra;
ssl3_free_digest_list(s);
if (s->s3->alpn_selected) {
@@ -3436,7 +3433,6 @@ void ssl3_clear(SSL *s)
}
memset(s->s3, 0, sizeof(*s->s3));
- s->s3->init_extra = init_extra;
ssl_free_wbio_buffer(s);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6261a66..8a66789 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1188,8 +1188,6 @@ typedef struct ssl3_state_st {
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
- /* The value of 'extra' when the buffers were initialized */
- int init_extra;
/* used during startup, digest all incoming/outgoing packets */
BIO *handshake_buffer;
/*
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 79254b5..b8b18b7 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2227,18 +2227,12 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
enc_premaster = *pkt;
} else {
- PACKET orig = *pkt;
if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
|| PACKET_remaining(pkt) != 0) {
- /* Try SSLv3 behaviour for TLS. */
- if (s->options & SSL_OP_TLS_D5_BUG) {
- enc_premaster = orig;
- } else {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
- SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
}
}
diff --git a/util/libeay.num b/util/libeay.num
index cc1aa71..e10a4f1 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1951,7 +1951,6 @@ ENGINE_unregister_ciphers 2528 1_1_0 EXIST::FUNCTION:ENGINE
ENGINE_get_ciphers 2529 1_1_0 EXIST::FUNCTION:ENGINE
d2i_OCSP_BASICRESP 2530 1_1_0 EXIST::FUNCTION:
KRB5_CHECKSUM_it 2531 1_1_0 NOEXIST::FUNCTION:
-KRB5_CHECKSUM_it 2531 1_1_0 NOEXIST::FUNCTION:
EC_POINT_add 2532 1_1_0 EXIST::FUNCTION:EC
ASN1_item_ex_i2d 2533 1_1_0 EXIST::FUNCTION:
OCSP_CERTID_it 2534 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -1983,7 +1982,6 @@ X509_CRL_it 2555 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION
X509_CRL_it 2555 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_BASICRESP_add_ext 2556 1_1_0 EXIST::FUNCTION:
KRB5_ENCKEY_it 2557 1_1_0 NOEXIST::FUNCTION:
-KRB5_ENCKEY_it 2557 1_1_0 NOEXIST::FUNCTION:
UI_method_set_closer 2558 1_1_0 EXIST::FUNCTION:
X509_STORE_set_purpose 2559 1_1_0 EXIST::FUNCTION:
i2d_ASN1_GENERALSTRING 2560 1_1_0 EXIST::FUNCTION:
@@ -2193,7 +2191,6 @@ X509_ATTRIBUTE_it 2732 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:
OCSP_ONEREQ_get_ext_by_NID 2733 1_1_0 EXIST::FUNCTION:
PKCS12_decrypt_skey 2734 1_1_0 EXIST::FUNCTION:
KRB5_AUTHENT_it 2735 1_1_0 NOEXIST::FUNCTION:
-KRB5_AUTHENT_it 2735 1_1_0 NOEXIST::FUNCTION:
UI_dup_error_string 2736 1_1_0 EXIST::FUNCTION:
RSAPublicKey_it 2737 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
RSAPublicKey_it 2737 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
@@ -2211,7 +2208,6 @@ HMAC_CTX_reset 2747 1_1_0 EXIST::FUNCTION:
ENGINE_get_digest 2748 1_1_0 EXIST::FUNCTION:ENGINE
OCSP_RESPONSE_print 2749 1_1_0 EXIST::FUNCTION:
KRB5_TKTBODY_it 2750 1_1_0 NOEXIST::FUNCTION:
-KRB5_TKTBODY_it 2750 1_1_0 NOEXIST::FUNCTION:
ACCESS_DESCRIPTION_it 2751 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ACCESS_DESCRIPTION_it 2751 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS7_ISSUER_AND_SERIAL_it 2752 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2266,7 +2262,6 @@ ASN1_tag2bit 2788 1_1_0 EXIST::FUNCTION:
UI_method_set_flusher 2789 1_1_0 EXIST::FUNCTION:
X509_ocspid_print 2790 1_1_0 EXIST::FUNCTION:
KRB5_ENCDATA_it 2791 1_1_0 NOEXIST::FUNCTION:
-KRB5_ENCDATA_it 2791 1_1_0 NOEXIST::FUNCTION:
ENGINE_get_load_pubkey_function 2792 1_1_0 EXIST::FUNCTION:ENGINE
UI_add_user_data 2793 1_1_0 EXIST::FUNCTION:
OCSP_REQUEST_delete_ext 2794 1_1_0 EXIST::FUNCTION:
@@ -2485,7 +2480,6 @@ OCSP_url_svcloc_new 2973 1_1_0 EXIST::FUNCTION:
ASN1_template_free 2974 1_1_0 NOEXIST::FUNCTION:
OCSP_SINGLERESP_add_ext 2975 1_1_0 EXIST::FUNCTION:
KRB5_AUTHENTBODY_it 2976 1_1_0 NOEXIST::FUNCTION:
-KRB5_AUTHENTBODY_it 2976 1_1_0 NOEXIST::FUNCTION:
X509_supported_extension 2977 1_1_0 EXIST::FUNCTION:
i2d_KRB5_AUTHDATA 2978 1_1_0 NOEXIST::FUNCTION:
UI_method_get_opener 2979 1_1_0 EXIST::FUNCTION:
@@ -2587,13 +2581,11 @@ asn1_do_lock 3059 1_1_0 NOEXIST::FUNCTION:
PKCS7_ATTR_VERIFY_it 3060 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ATTR_VERIFY_it 3060 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
KRB5_APREQBODY_it 3061 1_1_0 NOEXIST::FUNCTION:
-KRB5_APREQBODY_it 3061 1_1_0 NOEXIST::FUNCTION:
i2d_OCSP_SINGLERESP 3062 1_1_0 EXIST::FUNCTION:
ASN1_item_ex_new 3063 1_1_0 EXIST::FUNCTION:
UI_add_verify_string 3064 1_1_0 EXIST::FUNCTION:
_ossl_old_des_set_key 3065 1_1_0 NOEXIST::FUNCTION:
KRB5_PRINCNAME_it 3066 1_1_0 NOEXIST::FUNCTION:
-KRB5_PRINCNAME_it 3066 1_1_0 NOEXIST::FUNCTION:
EVP_DecryptInit_ex 3067 1_1_0 EXIST::FUNCTION:
i2d_OCSP_CERTID 3068 1_1_0 EXIST::FUNCTION:
ASN1_item_d2i_bio 3069 1_1_0 EXIST::FUNCTION:
@@ -2607,7 +2599,6 @@ OCSP_id_cmp 3076 1_1_0 EXIST::FUNCTION:
OCSP_BASICRESP_new 3077 1_1_0 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_by_NID 3078 1_1_0 EXIST::FUNCTION:
KRB5_APREQ_it 3079 1_1_0 NOEXIST::FUNCTION:
-KRB5_APREQ_it 3079 1_1_0 NOEXIST::FUNCTION:
ENGINE_get_destroy_function 3080 1_1_0 EXIST::FUNCTION:ENGINE
CONF_set_nconf 3081 1_1_0 EXIST::FUNCTION:
ASN1_PRINTABLE_free 3082 1_1_0 EXIST::FUNCTION:
@@ -2659,7 +2650,6 @@ UI_get0_output_string 3118 1_1_0 EXIST::FUNCTION:
UI_dup_verify_string 3119 1_1_0 EXIST::FUNCTION:
BN_mod_lshift 3120 1_1_0 EXIST::FUNCTION:
KRB5_AUTHDATA_it 3121 1_1_0 NOEXIST::FUNCTION:
-KRB5_AUTHDATA_it 3121 1_1_0 NOEXIST::FUNCTION:
asn1_set_choice_selector 3122 1_1_0 NOEXIST::FUNCTION:
OCSP_basic_add1_status 3123 1_1_0 EXIST::FUNCTION:
OCSP_RESPID_free 3124 1_1_0 EXIST::FUNCTION:
@@ -2701,7 +2691,6 @@ BN_mod_lshift1 3151 1_1_0 EXIST::FUNCTION:
d2i_OCSP_ONEREQ 3152 1_1_0 EXIST::FUNCTION:
OCSP_ONEREQ_new 3153 1_1_0 EXIST::FUNCTION:
KRB5_TICKET_it 3154 1_1_0 NOEXIST::FUNCTION:
-KRB5_TICKET_it 3154 1_1_0 NOEXIST::FUNCTION:
EVP_aes_192_cbc 3155 1_1_0 EXIST::FUNCTION:AES
KRB5_TICKET_free 3156 1_1_0 NOEXIST::FUNCTION:
UI_new 3157 1_1_0 EXIST::FUNCTION:
@@ -3112,7 +3101,6 @@ STORE_parse_attrs_next 3531 1_1_0 NOEXIST::FUNCTION:
ENGINE_load_padlock 3532 1_1_0 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
EC_GROUP_set_curve_name 3533 1_1_0 EXIST::FUNCTION:EC
X509_CERT_PAIR_it 3534 1_1_0 NOEXIST::FUNCTION:
-X509_CERT_PAIR_it 3534 1_1_0 NOEXIST::FUNCTION:
STORE_meth_get_revoke_fn 3535 1_1_0 NOEXIST::FUNCTION:
STORE_method_get_revoke_function 3535 1_1_0 NOEXIST::FUNCTION:
STORE_method_set_get_function 3536 1_1_0 NOEXIST::FUNCTION:
@@ -3995,7 +3983,6 @@ X509_CRL_METHOD_new 4371 1_1_0 EXIST::FUNCTION:
EVP_DigestSignFinal 4372 1_1_0 EXIST::FUNCTION:
TS_RESP_CTX_set_def_policy 4373 1_1_0 EXIST::FUNCTION:
NETSCAPE_X509_it 4374 1_1_0 NOEXIST::FUNCTION:
-NETSCAPE_X509_it 4374 1_1_0 NOEXIST::FUNCTION:
TS_RESP_create_response 4375 1_1_0 EXIST::FUNCTION:
PKCS7_SIGNER_INFO_get0_algs 4376 1_1_0 EXIST::FUNCTION:
TS_TST_INFO_get_nonce 4377 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list