22021787 openssl s_client sub-command dumps core
22021385 openssl ts sub-command dumps core
--- a/components/openssl/common/patches/046-weak-ciphers.patch Fri Jun 24 10:34:41 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,445 +0,0 @@
-# Remove MD2, MD4: some functions need to be stubbed
-# Deprecate DES, RC2, RC4, and MD5
-# Patch developed in-house. Solaris-specific; not suitable for upstream.
---- openssl-1.x/crypto/des/des.h Thu Feb 25 07:42:06 2016
-+++ openssl-1.x/crypto/des/des.h.new Thu Feb 25 08:37:40 2016
[email protected]@ -132,24 +132,38 @@
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, int enc);
-+
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark DES functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
- long length, DES_key_schedule *schedule,
- const_DES_cblock *ivec);
- /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
--void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
-+DEPRECATED void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
--void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-+DEPRECATED void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
--void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-+DEPRECATED void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, const_DES_cblock *inw,
- const_DES_cblock *outw, int enc);
--void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-+DEPRECATED void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
--void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-+DEPRECATED void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks, int enc);
-
- /*
[email protected]@ -204,19 +218,19 @@
- DES_cblock *out_white);
- # endif
-
--int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-+DEPRECATED int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
- DES_cblock *iv);
--int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
-+DEPRECATED int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
- DES_cblock *iv);
--char *DES_fcrypt(const char *buf, const char *salt, char *ret);
--char *DES_crypt(const char *buf, const char *salt);
--void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-+DEPRECATED char *DES_fcrypt(const char *buf, const char *salt, char *ret);
-+DEPRECATED char *DES_crypt(const char *buf, const char *salt);
-+DEPRECATED void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec);
--void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-+DEPRECATED void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
--DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-+DEPRECATED DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
- long length, int out_count, DES_cblock *seed);
- int DES_random_key(DES_cblock *ret);
- void DES_set_odd_parity(DES_cblock *key);
[email protected]@ -237,10 +251,10 @@
- # endif
- void DES_string_to_key(const char *str, DES_cblock *key);
- void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
--void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+DEPRECATED void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int *num, int enc);
--void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+DEPRECATED void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int *num);
-
---- openssl-1.x/crypto/md5/md5.h Thu Feb 25 07:42:06 2016
-+++ openssl-1.x/crypto/md5/md5.h.new Thu Feb 25 08:39:36 2016
[email protected]@ -104,14 +104,28 @@
- unsigned int num;
- } MD5_CTX;
-
-+
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark MD5 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- # ifdef OPENSSL_FIPS
- int private_MD5_Init(MD5_CTX *c);
- # endif
--int MD5_Init(MD5_CTX *c);
--int MD5_Update(MD5_CTX *c, const void *data, size_t len);
--int MD5_Final(unsigned char *md, MD5_CTX *c);
--unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
--void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-+DEPRECATED int MD5_Init(MD5_CTX *c);
-+DEPRECATED int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-+DEPRECATED int MD5_Final(unsigned char *md, MD5_CTX *c);
-+DEPRECATED unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-+DEPRECATED void MD5_Transform(MD5_CTX *c, const unsigned char *b);
- #ifdef __cplusplus
- }
- #endif
---- openssl-1.x/crypto/rc4/rc4.h Thu Feb 25 07:42:06 2016
-+++ openssl-1.x/crypto/rc4/rc4.h.new Thu Feb 25 08:38:33 2016
[email protected]@ -75,10 +75,23 @@
- RC4_INT data[256];
- } RC4_KEY;
-
--const char *RC4_options(void);
--void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
--void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
--void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark RC4 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
-+DEPRECATED const char *RC4_options(void);
-+DEPRECATED void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-+DEPRECATED void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-+DEPRECATED void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
- unsigned char *outdata);
-
- #ifdef __cplusplus
---- openssl-1.x/crypto/pem/pem.h Fri Sep 11 00:42:09 2015
-+++ openssl-1.x/crypto/pem/pem.h.new Thu Feb 25 08:47:04 2016
[email protected]@ -520,9 +520,24 @@
- EVP_PKEY *b2i_PublicKey_bio(BIO *in);
- int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
- int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-+
-+
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark RC4 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- # ifndef OPENSSL_NO_RC4
--EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
--int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-+DEPRECATED EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
-+DEPRECATED int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
- pem_password_cb *cb, void *u);
- # endif
-
---- openssl-1.x/crypto/rsa/rsa.h Fri Sep 11 00:42:09 2015
-+++ openssl-1.x/crypto/rsa/rsa.h.new Thu Feb 25 08:47:08 2016
[email protected]@ -387,18 +387,31 @@
- int RSA_print(BIO *bp, const RSA *r, int offset);
- # endif
-
-+
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark RC4 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- # ifndef OPENSSL_NO_RC4
--int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-+DEPRECATED int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
--RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-+DEPRECATED RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify), int sgckey);
--
--int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-+DEPRECATED int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
--RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-+DEPRECATED RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb) (char *buf, int len, const char *prompt,
- int verify));
- # endif
---- openssl-1.x/crypto/x509/x509.h Fri Sep 11 00:42:09 2015
-+++ openssl-1.x/crypto/x509/x509.h.new Thu Feb 25 08:47:12 2016
[email protected]@ -970,9 +970,22 @@
- int X509_subject_name_cmp(const X509 *a, const X509 *b);
- unsigned long X509_subject_name_hash(X509 *x);
-
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark MD5 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- # ifndef OPENSSL_NO_MD5
--unsigned long X509_issuer_name_hash_old(X509 *a);
--unsigned long X509_subject_name_hash_old(X509 *x);
-+DEPRECATED unsigned long X509_issuer_name_hash_old(X509 *a);
-+DEPRECATED unsigned long X509_subject_name_hash_old(X509 *x);
- # endif
-
- int X509_cmp(const X509 *a, const X509 *b);
-$ diff -ru e_rc2.c e_rc2.c.new
---- a/crypto/rc2/rc2.h.orig Thu Apr 14 12:23:50 2016
-+++ b/crypto/rc2/rc2.h Thu Apr 14 12:27:16 2016
[email protected]@ -82,17 +82,32 @@
- void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
- int bits);
- # endif
--void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
--void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
-+
-+
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+/* Mark RC2 functions deprecated */
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
-+DEPRECATED void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
-+DEPRECATED void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
- RC2_KEY *key, int enc);
--void RC2_encrypt(unsigned long *data, RC2_KEY *key);
--void RC2_decrypt(unsigned long *data, RC2_KEY *key);
--void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-+DEPRECATED void RC2_encrypt(unsigned long *data, RC2_KEY *key);
-+DEPRECATED void RC2_decrypt(unsigned long *data, RC2_KEY *key);
-+DEPRECATED void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- RC2_KEY *ks, unsigned char *iv, int enc);
--void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-+DEPRECATED void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num, int enc);
--void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-+DEPRECATED void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num);
-
---- old/crypto/md4/md4.h Thu Apr 21 09:34:15 2016
-+++ new/crypto/md4/md4.h Thu Apr 21 09:36:51 2016
[email protected]@ -104,14 +104,30 @@
- unsigned int num;
- } MD4_CTX;
-
-+/*
-+ * Deprecate MD4
-+ */
-+#ifndef __has_attribute
-+# define__has_attribute(x) 0
-+#endif
-+
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
-+
- # ifdef OPENSSL_FIPS
--int private_MD4_Init(MD4_CTX *c);
-+DEPRECATED int private_MD4_Init(MD4_CTX *c);
- # endif
--int MD4_Init(MD4_CTX *c);
--int MD4_Update(MD4_CTX *c, const void *data, size_t len);
--int MD4_Final(unsigned char *md, MD4_CTX *c);
--unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
--void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-+DEPRECATED int MD4_Init(MD4_CTX *c);
-+DEPRECATED int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-+DEPRECATED int MD4_Final(unsigned char *md, MD4_CTX *c);
-+DEPRECATED unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-+DEPRECATED void MD4_Transform(MD4_CTX *c, const unsigned char *b);
- #ifdef __cplusplus
- }
- #endif
---- old/crypto/evp/evp.h Tue Mar 1 05:35:53 2016
-+++ new/crypto/evp/evp.h Thu Apr 21 09:35:07 2016
[email protected]@ -705,15 +705,31 @@
- const unsigned char *i, int enc);
- # endif
-
-+
-+/*
-+ * Deprecate MD4, MD5, RC2, RC4, and DES
-+ */
-+#ifndef __has_attribute
-+# define __has_attribute(x) 0
-+#endif
-+
-+#if __has_attribute(deprecated) \
-+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
-+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
-+# define DEPRECATED __attribute__((deprecated))
-+#else
-+# define DEPRECATED
-+#endif
-+
- const EVP_MD *EVP_md_null(void);
- # ifndef OPENSSL_NO_MD2
- const EVP_MD *EVP_md2(void);
- # endif
- # ifndef OPENSSL_NO_MD4
--const EVP_MD *EVP_md4(void);
-+DEPRECATED const EVP_MD *EVP_md4(void);
- # endif
- # ifndef OPENSSL_NO_MD5
--const EVP_MD *EVP_md5(void);
-+DEPRECATED const EVP_MD *EVP_md5(void);
- # endif
- # ifndef OPENSSL_NO_SHA
- const EVP_MD *EVP_sha(void);
[email protected]@ -741,16 +757,16 @@
- # endif
- const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
- # ifndef OPENSSL_NO_DES
--const EVP_CIPHER *EVP_des_ecb(void);
--const EVP_CIPHER *EVP_des_ede(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ecb(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ede(void);
- const EVP_CIPHER *EVP_des_ede3(void);
--const EVP_CIPHER *EVP_des_ede_ecb(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ede_ecb(void);
- const EVP_CIPHER *EVP_des_ede3_ecb(void);
--const EVP_CIPHER *EVP_des_cfb64(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_cfb64(void);
- # define EVP_des_cfb EVP_des_cfb64
--const EVP_CIPHER *EVP_des_cfb1(void);
--const EVP_CIPHER *EVP_des_cfb8(void);
--const EVP_CIPHER *EVP_des_ede_cfb64(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_cfb1(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_cfb8(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ede_cfb64(void);
- # define EVP_des_ede_cfb EVP_des_ede_cfb64
- # if 0
- const EVP_CIPHER *EVP_des_ede_cfb1(void);
[email protected]@ -760,13 +776,13 @@
- # define EVP_des_ede3_cfb EVP_des_ede3_cfb64
- const EVP_CIPHER *EVP_des_ede3_cfb1(void);
- const EVP_CIPHER *EVP_des_ede3_cfb8(void);
--const EVP_CIPHER *EVP_des_ofb(void);
--const EVP_CIPHER *EVP_des_ede_ofb(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ofb(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ede_ofb(void);
- const EVP_CIPHER *EVP_des_ede3_ofb(void);
--const EVP_CIPHER *EVP_des_cbc(void);
--const EVP_CIPHER *EVP_des_ede_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_des_ede_cbc(void);
- const EVP_CIPHER *EVP_des_ede3_cbc(void);
--const EVP_CIPHER *EVP_desx_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_desx_cbc(void);
- const EVP_CIPHER *EVP_des_ede3_wrap(void);
- /*
- * This should now be supported through the dev_crypto ENGINE. But also, why
[email protected]@ -782,10 +798,10 @@
- # endif
- # endif
- # ifndef OPENSSL_NO_RC4
--const EVP_CIPHER *EVP_rc4(void);
--const EVP_CIPHER *EVP_rc4_40(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc4(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc4_40(void);
- # ifndef OPENSSL_NO_MD5
--const EVP_CIPHER *EVP_rc4_hmac_md5(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc4_hmac_md5(void);
- # endif
- # endif
- # ifndef OPENSSL_NO_IDEA
[email protected]@ -796,13 +812,13 @@
- const EVP_CIPHER *EVP_idea_cbc(void);
- # endif
- # ifndef OPENSSL_NO_RC2
--const EVP_CIPHER *EVP_rc2_ecb(void);
--const EVP_CIPHER *EVP_rc2_cbc(void);
--const EVP_CIPHER *EVP_rc2_40_cbc(void);
--const EVP_CIPHER *EVP_rc2_64_cbc(void);
--const EVP_CIPHER *EVP_rc2_cfb64(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_ecb(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_40_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_64_cbc(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_cfb64(void);
- # define EVP_rc2_cfb EVP_rc2_cfb64
--const EVP_CIPHER *EVP_rc2_ofb(void);
-+DEPRECATED const EVP_CIPHER *EVP_rc2_ofb(void);
- # endif
- # ifndef OPENSSL_NO_BF
- const EVP_CIPHER *EVP_bf_ecb(void);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/048-weak-ciphers.patch Fri Jun 24 10:44:15 2016 -0700
@@ -0,0 +1,445 @@
+# Remove MD2, MD4: some functions need to be stubbed
+# Deprecate DES, RC2, RC4, and MD5
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+--- openssl-1.x/crypto/des/des.h Thu Feb 25 07:42:06 2016
++++ openssl-1.x/crypto/des/des.h.new Thu Feb 25 08:37:40 2016
[email protected]@ -132,24 +132,38 @@
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, int enc);
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark DES functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+ long length, DES_key_schedule *schedule,
+ const_DES_cblock *ivec);
+ /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
+-void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
++DEPRECATED void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+-void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
++DEPRECATED void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+-void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
++DEPRECATED void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, const_DES_cblock *inw,
+ const_DES_cblock *outw, int enc);
+-void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
++DEPRECATED void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+-void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
++DEPRECATED void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc);
+
+ /*
[email protected]@ -204,19 +218,19 @@
+ DES_cblock *out_white);
+ # endif
+
+-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
++DEPRECATED int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+ DES_cblock *iv);
+-int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
++DEPRECATED int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
+ DES_cblock *iv);
+-char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+-char *DES_crypt(const char *buf, const char *salt);
+-void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
++DEPRECATED char *DES_fcrypt(const char *buf, const char *salt, char *ret);
++DEPRECATED char *DES_crypt(const char *buf, const char *salt);
++DEPRECATED void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec);
+-void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
++DEPRECATED void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+-DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
++DEPRECATED DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+ long length, int out_count, DES_cblock *seed);
+ int DES_random_key(DES_cblock *ret);
+ void DES_set_odd_parity(DES_cblock *key);
[email protected]@ -237,10 +251,10 @@
+ # endif
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+-void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
++DEPRECATED void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num, int enc);
+-void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
++DEPRECATED void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num);
+
+--- openssl-1.x/crypto/md5/md5.h Thu Feb 25 07:42:06 2016
++++ openssl-1.x/crypto/md5/md5.h.new Thu Feb 25 08:39:36 2016
[email protected]@ -104,14 +104,28 @@
+ unsigned int num;
+ } MD5_CTX;
+
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark MD5 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ # ifdef OPENSSL_FIPS
+ int private_MD5_Init(MD5_CTX *c);
+ # endif
+-int MD5_Init(MD5_CTX *c);
+-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+-int MD5_Final(unsigned char *md, MD5_CTX *c);
+-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
++DEPRECATED int MD5_Init(MD5_CTX *c);
++DEPRECATED int MD5_Update(MD5_CTX *c, const void *data, size_t len);
++DEPRECATED int MD5_Final(unsigned char *md, MD5_CTX *c);
++DEPRECATED unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
++DEPRECATED void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+ #ifdef __cplusplus
+ }
+ #endif
+--- openssl-1.x/crypto/rc4/rc4.h Thu Feb 25 07:42:06 2016
++++ openssl-1.x/crypto/rc4/rc4.h.new Thu Feb 25 08:38:33 2016
[email protected]@ -75,10 +75,23 @@
+ RC4_INT data[256];
+ } RC4_KEY;
+
+-const char *RC4_options(void);
+-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark RC4 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
++DEPRECATED const char *RC4_options(void);
++DEPRECATED void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
++DEPRECATED void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
++DEPRECATED void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+ unsigned char *outdata);
+
+ #ifdef __cplusplus
+--- openssl-1.x/crypto/pem/pem.h Fri Sep 11 00:42:09 2015
++++ openssl-1.x/crypto/pem/pem.h.new Thu Feb 25 08:47:04 2016
[email protected]@ -520,9 +520,24 @@
+ EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+ int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+ int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
++
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark RC4 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ # ifndef OPENSSL_NO_RC4
+-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
++DEPRECATED EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
++DEPRECATED int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+ pem_password_cb *cb, void *u);
+ # endif
+
+--- openssl-1.x/crypto/rsa/rsa.h Fri Sep 11 00:42:09 2015
++++ openssl-1.x/crypto/rsa/rsa.h.new Thu Feb 25 08:47:08 2016
[email protected]@ -387,18 +387,31 @@
+ int RSA_print(BIO *bp, const RSA *r, int offset);
+ # endif
+
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark RC4 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ # ifndef OPENSSL_NO_RC4
+-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
++DEPRECATED int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey);
+-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
++DEPRECATED RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey);
+-
+-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
++DEPRECATED int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify));
+-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
++DEPRECATED RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify));
+ # endif
+--- openssl-1.x/crypto/x509/x509.h Fri Sep 11 00:42:09 2015
++++ openssl-1.x/crypto/x509/x509.h.new Thu Feb 25 08:47:12 2016
[email protected]@ -970,9 +970,22 @@
+ int X509_subject_name_cmp(const X509 *a, const X509 *b);
+ unsigned long X509_subject_name_hash(X509 *x);
+
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark MD5 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ # ifndef OPENSSL_NO_MD5
+-unsigned long X509_issuer_name_hash_old(X509 *a);
+-unsigned long X509_subject_name_hash_old(X509 *x);
++DEPRECATED unsigned long X509_issuer_name_hash_old(X509 *a);
++DEPRECATED unsigned long X509_subject_name_hash_old(X509 *x);
+ # endif
+
+ int X509_cmp(const X509 *a, const X509 *b);
+$ diff -ru e_rc2.c e_rc2.c.new
+--- a/crypto/rc2/rc2.h.orig Thu Apr 14 12:23:50 2016
++++ b/crypto/rc2/rc2.h Thu Apr 14 12:27:16 2016
[email protected]@ -82,17 +82,32 @@
+ void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+ int bits);
+ # endif
+-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
++
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++/* Mark RC2 functions deprecated */
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
++DEPRECATED void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
++DEPRECATED void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ RC2_KEY *key, int enc);
+-void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+-void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
++DEPRECATED void RC2_encrypt(unsigned long *data, RC2_KEY *key);
++DEPRECATED void RC2_decrypt(unsigned long *data, RC2_KEY *key);
++DEPRECATED void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ RC2_KEY *ks, unsigned char *iv, int enc);
+-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
++DEPRECATED void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num, int enc);
+-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
++DEPRECATED void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num);
+
+--- old/crypto/md4/md4.h Thu Apr 21 09:34:15 2016
++++ new/crypto/md4/md4.h Thu Apr 21 09:36:51 2016
[email protected]@ -104,14 +104,30 @@
+ unsigned int num;
+ } MD4_CTX;
+
++/*
++ * Deprecate MD4
++ */
++#ifndef __has_attribute
++# define__has_attribute(x) 0
++#endif
++
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
++
+ # ifdef OPENSSL_FIPS
+-int private_MD4_Init(MD4_CTX *c);
++DEPRECATED int private_MD4_Init(MD4_CTX *c);
+ # endif
+-int MD4_Init(MD4_CTX *c);
+-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+-int MD4_Final(unsigned char *md, MD4_CTX *c);
+-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
++DEPRECATED int MD4_Init(MD4_CTX *c);
++DEPRECATED int MD4_Update(MD4_CTX *c, const void *data, size_t len);
++DEPRECATED int MD4_Final(unsigned char *md, MD4_CTX *c);
++DEPRECATED unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
++DEPRECATED void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+ #ifdef __cplusplus
+ }
+ #endif
+--- old/crypto/evp/evp.h Tue Mar 1 05:35:53 2016
++++ new/crypto/evp/evp.h Thu Apr 21 09:35:07 2016
[email protected]@ -705,15 +705,31 @@
+ const unsigned char *i, int enc);
+ # endif
+
++
++/*
++ * Deprecate MD4, MD5, RC2, RC4, and DES
++ */
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++#if __has_attribute(deprecated) \
++ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \
++ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130))
++# define DEPRECATED __attribute__((deprecated))
++#else
++# define DEPRECATED
++#endif
++
+ const EVP_MD *EVP_md_null(void);
+ # ifndef OPENSSL_NO_MD2
+ const EVP_MD *EVP_md2(void);
+ # endif
+ # ifndef OPENSSL_NO_MD4
+-const EVP_MD *EVP_md4(void);
++DEPRECATED const EVP_MD *EVP_md4(void);
+ # endif
+ # ifndef OPENSSL_NO_MD5
+-const EVP_MD *EVP_md5(void);
++DEPRECATED const EVP_MD *EVP_md5(void);
+ # endif
+ # ifndef OPENSSL_NO_SHA
+ const EVP_MD *EVP_sha(void);
[email protected]@ -741,16 +757,16 @@
+ # endif
+ const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
+ # ifndef OPENSSL_NO_DES
+-const EVP_CIPHER *EVP_des_ecb(void);
+-const EVP_CIPHER *EVP_des_ede(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ecb(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ede(void);
+ const EVP_CIPHER *EVP_des_ede3(void);
+-const EVP_CIPHER *EVP_des_ede_ecb(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ede_ecb(void);
+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
+-const EVP_CIPHER *EVP_des_cfb64(void);
++DEPRECATED const EVP_CIPHER *EVP_des_cfb64(void);
+ # define EVP_des_cfb EVP_des_cfb64
+-const EVP_CIPHER *EVP_des_cfb1(void);
+-const EVP_CIPHER *EVP_des_cfb8(void);
+-const EVP_CIPHER *EVP_des_ede_cfb64(void);
++DEPRECATED const EVP_CIPHER *EVP_des_cfb1(void);
++DEPRECATED const EVP_CIPHER *EVP_des_cfb8(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ede_cfb64(void);
+ # define EVP_des_ede_cfb EVP_des_ede_cfb64
+ # if 0
+ const EVP_CIPHER *EVP_des_ede_cfb1(void);
[email protected]@ -760,13 +776,13 @@
+ # define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+-const EVP_CIPHER *EVP_des_ofb(void);
+-const EVP_CIPHER *EVP_des_ede_ofb(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ofb(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ede_ofb(void);
+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
+-const EVP_CIPHER *EVP_des_cbc(void);
+-const EVP_CIPHER *EVP_des_ede_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_des_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_des_ede_cbc(void);
+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
+-const EVP_CIPHER *EVP_desx_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_desx_cbc(void);
+ const EVP_CIPHER *EVP_des_ede3_wrap(void);
+ /*
+ * This should now be supported through the dev_crypto ENGINE. But also, why
[email protected]@ -782,10 +798,10 @@
+ # endif
+ # endif
+ # ifndef OPENSSL_NO_RC4
+-const EVP_CIPHER *EVP_rc4(void);
+-const EVP_CIPHER *EVP_rc4_40(void);
++DEPRECATED const EVP_CIPHER *EVP_rc4(void);
++DEPRECATED const EVP_CIPHER *EVP_rc4_40(void);
+ # ifndef OPENSSL_NO_MD5
+-const EVP_CIPHER *EVP_rc4_hmac_md5(void);
++DEPRECATED const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+ # endif
+ # endif
+ # ifndef OPENSSL_NO_IDEA
[email protected]@ -796,13 +812,13 @@
+ const EVP_CIPHER *EVP_idea_cbc(void);
+ # endif
+ # ifndef OPENSSL_NO_RC2
+-const EVP_CIPHER *EVP_rc2_ecb(void);
+-const EVP_CIPHER *EVP_rc2_cbc(void);
+-const EVP_CIPHER *EVP_rc2_40_cbc(void);
+-const EVP_CIPHER *EVP_rc2_64_cbc(void);
+-const EVP_CIPHER *EVP_rc2_cfb64(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_ecb(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_40_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_64_cbc(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_cfb64(void);
+ # define EVP_rc2_cfb EVP_rc2_cfb64
+-const EVP_CIPHER *EVP_rc2_ofb(void);
++DEPRECATED const EVP_CIPHER *EVP_rc2_ofb(void);
+ # endif
+ # ifndef OPENSSL_NO_BF
+ const EVP_CIPHER *EVP_bf_ecb(void);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/050-segfault_configfile.patch Fri Jun 24 10:44:15 2016 -0700
@@ -0,0 +1,55 @@
+# This patch was developed in house.
+# The issue is fixed in the OpenSSL 1.1 release by the upstream,
+# but the code base has changed and the same fix can't be applied
+# without major code change.
+--- a/apps/ts.c 2016-06-21 13:43:24.299079900 -0700
++++ b/apps/ts.c 2016-06-21 14:06:28.055910010 -0700
[email protected]@ -299,6 +299,9 @@
+ goto usage;
+ /* Load the config file for possible policy OIDs. */
+ conf = load_config_file(configfile);
++ if (conf == NULL) {
++ goto cleanup;
++ }
+ ret = !query_command(data, digest, md, policy, no_nonce, cert,
+ in, out, text);
+ break;
[email protected]@ -401,6 +404,7 @@
+ else
+ BIO_printf(bio_err, "error on line %ld of config file "
+ "'%s'\n", errorline, configfile);
++ goto errexit;
+ }
+
+ if (conf != NULL) {
[email protected]@ -410,18 +414,27 @@
+ p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
+ if (p != NULL) {
+ BIO *oid_bio = BIO_new_file(p, "r");
+- if (!oid_bio)
++ if (!oid_bio) {
+ ERR_print_errors(bio_err);
+- else {
++ goto errexit;
++ } else {
+ OBJ_create_objects(oid_bio);
+ BIO_free_all(oid_bio);
+ }
+ } else
+ ERR_clear_error();
+- if (!add_oid_section(bio_err, conf))
++ if (!add_oid_section(bio_err, conf)) {
+ ERR_print_errors(bio_err);
++ goto errexit;
++ }
+ }
+ return conf;
++
++errexit:
++ if (conf != NULL) {
++ NCONF_free(conf);
++ }
++ return (NULL);
+ }
+
+ /*--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/common/patches/051-segfault_export.patch Fri Jun 24 10:44:15 2016 -0700
@@ -0,0 +1,17 @@
+# This patch addresses multiple segmentation faults:
+# Pull Requests submitted to the upstream:
+# https://github.com/openssl/openssl/pull/1243
+# Fixed by upstream:
+#
+--- a/apps/s_client.c Tue May 3 06:44:42 2016
++++ b/apps/s_client.c Wed May 4 15:11:00 2016
[email protected]@ -2633,7 +2633,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
+ #endif
+
+ SSL_SESSION_print(bio, SSL_get_session(s));
+- if (keymatexportlabel != NULL) {
++ if ((SSL_get_session(s) != NULL) &&
++ (keymatexportlabel != NULL)) {
+ BIO_printf(bio, "Keying material exporter:\n");
+ BIO_printf(bio, " Label: '%s'\n", keymatexportlabel);
+ BIO_printf(bio, " Length: %i bytes\n", keymatexportlen);