[Pkg-openssl-changes] r688 - in openssl/branches/1.0.1/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Wed Aug 6 22:22:35 UTC 2014
Author: kroeckx
Date: 2014-08-06 22:22:34 +0000 (Wed, 06 Aug 2014)
New Revision: 688
Removed:
openssl/branches/1.0.1/debian/patches/git_snapshot.patch
Modified:
openssl/branches/1.0.1/debian/changelog
openssl/branches/1.0.1/debian/patches/debian-targets.patch
openssl/branches/1.0.1/debian/patches/series
Log:
* New upstream release
* Add support for ppc64le (Closes: #745657)
* Add support for OpenRISC (Closes: #736772)
Modified: openssl/branches/1.0.1/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog 2014-07-23 17:57:56 UTC (rev 687)
+++ openssl/branches/1.0.1/debian/changelog 2014-08-06 22:22:34 UTC (rev 688)
@@ -1,3 +1,21 @@
+openssl (1.0.1i-1) unstable; urgency=high
+
+ * New upstream release
+ - Fix for CVE-2014-3512
+ - Fix for CVE-2014-3511
+ - Fix for CVE-2014-3510
+ - Fix for CVE-2014-3507
+ - Fix for CVE-2014-3506
+ - Fix for CVE-2014-3505
+ - Fix for CVE-2014-3509
+ - Fix for CVE-2014-5139
+ - Fix for CVE-2014-3508
+ - Drop upstream git snapshot patch.
+ * Add support for ppc64le (Closes: #745657)
+ * Add support for OpenRISC (Closes: #736772)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 07 Aug 2014 00:02:41 +0200
+
openssl (1.0.1h-3) unstable; urgency=medium
* New upstream git snapshot
Modified: openssl/branches/1.0.1/debian/patches/debian-targets.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/debian-targets.patch 2014-07-23 17:57:56 UTC (rev 687)
+++ openssl/branches/1.0.1/debian/patches/debian-targets.patch 2014-08-06 22:22:34 UTC (rev 688)
@@ -13,7 +13,7 @@
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -340,6 +344,53 @@
+@@ -340,6 +346,55 @@
"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
@@ -48,9 +48,11 @@
+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
Deleted: openssl/branches/1.0.1/debian/patches/git_snapshot.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/git_snapshot.patch 2014-07-23 17:57:56 UTC (rev 687)
+++ openssl/branches/1.0.1/debian/patches/git_snapshot.patch 2014-08-06 22:22:34 UTC (rev 688)
@@ -1,904 +0,0 @@
-diff --git a/CHANGES b/CHANGES
-index d161eca..53b6c6f 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -2,6 +2,10 @@
- OpenSSL CHANGES
- _______________
-
-+ Changes between 1.0.1h and 1.0.1i [xx XXX xxxx]
-+
-+ *)
-+
- Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
-
- *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
-diff --git a/NEWS b/NEWS
-index d062041..58ce8fa 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,6 +5,15 @@
- This file gives a brief overview of the major changes between each OpenSSL
- release. For more details please read the CHANGES file.
-
-+ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [under development]
-+
-+ o
-+
-+ Known issues in OpenSSL 1.0.1h:
-+
-+ o EAP-FAST and other applications using tls_session_secret_cb
-+ wont resume sessions. Fixed in 1.0.1i-dev
-+
- Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
-
- o Fix for CVE-2014-0224
-diff --git a/README b/README
-index 95c5cd2..37dbb3b 100644
---- a/README
-+++ b/README
-@@ -1,5 +1,5 @@
-
-- OpenSSL 1.0.1h 5 Jun 2014
-+ OpenSSL 1.0.1i-dev
-
- Copyright (c) 1998-2011 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
-diff --git a/apps/enc.c b/apps/enc.c
-index 19ea3df..c6a211b 100644
---- a/apps/enc.c
-+++ b/apps/enc.c
-@@ -67,7 +67,9 @@
- #include <openssl/x509.h>
- #include <openssl/rand.h>
- #include <openssl/pem.h>
-+#ifndef OPENSSL_NO_COMP
- #include <openssl/comp.h>
-+#endif
- #include <ctype.h>
-
- int set_hex(char *in,unsigned char *out,int size);
-diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
-index af5fc16..b4126ad 100644
---- a/crypto/ocsp/ocsp_ht.c
-+++ b/crypto/ocsp/ocsp_ht.c
-@@ -490,6 +490,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
-
- ctx = OCSP_sendreq_new(b, path, req, -1);
-
-+ if (!ctx)
-+ return NULL;
-+
- do
- {
- rv = OCSP_sendreq_nbio(&resp, ctx);
-diff --git a/crypto/opensslv.h b/crypto/opensslv.h
-index c3b6ace..a59982e 100644
---- a/crypto/opensslv.h
-+++ b/crypto/opensslv.h
-@@ -25,11 +25,11 @@
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- * major minor fix final patch/beta)
- */
--#define OPENSSL_VERSION_NUMBER 0x1000108fL
-+#define OPENSSL_VERSION_NUMBER 0x10001090L
- #ifdef OPENSSL_FIPS
--#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips 5 Jun 2014"
-+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips-dev xx XXX xxxx"
- #else
--#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h 5 Jun 2014"
-+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-dev xx XXX xxxx"
- #endif
- #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
-
-diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
-index 7f14280..14ba69d 100644
---- a/crypto/rand/randfile.c
-+++ b/crypto/rand/randfile.c
-@@ -79,6 +79,7 @@
- #endif
- #ifndef OPENSSL_NO_POSIX_IO
- # include <sys/stat.h>
-+# include <fcntl.h>
- #endif
-
- #ifdef _WIN32
-diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
-index f44aa00..6086d0a 100644
---- a/doc/apps/ciphers.pod
-+++ b/doc/apps/ciphers.pod
-@@ -36,7 +36,7 @@ SSL v2 and for SSL v3/TLS v1.
-
- =item B<-V>
-
--Like B<-V>, but include cipher suite codes in output (hex format).
-+Like B<-v>, but include cipher suite codes in output (hex format).
-
- =item B<-ssl3>
-
-@@ -116,8 +116,8 @@ specified.
- =item B<COMPLEMENTOFDEFAULT>
-
- the ciphers included in B<ALL>, but not enabled by default. Currently
--this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
--not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
-+this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
-+which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
-
- =item B<ALL>
-
-@@ -165,21 +165,58 @@ included.
- =item B<aNULL>
-
- the cipher suites offering no authentication. This is currently the anonymous
--DH algorithms. These cipher suites are vulnerable to a "man in the middle"
--attack and so their use is normally discouraged.
-+DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
-+to a "man in the middle" attack and so their use is normally discouraged.
-
- =item B<kRSA>, B<RSA>
-
- cipher suites using RSA key exchange.
-
-+=item B<kDHr>, B<kDHd>, B<kDH>
-+
-+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
-+and DSS keys or either respectively. Not implemented.
-+
- =item B<kEDH>
-
--cipher suites using ephemeral DH key agreement.
-+cipher suites using ephemeral DH key agreement, including anonymous cipher
-+suites.
-
--=item B<kDHr>, B<kDHd>
-+=item B<EDH>
-
--cipher suites using DH key agreement and DH certificates signed by CAs with RSA
--and DSS keys respectively. Not implemented.
-+cipher suites using authenticated ephemeral DH key agreement.
-+
-+=item B<ADH>
-+
-+anonymous DH cipher suites, note that this does not include anonymous Elliptic
-+Curve DH (ECDH) cipher suites.
-+
-+=item B<DH>
-+
-+cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
-+
-+=item B<kECDHr>, B<kECDHe>, B<kECDH>
-+
-+cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
-+keys or either respectively.
-+
-+=item B<kEECDH>
-+
-+cipher suites using ephemeral ECDH key agreement, including anonymous
-+cipher suites.
-+
-+=item B<EECDHE>
-+
-+cipher suites using authenticated ephemeral ECDH key agreement.
-+
-+=item B<AECDH>
-+
-+anonymous Elliptic Curve Diffie Hellman cipher suites.
-+
-+=item B<ECDH>
-+
-+cipher suites using ECDH key exchange, including anonymous, ephemeral and
-+fixed ECDH.
-
- =item B<aRSA>
-
-@@ -194,30 +231,39 @@ cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
- cipher suites effectively using DH authentication, i.e. the certificates carry
- DH keys. Not implemented.
-
-+=item B<aECDH>
-+
-+cipher suites effectively using ECDH authentication, i.e. the certificates
-+carry ECDH keys.
-+
-+=item B<aECDSA>, B<ECDSA>
-+
-+cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
-+keys.
-+
- =item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
- ciphers suites using FORTEZZA key exchange, authentication, encryption or all
- FORTEZZA algorithms. Not implemented.
-
--=item B<TLSv1>, B<SSLv3>, B<SSLv2>
--
--TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
-+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2>
-
--=item B<DH>
--
--cipher suites using DH, including anonymous DH.
-+TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note:
-+there are no ciphersuites specific to TLS v1.1.
-
--=item B<ADH>
-+=item B<AES128>, B<AES256>, B<AES>
-
--anonymous DH cipher suites.
-+cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
-
--=item B<AES>
-+=item B<AESGCM>
-
--cipher suites using AES.
-+AES in Galois Counter Mode (GCM): these ciphersuites are only supported
-+in TLS v1.2.
-
--=item B<CAMELLIA>
-+=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
-
--cipher suites using Camellia.
-+cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
-+CAMELLIA.
-
- =item B<3DES>
-
-@@ -251,6 +297,10 @@ cipher suites using MD5.
-
- cipher suites using SHA1.
-
-+=item B<SHA256>, B<SHA384>
-+
-+ciphersuites using SHA256 or SHA384.
-+
- =item B<aGOST>
-
- cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
-@@ -277,6 +327,9 @@ cipher suites, using HMAC based on GOST R 34.11-94.
-
- cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
-
-+=item B<PSK>
-+
-+cipher suites using pre-shared keys (PSK).
-
- =back
-
-@@ -423,7 +476,100 @@ Note: these ciphers can also be used in SSL v3.
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
-
--=head2 SSL v2.0 cipher suites.
-+=head2 Elliptic curve cipher suites.
-+
-+ TLS_ECDH_RSA_WITH_NULL_SHA ECDH-RSA-NULL-SHA
-+ TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA
-+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA
-+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA
-+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA
-+
-+ TLS_ECDH_ECDSA_WITH_NULL_SHA ECDH-ECDSA-NULL-SHA
-+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA
-+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA
-+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
-+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
-+
-+ TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
-+ TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
-+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
-+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
-+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
-+
-+ TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA
-+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
-+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
-+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
-+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
-+
-+ TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA
-+ TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
-+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
-+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
-+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
-+
-+=head2 TLS v1.2 cipher suites
-+
-+ TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
-+
-+ TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
-+ TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
-+ TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
-+ TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
-+
-+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Not implemented.
-+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Not implemented.
-+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Not implemented.
-+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Not implemented.
-+
-+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Not implemented.
-+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Not implemented.
-+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Not implemented.
-+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Not implemented.
-+
-+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
-+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
-+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
-+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
-+
-+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
-+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
-+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
-+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
-+
-+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256
-+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384
-+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
-+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384
-+
-+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
-+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
-+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
-+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
-+
-+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
-+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
-+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
-+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
-+
-+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
-+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
-+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
-+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
-+
-+ TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
-+ TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
-+ TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
-+ TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
-+
-+=head2 Pre shared keying (PSK) cipheruites
-+
-+ TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA
-+ TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
-+ TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
-+ TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
-+
-+=head2 Deprecated SSL v2.0 cipher suites.
-
- SSL_CK_RC4_128_WITH_MD5 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
-@@ -452,6 +598,11 @@ strength:
-
- openssl ciphers -v 'ALL:!ADH:@STRENGTH'
-
-+Include all ciphers except ones with no encryption (eNULL) or no
-+authentication (aNULL):
-+
-+ openssl ciphers -v 'ALL:!aNULL'
-+
- Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
-index 367691c..310c65e 100644
---- a/doc/crypto/EVP_DigestInit.pod
-+++ b/doc/crypto/EVP_DigestInit.pod
-@@ -161,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
- EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
- corresponding OBJECT IDENTIFIER or NID_undef if none exists.
-
--EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
--EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
--size in bytes.
-+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
-+EVP_MD_CTX_block_size() return the digest or block size in bytes.
-
- EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
- EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
-diff --git a/openssl.spec b/openssl.spec
-index f0f5ea8..a7e2776 100644
---- a/openssl.spec
-+++ b/openssl.spec
-@@ -7,7 +7,7 @@ Release: 1
- Summary: Secure Sockets Layer and cryptography libraries and tools
- Name: openssl
- #Version: %{libmaj}.%{libmin}.%{librel}
--Version: 1.0.1h
-+Version: 1.0.1i
- Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
- License: OpenSSL
- Group: System Environment/Libraries
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 04aa231..c1eb970 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -1180,6 +1180,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
- OPENSSL_assert(s->init_off == 0);
-
- frag = dtls1_hm_fragment_new(s->init_num, 0);
-+ if (!frag)
-+ return 0;
-
- memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
-diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c
-index d8cc559..a0a3690 100644
---- a/ssl/heartbeat_test.c
-+++ b/ssl/heartbeat_test.c
-@@ -38,6 +38,7 @@
- * http://mike-bland.com/tags/heartbleed.html
- */
-
-+#include "../test/testutil.h"
- #include "../ssl/ssl_locl.h"
- #include <ctype.h>
- #include <stdio.h>
-@@ -263,13 +264,10 @@ static int honest_payload_size(unsigned char payload_buf[])
- }
-
- #define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
-- HEARTBEAT_TEST_FIXTURE fixture = set_up_##type(__func__);\
-- int result = 0
-+ SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
-
- #define EXECUTE_HEARTBEAT_TEST()\
-- if (execute_heartbeat(fixture) != 0) result = 1;\
-- tear_down(fixture);\
-- return result
-+ EXECUTE_TEST(execute_heartbeat, tear_down)
-
- static int test_dtls1_not_bleeding()
- {
-diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
-index 9914604..c0bdae5 100644
---- a/ssl/s2_lib.c
-+++ b/ssl/s2_lib.c
-@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
- SSL_SSLV2,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
-- 168,
-+ 112,
- 168,
- },
-
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 0457af8..2afb892 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -510,6 +510,7 @@ int ssl3_connect(SSL *s)
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
-+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
-@@ -901,6 +902,7 @@ int ssl3_get_server_hello(SSL *s)
- {
- s->session->cipher = pref_cipher ?
- pref_cipher : ssl_get_cipher_by_char(s, p+j);
-+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
- }
- }
- #endif /* OPENSSL_NO_TLSEXT */
-diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
-index e3cd4f0..9962677 100644
---- a/ssl/s3_enc.c
-+++ b/ssl/s3_enc.c
-@@ -642,10 +642,18 @@ int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
- int ssl3_final_finish_mac(SSL *s,
- const char *sender, int len, unsigned char *p)
- {
-- int ret;
-+ int ret, sha1len;
- ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
-+ if(ret == 0)
-+ return 0;
-+
- p+=ret;
-- ret+=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
-+
-+ sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
-+ if(sha1len == 0)
-+ return 0;
-+
-+ ret+=sha1len;
- return(ret);
- }
- static int ssl3_handshake_mac(SSL *s, int md_nid,
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index c4ef273..4835bef 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2426,13 +2426,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
- TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
- SSL_kSRP,
-- SSL_aNULL,
-+ SSL_aSRP,
- SSL_3DES,
- SSL_SHA1,
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 112,
- 168,
- },
-
-@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
- TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
- SSL_kSRP,
-- SSL_aNULL,
-+ SSL_aSRP,
- SSL_AES128,
- SSL_SHA1,
- SSL_TLSV1,
-@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
- TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
- SSL_kSRP,
-- SSL_aNULL,
-+ SSL_aSRP,
- SSL_AES256,
- SSL_SHA1,
- SSL_TLSV1,
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 4c1242c..a9b15d4 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -264,6 +264,7 @@ extern "C" {
- #define SSL_TXT_aGOST94 "aGOST94"
- #define SSL_TXT_aGOST01 "aGOST01"
- #define SSL_TXT_aGOST "aGOST"
-+#define SSL_TXT_aSRP "aSRP"
-
- #define SSL_TXT_DSS "DSS"
- #define SSL_TXT_DH "DH"
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 0aba8e0..58f58e0 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -270,6 +270,7 @@ static const SSL_CIPHER cipher_aliases[]={
- {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
- {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
- {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
-+ {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0},
-
- /* aliases combining key exchange and server authentication */
- {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-@@ -562,7 +563,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- break;
- }
-
-- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
-+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
- *enc=NULL;
- else
- {
-@@ -596,7 +597,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- i= -1;
- break;
- }
-- if ((i < 0) || (i > SSL_MD_NUM_IDX))
-+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
- {
- *md=NULL;
- if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
-@@ -1628,6 +1629,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
- case SSL_aPSK:
- au="PSK";
- break;
-+ case SSL_aSRP:
-+ au="SRP";
-+ break;
- default:
- au="unknown";
- break;
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index e485907..eb4d8f2 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -311,6 +311,7 @@
- #define SSL_aPSK 0x00000080L /* PSK auth */
- #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
- #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
-+#define SSL_aSRP 0x00000400L /* SRP auth */
-
-
- /* Bits for algorithm_enc (symmetric encryption) */
-diff --git a/test/Makefile b/test/Makefile
-index 005f2e8..3e9f819 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -370,6 +370,13 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- link_app.$${shlib_target}
-
-+BUILD_CMD_STATIC=shlib_target=; \
-+ LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
-+ $(MAKE) -f $(TOP)/Makefile.shared -e \
-+ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
-+ link_app.$${shlib_target}
-+
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
-
-@@ -476,7 +483,7 @@ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
-
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
-- @target=$(HEARTBEATTEST); $(BUILD_CMD)
-+ @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-
- #$(AESTEST).o: $(AESTEST).c
- # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-diff --git a/test/testutil.h b/test/testutil.h
-new file mode 100644
-index 0000000..3e9cb84
---- /dev/null
-+++ b/test/testutil.h
-@@ -0,0 +1,116 @@
-+/* test/testutil.h */
-+/*
-+ * Utilities for writing OpenSSL unit tests.
-+ *
-+ * More information:
-+ * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL
-+ *
-+ * Author: Mike Bland (mbland at acm.org)
-+ * Date: 2014-06-07
-+ * ====================================================================
-+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing at OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#ifndef HEADER_TESTUTIL_H
-+#define HEADER_TESTUTIL_H
-+
-+/* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
-+ *
-+ * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE
-+ * object called "fixture". It will also allocate the "result" variable used
-+ * by EXECUTE_TEST. set_up() should take a const char* specifying the test
-+ * case name and return a TEST_FIXTURE_TYPE by value.
-+ *
-+ * EXECUTE_TEST will pass fixture to execute_func() by value, call
-+ * tear_down(), and return the result of execute_func(). execute_func() should
-+ * take a TEST_FIXTURE_TYPE by value and return zero on success or one on
-+ * failure.
-+ *
-+ * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST
-+ * variations like so:
-+ *
-+ * #define SETUP_FOOBAR_TEST_FIXTURE()\
-+ * SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar)
-+ *
-+ * #define EXECUTE_FOOBAR_TEST()\
-+ * EXECUTE_TEST(execute_foobar, tear_down_foobar)
-+ *
-+ * Then test case functions can take the form:
-+ *
-+ * static int test_foobar_feature()
-+ * {
-+ * SETUP_FOOBAR_TEST_FIXTURE();
-+ * [...set individual members of fixture...]
-+ * EXECUTE_FOOBAR_TEST();
-+ * }
-+ */
-+#define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\
-+ TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME);\
-+ int result = 0
-+
-+#define EXECUTE_TEST(execute_func, tear_down)\
-+ if (execute_func(fixture) != 0) result = 1;\
-+ tear_down(fixture);\
-+ return result
-+
-+/* TEST_CASE_NAME is defined as the name of the test case function where
-+ * possible; otherwise we get by with the file name and line number.
-+ */
-+#if __STDC_VERSION__ < 199901L
-+#if defined(_MSC_VER)
-+#define TEST_CASE_NAME __FUNCTION__
-+#else
-+#define testutil_stringify_helper(s) #s
-+#define testutil_stringify(s) testutil_stringify_helper(s)
-+#define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__)
-+#endif /* _MSC_VER */
-+#else
-+#define TEST_CASE_NAME __func__
-+#endif /* __STDC_VERSION__ */
-+
-+#endif /* HEADER_TESTUTIL_H */
Modified: openssl/branches/1.0.1/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series 2014-07-23 17:57:56 UTC (rev 687)
+++ openssl/branches/1.0.1/debian/patches/series 2014-08-06 22:22:34 UTC (rev 688)
@@ -21,4 +21,3 @@
#padlock_conf.patch
defaults.patch
openssl_fix_for_x32.patch
-git_snapshot.patch
More information about the Pkg-openssl-changes
mailing list