OpenSSL CHANGES
_______________
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
+ *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+ incompatibility in the handling of HMAC. The previous ABI has now been
+ restored.
+
Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
## Makefile for OpenSSL
##
-VERSION=1.0.2b
+VERSION=1.0.2c
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
## Makefile for OpenSSL
##
-VERSION=1.0.2b-dev
+VERSION=1.0.2c-dev
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+ o Fix HMAC ABI incompatibility
+
Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
- OpenSSL 1.0.2b 11 Jun 2015
+ OpenSSL 1.0.2c 12 Jun 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
- /*
- * allocate 2 to dont_warn not to use RAND_screen() via
- * -no_rand_screen option in s_client
- */
- if (dont_warn != 2) {
- BIO_printf(bio_e, "Loading 'screen' into random state -");
- BIO_flush(bio_e);
- RAND_screen();
- BIO_printf(bio_e, " done\n");
- }
+ BIO_printf(bio_e, "Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e, " done\n");
#endif
if (file == NULL)
# include <fcntl.h>
#endif
-/* Use Windows API with STD_INPUT_HANDLE when checking for input?
- Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
- OPENSSL_SYS_WINDOWS is defined */
-#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
-#define OPENSSL_USE_STD_INPUT_HANDLE
-#endif
-
#undef PROG
#define PROG s_client_main
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
-static int c_no_rand_screen = 0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
-#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_err,
- " -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
-#endif
}
#ifndef OPENSSL_NO_TLSEXT
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
-#ifdef OPENSSL_SYS_WINDOWS
- } else if (strcmp(*argv, "-no_rand_screen") == 0) {
- c_no_rand_screen = 1;
-#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
if (!load_excert(&exc, bio_err))
goto end;
- if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
-#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ if (!i && (!_kbhit() || !read_tty))
+ continue;
+# else
if (!i && (!((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle
0)))
|| !read_tty))
continue;
-#else
- if(!i && (!_kbhit() || !read_tty) ) continue;
# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ else if (_kbhit())
+# else
else if ((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-#else
- else if (_kbhit())
# endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
}
#endif
+ /* If we are changing MD then we must have a key */
+ if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+ return 0;
if (md != NULL) {
reset = 1;
return 0;
}
- if (!ctx->key_init && key == NULL)
- return 0;
-
if (key != NULL) {
reset = 1;
j = EVP_MD_block_size(md);
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
memset(&ctx->key[ctx->key_length], 0,
HMAC_MAX_MD_CBLOCK - ctx->key_length);
- ctx->key_init = 1;
}
if (reset) {
if (FIPS_mode() && !ctx->i_ctx.engine)
return FIPS_hmac_update(ctx, data, len);
#endif
- if (!ctx->key_init)
+ if (!ctx->md)
return 0;
return EVP_DigestUpdate(&ctx->md_ctx, data, len);
return FIPS_hmac_final(ctx, md, len);
#endif
- if (!ctx->key_init)
+ if (!ctx->md)
goto err;
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx);
- ctx->key_init = 0;
ctx->md = NULL;
}
goto err;
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
goto err;
- dctx->key_init = sctx->key_init;
- if (sctx->key_init) {
- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
- dctx->key_length = sctx->key_length;
- }
+ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+ dctx->key_length = sctx->key_length;
dctx->md = sctx->md;
return 1;
err:
EVP_MD_CTX o_ctx;
unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK];
- int key_init;
} HMAC_CTX;
# define HMAC_size(e) (EVP_MD_size((e)->md))
err++;
goto test6;
}
- if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
+ printf("Should disallow changing MD without a new key (test 5)\n");
+ err++;
+ goto test6;
+ }
+ if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
-#include "../../config/opensslconf.h"
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_LIBUNBOUND
+# define OPENSSL_NO_LIBUNBOUND
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+# define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+# define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
+# define NO_LIBUNBOUND
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+# define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+# define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+# define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+# define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
+# define NO_SSL_TRACE
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+# define NO_STORE
+# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# define NO_UNIT_TEST
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/local/ssl/lib/engines"
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
+#ifdef __cplusplus
+}
+#endif
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1000202fL
+# define OPENSSL_VERSION_NUMBER 0x1000203fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b-fips 11 Jun 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips 12 Jun 2015"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b 11 Jun 2015"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c 12 Jun 2015"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no []
{ $opcode="mov"; }
- elsif ($opcode !~ /mov[dq]$/)
+ elsif ($opcode !~ /movq/)
{ # fix xmm references
- $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i);
- $arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
+ $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i);
+ $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
}
&::emit($opcode,@arg);
IF \@Version LT 800
ECHO MASM version 8.00 or later is strongly recommended.
ENDIF
-.686
+.486
.MODEL FLAT
OPTION DOTNAME
IF \@Version LT 800
{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); }
sub ::data_byte
-{ push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_); }
+{ push(@out,("DB\t").join(',',@_)."\n"); }
sub ::data_short
-{ push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_); }
+{ push(@out,("DW\t").join(',',@_)."\n"); }
sub ::data_word
-{ push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_); }
+{ push(@out,("DD\t").join(',',@_)."\n"); }
sub ::align
{ push(@out,"ALIGN\t$_[0]\n"); }
+++ /dev/null
-#include "../../crypto/aes/aes.h"
--- /dev/null
+../../crypto/aes/aes.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/asn1/asn1.h"
--- /dev/null
+../../crypto/asn1/asn1.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/asn1/asn1_mac.h"
--- /dev/null
+../../crypto/asn1/asn1_mac.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/asn1/asn1t.h"
--- /dev/null
+../../crypto/asn1/asn1t.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/bio/bio.h"
--- /dev/null
+../../crypto/bio/bio.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/bf/blowfish.h"
--- /dev/null
+../../crypto/bf/blowfish.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/bn/bn.h"
--- /dev/null
+../../crypto/bn/bn.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/buffer/buffer.h"
--- /dev/null
+../../crypto/buffer/buffer.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/camellia/camellia.h"
--- /dev/null
+../../crypto/camellia/camellia.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/cast/cast.h"
--- /dev/null
+../../crypto/cast/cast.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/cmac/cmac.h"
--- /dev/null
+../../crypto/cmac/cmac.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/cms/cms.h"
--- /dev/null
+../../crypto/cms/cms.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/comp/comp.h"
--- /dev/null
+../../crypto/comp/comp.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/conf/conf.h"
--- /dev/null
+../../crypto/conf/conf.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/conf/conf_api.h"
--- /dev/null
+../../crypto/conf/conf_api.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/crypto.h"
--- /dev/null
+../../crypto/crypto.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/des/des.h"
--- /dev/null
+../../crypto/des/des.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/des/des_old.h"
--- /dev/null
+../../crypto/des/des_old.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/dh/dh.h"
--- /dev/null
+../../crypto/dh/dh.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/dsa/dsa.h"
--- /dev/null
+../../crypto/dsa/dsa.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/dso/dso.h"
--- /dev/null
+../../crypto/dso/dso.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/dtls1.h"
--- /dev/null
+../../ssl/dtls1.h
\ No newline at end of file
+++ /dev/null
-#include "../../e_os2.h"
--- /dev/null
+../../e_os2.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ebcdic.h"
--- /dev/null
+../../crypto/ebcdic.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ec/ec.h"
--- /dev/null
+../../crypto/ec/ec.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ecdh/ecdh.h"
--- /dev/null
+../../crypto/ecdh/ecdh.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ecdsa/ecdsa.h"
--- /dev/null
+../../crypto/ecdsa/ecdsa.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/engine/engine.h"
--- /dev/null
+../../crypto/engine/engine.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/err/err.h"
--- /dev/null
+../../crypto/err/err.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/evp/evp.h"
--- /dev/null
+../../crypto/evp/evp.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/hmac/hmac.h"
--- /dev/null
+../../crypto/hmac/hmac.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/idea/idea.h"
--- /dev/null
+../../crypto/idea/idea.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/krb5/krb5_asn.h"
--- /dev/null
+../../crypto/krb5/krb5_asn.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/kssl.h"
--- /dev/null
+../../ssl/kssl.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/lhash/lhash.h"
--- /dev/null
+../../crypto/lhash/lhash.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/md4/md4.h"
--- /dev/null
+../../crypto/md4/md4.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/md5/md5.h"
--- /dev/null
+../../crypto/md5/md5.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/mdc2/mdc2.h"
--- /dev/null
+../../crypto/mdc2/mdc2.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/modes/modes.h"
--- /dev/null
+../../crypto/modes/modes.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/objects/obj_mac.h"
--- /dev/null
+../../crypto/objects/obj_mac.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/objects/objects.h"
--- /dev/null
+../../crypto/objects/objects.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ocsp/ocsp.h"
--- /dev/null
+../../crypto/ocsp/ocsp.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/opensslconf.h"
--- /dev/null
+../../crypto/opensslconf.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/opensslv.h"
--- /dev/null
+../../crypto/opensslv.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ossl_typ.h"
--- /dev/null
+../../crypto/ossl_typ.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/pem/pem.h"
--- /dev/null
+../../crypto/pem/pem.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/pem/pem2.h"
--- /dev/null
+../../crypto/pem/pem2.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/pkcs12/pkcs12.h"
--- /dev/null
+../../crypto/pkcs12/pkcs12.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/pkcs7/pkcs7.h"
--- /dev/null
+../../crypto/pkcs7/pkcs7.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/pqueue/pqueue.h"
--- /dev/null
+../../crypto/pqueue/pqueue.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/rand/rand.h"
--- /dev/null
+../../crypto/rand/rand.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/rc2/rc2.h"
--- /dev/null
+../../crypto/rc2/rc2.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/rc4/rc4.h"
--- /dev/null
+../../crypto/rc4/rc4.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ripemd/ripemd.h"
--- /dev/null
+../../crypto/ripemd/ripemd.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/rsa/rsa.h"
--- /dev/null
+../../crypto/rsa/rsa.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/stack/safestack.h"
--- /dev/null
+../../crypto/stack/safestack.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/seed/seed.h"
--- /dev/null
+../../crypto/seed/seed.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/sha/sha.h"
--- /dev/null
+../../crypto/sha/sha.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/srp/srp.h"
--- /dev/null
+../../crypto/srp/srp.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/srtp.h"
--- /dev/null
+../../ssl/srtp.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/ssl.h"
--- /dev/null
+../../ssl/ssl.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/ssl2.h"
--- /dev/null
+../../ssl/ssl2.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/ssl23.h"
--- /dev/null
+../../ssl/ssl23.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/ssl3.h"
--- /dev/null
+../../ssl/ssl3.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/stack/stack.h"
--- /dev/null
+../../crypto/stack/stack.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/symhacks.h"
--- /dev/null
+../../crypto/symhacks.h
\ No newline at end of file
+++ /dev/null
-#include "../../ssl/tls1.h"
--- /dev/null
+../../ssl/tls1.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ts/ts.h"
--- /dev/null
+../../crypto/ts/ts.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/txt_db/txt_db.h"
--- /dev/null
+../../crypto/txt_db/txt_db.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ui/ui.h"
--- /dev/null
+../../crypto/ui/ui.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/ui/ui_compat.h"
--- /dev/null
+../../crypto/ui/ui_compat.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/whrlpool/whrlpool.h"
--- /dev/null
+../../crypto/whrlpool/whrlpool.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/x509/x509.h"
--- /dev/null
+../../crypto/x509/x509.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/x509/x509_vfy.h"
--- /dev/null
+../../crypto/x509/x509_vfy.h
\ No newline at end of file
+++ /dev/null
-#include "../../crypto/x509v3/x509v3.h"
--- /dev/null
+../../crypto/x509v3/x509v3.h
\ No newline at end of file
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.2b
+Version: 1.0.2c
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
s->srtp_profile = NULL;
- if (data >= (d + n - 2)) {
- if (data != d + n)
- goto err;
- else
- goto ri_check;
- }
+ if (data == d + n)
+ goto ri_check;
+
+ if (data > (d + n - 2))
+ goto err;
+
n2s(data, len);
if (data > (d + n - len))