Update to FreeBSD head 2018-02-01

Git mirror commit d079ae0442af8fa3cfd6d7ede190d04e64a2c0d4. Update #3472.
author: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-08-20 15:53:03 +0200
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-09-21 10:29:39 +0200
commit: 18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d (patch)
tree: a3020ac5b1f366f2f0920941b589808e435dbcee /freebsd/crypto
parent: Update to FreeBSD head 2017-12-01 (diff)
download: rtems-libbsd-18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d.tar.bz2
18 files changed, 75 insertions, 48 deletions
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
index a1bc4b6e..8877481a 100644
--- a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
+++ b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c
@@ -89,6 +89,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
     int i, j = 0, n, ret = 1;
 
     n = i2d(x, NULL);
+    if (n <= 0)
+        return 0;
+
     b = (char *)OPENSSL_malloc(n);
     if (b == NULL) {
         ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
diff --git a/freebsd/crypto/openssl/crypto/bio/b_print.c b/freebsd/crypto/openssl/crypto/bio/b_print.c
index 0cb09514..738904bc 100644
--- a/freebsd/crypto/openssl/crypto/bio/b_print.c
+++ b/freebsd/crypto/openssl/crypto/bio/b_print.c
@@ -387,7 +387,7 @@ _dopr(char **sbuffer,
                 if (cflags == DP_C_SHORT) {
                     short int *num;
                     num = va_arg(args, short int *);
-                    *num = currlen;
+                    *num = (short int)currlen;
                 } else if (cflags == DP_C_LONG) { /* XXX */
                     long int *num;
                     num = va_arg(args, long int *);
@@ -504,7 +504,7 @@ fmtint(char **sbuffer,
     if (!(flags & DP_F_UNSIGNED)) {
         if (value < 0) {
             signvalue = '-';
-            uvalue = -(unsigned LLONG)value;
+            uvalue = 0 - (unsigned LLONG)value;
         } else if (flags & DP_F_PLUS)
             signvalue = '+';
         else if (flags & DP_F_SPACE)
diff --git a/freebsd/crypto/openssl/crypto/bn/bn_exp.c b/freebsd/crypto/openssl/crypto/bn/bn_exp.c
index 7c1ea0a4..7261c8db 100644
--- a/freebsd/crypto/openssl/crypto/bn/bn_exp.c
+++ b/freebsd/crypto/openssl/crypto/bn/bn_exp.c
@@ -151,7 +151,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
         /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
         BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
+        return 0;
     }
 
     BN_CTX_start(ctx);
@@ -287,7 +287,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
         /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
         BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
+        return 0;
     }
 
     bits = BN_num_bits(p);
@@ -1230,7 +1230,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
         /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
         BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
+        return 0;
     }
 
     bn_check_top(p);
@@ -1363,7 +1363,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
             || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
         /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
         BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
+        return 0;
     }
 
     bits = BN_num_bits(p);
diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
index 3da90130..5244a252 100644
--- a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
+++ b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c
@@ -135,6 +135,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     unsigned char *penc = NULL;
     int penclen;
     ASN1_STRING *str = NULL;
+    ASN1_OBJECT *aobj;
 
     dsa = pkey->pkey.dsa;
     if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
@@ -161,8 +162,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
         goto err;
     }
 
-    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
-                               ptype, str, penc, penclen))
+    aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+    if (aobj == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
         return 1;
 
  err:
diff --git a/freebsd/crypto/openssl/crypto/engine/eng_fat.c b/freebsd/crypto/openssl/crypto/engine/eng_fat.c
index faabb9b7..16b2dacc 100644
--- a/freebsd/crypto/openssl/crypto/engine/eng_fat.c
+++ b/freebsd/crypto/openssl/crypto/engine/eng_fat.c
@@ -169,6 +169,7 @@ int ENGINE_register_complete(ENGINE *e)
 #endif
     ENGINE_register_RAND(e);
     ENGINE_register_pkey_meths(e);
+    ENGINE_register_pkey_asn1_meths(e);
     return 1;
 }
 
diff --git a/freebsd/crypto/openssl/crypto/lhash/lhash.c b/freebsd/crypto/openssl/crypto/lhash/lhash.c
index 1e7194e3..babc7a0d 100644
--- a/freebsd/crypto/openssl/crypto/lhash/lhash.c
+++ b/freebsd/crypto/openssl/crypto/lhash/lhash.c
@@ -109,7 +109,7 @@
  * https://en.wikipedia.org/wiki/Linear_hashing
  *
  * Litwin, Witold (1980), "Linear hashing: A new tool for file and table
- * addressing", Proc. 6th Conference on Very Large Databases: 212–223
+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223
  * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
  *
  * From the wikipedia article "Linear hashing is used in the BDB Berkeley
diff --git a/freebsd/crypto/openssl/crypto/opensslv.h b/freebsd/crypto/openssl/crypto/opensslv.h
index 83867763..d5835040 100644
--- a/freebsd/crypto/openssl/crypto/opensslv.h
+++ b/freebsd/crypto/openssl/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x100020dfL
+# define OPENSSL_VERSION_NUMBER  0x100020efL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2m-fips  2 Nov 2017"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2n-fips  7 Dec 2017"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2m-freebsd  2 Nov 2017"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2n-freebsd  7 Dec 2017"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
index 759ec219..e12803a8 100644
--- a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c
@@ -112,6 +112,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     int bitsp, bitsq, ok = -1, n = 0;
     BN_CTX *ctx = NULL;
 
+    /*
+     * When generating ridiculously small keys, we can get stuck
+     * continually regenerating the same prime values.
+     */
+    if (bits < 16) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -163,21 +173,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     if (!BN_GENCB_call(cb, 3, 0))
         goto err;
     for (;;) {
-        /*
-         * When generating ridiculously small keys, we can get stuck
-         * continually regenerating the same prime values. Check for this and
-         * bail if it happens 3 times.
-         */
-        unsigned int degenerate = 0;
         do {
             if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
                 goto err;
-        } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
-        if (degenerate == 3) {
-            ok = 0;             /* we set our own err */
-            RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
-            goto err;
-        }
+        } while (BN_cmp(rsa->p, rsa->q) == 0);
         if (!BN_sub(r2, rsa->q, BN_value_one()))
             goto err;
         if (!BN_gcd(r1, r2, rsa->e, ctx))
diff --git a/freebsd/crypto/openssl/crypto/symhacks.h b/freebsd/crypto/openssl/crypto/symhacks.h
index 239fa4fb..30019579 100644
--- a/freebsd/crypto/openssl/crypto/symhacks.h
+++ b/freebsd/crypto/openssl/crypto/symhacks.h
@@ -280,6 +280,8 @@
 #  define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
 #  undef EVP_PKEY_meth_set_verify_recover
 #  define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
+#  undef EVP_PKEY_meth_get_verify_recover
+#  define EVP_PKEY_meth_get_verify_recover        EVP_PKEY_meth_get_vrfy_recover
 
 /* Hack some long EC names */
 #  undef EC_GROUP_set_point_conversion_form
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
index 7d2e16fb..9fd34e9d 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c
@@ -288,9 +288,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
                     int crit, unsigned long flags)
 {
-    int extidx = -1;
-    int errcode;
-    X509_EXTENSION *ext, *extmp;
+    int errcode, extidx = -1;
+    X509_EXTENSION *ext = NULL, *extmp;
+    STACK_OF(X509_EXTENSION) *ret = NULL;
     unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
 
     /*
@@ -349,13 +349,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         return 1;
     }
 
-    if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
-        return -1;
-    if (!sk_X509_EXTENSION_push(*x, ext))
-        return -1;
+    if ((ret = *x) == NULL
+         && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+        goto m_fail;
+    if (!sk_X509_EXTENSION_push(ret, ext))
+        goto m_fail;
 
+    *x = ret;
     return 1;
 
+ m_fail:
+    if (ret != *x)
+        sk_X509_EXTENSION_free(ret);
+    X509_EXTENSION_free(ext);
+    return -1;
+
  err:
     if (!(flags & X509V3_ADD_SILENT))
         X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c b/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c
index 0503b832..afc84b95 100644
--- a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c
+++ b/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c
@@ -158,7 +158,7 @@ static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp)
     gen = ASN1_GENERALIZEDTIME_new();
     ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
                              (int)(timestamp / 86400000),
-                             (timestamp % 86400000) / 1000);
+                             (int)(timestamp % 86400000) / 1000);
     /*
      * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
      * characters long with a final Z. Update it with fractional seconds.
diff --git a/freebsd/crypto/openssl/ssl/bad_dtls_test.c b/freebsd/crypto/openssl/ssl/bad_dtls_test.c
index ab81cf1f..0a432a4a 100644
--- a/freebsd/crypto/openssl/ssl/bad_dtls_test.c
+++ b/freebsd/crypto/openssl/ssl/bad_dtls_test.c
@@ -592,13 +592,13 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
     unsigned char *enc;
 
 #ifdef SIXTY_FOUR_BIT_LONG
-    seq[0] = (seqnr >> 40) & 0xff;
-    seq[1] = (seqnr >> 32) & 0xff;
+    seq[0] = (unsigned char)(seqnr >> 40);
+    seq[1] = (unsigned char)(seqnr >> 32);
 #endif
-    seq[2] = (seqnr >> 24) & 0xff;
-    seq[3] = (seqnr >> 16) & 0xff;
-    seq[4] = (seqnr >> 8) & 0xff;
-    seq[5] = seqnr & 0xff;
+    seq[2] = (unsigned char)(seqnr >> 24);
+    seq[3] = (unsigned char)(seqnr >> 16);
+    seq[4] = (unsigned char)(seqnr >> 8);
+    seq[5] = (unsigned char)(seqnr);
 
     pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16);
     enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad);
@@ -614,8 +614,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
     HMAC_Update(&ctx, seq, 6);
     HMAC_Update(&ctx, &type, 1);
     HMAC_Update(&ctx, ver, 2); /* Version */
-    lenbytes[0] = len >> 8;
-    lenbytes[1] = len & 0xff;
+    lenbytes[0] = (unsigned char)(len >> 8);
+    lenbytes[1] = (unsigned char)(len);
     HMAC_Update(&ctx, lenbytes, 2); /* Length */
     HMAC_Update(&ctx, enc, len); /* Finally the data itself */
     HMAC_Final(&ctx, enc + len, NULL);
@@ -639,8 +639,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
     BIO_write(rbio, ver, 2);
     BIO_write(rbio, epoch, 2);
     BIO_write(rbio, seq, 6);
-    lenbytes[0] = (len + sizeof(iv)) >> 8;
-    lenbytes[1] = (len + sizeof(iv)) & 0xff;
+    lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8);
+    lenbytes[1] = (unsigned char)(len + sizeof(iv));
     BIO_write(rbio, lenbytes, 2);
 
     BIO_write(rbio, iv, sizeof(iv));
diff --git a/freebsd/crypto/openssl/ssl/s23_clnt.c b/freebsd/crypto/openssl/ssl/s23_clnt.c
index 197ae215..840c0ddb 100644
--- a/freebsd/crypto/openssl/ssl/s23_clnt.c
+++ b/freebsd/crypto/openssl/ssl/s23_clnt.c
@@ -759,10 +759,12 @@ static int ssl23_get_server_hello(SSL *s)
                 s->version = TLS1_VERSION;
                 s->method = TLSv1_client_method();
                 break;
+#ifndef OPENSSL_NO_SSL3
             case SSL3_VERSION:
                 s->version = SSL3_VERSION;
                 s->method = SSLv3_client_method();
                 break;
+#endif
             }
             SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
diff --git a/freebsd/crypto/openssl/ssl/s3_pkt.c b/freebsd/crypto/openssl/ssl/s3_pkt.c
index 679517f2..c2194d18 100644
--- a/freebsd/crypto/openssl/ssl/s3_pkt.c
+++ b/freebsd/crypto/openssl/ssl/s3_pkt.c
@@ -1326,10 +1326,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
         }
 #ifndef OPENSSL_NO_HEARTBEATS
         else if (rr->type == TLS1_RT_HEARTBEAT) {
-            tls1_process_heartbeat(s);
+            i = tls1_process_heartbeat(s);
+
+            if (i < 0)
+                return i;
 
-            /* Exit and notify application to read again */
             rr->length = 0;
+            if (s->mode & SSL_MODE_AUTO_RETRY)
+                goto start;
+
+            /* Exit and notify application to read again */
             s->rwstate = SSL_READING;
             BIO_clear_retry_flags(SSL_get_rbio(s));
             BIO_set_retry_read(SSL_get_rbio(s));
diff --git a/freebsd/crypto/openssl/ssl/srtp.h b/freebsd/crypto/openssl/ssl/srtp.h
index 512edabc..2279c32b 100644
--- a/freebsd/crypto/openssl/ssl/srtp.h
+++ b/freebsd/crypto/openssl/ssl/srtp.h
@@ -136,6 +136,7 @@ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
 
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
 # endif
 
diff --git a/freebsd/crypto/openssl/ssl/ssl.h b/freebsd/crypto/openssl/ssl/ssl.h
index 90aeb0ce..3cf96a23 100644
--- a/freebsd/crypto/openssl/ssl/ssl.h
+++ b/freebsd/crypto/openssl/ssl/ssl.h
@@ -1727,7 +1727,7 @@ extern "C" {
 # define SSL_ST_BEFORE                   0x4000
 # define SSL_ST_OK                       0x03
 # define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR                      0x05
+# define SSL_ST_ERR                      (0x05|SSL_ST_INIT)
 
 # define SSL_CB_LOOP                     0x01
 # define SSL_CB_EXIT                     0x02
diff --git a/freebsd/crypto/openssl/ssl/ssltest.c b/freebsd/crypto/openssl/ssl/ssltest.c
index 5eafe9e3..f6da7d32 100644
--- a/freebsd/crypto/openssl/ssl/ssltest.c
+++ b/freebsd/crypto/openssl/ssl/ssltest.c
@@ -425,13 +425,13 @@ static unsigned char *next_protos_parse(unsigned short *outlen,
                 OPENSSL_free(out);
                 return NULL;
             }
-            out[start] = i - start;
+            out[start] = (unsigned char)(i - start);
             start = i + 1;
         } else
             out[i + 1] = in[i];
     }
 
-    *outlen = len + 1;
+    *outlen = (unsigned char)(len + 1);
     return out;
 }
 
@@ -556,6 +556,7 @@ static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CI
 {
     fprintf(stderr, "ticket callback for SNI context should never be called\n");
     EXIT(1);
+    return 0;
 }
 #endif
 
diff --git a/freebsd/crypto/openssl/ssl/t1_lib.c b/freebsd/crypto/openssl/ssl/t1_lib.c
index 984c9c88..5e86a780 100644
--- a/freebsd/crypto/openssl/ssl/t1_lib.c
+++ b/freebsd/crypto/openssl/ssl/t1_lib.c
@@ -1918,7 +1918,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
         s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
         s2n(3 + len, ret);
         s2n(1 + len, ret);
-        *ret++ = len;
+        *ret++ = (unsigned char)len;
         memcpy(ret, selected, len);
         ret += len;
     }
author	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-08-20 15:53:03 +0200
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-09-21 10:29:39 +0200
commit	18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d (patch)
tree	a3020ac5b1f366f2f0920941b589808e435dbcee /freebsd/crypto
parent	Update to FreeBSD head 2017-12-01 (diff)
download	rtems-libbsd-18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d.tar.bz2