diff options
| author | Vsevolod Stakhov <vsevolod@FreeBSD.org> | 2015-03-19 23:11:48 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@FreeBSD.org> | 2015-03-19 23:11:48 +0000 |
| commit | 82ae895c0bfc875ead9a37815f837215abb5eaf8 (patch) | |
| tree | 64ca7d1f7282254c402cae2958dc59c629f0daec /security | |
| parent | 10fed934b76fe7add15337c6e7e5de00c40709a6 (diff) | |
| download | ports-82ae895c0bfc875ead9a37815f837215abb5eaf8.tar.gz ports-82ae895c0bfc875ead9a37815f837215abb5eaf8.zip | |
Notes
Diffstat (limited to 'security')
16 files changed, 5 insertions, 507 deletions
diff --git a/security/libressl/Makefile b/security/libressl/Makefile index 9562ef613e5b..454b8c473adb 100644 --- a/security/libressl/Makefile +++ b/security/libressl/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= libressl -PORTVERSION= 2.1.5 -PORTREVISION= 1 +PORTVERSION= 2.1.6 CATEGORIES= security devel MASTER_SITES= ${MASTER_SITE_OPENBSD} MASTER_SITE_SUBDIR= LibreSSL @@ -17,7 +16,6 @@ CPE_VENDOR= openbsd CONFLICTS?= openssl-* GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-libtls USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes diff --git a/security/libressl/distinfo b/security/libressl/distinfo index 9fbe0ee633c1..ce8271baa184 100644 --- a/security/libressl/distinfo +++ b/security/libressl/distinfo @@ -1,2 +1,2 @@ -SHA256 (libressl-2.1.5.tar.gz) = a82379913fd7f4e26e045fcf021aa92a1f683954816bf817b3b696de62e9c3bb -SIZE (libressl-2.1.5.tar.gz) = 2865527 +SHA256 (libressl-2.1.6.tar.gz) = 4f826dd97b3b8001707073bde8401493f9cd4668465b481c042d28e3973653a8 +SIZE (libressl-2.1.6.tar.gz) = 2865936 diff --git a/security/libressl/files/patch-include-openssl-opensslv.h b/security/libressl/files/patch-include-openssl-opensslv.h index 96481d8fc069..e0b753b242e8 100644 --- a/security/libressl/files/patch-include-openssl-opensslv.h +++ b/security/libressl/files/patch-include-openssl-opensslv.h @@ -6,6 +6,6 @@ #define LIBRESSL_VERSION_NUMBER 0x20000000L -#define OPENSSL_VERSION_NUMBER 0x20000000L +#define OPENSSL_VERSION_NUMBER 0x1000107fL - #define OPENSSL_VERSION_TEXT "LibreSSL 2.1.5" + #define OPENSSL_VERSION_TEXT "LibreSSL 2.1.6" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/security/libressl/pkg-plist b/security/libressl/pkg-plist index e1abae09dd94..2e107d1f0b07 100644 --- a/security/libressl/pkg-plist +++ b/security/libressl/pkg-plist @@ -62,6 +62,7 @@ include/openssl/ssl2.h include/openssl/ssl23.h include/openssl/ssl3.h include/openssl/stack.h +include/tls.h include/openssl/tls1.h include/openssl/ts.h include/openssl/txt_db.h @@ -71,7 +72,6 @@ include/openssl/whrlpool.h include/openssl/x509.h include/openssl/x509_vfy.h include/openssl/x509v3.h -include/tls.h lib/libcrypto.a lib/libcrypto.so lib/libcrypto.so.32 diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c deleted file mode 100644 index c3d7d3dcc177..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c +++ /dev/null @@ -1,26 +0,0 @@ ---- crypto/asn1/a_int.c.orig 2015-02-10 14:54:46 UTC -+++ crypto/asn1/a_int.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: a_int.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */ -+/* $OpenBSD: a_int.c,v 1.25 2015/02/10 08:33:10 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -268,7 +268,7 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const - - err: - ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ if (a == NULL || *a != ret) - M_ASN1_INTEGER_free(ret); - return (NULL); - } -@@ -335,7 +335,7 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, cons - - err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ if (a == NULL || *a != ret) - M_ASN1_INTEGER_free(ret); - return (NULL); - } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c deleted file mode 100644 index 68c00ab76b0d..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c +++ /dev/null @@ -1,17 +0,0 @@ ---- crypto/asn1/a_set.c.orig 2014-12-06 23:15:50 UTC -+++ crypto/asn1/a_set.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: a_set.c,v 1.15 2014/07/10 13:58:22 jsing Exp $ */ -+/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -225,7 +225,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a - return ret; - - err: -- if (ret != NULL && (a == NULL || *a != ret)) { -+ if (a == NULL || *a != ret) { - if (free_func != NULL) - sk_OPENSSL_BLOCK_pop_free(ret, free_func); - else diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c deleted file mode 100644 index b928c7a6bf40..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c +++ /dev/null @@ -1,19 +0,0 @@ ---- crypto/asn1/a_type.c.orig 2015-02-10 14:54:46 UTC -+++ crypto/asn1/a_type.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: a_type.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */ -+/* $OpenBSD: a_type.c,v 1.15 2015/02/10 08:33:10 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -119,7 +119,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; -- -+ case V_ASN1_BOOLEAN: -+ result = a->value.boolean - b->value.boolean; -+ break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c deleted file mode 100644 index 3c5a15995404..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c +++ /dev/null @@ -1,17 +0,0 @@ ---- crypto/asn1/d2i_pr.c.orig 2015-02-11 14:17:41 UTC -+++ crypto/asn1/d2i_pr.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: d2i_pr.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ -+/* $OpenBSD: d2i_pr.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -118,7 +118,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, c - return (ret); - - err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ if (a == NULL || *a != ret) - EVP_PKEY_free(ret); - return (NULL); - } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c deleted file mode 100644 index 96b706605dbb..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c +++ /dev/null @@ -1,17 +0,0 @@ ---- crypto/asn1/d2i_pu.c.orig 2014-12-06 23:15:50 UTC -+++ crypto/asn1/d2i_pu.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: d2i_pu.c,v 1.11 2014/07/10 22:45:56 jsing Exp $ */ -+/* $OpenBSD: d2i_pu.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -130,7 +130,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, co - return (ret); - - err: -- if ((ret != NULL) && ((a == NULL) || (*a != ret))) -+ if (a == NULL || *a != ret) - EVP_PKEY_free(ret); - return (NULL); - } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c b/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c deleted file mode 100644 index addab2fdd4dc..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c +++ /dev/null @@ -1,24 +0,0 @@ ---- crypto/asn1/n_pkey.c.orig 2015-02-11 14:17:41 UTC -+++ crypto/asn1/n_pkey.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: n_pkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */ -+/* $OpenBSD: n_pkey.c,v 1.25 2015/02/11 04:00:39 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -340,11 +340,11 @@ d2i_RSA_NET(RSA **a, const unsigned char - return NULL; - } - -- if ((enckey->os->length != 11) || (strncmp("private-key", -- (char *)enckey->os->data, 11) != 0)) { -+ /* XXX 11 == strlen("private-key") */ -+ if (enckey->os->length != 11 || -+ memcmp("private-key", enckey->os->data, 11) != 0) { - ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); -- NETSCAPE_ENCRYPTED_PKEY_free(enckey); -- return NULL; -+ goto err; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { - ASN1err(ASN1_F_D2I_RSA_NET, diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c b/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c deleted file mode 100644 index aa5e0bfa2199..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c +++ /dev/null @@ -1,47 +0,0 @@ ---- crypto/asn1/tasn_dec.c.orig 2015-02-14 19:09:01 UTC -+++ crypto/asn1/tasn_dec.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: tasn_dec.c,v 1.24 2014/06/12 15:49:27 deraadt Exp $ */ -+/* $OpenBSD: tasn_dec.c,v 1.25 2015/02/14 15:23:57 miod Exp $ */ - /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -@@ -238,8 +238,16 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - -- /* Allocate structure */ -- if (!*pval && !ASN1_item_ex_new(pval, it)) { -+ if (*pval) { -+ /* Free up and zero CHOICE value if initialised */ -+ i = asn1_get_choice_selector(pval, it); -+ if ((i >= 0) && (i < it->tcount)) { -+ tt = it->templates + i; -+ pchptr = asn1_get_field_ptr(pval, tt); -+ ASN1_template_free(pchptr, tt); -+ asn1_set_choice_selector(pval, -1, it); -+ } -+ } else if (!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, - ERR_R_NESTED_ASN1_ERROR); - goto err; -@@ -325,6 +333,19 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - -+ /* Free up and zero any ADB found */ -+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { -+ if (tt->flags & ASN1_TFLG_ADB_MASK) { -+ const ASN1_TEMPLATE *seqtt; -+ ASN1_VALUE **pseqval; -+ seqtt = asn1_do_adb(pval, tt, 1); -+ if (!seqtt) -+ goto err; -+ pseqval = asn1_get_field_ptr(pval, seqtt); -+ ASN1_template_free(pseqval, seqtt); -+ } -+ } -+ - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - const ASN1_TEMPLATE *seqtt; diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c b/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c deleted file mode 100644 index e8012fb0d7a3..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c +++ /dev/null @@ -1,34 +0,0 @@ ---- crypto/asn1/x_x509.c.orig 2015-02-11 14:17:41 UTC -+++ crypto/asn1/x_x509.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: x_x509.c,v 1.22 2015/02/11 03:39:51 jsing Exp $ */ -+/* $OpenBSD: x_x509.c,v 1.23 2015/02/11 04:00:39 jsing Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -313,16 +313,20 @@ d2i_X509_AUX(X509 **a, const unsigned ch - - /* Save start position */ - q = *pp; -- ret = d2i_X509(a, pp, length); -+ ret = d2i_X509(NULL, pp, length); - /* If certificate unreadable then forget it */ - if (!ret) - return NULL; - /* update length */ - length -= *pp - q; -- if (!length) -- return ret; -- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) -- goto err; -+ if (length > 0) { -+ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) -+ goto err; -+ } -+ if (a != NULL) { -+ X509_free(*a); -+ *a = ret; -+ } - return ret; - - err: diff --git a/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c b/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c deleted file mode 100644 index d2bbb173ffaa..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c +++ /dev/null @@ -1,102 +0,0 @@ ---- crypto/ec/ec_asn1.c.orig 2015-02-10 14:54:46 UTC -+++ crypto/ec/ec_asn1.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: ec_asn1.c,v 1.11 2015/02/10 04:01:26 jsing Exp $ */ -+/* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */ - /* - * Written by Nils Larsch for the OpenSSL project. - */ -@@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const - - if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { - ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); -- ECPKPARAMETERS_free(params); -- return NULL; -+ goto err; - } - if ((group = ec_asn1_pkparameters2group(params)) == NULL) { - ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); -- ECPKPARAMETERS_free(params); -- return NULL; -+ goto err; - } -- if (a && *a) -+ -+ if (a != NULL) { - EC_GROUP_clear_free(*a); -- if (a) - *a = group; -+ } - -+err: - ECPKPARAMETERS_free(params); - return (group); - } -@@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, u - EC_KEY * - d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) - { -- int ok = 0; - EC_KEY *ret = NULL; - EC_PRIVATEKEY *priv_key = NULL; - -@@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi - } - if (a == NULL || *a == NULL) { - if ((ret = EC_KEY_new()) == NULL) { -- ECerr(EC_F_D2I_ECPRIVATEKEY, -- ERR_R_MALLOC_FAILURE); -+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); - goto err; - } -- if (a) -- *a = ret; - } else - ret = *a; - -@@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi - goto err; - } - } -- ok = 1; -+ -+ EC_PRIVATEKEY_free(priv_key); -+ if (a != NULL) -+ *a = ret; -+ return (ret); -+ - err: -- if (!ok) { -- if (ret) -- EC_KEY_free(ret); -- ret = NULL; -- } -+ if (a == NULL || *a != ret) -+ EC_KEY_free(ret); - if (priv_key) - EC_PRIVATEKEY_free(priv_key); - -- return (ret); -+ return (NULL); - } - - int -@@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsi - ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); - return NULL; - } -- if (a) -- *a = ret; - } else - ret = *a; - -@@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsi - ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); - return NULL; - } -+ -+ if (a != NULL) -+ *a = ret; - return ret; - } - diff --git a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c deleted file mode 100644 index 1ceba4477a3b..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c +++ /dev/null @@ -1,162 +0,0 @@ ---- crypto/pkcs7/pk7_doit.c.orig 2015-02-09 01:31:52 UTC -+++ crypto/pkcs7/pk7_doit.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: pk7_doit.c,v 1.30 2014/10/22 13:02:04 jsing Exp $ */ -+/* $OpenBSD: pk7_doit.c,v 1.31 2015/02/07 13:19:15 doug Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -261,6 +261,28 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio) - PKCS7_RECIP_INFO *ri = NULL; - ASN1_OCTET_STRING *os = NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ /* -+ * The content field in the PKCS7 ContentInfo is optional, -+ * but that really only applies to inner content (precisely, -+ * detached signatures). -+ * -+ * When reading content, missing outer content is therefore -+ * treated as an error. -+ * -+ * When creating content, PKCS7_content_new() must be called -+ * before calling this method, so a NULL p7->d is always -+ * an error. -+ */ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; - -@@ -417,6 +439,17 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pk - unsigned char *ek = NULL, *tkey = NULL; - int eklen = 0, tkeylen = 0; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, -+ PKCS7_R_INVALID_NULL_POINTER); -+ return NULL; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); -+ return NULL; -+ } -+ - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; - -@@ -691,6 +724,17 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; - ASN1_OCTET_STRING *os = NULL; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -+ PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - EVP_MD_CTX_init(&ctx_tmp); - i = OBJ_obj2nid(p7->type); - p7->state = PKCS7_S_HEADER; -@@ -736,6 +780,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - /* If detached data then the content is excluded */ - if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.sign->contents->d.data = NULL; - } - break; -@@ -750,6 +795,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - if (PKCS7_type_is_data(p7->d.digest->contents) && - p7->detached) { - M_ASN1_OCTET_STRING_free(os); -+ os = NULL; - p7->d.digest->contents->d.data = NULL; - } - break; -@@ -815,22 +861,32 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } - -- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { -- char *cont; -- long contlen; -- btmp = BIO_find_type(bio, BIO_TYPE_MEM); -- if (btmp == NULL) { -- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -- PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -+ if (!PKCS7_is_detached(p7)) { -+ /* -+ * NOTE: only reach os == NULL here because detached -+ * digested data support is broken? -+ */ -+ if (os == NULL) - goto err; -+ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { -+ char *cont; -+ long contlen; -+ -+ btmp = BIO_find_type(bio, BIO_TYPE_MEM); -+ if (btmp == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, -+ PKCS7_R_UNABLE_TO_FIND_MEM_BIO); -+ goto err; -+ } -+ contlen = BIO_get_mem_data(btmp, &cont); -+ /* -+ * Mark the BIO read only then we can use its copy -+ * of the data instead of making an extra copy. -+ */ -+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -+ BIO_set_mem_eof_return(btmp, 0); -+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen); - } -- contlen = BIO_get_mem_data(btmp, &cont); -- /* Mark the BIO read only then we can use its copy of the data -- * instead of making an extra copy. -- */ -- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); -- BIO_set_mem_eof_return(btmp, 0); -- ASN1_STRING_set0(os, (unsigned char *)cont, contlen); - } - ret = 1; - err: -@@ -905,6 +961,17 @@ PKCS7_dataVerify(X509_STORE *cert_store, - STACK_OF(X509) *cert; - X509 *x509; - -+ if (p7 == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, -+ PKCS7_R_INVALID_NULL_POINTER); -+ return 0; -+ } -+ -+ if (p7->d.ptr == NULL) { -+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); -+ return 0; -+ } -+ - if (PKCS7_type_is_signed(p7)) { - cert = p7->d.sign->cert; - } else if (PKCS7_type_is_signedAndEnveloped(p7)) { -@@ -941,6 +1008,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, - - return PKCS7_signatureVerify(bio, p7, si, x509); - err: -+ - return ret; - } - diff --git a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c deleted file mode 100644 index 9b0ecd4dda8e..000000000000 --- a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c +++ /dev/null @@ -1,17 +0,0 @@ ---- crypto/pkcs7/pk7_lib.c.orig 2014-12-06 23:15:50 UTC -+++ crypto/pkcs7/pk7_lib.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: pk7_lib.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ -+/* $OpenBSD: pk7_lib.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -460,6 +460,8 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD - STACK_OF(PKCS7_SIGNER_INFO) * - PKCS7_get_signer_info(PKCS7 *p7) - { -+ if (p7 == NULL || p7->d.ptr == NULL) -+ return (NULL); - if (PKCS7_type_is_signed(p7)) { - return (p7->d.sign->signer_info); - } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/security/libressl/security/libressl/files/patch-ssl_d1__lib.c b/security/libressl/security/libressl/files/patch-ssl_d1__lib.c deleted file mode 100644 index 022a27d2c11b..000000000000 --- a/security/libressl/security/libressl/files/patch-ssl_d1__lib.c +++ /dev/null @@ -1,18 +0,0 @@ ---- ssl/d1_lib.c.orig 2015-02-09 23:29:07 UTC -+++ ssl/d1_lib.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: d1_lib.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */ -+/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */ - /* - * DTLS implementation written by Nagendra Modadugu - * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. -@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *cl - { - int ret; - -+ /* Ensure there is no state left over from a previous invocation */ -+ SSL_clear(s); -+ - SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); - s->d1->listen = 1; - |