update for 2.3.7

set link library dependencies with MSVC, fixes #221
properly enable strnlen checks for MSVC
2016-07-31 17:59:59 -05:00 · 2016-07-31 17:12:47 -05:00 · 2016-07-31 17:12:47 -05:00 · 2016-07-19 05:49:05 -05:00 · 2016-07-19 05:48:49 -05:00 · 2016-07-19 05:46:16 -05:00
8 changed files with 75 additions and 2 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -107,7 +107,7 @@ if(HAVE_STRNDUP)
 endif()

 if(MSVC)
-	set(HAVE_STRNLEN)
+	set(HAVE_STRNLEN true)
 	add_definitions(-DHAVE_STRNLEN)
 else()
 	check_function_exists(strnlen HAVE_STRNLEN)
--- a/24
+++ b/24
@@ -28,6 +28,30 @@ history is also available from Git.

 LibreSSL Portable Release Notes:

+2.3.7 - OCSP fixes
+
+	* Fix several issues in the OCSP code that could result in the
+	  incorrect generation and parsing of OCSP requests. This remediates a
+	  lack of error checking on time parsing in these functions, and
+	  ensures that only GENERALIZEDTIME formats are accepted for OCSP, as
+	  per RFC 6960.
+
+	  Issues reported, and fixes provided by  Kazuki Yamaguchi <k@rhe.jp>
+	  and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com>
+
+2.3.6 - Security fix
+
+	* Correct a problem that prevents the DSA signing algorithm from
+	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
+	  This issue was reported by Cesar Pereida (Aalto University), Billy
+	  Brumley (Tampere University of Technology), and Yuval Yarom (The
+	  University of Adelaide and NICTA). The fix was developed by Cesar
+	  Pereida. See OpenBSD 5.9 errata 11, June 6, 2016
+
+2.3.5 - Reliability fix
+
+	* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
+
 2.3.4 - Security Update

 	* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -641,6 +641,9 @@ if (BUILD_SHARED)
 	add_library(crypto-objects OBJECT ${CRYPTO_SRC})
 	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
 	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
+	if (MSVC)
+		target_link_libraries(crypto-shared crypto Ws2_32.lib)
+	endif()
 	set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
 	set_target_properties(crypto-shared PROPERTIES VERSION
 		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
--- a/m4/check-libc.m4
+++ b/m4/check-libc.m4
@@ -59,7 +59,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"

 # Override arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$USE_BUILTIN_ARC4RANDOM" != yes \
+	[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
 	   -a "x$ac_cv_func_arc4random_buf" = xyes])

 # Check for getentropy fallback dependencies
--- a/patches/modes_lcl.h
+++ b/patches/modes_lcl.h
@@ -0,0 +1,21 @@
+--- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h	Sat Dec  6 17:15:50 2014
+++ crypto/modes/modes_lcl.h	Sun Jul 17 17:45:27 2016
+@@ -43,14 +43,16 @@
+ 			asm ("bswapl %0"		\
+ 			: "+r"(ret));	ret;		})
+ # elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
+-#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
+#  if (__ARM_ARCH >= 6)
+#   define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
+ 			asm ("rev %0,%0; rev %1,%1"	\
+ 			: "+r"(hi),"+r"(lo));		\
+ 			(u64)hi<<32|lo;			})
+-#  define BSWAP4(x) ({	u32 ret;			\
+#   define BSWAP4(x) ({	u32 ret;			\
+ 			asm ("rev %0,%1"		\
+ 			: "=r"(ret) : "r"((u32)(x)));	\
+ 			ret;				})
+#  endif
+ # endif
+ #endif
+ #endif
--- a/patches/ssl_txt.c.patch
+++ b/patches/ssl_txt.c.patch
@@ -0,0 +1,19 @@
+--- ssl/ssl_txt.orig	Sun Jul 17 17:26:59 2016
+++ ssl/ssl_txt.c	Sun Jul 17 17:35:44 2016
+@@ -82,6 +82,7 @@
+  * OTHERWISE.
+  */
+ 
+#include <inttypes.h>
+ #include <stdio.h>
+ 
+ #include <openssl/buffer.h>
+@@ -163,7 +164,7 @@
+ 	}
+ 
+ 	if (x->time != 0) {
+-		if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
+		if (BIO_printf(bp, "\n    Start Time: %"PRId64, (int64_t)x->time) <= 0)
+ 			goto err;
+ 	}
+ 	if (x->timeout != 0L) {
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -52,6 +52,9 @@ if (BUILD_SHARED)
 	add_library(ssl-objects OBJECT ${SSL_SRC})
 	add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
 	add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
+	if (MSVC)
+		target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
+	endif()
 	set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
 	set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
 		SOVERSION ${SSL_MAJOR_VERSION})
--- a/tls/CMakeLists.txt
+++ b/tls/CMakeLists.txt
@@ -25,6 +25,9 @@ if (BUILD_SHARED)
 	add_library(tls-objects OBJECT ${TLS_SRC})
 	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
 	add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
+	if (MSVC)
+		target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
+	endif()
 	set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls)
 	set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
 		SOVERSION ${TLS_MAJOR_VERSION})
Author	SHA1	Message	Date
Brent Cook	25d8a429c1	update for 2.3.7	2016-07-31 17:59:59 -05:00
Brent Cook	926aa53242	set link library dependencies with MSVC, fixes #221	2016-07-31 17:12:47 -05:00
Brent Cook	950dcb2d07	properly enable strnlen checks for MSVC	2016-07-31 17:12:47 -05:00
Brent Cook	f6582d1d76	avoid BSWAP assembly for ARM <= v6	2016-07-19 05:49:05 -05:00
Brent Cook	3a193a58d4	format 64-bit int portably (windows wants %l64d)	2016-07-19 05:48:49 -05:00
celan69	94532f9619	Fix typo in USE_BUILTIN_ARC4RANDOM check Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.	2016-07-19 05:46:16 -05:00
Brent Cook	0ae23dfcc3	bump changelog to sync tags with openbsd source	2016-06-07 07:04:16 -05:00
Brent Cook	bff756ef62	update changelog	2016-06-06 05:03:27 -05:00
Brent Cook	5b39a35bf8	Update changelog	2016-05-30 09:08:29 -05:00