diff --git a/srcpkgs/nodejs/patches/openssl-1.0.2.h.patch b/srcpkgs/nodejs/patches/openssl-1.0.2.h.patch new file mode 100644 index 00000000000..7f26b114f14 --- /dev/null +++ b/srcpkgs/nodejs/patches/openssl-1.0.2.h.patch @@ -0,0 +1,3418 @@ +Only in deps/openssl/openssl.old: .CHANGES.swp +diff -upr deps/openssl/openssl.old/CHANGES deps/openssl/openssl/CHANGES +--- deps/openssl/openssl.old/CHANGES 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/CHANGES 2016-05-03 15:46:41.000000000 +0200 +@@ -2,6 +2,103 @@ + OpenSSL CHANGES + _______________ + ++ Changes between 1.0.2g and 1.0.2h [3 May 2016] ++ ++ *) Prevent padding oracle in AES-NI CBC MAC check ++ ++ A MITM attacker can use a padding oracle attack to decrypt traffic ++ when the connection uses an AES CBC cipher and the server support ++ AES-NI. ++ ++ This issue was introduced as part of the fix for Lucky 13 padding ++ attack (CVE-2013-0169). The padding check was rewritten to be in ++ constant time by making sure that always the same bytes are read and ++ compared against either the MAC or padding bytes. But it no longer ++ checked that there was enough data to have both the MAC and padding ++ bytes. ++ ++ This issue was reported by Juraj Somorovsky using TLS-Attacker. ++ (CVE-2016-2107) ++ [Kurt Roeckx] ++ ++ *) Fix EVP_EncodeUpdate overflow ++ ++ An overflow can occur in the EVP_EncodeUpdate() function which is used for ++ Base64 encoding of binary data. If an attacker is able to supply very large ++ amounts of input data then a length check can overflow resulting in a heap ++ corruption. ++ ++ Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by ++ the PEM_write_bio* family of functions. These are mainly used within the ++ OpenSSL command line applications, so any application which processes data ++ from an untrusted source and outputs it as a PEM file should be considered ++ vulnerable to this issue. User applications that call these APIs directly ++ with large amounts of untrusted data may also be vulnerable. ++ ++ This issue was reported by Guido Vranken. ++ (CVE-2016-2105) ++ [Matt Caswell] ++ ++ *) Fix EVP_EncryptUpdate overflow ++ ++ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker ++ is able to supply very large amounts of input data after a previous call to ++ EVP_EncryptUpdate() with a partial block then a length check can overflow ++ resulting in a heap corruption. Following an analysis of all OpenSSL ++ internal usage of the EVP_EncryptUpdate() function all usage is one of two ++ forms. The first form is where the EVP_EncryptUpdate() call is known to be ++ the first called function after an EVP_EncryptInit(), and therefore that ++ specific call must be safe. The second form is where the length passed to ++ EVP_EncryptUpdate() can be seen from the code to be some small value and ++ therefore there is no possibility of an overflow. Since all instances are ++ one of these two forms, it is believed that there can be no overflows in ++ internal code due to this problem. It should be noted that ++ EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. ++ Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances ++ of these calls have also been analysed too and it is believed there are no ++ instances in internal usage where an overflow could occur. ++ ++ This issue was reported by Guido Vranken. ++ (CVE-2016-2106) ++ [Matt Caswell] ++ ++ *) Prevent ASN.1 BIO excessive memory allocation ++ ++ When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() ++ a short invalid encoding can casuse allocation of large amounts of memory ++ potentially consuming excessive resources or exhausting memory. ++ ++ Any application parsing untrusted data through d2i BIO functions is ++ affected. The memory based functions such as d2i_X509() are *not* affected. ++ Since the memory based functions are used by the TLS library, TLS ++ applications are not affected. ++ ++ This issue was reported by Brian Carpenter. ++ (CVE-2016-2109) ++ [Stephen Henson] ++ ++ *) EBCDIC overread ++ ++ ASN1 Strings that are over 1024 bytes can cause an overread in applications ++ using the X509_NAME_oneline() function on EBCDIC systems. This could result ++ in arbitrary stack data being returned in the buffer. ++ ++ This issue was reported by Guido Vranken. ++ (CVE-2016-2176) ++ [Matt Caswell] ++ ++ *) Modify behavior of ALPN to invoke callback after SNI/servername ++ callback, such that updates to the SSL_CTX affect ALPN. ++ [Todd Short] ++ ++ *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the ++ default. ++ [Kurt Roeckx] ++ ++ *) Only remove the SSLv2 methods with the no-ssl2-method option. When the ++ methods are enabled and ssl2 is disabled the methods return NULL. ++ [Kurt Roeckx] ++ + Changes between 1.0.2f and 1.0.2g [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. +@@ -8572,7 +8669,7 @@ des-cbc 3624.96k 5258.21k + + *) Source code cleanups: use const where appropriate, eliminate casts, + use void * instead of char * in lhash. +- [Ulf Möller] ++ [Ulf Möller] + + *) Bugfix: ssl3_send_server_key_exchange was not restartable + (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of +Only in deps/openssl/openssl: Makefile +Only in deps/openssl/openssl: Makefile.bak +diff -upr deps/openssl/openssl.old/NEWS deps/openssl/openssl/NEWS +--- deps/openssl/openssl.old/NEWS 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/NEWS 2016-05-03 15:46:41.000000000 +0200 +@@ -5,6 +5,19 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] ++ ++ o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) ++ o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) ++ o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) ++ o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) ++ o EBCDIC overread (CVE-2016-2176) ++ o Modify behavior of ALPN to invoke callback after SNI/servername ++ callback, such that updates to the SSL_CTX affect ALPN. ++ o Remove LOW from the DEFAULT cipher list. This removes singles DES from ++ the default. ++ o Only remove the SSLv2 methods with the no-ssl2-method option. ++ + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. +diff -upr deps/openssl/openssl.old/README deps/openssl/openssl/README +--- deps/openssl/openssl.old/README 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/README 2016-05-03 15:46:41.000000000 +0200 +@@ -1,5 +1,5 @@ + +- OpenSSL 1.0.2g 1 Mar 2016 ++ OpenSSL 1.0.2h 3 May 2016 + + Copyright (c) 1998-2015 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +Only in deps/openssl/openssl/apps: CA.pl +diff -upr deps/openssl/openssl.old/apps/app_rand.c deps/openssl/openssl/apps/app_rand.c +--- deps/openssl/openssl.old/apps/app_rand.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/apps/app_rand.c 2016-05-03 15:44:42.000000000 +0200 +@@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, + char buffer[200]; + + #ifdef OPENSSL_SYS_WINDOWS +- /* +- * allocate 2 to dont_warn not to use RAND_screen() via +- * -no_rand_screen option in s_client +- */ +- if (dont_warn != 2) { +- BIO_printf(bio_e, "Loading 'screen' into random state -"); +- BIO_flush(bio_e); +- RAND_screen(); +- BIO_printf(bio_e, " done\n"); +- } ++ RAND_screen(); + #endif + + if (file == NULL) +diff -upr deps/openssl/openssl.old/apps/pkcs7.c deps/openssl/openssl/apps/pkcs7.c +--- deps/openssl/openssl.old/apps/pkcs7.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/apps/pkcs7.c 2016-05-03 15:44:42.000000000 +0200 +@@ -235,12 +235,16 @@ int MAIN(int argc, char **argv) + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: +- certs = p7->d.sign->cert; +- crls = p7->d.sign->crl; ++ if (p7->d.sign != NULL) { ++ certs = p7->d.sign->cert; ++ crls = p7->d.sign->crl; ++ } + break; + case NID_pkcs7_signedAndEnveloped: +- certs = p7->d.signed_and_enveloped->cert; +- crls = p7->d.signed_and_enveloped->crl; ++ if (p7->d.signed_and_enveloped != NULL) { ++ certs = p7->d.signed_and_enveloped->cert; ++ crls = p7->d.signed_and_enveloped->crl; ++ } + break; + default: + break; +diff -upr deps/openssl/openssl.old/apps/pkeyutl.c deps/openssl/openssl/apps/pkeyutl.c +--- deps/openssl/openssl.old/apps/pkeyutl.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/apps/pkeyutl.c 2016-05-03 15:44:42.000000000 +0200 +@@ -446,14 +446,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys + + if (!pkey) + goto end; +- ++ + #ifndef OPENSSL_NO_ENGINE + if (engine_impl) + impl = e; + #endif +- ++ + ctx = EVP_PKEY_CTX_new(pkey, impl); +- ++ + EVP_PKEY_free(pkey); + + if (!ctx) +diff -upr deps/openssl/openssl.old/apps/s_client.c deps/openssl/openssl/apps/s_client.c +--- deps/openssl/openssl.old/apps/s_client.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/apps/s_client.c 2016-05-03 15:44:42.000000000 +0200 +@@ -180,13 +180,6 @@ typedef unsigned int u_int; + # include + #endif + +-/* Use Windows API with STD_INPUT_HANDLE when checking for input? +- Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if +- OPENSSL_SYS_WINDOWS is defined */ +-#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE) +-#define OPENSSL_USE_STD_INPUT_HANDLE +-#endif +- + #undef PROG + #define PROG s_client_main + +@@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL; + static int c_quiet = 0; + static int c_ign_eof = 0; + static int c_brief = 0; +-static int c_no_rand_screen = 0; + + #ifndef OPENSSL_NO_PSK + /* Default PSK identity and key */ +@@ -455,10 +447,6 @@ static void sc_usage(void) + " -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err, + " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); +-#ifdef OPENSSL_SYS_WINDOWS +- BIO_printf(bio_err, +- " -no_rand_screen - Do not use RAND_screen() to initialize random state\n"); +-#endif + } + + #ifndef OPENSSL_NO_TLSEXT +@@ -1138,10 +1126,6 @@ int MAIN(int argc, char **argv) + keymatexportlen = atoi(*(++argv)); + if (keymatexportlen == 0) + goto bad; +-#ifdef OPENSSL_SYS_WINDOWS +- } else if (strcmp(*argv, "-no_rand_screen") == 0) { +- c_no_rand_screen = 1; +-#endif + } else { + BIO_printf(bio_err, "unknown option %s\n", *argv); + badop = 1; +@@ -1247,7 +1231,7 @@ int MAIN(int argc, char **argv) + if (!load_excert(&exc, bio_err)) + goto end; + +- if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL ++ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) { + BIO_printf(bio_err, + "warning, not much extra random data, consider using the -rand option\n"); +@@ -1780,7 +1764,10 @@ int MAIN(int argc, char **argv) + tv.tv_usec = 0; + i = select(width, (void *)&readfds, (void *)&writefds, + NULL, &tv); +-#if defined(OPENSSL_USE_STD_INPUT_HANDLE) ++# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) ++ if (!i && (!_kbhit() || !read_tty)) ++ continue; ++# else + if (!i && (!((_kbhit()) + || (WAIT_OBJECT_0 == + WaitForSingleObject(GetStdHandle +@@ -1788,8 +1775,6 @@ int MAIN(int argc, char **argv) + 0))) + || !read_tty)) + continue; +-#else +- if(!i && (!_kbhit() || !read_tty) ) continue; + # endif + } else + i = select(width, (void *)&readfds, (void *)&writefds, +@@ -1991,12 +1976,12 @@ int MAIN(int argc, char **argv) + } + } + #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +-#if defined(OPENSSL_USE_STD_INPUT_HANDLE) ++# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS) ++ else if (_kbhit()) ++# else + else if ((_kbhit()) + || (WAIT_OBJECT_0 == + WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) +-#else +- else if (_kbhit()) + # endif + #elif defined (OPENSSL_SYS_NETWARE) + else if (_kbhit()) +diff -upr deps/openssl/openssl.old/crypto/aes/asm/aes-ppc.pl deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl +--- deps/openssl/openssl.old/crypto/aes/asm/aes-ppc.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl 2016-05-03 15:38:19.000000000 +0200 +@@ -590,7 +590,7 @@ Lenc_loop: + xor $s2,$t2,$acc14 + xor $s3,$t3,$acc15 + addi $key,$key,16 +- bdnz- Lenc_loop ++ bdnz Lenc_loop + + addi $Tbl2,$Tbl0,2048 + nop +@@ -1068,7 +1068,7 @@ Ldec_loop: + xor $s2,$t2,$acc14 + xor $s3,$t3,$acc15 + addi $key,$key,16 +- bdnz- Ldec_loop ++ bdnz Ldec_loop + + addi $Tbl2,$Tbl0,2048 + nop +diff -upr deps/openssl/openssl.old/crypto/aes/asm/aes-s390x.pl deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl +--- deps/openssl/openssl.old/crypto/aes/asm/aes-s390x.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -818,13 +818,9 @@ $code.=<<___ if (!$softonly); + tmhl %r0,0x4000 # check for message-security assist + jz .Lekey_internal + +- lghi %r0,0 # query capability vector +- la %r1,16($sp) +- .long 0xb92f0042 # kmc %r4,%r2 +- +- llihh %r1,0x8000 +- srlg %r1,%r1,0(%r5) +- ng %r1,16($sp) ++ llihh %r0,0x8000 ++ srlg %r0,%r0,0(%r5) ++ ng %r0,48(%r1) # check kmc capability vector + jz .Lekey_internal + + lmg %r0,%r1,0($inp) # just copy 128 bits... +@@ -1444,13 +1440,10 @@ $code.=<<___ if (0); ######### kmctr cod + + llgfr $s0,%r0 + lgr $s1,%r1 +- lghi %r0,0 +- la %r1,16($sp) +- .long 0xb92d2042 # kmctr %r4,%r2,%r2 +- ++ larl %r1,OPENSSL_s390xcap_P + llihh %r0,0x8000 # check if kmctr supports the function code + srlg %r0,%r0,0($s0) +- ng %r0,16($sp) ++ ng %r0,64(%r1) # check kmctr capability vector + lgr %r0,$s0 + lgr %r1,$s1 + jz .Lctr32_km_loop +@@ -1597,12 +1590,10 @@ $code.=<<___ if(1); + llgfr $s0,%r0 # put aside the function code + lghi $s1,0x7f + nr $s1,%r0 +- lghi %r0,0 # query capability vector +- la %r1,$tweak-16($sp) +- .long 0xb92e0042 # km %r4,%r2 +- llihh %r1,0x8000 +- srlg %r1,%r1,32($s1) # check for 32+function code +- ng %r1,$tweak-16($sp) ++ larl %r1,OPENSSL_s390xcap_P ++ llihh %r0,0x8000 ++ srlg %r0,%r0,32($s1) # check for 32+function code ++ ng %r0,32(%r1) # check km capability vector + lgr %r0,$s0 # restore the function code + la %r1,0($key1) # restore $key1 + jz .Lxts_km_vanilla +@@ -2229,7 +2220,7 @@ ___ + } + $code.=<<___; + .string "AES for s390x, CRYPTOGAMS by " +-.comm OPENSSL_s390xcap_P,16,8 ++.comm OPENSSL_s390xcap_P,80,8 + ___ + + $code =~ s/\`([^\`]*)\`/eval $1/gem; +diff -upr deps/openssl/openssl.old/crypto/asn1/a_bytes.c deps/openssl/openssl/crypto/asn1/a_bytes.c +--- deps/openssl/openssl.old/crypto/asn1/a_bytes.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/a_bytes.c 2016-05-03 15:44:42.000000000 +0200 +@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING + } else { + if (len != 0) { + if ((ret->length < len) || (ret->data == NULL)) { +- if (ret->data != NULL) +- OPENSSL_free(ret->data); + s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); + } else + s = ret->data; + memcpy(s, p, (int)len); +diff -upr deps/openssl/openssl.old/crypto/asn1/a_d2i_fp.c deps/openssl/openssl/crypto/asn1/a_d2i_fp.c +--- deps/openssl/openssl.old/crypto/asn1/a_d2i_fp.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/a_d2i_fp.c 2016-05-03 15:44:42.000000000 +0200 +@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM * + #endif + + #define HEADER_SIZE 8 ++#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) + static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + { + BUF_MEM *b; +@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BU + /* suck in c.slen bytes of data */ + want = c.slen; + if (want > (len - off)) { ++ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; ++ + want -= (len - off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len + want < len) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } +- if (!BUF_MEM_grow_clean(b, len + want)) { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); +- goto err; +- } + while (want > 0) { +- i = BIO_read(in, &(b->data[len]), want); +- if (i <= 0) { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, +- ASN1_R_NOT_ENOUGH_DATA); ++ /* ++ * Read content in chunks of increasing size ++ * so we can return an error for EOF without ++ * having to allocate the entire content length ++ * in one go. ++ */ ++ size_t chunk = want > chunk_max ? chunk_max : want; ++ ++ if (!BUF_MEM_grow_clean(b, len + chunk)) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } ++ want -= chunk; ++ while (chunk > 0) { ++ i = BIO_read(in, &(b->data[len]), chunk); ++ if (i <= 0) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ++ ASN1_R_NOT_ENOUGH_DATA); ++ goto err; ++ } + /* + * This can't overflow because |len+want| didn't + * overflow. + */ +- len += i; +- want -= i; ++ len += i; ++ chunk -= i; ++ } ++ if (chunk_max < INT_MAX/2) ++ chunk_max *= 2; + } + } + if (off + c.slen < off) { +diff -upr deps/openssl/openssl.old/crypto/asn1/a_type.c deps/openssl/openssl/crypto/asn1/a_type.c +--- deps/openssl/openssl.old/crypto/asn1/a_type.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/a_type.c 2016-05-03 15:44:47.000000000 +0200 +@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: +- case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: +- case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: +diff -upr deps/openssl/openssl.old/crypto/asn1/asn1_lib.c deps/openssl/openssl/crypto/asn1/asn1_lib.c +--- deps/openssl/openssl.old/crypto/asn1/asn1_lib.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/asn1_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -63,7 +63,7 @@ + #include + + static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, +- int max); ++ long max); + static void asn1_put_length(unsigned char **pp, int length); + const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; + +@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char + } + *ptag = tag; + *pclass = xclass; +- if (!asn1_get_length(&p, &inf, plength, (int)max)) ++ if (!asn1_get_length(&p, &inf, plength, max)) + goto err; + + if (inf && !(ret & V_ASN1_CONSTRUCTED)) +@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char + } + + static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, +- int max) ++ long max) + { + const unsigned char *p = *pp; + unsigned long ret = 0; +- unsigned int i; ++ unsigned long i; + + if (max-- < 1) +- return (0); ++ return 0; + if (*p == 0x80) { + *inf = 1; + ret = 0; +@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigne + *inf = 0; + i = *p & 0x7f; + if (*(p++) & 0x80) { +- if (i > sizeof(long)) ++ if (i > sizeof(ret) || max < (long)i) + return 0; +- if (max-- == 0) +- return (0); + while (i-- > 0) { + ret <<= 8L; + ret |= *(p++); +- if (max-- == 0) +- return (0); + } + } else + ret = i; +@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigne + return 0; + *pp = p; + *rl = (long)ret; +- return (1); ++ return 1; + } + + /* +diff -upr deps/openssl/openssl.old/crypto/asn1/asn1_par.c deps/openssl/openssl/crypto/asn1/asn1_par.c +--- deps/openssl/openssl.old/crypto/asn1/asn1_par.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/asn1_par.c 2016-05-03 15:44:42.000000000 +0200 +@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const un + if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) + goto end; + if (j & V_ASN1_CONSTRUCTED) { ++ const unsigned char *sp; ++ + ep = p + len; + if (BIO_write(bp, "\n", 1) <= 0) + goto end; +@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const un + goto end; + } + if ((j == 0x21) && (len == 0)) { ++ sp = p; + for (;;) { + r = asn1_parse2(bp, &p, (long)(tot - p), + offset + (p - *pp), depth + 1, +@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const un + ret = 0; + goto end; + } +- if ((r == 2) || (p >= tot)) ++ if ((r == 2) || (p >= tot)) { ++ len = p - sp; + break; ++ } + } +- } else ++ } else { ++ long tmp = len; ++ + while (p < ep) { +- r = asn1_parse2(bp, &p, (long)len, +- offset + (p - *pp), depth + 1, ++ sp = p; ++ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, + indent, dump); + if (r == 0) { + ret = 0; + goto end; + } ++ tmp -= p - sp; + } ++ } + } else if (xclass != 0) { + p += len; + if (BIO_write(bp, "\n", 1) <= 0) +diff -upr deps/openssl/openssl.old/crypto/asn1/t_x509.c deps/openssl/openssl/crypto/asn1/t_x509.c +--- deps/openssl/openssl.old/crypto/asn1/t_x509.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/t_x509.c 2016-05-03 15:44:42.000000000 +0200 +@@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsi + goto err; + + bs = X509_get_serialNumber(x); +- if (bs->length <= (int)sizeof(long)) { ++ if (bs->length < (int)sizeof(long) ++ || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) { + l = ASN1_INTEGER_get(bs); + if (bs->type == V_ASN1_NEG_INTEGER) { + l = -l; +diff -upr deps/openssl/openssl.old/crypto/asn1/tasn_dec.c deps/openssl/openssl/crypto/asn1/tasn_dec.c +--- deps/openssl/openssl.old/crypto/asn1/tasn_dec.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/tasn_dec.c 2016-05-03 15:44:47.000000000 +0200 +@@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const + break; + + case V_ASN1_INTEGER: +- case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: +- case V_ASN1_NEG_ENUMERATED: + tint = (ASN1_INTEGER **)pval; + if (!c2i_ASN1_INTEGER(tint, &cont, len)) + goto err; +diff -upr deps/openssl/openssl.old/crypto/asn1/tasn_enc.c deps/openssl/openssl/crypto/asn1/tasn_enc.c +--- deps/openssl/openssl.old/crypto/asn1/tasn_enc.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/tasn_enc.c 2016-05-03 15:44:47.000000000 +0200 +@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig + break; + + case V_ASN1_INTEGER: +- case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: +- case V_ASN1_NEG_ENUMERATED: + /* + * These are all have the same content format as ASN1_INTEGER + */ +diff -upr deps/openssl/openssl.old/crypto/asn1/x_name.c deps/openssl/openssl/crypto/asn1/x_name.c +--- deps/openssl/openssl.old/crypto/asn1/x_name.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/x_name.c 2016-05-03 15:44:42.000000000 +0200 +@@ -66,6 +66,13 @@ + typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; + DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) + ++/* ++ * Maximum length of X509_NAME: much larger than anything we should ++ * ever see in practice. ++ */ ++ ++#define X509_NAME_MAX (1024 * 1024) ++ + static int x509_name_ex_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, + const ASN1_ITEM *it, +@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE * + int i, j, ret; + STACK_OF(X509_NAME_ENTRY) *entries; + X509_NAME_ENTRY *entry; ++ if (len > X509_NAME_MAX) { ++ ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG); ++ return 0; ++ } + q = p; + + /* Get internal representation of Name */ +diff -upr deps/openssl/openssl.old/crypto/asn1/x_x509.c deps/openssl/openssl/crypto/asn1/x_x509.c +--- deps/openssl/openssl.old/crypto/asn1/x_x509.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/asn1/x_x509.c 2016-05-03 15:44:42.000000000 +0200 +@@ -201,10 +201,20 @@ X509 *d2i_X509_AUX(X509 **a, const unsig + + int i2d_X509_AUX(X509 *a, unsigned char **pp) + { +- int length; ++ int length, tmplen; ++ unsigned char *start = pp != NULL ? *pp : NULL; + length = i2d_X509(a, pp); +- if (a) +- length += i2d_X509_CERT_AUX(a->aux, pp); ++ if (length < 0 || a == NULL) ++ return length; ++ ++ tmplen = i2d_X509_CERT_AUX(a->aux, pp); ++ if (tmplen < 0) { ++ if (start != NULL) ++ *pp = start; ++ return tmplen; ++ } ++ length += tmplen; ++ + return length; + } + +diff -upr deps/openssl/openssl.old/crypto/bn/asm/ppc-mont.pl deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl +--- deps/openssl/openssl.old/crypto/bn/asm/ppc-mont.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl 2016-05-03 15:38:19.000000000 +0200 +@@ -191,7 +191,7 @@ L1st: + + addi $j,$j,$BNSZ ; j++ + addi $tp,$tp,$BNSZ ; tp++ +- bdnz- L1st ++ bdnz L1st + ;L1st + addc $lo0,$alo,$hi0 + addze $hi0,$ahi +@@ -253,7 +253,7 @@ Linner: + addze $hi1,$hi1 + $ST $lo1,0($tp) ; tp[j-1] + addi $tp,$tp,$BNSZ ; tp++ +- bdnz- Linner ++ bdnz Linner + ;Linner + $LD $tj,$BNSZ($tp) ; tp[j] + addc $lo0,$alo,$hi0 +@@ -276,7 +276,7 @@ Linner: + slwi $tj,$num,`log($BNSZ)/log(2)` + $UCMP $i,$tj + addi $i,$i,$BNSZ +- ble- Louter ++ ble Louter + + addi $num,$num,2 ; restore $num + subfc $j,$j,$j ; j=0 and "clear" XER[CA] +@@ -289,7 +289,7 @@ Lsub: $LDX $tj,$tp,$j + subfe $aj,$nj,$tj ; tp[j]-np[j] + $STX $aj,$rp,$j + addi $j,$j,$BNSZ +- bdnz- Lsub ++ bdnz Lsub + + li $j,0 + mtctr $num +@@ -304,7 +304,7 @@ Lcopy: ; copy or in-place refresh + $STX $tj,$rp,$j + $STX $j,$tp,$j ; zap at once + addi $j,$j,$BNSZ +- bdnz- Lcopy ++ bdnz Lcopy + + $POP $tj,0($sp) + li r3,1 +diff -upr deps/openssl/openssl.old/crypto/bn/asm/ppc.pl deps/openssl/openssl/crypto/bn/asm/ppc.pl +--- deps/openssl/openssl.old/crypto/bn/asm/ppc.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/ppc.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -1556,7 +1556,7 @@ Lppcasm_sub_mainloop: + # if carry = 1 this is r7-r8. Else it + # is r7-r8 -1 as we need. + $STU r6,$BNSZ(r3) +- bdnz- Lppcasm_sub_mainloop ++ bdnz Lppcasm_sub_mainloop + Lppcasm_sub_adios: + subfze r3,r0 # if carry bit is set then r3 = 0 else -1 + andi. r3,r3,1 # keep only last bit. +@@ -1603,7 +1603,7 @@ Lppcasm_add_mainloop: + $LDU r8,$BNSZ(r5) + adde r8,r7,r8 + $STU r8,$BNSZ(r3) +- bdnz- Lppcasm_add_mainloop ++ bdnz Lppcasm_add_mainloop + Lppcasm_add_adios: + addze r3,r0 #return carry bit. + blr +@@ -1762,7 +1762,7 @@ Lppcasm_sqr_mainloop: + $UMULH r8,r6,r6 + $STU r7,$BNSZ(r3) + $STU r8,$BNSZ(r3) +- bdnz- Lppcasm_sqr_mainloop ++ bdnz Lppcasm_sqr_mainloop + Lppcasm_sqr_adios: + blr + .long 0 +@@ -1827,7 +1827,7 @@ Lppcasm_mw_LOOP: + + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` +- bdnz- Lppcasm_mw_LOOP ++ bdnz Lppcasm_mw_LOOP + + Lppcasm_mw_REM: + andi. r5,r5,0x3 +@@ -1951,7 +1951,7 @@ Lppcasm_maw_mainloop: + $ST r11,`3*$BNSZ`(r3) + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` +- bdnz- Lppcasm_maw_mainloop ++ bdnz Lppcasm_maw_mainloop + + Lppcasm_maw_leftover: + andi. r5,r5,0x3 +diff -upr deps/openssl/openssl.old/crypto/bn/asm/ppc64-mont.pl deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl +--- deps/openssl/openssl.old/crypto/bn/asm/ppc64-mont.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl 2016-05-03 15:38:19.000000000 +0200 +@@ -734,7 +734,7 @@ $code.=<<___; + ___ + } + $code.=<<___; +- bdnz- L1st ++ bdnz L1st + + fctid $dota,$dota + fctid $dotb,$dotb +@@ -1280,7 +1280,7 @@ $code.=<<___; + ___ + } + $code.=<<___; +- bdnz- Linner ++ bdnz Linner + + fctid $dota,$dota + fctid $dotb,$dotb +@@ -1490,7 +1490,7 @@ Lsub: ldx $t0,$tp,$i + stdx $t0,$rp,$i + stdx $t2,$t6,$i + addi $i,$i,16 +- bdnz- Lsub ++ bdnz Lsub + + li $i,0 + subfe $ovf,$i,$ovf ; handle upmost overflow bit +@@ -1517,7 +1517,7 @@ Lcopy: ; copy or in-place refresh + stdx $i,$tp,$i ; zap tp at once + stdx $i,$t4,$i + addi $i,$i,16 +- bdnz- Lcopy ++ bdnz Lcopy + ___ + $code.=<<___ if ($SIZE_T==4); + subf $np,$num,$np ; rewind np +@@ -1550,7 +1550,7 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] + stw $t5,8($rp) + stw $t6,12($rp) + stwu $t7,16($rp) +- bdnz- Lsub ++ bdnz Lsub + + li $i,0 + subfe $ovf,$i,$ovf ; handle upmost overflow bit +@@ -1582,7 +1582,7 @@ Lcopy: ; copy or in-place refresh + stwu $t3,16($rp) + std $i,8($tp) ; zap tp at once + stdu $i,16($tp) +- bdnz- Lcopy ++ bdnz Lcopy + ___ + + $code.=<<___; +diff -upr deps/openssl/openssl.old/crypto/bn/asm/x86-mont.pl deps/openssl/openssl/crypto/bn/asm/x86-mont.pl +--- deps/openssl/openssl.old/crypto/bn/asm/x86-mont.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/x86-mont.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -85,6 +85,21 @@ $frame=32; # size of above frame roun + + &and ("esp",-64); # align to cache line + ++ # Some OSes, *cough*-dows, insist on stack being "wired" to ++ # physical memory in strictly sequential manner, i.e. if stack ++ # allocation spans two pages, then reference to farmost one can ++ # be punishable by SEGV. But page walking can do good even on ++ # other OSes, because it guarantees that villain thread hits ++ # the guard page before it can make damage to innocent one... ++ &mov ("eax","ebp"); ++ &sub ("eax","esp"); ++ &and ("eax",-4096); ++&set_label("page_walk"); ++ &mov ("edx",&DWP(0,"esp","eax")); ++ &sub ("eax",4096); ++ &data_byte(0x2e); ++ &jnc (&label("page_walk")); ++ + ################################# load argument block... + &mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp + &mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap +diff -upr deps/openssl/openssl.old/crypto/bn/asm/x86_64-mont.pl deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl +--- deps/openssl/openssl.old/crypto/bn/asm/x86_64-mont.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -130,6 +130,20 @@ $code.=<<___; + + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp + .Lmul_body: ++ # Some OSes, *cough*-dows, insist on stack being "wired" to ++ # physical memory in strictly sequential manner, i.e. if stack ++ # allocation spans two pages, then reference to farmost one can ++ # be punishable by SEGV. But page walking can do good even on ++ # other OSes, because it guarantees that villain thread hits ++ # the guard page before it can make damage to innocent one... ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lmul_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x66,0x2e # predict non-taken ++ jnc .Lmul_page_walk ++ + mov $bp,%r12 # reassign $bp + ___ + $bp="%r12"; +@@ -342,6 +356,14 @@ $code.=<<___; + + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp + .Lmul4x_body: ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lmul4x_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lmul4x_page_walk ++ + mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp + mov %rdx,%r12 # reassign $bp + ___ +@@ -795,6 +817,15 @@ bn_sqr8x_mont: + sub %r11,%rsp + .Lsqr8x_sp_done: + and \$-64,%rsp ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lsqr8x_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lsqr8x_page_walk ++ + mov $num,%r10 + neg $num + +@@ -932,8 +963,17 @@ bn_mulx4x_mont: + sub $num,%r10 # -$num + mov ($n0),$n0 # *n0 + lea -72(%rsp,%r10),%rsp # alloca(frame+$num+8) +- lea ($bp,$num),%r10 + and \$-128,%rsp ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lmulx4x_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x66,0x2e # predict non-taken ++ jnc .Lmulx4x_page_walk ++ ++ lea ($bp,$num),%r10 + ############################################################## + # Stack layout + # +0 num +diff -upr deps/openssl/openssl.old/crypto/bn/asm/x86_64-mont5.pl deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl +--- deps/openssl/openssl.old/crypto/bn/asm/x86_64-mont5.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -115,6 +115,20 @@ $code.=<<___; + + mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp + .Lmul_body: ++ # Some OSes, *cough*-dows, insist on stack being "wired" to ++ # physical memory in strictly sequential manner, i.e. if stack ++ # allocation spans two pages, then reference to farmost one can ++ # be punishable by SEGV. But page walking can do good even on ++ # other OSes, because it guarantees that villain thread hits ++ # the guard page before it can make damage to innocent one... ++ sub %rsp,%rax ++ and \$-4096,%rax ++.Lmul_page_walk: ++ mov (%rsp,%rax),%r11 ++ sub \$4096,%rax ++ .byte 0x2e # predict non-taken ++ jnc .Lmul_page_walk ++ + lea 128($bp),%r12 # reassign $bp (+size optimization) + ___ + $bp="%r12"; +@@ -469,6 +483,15 @@ $code.=<<___; + sub %r11,%rsp + .Lmul4xsp_done: + and \$-64,%rsp ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lmul4x_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lmul4x_page_walk ++ + neg $num + + mov %rax,40(%rsp) +@@ -1058,6 +1081,15 @@ $code.=<<___; + sub %r11,%rsp + .Lpwr_sp_done: + and \$-64,%rsp ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lpwr_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lpwr_page_walk ++ + mov $num,%r10 + neg $num + +@@ -2028,7 +2060,16 @@ bn_from_mont8x: + sub %r11,%rsp + .Lfrom_sp_done: + and \$-64,%rsp +- mov $num,%r10 ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lfrom_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lfrom_page_walk ++ ++ mov $num,%r10 + neg $num + + ############################################################## +@@ -2173,6 +2214,15 @@ bn_mulx4x_mont_gather5: + sub %r11,%rsp + .Lmulx4xsp_done: + and \$-64,%rsp # ensure alignment ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lmulx4x_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lmulx4x_page_walk ++ + ############################################################## + # Stack layout + # +0 -num +@@ -2619,6 +2669,15 @@ bn_powerx5: + sub %r11,%rsp + .Lpwrx_sp_done: + and \$-64,%rsp ++ mov %rax,%r11 ++ sub %rsp,%r11 ++ and \$-4096,%r11 ++.Lpwrx_page_walk: ++ mov (%rsp,%r11),%r10 ++ sub \$4096,%r11 ++ .byte 0x2e # predict non-taken ++ jnc .Lpwrx_page_walk ++ + mov $num,%r10 + neg $num + +diff -upr deps/openssl/openssl.old/crypto/comp/comp.h deps/openssl/openssl/crypto/comp/comp.h +--- deps/openssl/openssl.old/crypto/comp/comp.h 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/comp/comp.h 2016-05-03 15:44:42.000000000 +0200 +@@ -4,6 +4,10 @@ + + # include + ++# ifdef OPENSSL_NO_COMP ++# error COMP is disabled. ++# endif ++ + #ifdef __cplusplus + extern "C" { + #endif +Only in deps/openssl/openssl/crypto/des: t +diff -upr deps/openssl/openssl.old/crypto/evp/Makefile deps/openssl/openssl/crypto/evp/Makefile +--- deps/openssl/openssl.old/crypto/evp/Makefile 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/Makefile 2016-05-03 15:46:33.000000000 +0200 +@@ -199,8 +199,8 @@ e_aes.o: ../../include/openssl/opensslv. + e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h + e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h + e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h +-e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +-e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h ++e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h ++e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h + e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h + e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h + e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h +@@ -214,9 +214,9 @@ e_aes_cbc_hmac_sha1.o: ../../include/ope + e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h + e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h + e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h +-e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h +-e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c +-e_aes_cbc_hmac_sha256.o: ../../include/openssl/aes.h ++e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h ++e_aes_cbc_hmac_sha1.o: ../modes/modes_lcl.h e_aes_cbc_hmac_sha1.c ++e_aes_cbc_hmac_sha256.o: ../../e_os.h ../../include/openssl/aes.h + e_aes_cbc_hmac_sha256.o: ../../include/openssl/asn1.h + e_aes_cbc_hmac_sha256.o: ../../include/openssl/bio.h + e_aes_cbc_hmac_sha256.o: ../../include/openssl/crypto.h +@@ -232,7 +232,8 @@ e_aes_cbc_hmac_sha256.o: ../../include/o + e_aes_cbc_hmac_sha256.o: ../../include/openssl/safestack.h + e_aes_cbc_hmac_sha256.o: ../../include/openssl/sha.h + e_aes_cbc_hmac_sha256.o: ../../include/openssl/stack.h +-e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h ++e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h ++e_aes_cbc_hmac_sha256.o: ../constant_time_locl.h ../modes/modes_lcl.h + e_aes_cbc_hmac_sha256.o: e_aes_cbc_hmac_sha256.c + e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h + e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h +diff -upr deps/openssl/openssl.old/crypto/evp/digest.c deps/openssl/openssl/crypto/evp/digest.c +--- deps/openssl/openssl.old/crypto/evp/digest.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/digest.c 2016-05-03 15:44:42.000000000 +0200 +@@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + } + #endif + if (ctx->digest != type) { +- if (ctx->digest && ctx->digest->ctx_size) ++ if (ctx->digest && ctx->digest->ctx_size) { + OPENSSL_free(ctx->md_data); ++ ctx->md_data = NULL; ++ } + ctx->digest = type; + if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { + ctx->update = type->update; +diff -upr deps/openssl/openssl.old/crypto/evp/e_aes_cbc_hmac_sha1.c deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +--- deps/openssl/openssl.old/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-05-03 15:44:47.000000000 +0200 +@@ -60,6 +60,7 @@ + # include + # include + # include "modes_lcl.h" ++# include "constant_time_locl.h" + + # ifndef EVP_CIPH_FLAG_AEAD_CIPHER + # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +@@ -578,6 +579,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV + maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); + maxpad &= 255; + ++ ret &= constant_time_ge(maxpad, pad); ++ + inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); + mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); + inp_len &= mask; +diff -upr deps/openssl/openssl.old/crypto/evp/e_aes_cbc_hmac_sha256.c deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c +--- deps/openssl/openssl.old/crypto/evp/e_aes_cbc_hmac_sha256.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c 2016-05-03 15:44:47.000000000 +0200 +@@ -60,6 +60,7 @@ + # include + # include + # include "modes_lcl.h" ++# include "constant_time_locl.h" + + # ifndef EVP_CIPH_FLAG_AEAD_CIPHER + # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 +@@ -589,6 +590,8 @@ static int aesni_cbc_hmac_sha256_cipher( + maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); + maxpad &= 255; + ++ ret &= constant_time_ge(maxpad, pad); ++ + inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); + mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); + inp_len &= mask; +diff -upr deps/openssl/openssl.old/crypto/evp/encode.c deps/openssl/openssl/crypto/evp/encode.c +--- deps/openssl/openssl.old/crypto/evp/encode.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/encode.c 2016-05-03 15:44:42.000000000 +0200 +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + +@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct + const unsigned char *in, int inl) + { + int i, j; +- unsigned int total = 0; ++ size_t total = 0; + + *outl = 0; + if (inl <= 0) + return; + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); +- if ((ctx->num + inl) < ctx->length) { ++ if (ctx->length - ctx->num > inl) { + memcpy(&(ctx->enc_data[ctx->num]), in, inl); + ctx->num += inl; + return; +@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct + *out = '\0'; + total = j + 1; + } +- while (inl >= ctx->length) { ++ while (inl >= ctx->length && total <= INT_MAX) { + j = EVP_EncodeBlock(out, in, ctx->length); + in += ctx->length; + inl -= ctx->length; +@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct + *out = '\0'; + total += j + 1; + } ++ if (total > INT_MAX) { ++ /* Too much output data! */ ++ *outl = 0; ++ return; ++ } + if (inl != 0) + memcpy(&(ctx->enc_data[0]), in, inl); + ctx->num = inl; +diff -upr deps/openssl/openssl.old/crypto/evp/evp_enc.c deps/openssl/openssl/crypto/evp/evp_enc.c +--- deps/openssl/openssl.old/crypto/evp/evp_enc.c 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/evp/evp_enc.c 2016-05-03 15:44:42.000000000 +0200 +@@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct + bl = ctx->cipher->block_size; + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); + if (i != 0) { +- if (i + inl < bl) { ++ if (bl - i > inl) { + memcpy(&(ctx->buf[i]), in, inl); + ctx->buf_len += inl; + *outl = 0; +diff -upr deps/openssl/openssl.old/crypto/modes/asm/ghash-s390x.pl deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl +--- deps/openssl/openssl.old/crypto/modes/asm/ghash-s390x.pl 2016-04-26 21:50:09.000000000 +0200 ++++ deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -85,9 +85,7 @@ $code.=<<___ if(!$softonly && 0); # hard + tmhl %r0,0x4000 # check for message-security-assist + jz .Lsoft_gmult + lghi %r0,0 +- la %r1,16($sp) +- .long 0xb93e0004 # kimd %r0,%r4 +- lg %r1,24($sp) ++ lg %r1,24(%r1) # load second word of kimd capabilities vector + tmhh %r1,0x4000 # check for function 65 + jz .Lsoft_gmult + stg %r0,16($sp) # arrange 16 bytes of zero input +diff -upr deps/openssl/openssl.old/crypto/opensslconf.h deps/openssl/openssl/crypto/opensslconf.h +--- deps/openssl/openssl.old/crypto/opensslconf.h 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/opensslconf.h 2016-05-03 15:46:42.000000000 +0200 +@@ -1 +1,265 @@ +-#include "../../config/opensslconf.h" ++/* opensslconf.h */ ++/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++/* OpenSSL was configured with the following options: */ ++#ifndef OPENSSL_DOING_MAKEDEPEND ++ ++ ++#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ++# define OPENSSL_NO_EC_NISTP_64_GCC_128 ++#endif ++#ifndef OPENSSL_NO_GMP ++# define OPENSSL_NO_GMP ++#endif ++#ifndef OPENSSL_NO_JPAKE ++# define OPENSSL_NO_JPAKE ++#endif ++#ifndef OPENSSL_NO_KRB5 ++# define OPENSSL_NO_KRB5 ++#endif ++#ifndef OPENSSL_NO_LIBUNBOUND ++# define OPENSSL_NO_LIBUNBOUND ++#endif ++#ifndef OPENSSL_NO_MD2 ++# define OPENSSL_NO_MD2 ++#endif ++#ifndef OPENSSL_NO_RC5 ++# define OPENSSL_NO_RC5 ++#endif ++#ifndef OPENSSL_NO_RFC3779 ++# define OPENSSL_NO_RFC3779 ++#endif ++#ifndef OPENSSL_NO_SCTP ++# define OPENSSL_NO_SCTP ++#endif ++#ifndef OPENSSL_NO_SSL_TRACE ++# define OPENSSL_NO_SSL_TRACE ++#endif ++#ifndef OPENSSL_NO_SSL2 ++# define OPENSSL_NO_SSL2 ++#endif ++#ifndef OPENSSL_NO_STORE ++# define OPENSSL_NO_STORE ++#endif ++#ifndef OPENSSL_NO_UNIT_TEST ++# define OPENSSL_NO_UNIT_TEST ++#endif ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS ++# define OPENSSL_NO_WEAK_SSL_CIPHERS ++#endif ++ ++#endif /* OPENSSL_DOING_MAKEDEPEND */ ++ ++#ifndef OPENSSL_NO_DYNAMIC_ENGINE ++# define OPENSSL_NO_DYNAMIC_ENGINE ++#endif ++ ++/* The OPENSSL_NO_* macros are also defined as NO_* if the application ++ asks for it. This is a transient feature that is provided for those ++ who haven't had the time to do the appropriate changes in their ++ applications. */ ++#ifdef OPENSSL_ALGORITHM_DEFINES ++# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) ++# define NO_EC_NISTP_64_GCC_128 ++# endif ++# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) ++# define NO_GMP ++# endif ++# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) ++# define NO_JPAKE ++# endif ++# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) ++# define NO_KRB5 ++# endif ++# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) ++# define NO_LIBUNBOUND ++# endif ++# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) ++# define NO_MD2 ++# endif ++# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) ++# define NO_RC5 ++# endif ++# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) ++# define NO_RFC3779 ++# endif ++# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) ++# define NO_SCTP ++# endif ++# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) ++# define NO_SSL_TRACE ++# endif ++# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) ++# define NO_SSL2 ++# endif ++# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) ++# define NO_STORE ++# endif ++# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) ++# define NO_UNIT_TEST ++# endif ++# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) ++# define NO_WEAK_SSL_CIPHERS ++# endif ++#endif ++ ++/* crypto/opensslconf.h.in */ ++ ++/* Generate 80386 code? */ ++#undef I386_ONLY ++ ++#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ ++#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) ++#define ENGINESDIR "/usr/local/ssl/lib/engines" ++#define OPENSSLDIR "/usr/local/ssl" ++#endif ++#endif ++ ++#undef OPENSSL_UNISTD ++#define OPENSSL_UNISTD ++ ++#undef OPENSSL_EXPORT_VAR_AS_FUNCTION ++ ++#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) ++#define IDEA_INT unsigned int ++#endif ++ ++#if defined(HEADER_MD2_H) && !defined(MD2_INT) ++#define MD2_INT unsigned int ++#endif ++ ++#if defined(HEADER_RC2_H) && !defined(RC2_INT) ++/* I need to put in a mod for the alpha - eay */ ++#define RC2_INT unsigned int ++#endif ++ ++#if defined(HEADER_RC4_H) ++#if !defined(RC4_INT) ++/* using int types make the structure larger but make the code faster ++ * on most boxes I have tested - up to %20 faster. */ ++/* ++ * I don't know what does "most" mean, but declaring "int" is a must on: ++ * - Intel P6 because partial register stalls are very expensive; ++ * - elder Alpha because it lacks byte load/store instructions; ++ */ ++#define RC4_INT unsigned int ++#endif ++#if !defined(RC4_CHUNK) ++/* ++ * This enables code handling data aligned at natural CPU word ++ * boundary. See crypto/rc4/rc4_enc.c for further details. ++ */ ++#undef RC4_CHUNK ++#endif ++#endif ++ ++#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) ++/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a ++ * %20 speed up (longs are 8 bytes, int's are 4). */ ++#ifndef DES_LONG ++#define DES_LONG unsigned long ++#endif ++#endif ++ ++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) ++#define CONFIG_HEADER_BN_H ++#undef BN_LLONG ++ ++/* Should we define BN_DIV2W here? */ ++ ++/* Only one for the following should be defined */ ++#undef SIXTY_FOUR_BIT_LONG ++#undef SIXTY_FOUR_BIT ++#define THIRTY_TWO_BIT ++#endif ++ ++#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) ++#define CONFIG_HEADER_RC4_LOCL_H ++/* if this is defined data[i] is used instead of *data, this is a %20 ++ * speedup on x86 */ ++#undef RC4_INDEX ++#endif ++ ++#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) ++#define CONFIG_HEADER_BF_LOCL_H ++#undef BF_PTR ++#endif /* HEADER_BF_LOCL_H */ ++ ++#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) ++#define CONFIG_HEADER_DES_LOCL_H ++#ifndef DES_DEFAULT_OPTIONS ++/* the following is tweaked from a config script, that is why it is a ++ * protected undef/define */ ++#ifndef DES_PTR ++#undef DES_PTR ++#endif ++ ++/* This helps C compiler generate the correct code for multiple functional ++ * units. It reduces register dependancies at the expense of 2 more ++ * registers */ ++#ifndef DES_RISC1 ++#undef DES_RISC1 ++#endif ++ ++#ifndef DES_RISC2 ++#undef DES_RISC2 ++#endif ++ ++#if defined(DES_RISC1) && defined(DES_RISC2) ++#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! ++#endif ++ ++/* Unroll the inner loop, this sometimes helps, sometimes hinders. ++ * Very mucy CPU dependant */ ++#ifndef DES_UNROLL ++#undef DES_UNROLL ++#endif ++ ++/* These default values were supplied by ++ * Peter Gutman ++ * They are only used if nothing else has been defined */ ++#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) ++/* Special defines which change the way the code is built depending on the ++ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find ++ even newer MIPS CPU's, but at the moment one size fits all for ++ optimization options. Older Sparc's work better with only UNROLL, but ++ there's no way to tell at compile time what it is you're running on */ ++ ++#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ ++# define DES_PTR ++# define DES_RISC1 ++# define DES_UNROLL ++#elif defined( __ultrix ) /* Older MIPS */ ++# define DES_PTR ++# define DES_RISC2 ++# define DES_UNROLL ++#elif defined( __osf1__ ) /* Alpha */ ++# define DES_PTR ++# define DES_RISC2 ++#elif defined ( _AIX ) /* RS6000 */ ++ /* Unknown */ ++#elif defined( __hpux ) /* HP-PA */ ++ /* Unknown */ ++#elif defined( __aux ) /* 68K */ ++ /* Unknown */ ++#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ ++# define DES_UNROLL ++#elif defined( __sgi ) /* Newer MIPS */ ++# define DES_PTR ++# define DES_RISC2 ++# define DES_UNROLL ++#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ ++# define DES_PTR ++# define DES_RISC1 ++# define DES_UNROLL ++#endif /* Systems-specific speed defines */ ++#endif ++ ++#endif /* DES_DEFAULT_OPTIONS */ ++#endif /* HEADER_DES_LOCL_H */ ++#ifdef __cplusplus ++} ++#endif +diff -upr deps/openssl/openssl.old/crypto/opensslv.h deps/openssl/openssl/crypto/opensslv.h +--- deps/openssl/openssl.old/crypto/opensslv.h 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/opensslv.h 2016-05-03 15:46:41.000000000 +0200 +@@ -30,11 +30,11 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1000207fL ++# define OPENSSL_VERSION_NUMBER 0x1000208fL + # ifdef OPENSSL_FIPS +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g-fips 1 Mar 2016" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h-fips 3 May 2016" + # else +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2g 1 Mar 2016" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h 3 May 2016" + # endif + # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +diff -upr deps/openssl/openssl.old/crypto/pem/pem_lib.c deps/openssl/openssl/crypto/pem/pem_lib.c +--- deps/openssl/openssl.old/crypto/pem/pem_lib.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/pem/pem_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, + + if (enc != NULL) { + objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); +- if (objstr == NULL) { ++ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); + goto err; + } +diff -upr deps/openssl/openssl.old/crypto/pem/pvkfmt.c deps/openssl/openssl/crypto/pem/pvkfmt.c +--- deps/openssl/openssl.old/crypto/pem/pvkfmt.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/pem/pvkfmt.c 2016-05-03 15:44:42.000000000 +0200 +@@ -131,6 +131,10 @@ static int read_lebn(const unsigned char + # define MS_PVKMAGIC 0xb0b5f11eL + /* Salt length for PVK files */ + # define PVK_SALTLEN 0x10 ++/* Maximum length in PVK header */ ++# define PVK_MAX_KEYLEN 102400 ++/* Maximum salt length */ ++# define PVK_MAX_SALTLEN 10240 + + static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); +@@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned + *psaltlen = read_ledword(&p); + *pkeylen = read_ledword(&p); + ++ if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN) ++ return 0; ++ + if (is_encrypted && !*psaltlen) { + PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); + return 0; +diff -upr deps/openssl/openssl.old/crypto/perlasm/x86_64-xlate.pl deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl +--- deps/openssl/openssl.old/crypto/perlasm/x86_64-xlate.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -195,6 +195,7 @@ my %globals; + sub out { + my $self = shift; + ++ $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} +@@ -205,7 +206,6 @@ my %globals; + } + sprintf "\$%s",$self->{value}; + } else { +- $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; + $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); + sprintf "%s",$self->{value}; + } +diff -upr deps/openssl/openssl.old/crypto/perlasm/x86masm.pl deps/openssl/openssl/crypto/perlasm/x86masm.pl +--- deps/openssl/openssl.old/crypto/perlasm/x86masm.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/perlasm/x86masm.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -18,10 +18,10 @@ sub ::generic + + if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no [] + { $opcode="mov"; } +- elsif ($opcode !~ /mov[dq]$/) ++ elsif ($opcode !~ /movq/) + { # fix xmm references +- $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i); +- $arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); ++ $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); ++ $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); + } + + &::emit($opcode,@arg); +@@ -82,7 +82,7 @@ TITLE $_[0].asm + IF \@Version LT 800 + ECHO MASM version 8.00 or later is strongly recommended. + ENDIF +-.686 ++.486 + .MODEL FLAT + OPTION DOTNAME + IF \@Version LT 800 +@@ -160,13 +160,13 @@ sub ::public_label + { push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + + sub ::data_byte +-{ push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_); } ++{ push(@out,("DB\t").join(',',@_)."\n"); } + + sub ::data_short +-{ push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_); } ++{ push(@out,("DW\t").join(',',@_)."\n"); } + + sub ::data_word +-{ push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_); } ++{ push(@out,("DD\t").join(',',@_)."\n"); } + + sub ::align + { push(@out,"ALIGN\t$_[0]\n"); } +diff -upr deps/openssl/openssl.old/crypto/s390xcpuid.S deps/openssl/openssl/crypto/s390xcpuid.S +--- deps/openssl/openssl.old/crypto/s390xcpuid.S 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/s390xcpuid.S 2016-05-03 15:44:42.000000000 +0200 +@@ -5,14 +5,46 @@ + .align 16 + OPENSSL_s390x_facilities: + lghi %r0,0 +- larl %r2,OPENSSL_s390xcap_P +- stg %r0,8(%r2) +- .long 0xb2b02000 # stfle 0(%r2) ++ larl %r4,OPENSSL_s390xcap_P ++ stg %r0,8(%r4) # wipe capability vectors ++ stg %r0,16(%r4) ++ stg %r0,24(%r4) ++ stg %r0,32(%r4) ++ stg %r0,40(%r4) ++ stg %r0,48(%r4) ++ stg %r0,56(%r4) ++ stg %r0,64(%r4) ++ stg %r0,72(%r4) ++ ++ .long 0xb2b04000 # stfle 0(%r4) + brc 8,.Ldone + lghi %r0,1 +- .long 0xb2b02000 # stfle 0(%r2) ++ .long 0xb2b04000 # stfle 0(%r4) + .Ldone: +- lg %r2,0(%r2) ++ lmg %r2,%r3,0(%r4) ++ tmhl %r2,0x4000 # check for message-security-assist ++ jz .Lret ++ ++ lghi %r0,0 # query kimd capabilities ++ la %r1,16(%r4) ++ .long 0xb93e0002 # kimd %r0,%r2 ++ ++ lghi %r0,0 # query km capability vector ++ la %r1,32(%r4) ++ .long 0xb92e0042 # km %r4,%r2 ++ ++ lghi %r0,0 # query kmc capability vector ++ la %r1,48(%r4) ++ .long 0xb92f0042 # kmc %r4,%r2 ++ ++ tmhh %r3,0x0004 # check for message-security-assist-4 ++ jz .Lret ++ ++ lghi %r0,0 # query kmctr capability vector ++ la %r1,64(%r4) ++ .long 0xb92d2042 # kmctr %r4,%r2,%r2 ++ ++.Lret: + br %r14 + .size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities + +@@ -96,4 +128,4 @@ OPENSSL_cleanse: + .section .init + brasl %r14,OPENSSL_cpuid_setup + +-.comm OPENSSL_s390xcap_P,16,8 ++.comm OPENSSL_s390xcap_P,80,8 +diff -upr deps/openssl/openssl.old/crypto/sha/asm/sha1-ppc.pl deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl +--- deps/openssl/openssl.old/crypto/sha/asm/sha1-ppc.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl 2016-05-03 15:38:19.000000000 +0200 +@@ -227,7 +227,7 @@ Lunaligned: + srwi. $t1,$t1,6 ; t1/=64 + beq Lcross_page + $UCMP $num,$t1 +- ble- Laligned ; didn't cross the page boundary ++ ble Laligned ; didn't cross the page boundary + mtctr $t1 + subfc $num,$t1,$num + bl Lsha1_block_private +@@ -255,7 +255,7 @@ Lmemcpy: + bl Lsha1_block_private + $POP $inp,`$FRAME-$SIZE_T*18`($sp) + addic. $num,$num,-1 +- bne- Lunaligned ++ bne Lunaligned + + Ldone: + $POP r0,`$FRAME+$LRSAVE`($sp) +@@ -329,7 +329,7 @@ $code.=<<___; + stw r20,16($ctx) + mr $E,r20 + addi $inp,$inp,`16*4` +- bdnz- Lsha1_block_private ++ bdnz Lsha1_block_private + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +diff -upr deps/openssl/openssl.old/crypto/sha/asm/sha1-s390x.pl deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl +--- deps/openssl/openssl.old/crypto/sha/asm/sha1-s390x.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -167,10 +167,7 @@ $code.=<<___ if ($kimdfunc); + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware +- lghi %r0,0 +- la %r1,`2*$SIZE_T`($sp) +- .long 0xb93e0002 # kimd %r0,%r2 +- lg %r0,`2*$SIZE_T`($sp) ++ lg %r0,16(%r1) # check kimd capabilities + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc +@@ -237,7 +234,7 @@ $code.=<<___; + br %r14 + .size sha1_block_data_order,.-sha1_block_data_order + .string "SHA1 block transform for s390x, CRYPTOGAMS by " +-.comm OPENSSL_s390xcap_P,16,8 ++.comm OPENSSL_s390xcap_P,80,8 + ___ + + $code =~ s/\`([^\`]*)\`/eval $1/gem; +diff -upr deps/openssl/openssl.old/crypto/sha/asm/sha512-ppc.pl deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl +--- deps/openssl/openssl.old/crypto/sha/asm/sha512-ppc.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl 2016-05-03 15:38:19.000000000 +0200 +@@ -259,7 +259,7 @@ Lunaligned: + andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary + beq Lcross_page + $UCMP $num,$t1 +- ble- Laligned ; didn't cross the page boundary ++ ble Laligned ; didn't cross the page boundary + subfc $num,$t1,$num + add $t1,$inp,$t1 + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num +@@ -317,7 +317,7 @@ $code.=<<___; + $POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num + addic. $num,$num,`-16*$SZ` ; num-- +- bne- Lunaligned ++ bne Lunaligned + + Ldone: + $POP r0,`$FRAME+$LRSAVE`($sp) +@@ -396,7 +396,7 @@ for(;$i<32;$i++) { + unshift(@V,pop(@V)); + } + $code.=<<___; +- bdnz- Lrounds ++ bdnz Lrounds + + $POP $ctx,`$FRAME-$SIZE_T*22`($sp) + $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer +@@ -644,7 +644,7 @@ for(;$i<32;$i++) { + ($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1); + } + $code.=<<___; +- bdnz- Lrounds ++ bdnz Lrounds + + $POP $ctx,`$FRAME-$SIZE_T*22`($sp) + $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer +diff -upr deps/openssl/openssl.old/crypto/sha/asm/sha512-s390x.pl deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl +--- deps/openssl/openssl.old/crypto/sha/asm/sha512-s390x.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -240,10 +240,7 @@ $code.=<<___ if ($kimdfunc); + lg %r0,0(%r1) + tmhl %r0,0x4000 # check for message-security assist + jz .Lsoftware +- lghi %r0,0 +- la %r1,`2*$SIZE_T`($sp) +- .long 0xb93e0002 # kimd %r0,%r2 +- lg %r0,`2*$SIZE_T`($sp) ++ lg %r0,16(%r1) # check kimd capabilities + tmhh %r0,`0x8000>>$kimdfunc` + jz .Lsoftware + lghi %r0,$kimdfunc +@@ -311,7 +308,7 @@ $code.=<<___; + br %r14 + .size $Func,.-$Func + .string "SHA${label} block transform for s390x, CRYPTOGAMS by " +-.comm OPENSSL_s390xcap_P,16,8 ++.comm OPENSSL_s390xcap_P,80,8 + ___ + + $code =~ s/\`([^\`]*)\`/eval $1/gem; +diff -upr deps/openssl/openssl.old/crypto/x509/x509.h deps/openssl/openssl/crypto/x509/x509.h +--- deps/openssl/openssl.old/crypto/x509/x509.h 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/x509/x509.h 2016-05-03 15:44:42.000000000 +0200 +@@ -1305,6 +1305,7 @@ void ERR_load_X509_strings(void); + # define X509_R_LOADING_CERT_DIR 103 + # define X509_R_LOADING_DEFAULTS 104 + # define X509_R_METHOD_NOT_SUPPORTED 124 ++# define X509_R_NAME_TOO_LONG 134 + # define X509_R_NEWER_CRL_NOT_NEWER 132 + # define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 + # define X509_R_NO_CRL_NUMBER 130 +diff -upr deps/openssl/openssl.old/crypto/x509/x509_err.c deps/openssl/openssl/crypto/x509/x509_err.c +--- deps/openssl/openssl.old/crypto/x509/x509_err.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/x509/x509_err.c 2016-05-03 15:44:42.000000000 +0200 +@@ -151,6 +151,7 @@ static ERR_STRING_DATA X509_str_reasons[ + {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"}, + {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"}, + {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"}, ++ {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"}, + {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"}, + {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), + "no cert set for us to verify"}, +diff -upr deps/openssl/openssl.old/crypto/x509/x509_obj.c deps/openssl/openssl/crypto/x509/x509_obj.c +--- deps/openssl/openssl.old/crypto/x509/x509_obj.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/crypto/x509/x509_obj.c 2016-05-03 15:44:42.000000000 +0200 +@@ -63,6 +63,13 @@ + #include + #include + ++/* ++ * Limit to ensure we don't overflow: much greater than ++ * anything enountered in practice. ++ */ ++ ++#define NAME_ONELINE_MAX (1024 * 1024) ++ + char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) + { + X509_NAME_ENTRY *ne; +@@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, ch + goto err; + b->data[0] = '\0'; + len = 200; ++ } else if (len == 0) { ++ return NULL; + } + if (a == NULL) { + if (b) { +@@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch + + type = ne->value->type; + num = ne->value->length; ++ if (num > NAME_ONELINE_MAX) { ++ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG); ++ goto end; ++ } + q = ne->value->data; + #ifdef CHARSET_EBCDIC + if (type == V_ASN1_GENERALSTRING || +@@ -117,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, ch + type == V_ASN1_PRINTABLESTRING || + type == V_ASN1_TELETEXSTRING || + type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) { +- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf) +- ? sizeof ebcdic_buf : num); ++ if (num > (int)sizeof(ebcdic_buf)) ++ num = sizeof(ebcdic_buf); ++ ascii2ebcdic(ebcdic_buf, q, num); + q = ebcdic_buf; + } + #endif +@@ -154,6 +168,10 @@ char *X509_NAME_oneline(X509_NAME *a, ch + + lold = l; + l += 1 + l1 + 1 + l2; ++ if (l > NAME_ONELINE_MAX) { ++ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG); ++ goto end; ++ } + if (b != NULL) { + if (!BUF_MEM_grow(b, l + 1)) + goto err; +@@ -206,7 +224,7 @@ char *X509_NAME_oneline(X509_NAME *a, ch + return (p); + err: + X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); +- if (b != NULL) +- BUF_MEM_free(b); ++ end: ++ BUF_MEM_free(b); + return (NULL); + } +Only in deps/openssl/openssl: demos +Only in deps/openssl/openssl: doc +Only in deps/openssl/openssl.old/include: openssl +diff -upr deps/openssl/openssl.old/openssl.spec deps/openssl/openssl/openssl.spec +--- deps/openssl/openssl.old/openssl.spec 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/openssl.spec 2016-05-03 15:46:41.000000000 +0200 +@@ -6,7 +6,7 @@ Release: 1 + + Summary: Secure Sockets Layer and cryptography libraries and tools + Name: openssl +-Version: 1.0.2g ++Version: 1.0.2h + Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz + License: OpenSSL + Group: System Environment/Libraries +diff -upr deps/openssl/openssl.old/ssl/d1_both.c deps/openssl/openssl/ssl/d1_both.c +--- deps/openssl/openssl.old/ssl/d1_both.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/d1_both.c 2016-05-03 15:44:42.000000000 +0200 +@@ -1459,6 +1459,8 @@ int dtls1_process_heartbeat(SSL *s) + * plus 2 bytes payload length, plus payload, plus padding + */ + buffer = OPENSSL_malloc(write_length); ++ if (buffer == NULL) ++ return -1; + bp = buffer; + + /* Enter response type, length and copy payload */ +diff -upr deps/openssl/openssl.old/ssl/s2_lib.c deps/openssl/openssl/ssl/s2_lib.c +--- deps/openssl/openssl.old/ssl/s2_lib.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/s2_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -150,7 +150,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_RC4, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + 0, + 128, + 128, +@@ -167,7 +167,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_RC4, + SSL_MD5, + SSL_SSLV2, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL2_CF_5_BYTE_ENC, + 40, + 128, +@@ -184,7 +184,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_RC2, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + 0, + 128, + 128, +@@ -201,7 +201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_RC2, + SSL_MD5, + SSL_SSLV2, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL2_CF_5_BYTE_ENC, + 40, + 128, +@@ -219,7 +219,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_IDEA, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + 0, + 128, + 128, +@@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_DES, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + 0, + 56, + 56, +@@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_3DES, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + 0, + 112, + 168, +@@ -271,7 +271,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip + SSL_RC4, + SSL_MD5, + SSL_SSLV2, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL2_CF_8_BYTE_ENC, + 64, + 64, +diff -upr deps/openssl/openssl.old/ssl/s2_meth.c deps/openssl/openssl/ssl/s2_meth.c +--- deps/openssl/openssl.old/ssl/s2_meth.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/s2_meth.c 2016-05-03 15:44:42.000000000 +0200 +@@ -57,7 +57,8 @@ + */ + + #include "ssl_locl.h" +-#ifndef OPENSSL_NO_SSL2 ++#ifndef OPENSSL_NO_SSL2_METHOD ++# ifndef OPENSSL_NO_SSL2 + # include + # include + +@@ -72,7 +73,16 @@ static const SSL_METHOD *ssl2_get_method + + IMPLEMENT_ssl2_meth_func(SSLv2_method, + ssl2_accept, ssl2_connect, ssl2_get_method) +-#else /* !OPENSSL_NO_SSL2 */ ++ ++# else /* !OPENSSL_NO_SSL2 */ ++ ++const SSL_METHOD *SSLv2_method(void) { return NULL; } ++const SSL_METHOD *SSLv2_client_method(void) { return NULL; } ++const SSL_METHOD *SSLv2_server_method(void) { return NULL; } ++ ++# endif ++ ++#else /* !OPENSSL_NO_SSL2_METHOD */ + + # if PEDANTIC + static void *dummy = &dummy; +diff -upr deps/openssl/openssl.old/ssl/s3_clnt.c deps/openssl/openssl/ssl/s3_clnt.c +--- deps/openssl/openssl.old/ssl/s3_clnt.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/s3_clnt.c 2016-05-03 15:44:42.000000000 +0200 +@@ -2199,6 +2199,7 @@ int ssl3_get_certificate_request(SSL *s) + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); + goto err; + } ++ xn = NULL; + + p += l; + nc += l + 2; +@@ -2222,6 +2223,7 @@ int ssl3_get_certificate_request(SSL *s) + err: + s->state = SSL_ST_ERR; + done: ++ X509_NAME_free(xn); + if (ca_sk != NULL) + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); + return (ret); +diff -upr deps/openssl/openssl.old/ssl/s3_lib.c deps/openssl/openssl/ssl/s3_lib.c +--- deps/openssl/openssl.old/ssl/s3_lib.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/s3_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -208,7 +208,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -258,7 +258,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC2, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -294,7 +294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -312,7 +312,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -347,7 +347,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -365,7 +365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -399,7 +399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -417,7 +417,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -452,7 +452,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -470,7 +470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -556,7 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -573,7 +573,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_MD5, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -608,7 +608,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -625,7 +625,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_3DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, +@@ -695,7 +695,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -761,7 +761,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_MD5, + SSL_SSLV3, +- SSL_NOT_EXP | SSL_LOW, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -827,7 +827,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -845,7 +845,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC2, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -863,7 +863,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_SHA1, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -881,7 +881,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 56, +@@ -899,7 +899,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC2, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -917,7 +917,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_MD5, + SSL_SSLV3, +- SSL_EXPORT | SSL_EXP40, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 40, + 128, +@@ -1011,7 +1011,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -1106,7 +1106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, +@@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_CAMELLIA128, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -1322,7 +1322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_MD5, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 128, +@@ -1338,7 +1338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC2, + SSL_MD5, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 128, +@@ -1356,7 +1356,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -1374,7 +1374,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_DES, + SSL_SHA1, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 56, +@@ -1392,7 +1392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 128, +@@ -1410,7 +1410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, +- SSL_EXPORT | SSL_EXP56, ++ SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 56, + 128, +@@ -1525,7 +1525,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES128, + SSL_SHA256, + SSL_TLSV1_2, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -1541,7 +1541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES256, + SSL_SHA256, + SSL_TLSV1_2, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, +@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_CAMELLIA256, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, +@@ -1860,7 +1860,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -2040,7 +2040,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -2056,7 +2056,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, +@@ -2424,7 +2424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_RC4, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_MEDIUM, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -2440,7 +2440,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_3DES, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 112, + 168, +@@ -2456,7 +2456,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES128, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 128, + 128, +@@ -2472,7 +2472,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + SSL_AES256, + SSL_SHA1, + SSL_TLSV1, +- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, ++ SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 256, + 256, +diff -upr deps/openssl/openssl.old/ssl/ssl.h deps/openssl/openssl/ssl/ssl.h +--- deps/openssl/openssl.old/ssl/ssl.h 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 +@@ -338,7 +338,7 @@ extern "C" { + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is +@@ -2345,7 +2345,7 @@ const char *SSL_get_version(const SSL *s + /* This sets the 'default' SSL version that SSL_new() will create */ + int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +-# ifndef OPENSSL_NO_SSL2 ++# ifndef OPENSSL_NO_SSL2_METHOD + const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ + const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ + const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +diff -upr deps/openssl/openssl.old/ssl/ssl_cert.c deps/openssl/openssl/ssl/ssl_cert.c +--- deps/openssl/openssl.old/ssl/ssl_cert.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl_cert.c 2016-05-03 15:44:42.000000000 +0200 +@@ -504,6 +504,8 @@ void ssl_cert_free(CERT *c) + #ifndef OPENSSL_NO_TLSEXT + custom_exts_free(&c->cli_ext); + custom_exts_free(&c->srv_ext); ++ if (c->alpn_proposed) ++ OPENSSL_free(c->alpn_proposed); + #endif + OPENSSL_free(c); + } +@@ -1057,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM * + unsigned char *p; + + n = i2d_X509(x, NULL); +- if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { ++ if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { + SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); + return 0; + } + p = (unsigned char *)&(buf->data[*l]); + l2n3(n, p); +- i2d_X509(x, &p); ++ n = i2d_X509(x, &p); ++ if (n < 0) { ++ /* Shouldn't happen */ ++ SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); ++ return 0; ++ } + *l += n + 3; + + return 1; +diff -upr deps/openssl/openssl.old/ssl/ssl_ciph.c deps/openssl/openssl/ssl/ssl_ciph.c +--- deps/openssl/openssl.old/ssl/ssl_ciph.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl_ciph.c 2016-05-03 15:44:42.000000000 +0200 +@@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] + * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in + * ALL!) + */ +- {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, +- SSL_EXP_MASK, 0, 0, 0}, ++ {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0}, + + /* + * key exchange aliases (some of those using only a single bit here +@@ -1030,10 +1029,6 @@ static void ssl_cipher_apply_rule(unsign + if (cipher_id && cipher_id != cp->id) + continue; + #endif +- if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) +- goto ok; +- if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) +- goto ok; + if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) + continue; + if (alg_auth && !(alg_auth & cp->algorithm_auth)) +@@ -1050,10 +1045,11 @@ static void ssl_cipher_apply_rule(unsign + if ((algo_strength & SSL_STRONG_MASK) + && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) + continue; ++ if ((algo_strength & SSL_NOT_DEFAULT) ++ && !(cp->algo_strength & SSL_NOT_DEFAULT)) ++ continue; + } + +- ok: +- + #ifdef CIPHER_DEBUG + fprintf(stderr, "Action = %d\n", rule); + #endif +@@ -1337,6 +1333,10 @@ static int ssl_cipher_process_rulestr(co + ca_list[j]->algo_strength & SSL_STRONG_MASK; + } + ++ if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) { ++ algo_strength |= SSL_NOT_DEFAULT; ++ } ++ + if (ca_list[j]->valid) { + /* + * explicit ciphersuite found; its protocol version does not +diff -upr deps/openssl/openssl.old/ssl/ssl_lib.c deps/openssl/openssl/ssl/ssl_lib.c +--- deps/openssl/openssl.old/ssl/ssl_lib.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -244,7 +244,16 @@ int SSL_clear(SSL *s) + ssl_clear_hash_ctx(&s->write_hash); + + s->first_packet = 0; +- ++#ifndef OPENSSL_NO_TLSEXT ++ if (s->cert != NULL) { ++ if (s->cert->alpn_proposed) { ++ OPENSSL_free(s->cert->alpn_proposed); ++ s->cert->alpn_proposed = NULL; ++ } ++ s->cert->alpn_proposed_len = 0; ++ s->cert->alpn_sent = 0; ++ } ++#endif + #if 1 + /* + * Check to see if we were changed into a different method, if so, revert +@@ -3174,6 +3183,12 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_C + ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; + ocert->ciphers_raw = NULL; + } ++#ifndef OPENSSL_NO_TLSEXT ++ ssl->cert->alpn_proposed = ocert->alpn_proposed; ++ ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len; ++ ocert->alpn_proposed = NULL; ++ ssl->cert->alpn_sent = ocert->alpn_sent; ++#endif + ssl_cert_free(ocert); + } + +diff -upr deps/openssl/openssl.old/ssl/ssl_locl.h deps/openssl/openssl/ssl/ssl_locl.h +--- deps/openssl/openssl.old/ssl/ssl_locl.h 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl_locl.h 2016-05-03 15:44:42.000000000 +0200 +@@ -436,8 +436,9 @@ + # define SSL_MEDIUM 0x00000040L + # define SSL_HIGH 0x00000080L + # define SSL_FIPS 0x00000100L ++# define SSL_NOT_DEFAULT 0x00000200L + +-/* we have used 000001ff - 23 bits left to go */ ++/* we have used 000003ff - 22 bits left to go */ + + /*- + * Macros to check the export status and cipher strength for export ciphers. +@@ -687,6 +688,10 @@ typedef struct cert_st { + custom_ext_methods cli_ext; + custom_ext_methods srv_ext; + int references; /* >1 only if SSL_copy_session_id is used */ ++ /* non-optimal, but here due to compatibility */ ++ unsigned char *alpn_proposed; /* server */ ++ unsigned int alpn_proposed_len; ++ int alpn_sent; /* client */ + } CERT; + + typedef struct sess_cert_st { +diff -upr deps/openssl/openssl.old/ssl/ssl_rsa.c deps/openssl/openssl/ssl/ssl_rsa.c +--- deps/openssl/openssl.old/ssl/ssl_rsa.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssl_rsa.c 2016-05-03 15:44:42.000000000 +0200 +@@ -841,7 +841,7 @@ static int serverinfo_srv_add_cb(SSL *s, + return 0; /* No extension found, don't send extension */ + return 1; /* Send extension */ + } +- return -1; /* No serverinfo data found, don't send ++ return 0; /* No serverinfo data found, don't send + * extension */ + } + +@@ -870,12 +870,26 @@ static int serverinfo_process_buffer(con + + /* Register callbacks for extensions */ + ext_type = (serverinfo[0] << 8) + serverinfo[1]; +- if (ctx && !SSL_CTX_add_server_custom_ext(ctx, ext_type, +- serverinfo_srv_add_cb, +- NULL, NULL, +- serverinfo_srv_parse_cb, +- NULL)) +- return 0; ++ if (ctx) { ++ int have_ext_cbs = 0; ++ size_t i; ++ custom_ext_methods *exts = &ctx->cert->srv_ext; ++ custom_ext_method *meth = exts->meths; ++ ++ for (i = 0; i < exts->meths_count; i++, meth++) { ++ if (ext_type == meth->ext_type) { ++ have_ext_cbs = 1; ++ break; ++ } ++ } ++ ++ if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type, ++ serverinfo_srv_add_cb, ++ NULL, NULL, ++ serverinfo_srv_parse_cb, ++ NULL)) ++ return 0; ++ } + + serverinfo += 2; + serverinfo_length -= 2; +diff -upr deps/openssl/openssl.old/ssl/ssltest.c deps/openssl/openssl/ssl/ssltest.c +--- deps/openssl/openssl.old/ssl/ssltest.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/ssltest.c 2016-05-03 15:44:42.000000000 +0200 +@@ -217,6 +217,9 @@ + # define TEST_CLIENT_CERT "../apps/client.pem" + #endif + ++static SSL_CTX *s_ctx = NULL; ++static SSL_CTX *s_ctx2 = NULL; ++ + /* + * There is really no standard for this, so let's assign some tentative + * numbers. In any case, these numbers are only for this test +@@ -300,9 +303,51 @@ static BIO *bio_err = NULL; + static BIO *bio_stdout = NULL; + + static const char *alpn_client; +-static const char *alpn_server; ++static char *alpn_server; ++static char *alpn_server2; + static const char *alpn_expected; + static unsigned char *alpn_selected; ++static const char *sn_client; ++static const char *sn_server1; ++static const char *sn_server2; ++static int sn_expect = 0; ++ ++static int servername_cb(SSL *s, int *ad, void *arg) ++{ ++ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); ++ if (sn_server2 == NULL) { ++ BIO_printf(bio_stdout, "Servername 2 is NULL\n"); ++ return SSL_TLSEXT_ERR_NOACK; ++ } ++ ++ if (servername != NULL) { ++ if (s_ctx2 != NULL && sn_server2 != NULL && ++ !strcasecmp(servername, sn_server2)) { ++ BIO_printf(bio_stdout, "Switching server context.\n"); ++ SSL_set_SSL_CTX(s, s_ctx2); ++ } ++ } ++ return SSL_TLSEXT_ERR_OK; ++} ++static int verify_servername(SSL *client, SSL *server) ++{ ++ /* just need to see if sn_context is what we expect */ ++ SSL_CTX* ctx = SSL_get_SSL_CTX(server); ++ if (sn_expect == 0) ++ return 0; ++ if (sn_expect == 1 && ctx == s_ctx) ++ return 0; ++ if (sn_expect == 2 && ctx == s_ctx2) ++ return 0; ++ BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect); ++ if (ctx == s_ctx2) ++ BIO_printf(bio_stdout, "Servername: context is 2\n"); ++ else if (ctx == s_ctx) ++ BIO_printf(bio_stdout, "Servername: context is 1\n"); ++ else ++ BIO_printf(bio_stdout, "Servername: context is unknown\n"); ++ return -1; ++} + + /*- + * next_protos_parse parses a comma separated list of strings into a string +@@ -350,11 +395,12 @@ static int cb_server_alpn(SSL *s, const + { + unsigned char *protos; + unsigned short protos_len; ++ char* alpn_str = arg; + +- protos = next_protos_parse(&protos_len, alpn_server); ++ protos = next_protos_parse(&protos_len, alpn_str); + if (protos == NULL) { + fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", +- alpn_server); ++ alpn_str); + abort(); + } + +@@ -417,8 +463,17 @@ static int verify_alpn(SSL *client, SSL + BIO_printf(bio_stdout, "', server: '"); + BIO_write(bio_stdout, server_proto, server_proto_len); + BIO_printf(bio_stdout, "'\n"); +- BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", +- alpn_client, alpn_server); ++ BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: ", ++ alpn_client); ++ if (SSL_get_SSL_CTX(server) == s_ctx2) { ++ BIO_printf(bio_stdout, "'%s'\n", ++ alpn_server2); ++ } else if (SSL_get_SSL_CTX(server) == s_ctx){ ++ BIO_printf(bio_stdout, "'%s'\n", ++ alpn_server); ++ } else { ++ BIO_printf(bio_stdout, "unknown\n"); ++ } + return -1; + } + +@@ -756,8 +811,15 @@ static void sv_usage(void) + " -custom_ext - try various custom extension callbacks\n"); + fprintf(stderr, " -alpn_client - have client side offer ALPN\n"); + fprintf(stderr, " -alpn_server - have server side offer ALPN\n"); ++ fprintf(stderr, " -alpn_server1 - alias for -alpn_server\n"); ++ fprintf(stderr, " -alpn_server2 - have server side context 2 offer ALPN\n"); + fprintf(stderr, + " -alpn_expected - the ALPN protocol that should be negotiated\n"); ++ fprintf(stderr, " -sn_client - have client request this servername\n"); ++ fprintf(stderr, " -sn_server1 - have server context 1 respond to this servername\n"); ++ fprintf(stderr, " -sn_server2 - have server context 2 respond to this servername\n"); ++ fprintf(stderr, " -sn_expect1 - expected server 1\n"); ++ fprintf(stderr, " -sn_expect2 - expected server 2\n"); + } + + static void print_details(SSL *c_ssl, const char *prefix) +@@ -896,7 +958,6 @@ int main(int argc, char *argv[]) + #ifndef OPENSSL_NO_ECDH + char *named_curve = NULL; + #endif +- SSL_CTX *s_ctx = NULL; + SSL_CTX *c_ctx = NULL; + const SSL_METHOD *meth = NULL; + SSL *c_ssl, *s_ssl; +@@ -1151,14 +1212,35 @@ int main(int argc, char *argv[]) + if (--argc < 1) + goto bad; + alpn_client = *(++argv); +- } else if (strcmp(*argv, "-alpn_server") == 0) { ++ } else if (strcmp(*argv, "-alpn_server") == 0 || ++ strcmp(*argv, "-alpn_server1") == 0) { + if (--argc < 1) + goto bad; + alpn_server = *(++argv); ++ } else if (strcmp(*argv, "-alpn_server2") == 0) { ++ if (--argc < 1) ++ goto bad; ++ alpn_server2 = *(++argv); + } else if (strcmp(*argv, "-alpn_expected") == 0) { + if (--argc < 1) + goto bad; + alpn_expected = *(++argv); ++ } else if (strcmp(*argv, "-sn_client") == 0) { ++ if (--argc < 1) ++ goto bad; ++ sn_client = *(++argv); ++ } else if (strcmp(*argv, "-sn_server1") == 0) { ++ if (--argc < 1) ++ goto bad; ++ sn_server1 = *(++argv); ++ } else if (strcmp(*argv, "-sn_server2") == 0) { ++ if (--argc < 1) ++ goto bad; ++ sn_server2 = *(++argv); ++ } else if (strcmp(*argv, "-sn_expect1") == 0) { ++ sn_expect = 1; ++ } else if (strcmp(*argv, "-sn_expect2") == 0) { ++ sn_expect = 2; + } else { + fprintf(stderr, "unknown option %s\n", *argv); + badop = 1; +@@ -1304,7 +1386,8 @@ int main(int argc, char *argv[]) + + c_ctx = SSL_CTX_new(meth); + s_ctx = SSL_CTX_new(meth); +- if ((c_ctx == NULL) || (s_ctx == NULL)) { ++ s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */ ++ if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) { + ERR_print_errors(bio_err); + goto end; + } +@@ -1312,7 +1395,9 @@ int main(int argc, char *argv[]) + if (cipher != NULL) { + SSL_CTX_set_cipher_list(c_ctx, cipher); + SSL_CTX_set_cipher_list(s_ctx, cipher); ++ SSL_CTX_set_cipher_list(s_ctx2, cipher); + } ++ + #ifndef OPENSSL_NO_DH + if (!no_dhe) { + if (dhe1024dsa) { +@@ -1320,12 +1405,14 @@ int main(int argc, char *argv[]) + * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks + */ + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); ++ SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_DH_USE); + dh = get_dh1024dsa(); + } else if (dhe512) + dh = get_dh512(); + else + dh = get_dh1024(); + SSL_CTX_set_tmp_dh(s_ctx, dh); ++ SSL_CTX_set_tmp_dh(s_ctx2, dh); + DH_free(dh); + } + #else +@@ -1353,7 +1440,9 @@ int main(int argc, char *argv[]) + } + + SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); ++ SSL_CTX_set_tmp_ecdh(s_ctx2, ecdh); + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_ECDH_USE); + EC_KEY_free(ecdh); + } + #else +@@ -1362,15 +1451,18 @@ int main(int argc, char *argv[]) + + #ifndef OPENSSL_NO_RSA + SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); ++ SSL_CTX_set_tmp_rsa_callback(s_ctx2, tmp_rsa_cb); + #endif + + #ifdef TLSEXT_TYPE_opaque_prf_input + SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); + SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); ++ SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx2, opaque_prf_input_cb); + /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); + /* or &so2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); ++ SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx2, &so1); + #endif + + if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { +@@ -1383,6 +1475,16 @@ int main(int argc, char *argv[]) + goto end; + } + ++ if (!SSL_CTX_use_certificate_file(s_ctx2, server_cert, SSL_FILETYPE_PEM)) { ++ ERR_print_errors(bio_err); ++ } else if (!SSL_CTX_use_PrivateKey_file(s_ctx2, ++ (server_key ? server_key : ++ server_cert), ++ SSL_FILETYPE_PEM)) { ++ ERR_print_errors(bio_err); ++ goto end; ++ } ++ + if (client_auth) { + SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM); + SSL_CTX_use_PrivateKey_file(c_ctx, +@@ -1392,6 +1494,8 @@ int main(int argc, char *argv[]) + + if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || ++ (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) || ++ (!SSL_CTX_set_default_verify_paths(s_ctx2)) || + (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) { + /* fprintf(stderr,"SSL_load_verify_locations\n"); */ +@@ -1406,6 +1510,11 @@ int main(int argc, char *argv[]) + verify_callback); + SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, + &app_verify_arg); ++ SSL_CTX_set_verify(s_ctx2, ++ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ++ verify_callback); ++ SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback, ++ &app_verify_arg); + } + if (server_auth) { + BIO_printf(bio_err, "server authentication\n"); +@@ -1418,6 +1527,8 @@ int main(int argc, char *argv[]) + int session_id_context = 0; + SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, + sizeof session_id_context); ++ SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, ++ sizeof session_id_context); + } + + /* Use PSK only if PSK key is given */ +@@ -1436,6 +1547,7 @@ int main(int argc, char *argv[]) + #ifndef OPENSSL_NO_PSK + SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); + SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); ++ SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback); + if (debug) + BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); + if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) { +@@ -1443,6 +1555,11 @@ int main(int argc, char *argv[]) + ERR_print_errors(bio_err); + goto end; + } ++ if (!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) { ++ BIO_printf(bio_err, "error setting PSK identity hint to s_ctx2\n"); ++ ERR_print_errors(bio_err); ++ goto end; ++ } + #endif + } + #ifndef OPENSSL_NO_SRP +@@ -1461,8 +1578,11 @@ int main(int argc, char *argv[]) + + if (srp_server_arg.expected_user != NULL) { + SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); ++ SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback); + SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); ++ SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg); + SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); ++ SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb); + } + #endif + +@@ -1475,11 +1595,16 @@ int main(int argc, char *argv[]) + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL); + +- if (serverinfo_file) ++ if (serverinfo_file) { + if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) { + BIO_printf(bio_err, "missing serverinfo file\n"); + goto end; + } ++ if (!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) { ++ BIO_printf(bio_err, "missing serverinfo file\n"); ++ goto end; ++ } ++ } + + if (custom_ext) { + SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, +@@ -1515,10 +1640,29 @@ int main(int argc, char *argv[]) + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL); ++ ++ SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0, ++ custom_ext_0_srv_add_cb, ++ NULL, NULL, ++ custom_ext_0_srv_parse_cb, NULL); ++ SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1, ++ custom_ext_1_srv_add_cb, ++ NULL, NULL, ++ custom_ext_1_srv_parse_cb, NULL); ++ SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2, ++ custom_ext_2_srv_add_cb, ++ NULL, NULL, ++ custom_ext_2_srv_parse_cb, NULL); ++ SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3, ++ custom_ext_3_srv_add_cb, ++ NULL, NULL, ++ custom_ext_3_srv_parse_cb, NULL); + } + + if (alpn_server) +- SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL); ++ SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server); ++ if (alpn_server2) ++ SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2); + + if (alpn_client) { + unsigned short alpn_len; +@@ -1532,9 +1676,15 @@ int main(int argc, char *argv[]) + OPENSSL_free(alpn); + } + ++ if (sn_server1 || sn_server2) ++ SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); ++ + c_ssl = SSL_new(c_ctx); + s_ssl = SSL_new(s_ctx); + ++ if (sn_client) ++ SSL_set_tlsext_host_name(c_ssl, sn_client); ++ + #ifndef OPENSSL_NO_KRB5 + if (c_ssl && c_ssl->kssl_ctx) { + char localhost[MAXHOSTNAMELEN + 2]; +@@ -1588,12 +1738,19 @@ int main(int argc, char *argv[]) + #endif + } + ++ if (verify_alpn(c_ssl, s_ssl) < 0) ++ ret = 1; ++ if (verify_servername(c_ssl, s_ssl) < 0) ++ ret = 1; ++ + SSL_free(s_ssl); + SSL_free(c_ssl); + + end: + if (s_ctx != NULL) + SSL_CTX_free(s_ctx); ++ if (s_ctx2 != NULL) ++ SSL_CTX_free(s_ctx2); + if (c_ctx != NULL) + SSL_CTX_free(c_ctx); + +@@ -1961,10 +2118,6 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, + ret = 1; + goto err; + } +- if (verify_alpn(c_ssl, s_ssl) < 0) { +- ret = 1; +- goto err; +- } + + if (custom_ext_error) { + ret = 1; +diff -upr deps/openssl/openssl.old/ssl/t1_lib.c deps/openssl/openssl/ssl/t1_lib.c +--- deps/openssl/openssl.old/ssl/t1_lib.c 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/ssl/t1_lib.c 2016-05-03 15:44:42.000000000 +0200 +@@ -1539,6 +1539,7 @@ unsigned char *ssl_add_clienthello_tlsex + s2n(s->alpn_client_proto_list_len, ret); + memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len); + ret += s->alpn_client_proto_list_len; ++ s->cert->alpn_sent = 1; + } + # ifndef OPENSSL_NO_SRTP + if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { +@@ -1906,7 +1907,7 @@ static void ssl_check_for_safari(SSL *s, + # endif /* !OPENSSL_NO_EC */ + + /* +- * tls1_alpn_handle_client_hello is called to process the ALPN extension in a ++ * tls1_alpn_handle_client_hello is called to save the ALPN extension in a + * ClientHello. data: the contents of the extension, not including the type + * and length. data_len: the number of bytes in |data| al: a pointer to the + * alert value to send in the event of a non-zero return. returns: 0 on +@@ -1917,12 +1918,6 @@ static int tls1_alpn_handle_client_hello + { + unsigned i; + unsigned proto_len; +- const unsigned char *selected; +- unsigned char selected_len; +- int r; +- +- if (s->ctx->alpn_select_cb == NULL) +- return 0; + + if (data_len < 2) + goto parse_error; +@@ -1953,19 +1948,15 @@ static int tls1_alpn_handle_client_hello + i += proto_len; + } + +- r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len, +- s->ctx->alpn_select_cb_arg); +- if (r == SSL_TLSEXT_ERR_OK) { +- if (s->s3->alpn_selected) +- OPENSSL_free(s->s3->alpn_selected); +- s->s3->alpn_selected = OPENSSL_malloc(selected_len); +- if (!s->s3->alpn_selected) { +- *al = SSL_AD_INTERNAL_ERROR; +- return -1; +- } +- memcpy(s->s3->alpn_selected, selected, selected_len); +- s->s3->alpn_selected_len = selected_len; ++ if (s->cert->alpn_proposed != NULL) ++ OPENSSL_free(s->cert->alpn_proposed); ++ s->cert->alpn_proposed = OPENSSL_malloc(data_len); ++ if (s->cert->alpn_proposed == NULL) { ++ *al = SSL_AD_INTERNAL_ERROR; ++ return -1; + } ++ memcpy(s->cert->alpn_proposed, data, data_len); ++ s->cert->alpn_proposed_len = data_len; + return 0; + + parse_error: +@@ -1973,6 +1964,43 @@ static int tls1_alpn_handle_client_hello + return -1; + } + ++/* ++ * Process the ALPN extension in a ClientHello. ++ * ret: a pointer to the TLSEXT return value: SSL_TLSEXT_ERR_* ++ * al: a pointer to the alert value to send in the event of a failure. ++ * returns 1 on success, 0 on failure: al/ret set only on failure ++ */ ++static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al) ++{ ++ const unsigned char *selected = NULL; ++ unsigned char selected_len = 0; ++ ++ if (s->ctx->alpn_select_cb != NULL && s->cert->alpn_proposed != NULL) { ++ int r = s->ctx->alpn_select_cb(s, &selected, &selected_len, ++ s->cert->alpn_proposed, ++ s->cert->alpn_proposed_len, ++ s->ctx->alpn_select_cb_arg); ++ ++ if (r == SSL_TLSEXT_ERR_OK) { ++ OPENSSL_free(s->s3->alpn_selected); ++ s->s3->alpn_selected = OPENSSL_malloc(selected_len); ++ if (s->s3->alpn_selected == NULL) { ++ *al = SSL_AD_INTERNAL_ERROR; ++ *ret = SSL_TLSEXT_ERR_ALERT_FATAL; ++ return 0; ++ } ++ memcpy(s->s3->alpn_selected, selected, selected_len); ++ s->s3->alpn_selected_len = selected_len; ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* ALPN takes precedence over NPN. */ ++ s->s3->next_proto_neg_seen = 0; ++# endif ++ } ++ } ++ ++ return 1; ++} ++ + static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, + unsigned char *limit, int *al) + { +@@ -1992,6 +2020,12 @@ static int ssl_scan_clienthello_tlsext(S + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + } ++ s->s3->alpn_selected_len = 0; ++ if (s->cert->alpn_proposed) { ++ OPENSSL_free(s->cert->alpn_proposed); ++ s->cert->alpn_proposed = NULL; ++ } ++ s->cert->alpn_proposed_len = 0; + # ifndef OPENSSL_NO_HEARTBEATS + s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | + SSL_TLSEXT_HB_DONT_SEND_REQUESTS); +@@ -2359,8 +2393,7 @@ static int ssl_scan_clienthello_tlsext(S + # endif + # ifndef OPENSSL_NO_NEXTPROTONEG + else if (type == TLSEXT_TYPE_next_proto_neg && +- s->s3->tmp.finish_md_len == 0 && +- s->s3->alpn_selected == NULL) { ++ s->s3->tmp.finish_md_len == 0) { + /*- + * We shouldn't accept this extension on a + * renegotiation. +@@ -2383,13 +2416,9 @@ static int ssl_scan_clienthello_tlsext(S + # endif + + else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && +- s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) { ++ s->s3->tmp.finish_md_len == 0) { + if (tls1_alpn_handle_client_hello(s, data, size, al) != 0) + return 0; +-# ifndef OPENSSL_NO_NEXTPROTONEG +- /* ALPN takes precedence over NPN. */ +- s->s3->next_proto_neg_seen = 0; +-# endif + } + + /* session ticket processed earlier */ +@@ -2698,7 +2727,7 @@ static int ssl_scan_serverhello_tlsext(S + unsigned len; + + /* We must have requested it. */ +- if (s->alpn_client_proto_list == NULL) { ++ if (!s->cert->alpn_sent) { + *al = TLS1_AD_UNSUPPORTED_EXTENSION; + return 0; + } +@@ -2863,6 +2892,7 @@ int ssl_prepare_clienthello_tlsext(SSL * + } + # endif + ++ s->cert->alpn_sent = 0; + return 1; + } + +@@ -3066,6 +3096,10 @@ int ssl_check_clienthello_tlsext_late(SS + } else + s->tlsext_status_expected = 0; + ++ if (!tls1_alpn_handle_client_hello_late(s, &ret, &al)) { ++ goto err; ++ } ++ + err: + switch (ret) { + case SSL_TLSEXT_ERR_ALERT_FATAL: +@@ -3415,8 +3449,10 @@ static int tls_decrypt_ticket(SSL *s, co + p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); + eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); + sdec = OPENSSL_malloc(eticklen); +- if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { ++ if (sdec == NULL ++ || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { + EVP_CIPHER_CTX_cleanup(&ctx); ++ OPENSSL_free(sdec); + return -1; + } + if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { +@@ -3856,6 +3892,8 @@ int tls1_process_heartbeat(SSL *s) + * plus 2 bytes payload length, plus payload, plus padding + */ + buffer = OPENSSL_malloc(1 + 2 + payload + padding); ++ if (buffer == NULL) ++ return -1; + bp = buffer; + + /* Enter response type, length and copy payload */ +Only in deps/openssl/openssl: test +Only in deps/openssl/openssl/tools: c_rehash +diff -upr deps/openssl/openssl.old/util/libeay.num deps/openssl/openssl/util/libeay.num +--- deps/openssl/openssl.old/util/libeay.num 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/util/libeay.num 2016-05-03 15:46:28.000000000 +0200 +@@ -1065,8 +1065,8 @@ d2i_ASN1_BMPSTRING + i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION: + BIO_f_ber 1094 NOEXIST::FUNCTION: + BN_init 1095 EXIST::FUNCTION: +-COMP_CTX_new 1096 EXIST::FUNCTION: +-COMP_CTX_free 1097 EXIST::FUNCTION: ++COMP_CTX_new 1096 EXIST::FUNCTION:COMP ++COMP_CTX_free 1097 EXIST::FUNCTION:COMP + COMP_CTX_compress_block 1098 NOEXIST::FUNCTION: + COMP_CTX_expand_block 1099 NOEXIST::FUNCTION: + X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION: +@@ -1113,10 +1113,10 @@ PKCS7_digest_from_attributes + PKCS7_get_attribute 1141 EXIST::FUNCTION: + PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION: + PKCS7_get_signed_attribute 1143 EXIST::FUNCTION: +-COMP_compress_block 1144 EXIST::FUNCTION: +-COMP_expand_block 1145 EXIST::FUNCTION: +-COMP_rle 1146 EXIST::FUNCTION: +-COMP_zlib 1147 EXIST::FUNCTION: ++COMP_compress_block 1144 EXIST::FUNCTION:COMP ++COMP_expand_block 1145 EXIST::FUNCTION:COMP ++COMP_rle 1146 EXIST::FUNCTION:COMP ++COMP_zlib 1147 EXIST::FUNCTION:COMP + ms_time_diff 1148 NOEXIST::FUNCTION: + ms_time_new 1149 NOEXIST::FUNCTION: + ms_time_free 1150 NOEXIST::FUNCTION: +@@ -1945,7 +1945,7 @@ ENGINE_get_ctrl_function + ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE + BN_pseudo_rand_range 2523 EXIST::FUNCTION: + X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: +-ERR_load_COMP_strings 2525 EXIST::FUNCTION: ++ERR_load_COMP_strings 2525 EXIST::FUNCTION:COMP + PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: + ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: + ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +@@ -3545,8 +3545,8 @@ X509at_get0_data_by_OBJ + ASN1_TYPE_set1 3932 EXIST::FUNCTION: + ASN1_STRING_set0 3933 EXIST::FUNCTION: + i2d_X509_ALGORS 3934 EXIST::FUNCTION: +-BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION: +-COMP_zlib_cleanup 3936 EXIST::FUNCTION: ++BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:COMP ++COMP_zlib_cleanup 3936 EXIST::FUNCTION:COMP + d2i_X509_ALGORS 3937 EXIST::FUNCTION: + CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS + PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS +diff -upr deps/openssl/openssl.old/util/mk1mf.pl deps/openssl/openssl/util/mk1mf.pl +--- deps/openssl/openssl.old/util/mk1mf.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/util/mk1mf.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -291,8 +291,9 @@ $cflags.=" -DOPENSSL_FIPS" if $fips; + $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; + $cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m; + $cflags.=" -DOPENSSL_NO_WEAK_SSL_CIPHERS" if $no_weak_ssl; +-$cflags.= " -DZLIB" if $zlib_opt; +-$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; ++$cflags.=" -DZLIB" if $zlib_opt; ++$cflags.=" -DZLIB_SHARED" if $zlib_opt == 2; ++$cflags.=" -DOPENSSL_NO_COMP" if $no_comp; + + if ($no_static_engine) + { +@@ -850,6 +851,7 @@ sub var_add + return("") if $no_gost && $dir =~ /\/ccgost/; + return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; ++ return("") if $no_comp && $dir =~ /\/comp/; + if ($no_des && $dir =~ /\/des/) + { + if ($val =~ /read_pwd/) +@@ -1198,6 +1200,7 @@ sub read_options + "nw-mwasm" => \$nw_mwasm, + "gaswin" => \$gaswin, + "no-ssl2" => \$no_ssl2, ++ "no-ssl2-method" => 0, + "no-ssl3" => \$no_ssl3, + "no-ssl3-method" => 0, + "no-tlsext" => \$no_tlsext, +@@ -1242,6 +1245,7 @@ sub read_options + "no-unit-test" => 0, + "no-libunbound" => 0, + "no-multiblock" => 0, ++ "no-comp" => \$no_comp, + "fips" => \$fips + ); + +@@ -1259,7 +1263,6 @@ sub read_options + } + } + } +- elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; } + elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 } + elsif (/^enable-zlib-dynamic$/) + { +diff -upr deps/openssl/openssl.old/util/mkdef.pl deps/openssl/openssl/util/mkdef.pl +--- deps/openssl/openssl.old/util/mkdef.pl 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/util/mkdef.pl 2016-05-03 15:44:42.000000000 +0200 +@@ -107,6 +107,8 @@ my @known_algorithms = ( "RC2", "RC4", " + "CAPIENG", + # SSL v2 + "SSL2", ++ # SSL v2 method ++ "SSL2_METHOD", + # SSL v3 method + "SSL3_METHOD", + # JPAKE +@@ -145,7 +147,7 @@ my $no_fp_api; my $no_static_engine=1; m + my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; + my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; + my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; +-my $no_unit_test; my $no_ssl3_method; ++my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method; + + my $fips; + +@@ -240,6 +242,7 @@ foreach (@ARGV, split(/ /, $options)) + elsif (/^no-ec_nistp_64_gcc_128$/) { $no_nistp_gcc=1; } + elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; } + elsif (/^no-ssl2$/) { $no_ssl2=1; } ++ elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; } + elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; } + elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; } + elsif (/^no-capieng$/) { $no_capieng=1; } +@@ -1215,6 +1218,7 @@ sub is_valid + if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) + { return 0; } + if ($keyword eq "SSL2" && $no_ssl2) { return 0; } ++ if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; } + if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; } + if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; } + if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } +diff -upr deps/openssl/openssl.old/util/shlib_wrap.sh deps/openssl/openssl/util/shlib_wrap.sh +--- deps/openssl/openssl.old/util/shlib_wrap.sh 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/util/shlib_wrap.sh 2016-05-03 15:44:42.000000000 +0200 +@@ -27,6 +27,15 @@ SunOS|IRIX*) + LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64 + preload_var=LD_PRELOAD_64 + ;; ++ *ELF\ 32*SPARC*|*ELF\ 32*80386*) ++ # We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32 ++ # on a multi-arch system. Otherwise, trust the fallbacks. ++ if [ -f /lib/64/ld.so.1 ]; then ++ [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32 ++ LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32 ++ preload_var=LD_PRELOAD_32 ++ fi ++ ;; + # Why are newly built .so's preloaded anyway? Because run-time + # .so lookup path embedded into application takes precedence + # over LD_LIBRARY_PATH and as result application ends up linking +diff -upr deps/openssl/openssl.old/util/ssleay.num deps/openssl/openssl/util/ssleay.num +--- deps/openssl/openssl.old/util/ssleay.num 2016-04-26 21:50:10.000000000 +0200 ++++ deps/openssl/openssl/util/ssleay.num 2016-05-03 15:46:29.000000000 +0200 +@@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms + SSLv23_client_method 110 EXIST::FUNCTION:RSA + SSLv23_method 111 EXIST::FUNCTION:RSA + SSLv23_server_method 112 EXIST::FUNCTION:RSA +-SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2 +-SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2 +-SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2 ++SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2_METHOD ++SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2_METHOD ++SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2_METHOD + SSLv3_client_method 116 EXIST::FUNCTION:SSL3_METHOD + SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD + SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD diff --git a/srcpkgs/nodejs/template b/srcpkgs/nodejs/template index 2b2b629a317..a41c2eaa53e 100644 --- a/srcpkgs/nodejs/template +++ b/srcpkgs/nodejs/template @@ -1,8 +1,7 @@ # Template file for 'nodejs' pkgname=nodejs version=6.0.0 -revision=1 -patch_args="-Np1" +revision=2 wrksrc=node-v${version} hostmakedepends="pkg-config python" makedepends="zlib-devel python-devel