From owner-svn-src-stable-8@FreeBSD.ORG Thu Aug 7 21:06:42 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D46C721 for ; Thu, 7 Aug 2014 21:06:42 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3FAA0271A for ; Thu, 7 Aug 2014 21:06:42 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 20d5 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 21:06:35 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 21:06:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269687 - in stable: 8/crypto/openssl 8/crypto/openssl/apps 8/crypto/openssl/crypto 8/crypto/openssl/crypto/asn1 8/crypto/openssl/crypto/bio 8/crypto/openssl/crypto/bn 8/crypto/openssl/... X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3ea5b.20d5.4df5807d@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 21:06:42 -0000 Author: jkim Date: Thu Aug 7 21:06:34 2014 New Revision: 269687 URL: http://svnweb.freebsd.org/changeset/base/269687 Log: Merge OpenSSL 0.9.8zb. Added: stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) Deleted: stable/8/crypto/openssl/crypto/pkcs7/bio_ber.c stable/8/crypto/openssl/crypto/pkcs7/dec.c stable/8/crypto/openssl/crypto/pkcs7/des.pem stable/8/crypto/openssl/crypto/pkcs7/doc stable/8/crypto/openssl/crypto/pkcs7/enc.c stable/8/crypto/openssl/crypto/pkcs7/es1.pem stable/8/crypto/openssl/crypto/pkcs7/example.c stable/8/crypto/openssl/crypto/pkcs7/example.h stable/8/crypto/openssl/crypto/pkcs7/info.pem stable/8/crypto/openssl/crypto/pkcs7/infokey.pem stable/8/crypto/openssl/crypto/pkcs7/p7/ stable/8/crypto/openssl/crypto/pkcs7/server.pem stable/8/crypto/openssl/crypto/pkcs7/sign.c stable/8/crypto/openssl/crypto/pkcs7/t/ stable/8/crypto/openssl/crypto/pkcs7/verify.c stable/8/crypto/openssl/demos/eay/ stable/8/crypto/openssl/demos/maurice/ Modified: stable/8/crypto/openssl/CHANGES stable/8/crypto/openssl/FAQ stable/8/crypto/openssl/Makefile stable/8/crypto/openssl/NEWS stable/8/crypto/openssl/README stable/8/crypto/openssl/apps/apps.c stable/8/crypto/openssl/apps/ca.c stable/8/crypto/openssl/apps/crl2p7.c stable/8/crypto/openssl/apps/ocsp.c stable/8/crypto/openssl/apps/s_server.c stable/8/crypto/openssl/apps/speed.c stable/8/crypto/openssl/crypto/asn1/a_object.c stable/8/crypto/openssl/crypto/asn1/asn1_lib.c stable/8/crypto/openssl/crypto/asn1/asn_mime.c stable/8/crypto/openssl/crypto/asn1/asn_pack.c stable/8/crypto/openssl/crypto/asn1/evp_asn1.c stable/8/crypto/openssl/crypto/asn1/t_x509.c stable/8/crypto/openssl/crypto/asn1/tasn_enc.c stable/8/crypto/openssl/crypto/bio/bio_lib.c stable/8/crypto/openssl/crypto/bn/bn_gf2m.c stable/8/crypto/openssl/crypto/bn/bn_lib.c stable/8/crypto/openssl/crypto/bn/bn_sqr.c stable/8/crypto/openssl/crypto/conf/conf_api.c stable/8/crypto/openssl/crypto/conf/conf_def.c stable/8/crypto/openssl/crypto/ec/ec_lib.c stable/8/crypto/openssl/crypto/ec/ecp_smpl.c stable/8/crypto/openssl/crypto/idea/ideatest.c stable/8/crypto/openssl/crypto/objects/obj_dat.c stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c stable/8/crypto/openssl/crypto/opensslv.h stable/8/crypto/openssl/crypto/pkcs7/Makefile stable/8/crypto/openssl/crypto/rsa/rsa_eay.c stable/8/crypto/openssl/crypto/ui/ui_lib.c stable/8/crypto/openssl/doc/apps/asn1parse.pod stable/8/crypto/openssl/doc/apps/ca.pod stable/8/crypto/openssl/doc/apps/crl.pod stable/8/crypto/openssl/doc/apps/dhparam.pod stable/8/crypto/openssl/doc/apps/dsa.pod stable/8/crypto/openssl/doc/apps/ecparam.pod stable/8/crypto/openssl/doc/apps/gendsa.pod stable/8/crypto/openssl/doc/apps/genrsa.pod stable/8/crypto/openssl/doc/apps/rsa.pod stable/8/crypto/openssl/doc/apps/s_client.pod stable/8/crypto/openssl/doc/apps/s_server.pod stable/8/crypto/openssl/doc/apps/verify.pod stable/8/crypto/openssl/doc/apps/x509.pod stable/8/crypto/openssl/doc/apps/x509v3_config.pod stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/8/crypto/openssl/doc/crypto/BIO_f_base64.pod stable/8/crypto/openssl/doc/crypto/BIO_push.pod stable/8/crypto/openssl/doc/crypto/ERR_get_error.pod stable/8/crypto/openssl/doc/crypto/RSA_set_method.pod stable/8/crypto/openssl/doc/crypto/RSA_sign.pod stable/8/crypto/openssl/doc/crypto/des.pod stable/8/crypto/openssl/doc/crypto/err.pod stable/8/crypto/openssl/doc/crypto/pem.pod stable/8/crypto/openssl/doc/crypto/ui.pod stable/8/crypto/openssl/doc/fingerprints.txt stable/8/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod stable/8/crypto/openssl/doc/ssl/SSL_get_version.pod stable/8/crypto/openssl/doc/ssl/SSL_shutdown.pod stable/8/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod stable/8/crypto/openssl/openssl.spec stable/8/crypto/openssl/ssl/d1_both.c stable/8/crypto/openssl/ssl/d1_clnt.c stable/8/crypto/openssl/ssl/d1_srvr.c stable/8/crypto/openssl/ssl/s23_lib.c stable/8/crypto/openssl/ssl/s23_srvr.c stable/8/crypto/openssl/ssl/s3_clnt.c stable/8/crypto/openssl/ssl/s3_pkt.c stable/8/crypto/openssl/ssl/s3_srvr.c stable/8/crypto/openssl/ssl/ssl_ciph.c stable/8/crypto/openssl/ssl/ssl_stat.c stable/8/crypto/openssl/ssl/t1_lib.c stable/8/crypto/openssl/util/mkerr.pl stable/8/secure/lib/libcrypto/Makefile stable/8/secure/lib/libcrypto/Makefile.inc stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/8/secure/lib/libcrypto/man/BIO_ctrl.3 stable/8/secure/lib/libcrypto/man/BIO_f_base64.3 stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/8/secure/lib/libcrypto/man/BIO_f_md.3 stable/8/secure/lib/libcrypto/man/BIO_f_null.3 stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/8/secure/lib/libcrypto/man/BIO_find_type.3 stable/8/secure/lib/libcrypto/man/BIO_new.3 stable/8/secure/lib/libcrypto/man/BIO_push.3 stable/8/secure/lib/libcrypto/man/BIO_read.3 stable/8/secure/lib/libcrypto/man/BIO_s_accept.3 stable/8/secure/lib/libcrypto/man/BIO_s_bio.3 stable/8/secure/lib/libcrypto/man/BIO_s_connect.3 stable/8/secure/lib/libcrypto/man/BIO_s_fd.3 stable/8/secure/lib/libcrypto/man/BIO_s_file.3 stable/8/secure/lib/libcrypto/man/BIO_s_mem.3 stable/8/secure/lib/libcrypto/man/BIO_s_null.3 stable/8/secure/lib/libcrypto/man/BIO_s_socket.3 stable/8/secure/lib/libcrypto/man/BIO_set_callback.3 stable/8/secure/lib/libcrypto/man/BIO_should_retry.3 stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_start.3 stable/8/secure/lib/libcrypto/man/BN_add.3 stable/8/secure/lib/libcrypto/man/BN_add_word.3 stable/8/secure/lib/libcrypto/man/BN_bn2bin.3 stable/8/secure/lib/libcrypto/man/BN_cmp.3 stable/8/secure/lib/libcrypto/man/BN_copy.3 stable/8/secure/lib/libcrypto/man/BN_generate_prime.3 stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/8/secure/lib/libcrypto/man/BN_new.3 stable/8/secure/lib/libcrypto/man/BN_num_bytes.3 stable/8/secure/lib/libcrypto/man/BN_rand.3 stable/8/secure/lib/libcrypto/man/BN_set_bit.3 stable/8/secure/lib/libcrypto/man/BN_swap.3 stable/8/secure/lib/libcrypto/man/BN_zero.3 stable/8/secure/lib/libcrypto/man/CONF_modules_free.3 stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/8/secure/lib/libcrypto/man/DH_generate_key.3 stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DH_new.3 stable/8/secure/lib/libcrypto/man/DH_set_method.3 stable/8/secure/lib/libcrypto/man/DH_size.3 stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/8/secure/lib/libcrypto/man/DSA_do_sign.3 stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/8/secure/lib/libcrypto/man/DSA_generate_key.3 stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DSA_new.3 stable/8/secure/lib/libcrypto/man/DSA_set_method.3 stable/8/secure/lib/libcrypto/man/DSA_sign.3 stable/8/secure/lib/libcrypto/man/DSA_size.3 stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/8/secure/lib/libcrypto/man/ERR_clear_error.3 stable/8/secure/lib/libcrypto/man/ERR_error_string.3 stable/8/secure/lib/libcrypto/man/ERR_get_error.3 stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/8/secure/lib/libcrypto/man/ERR_load_strings.3 stable/8/secure/lib/libcrypto/man/ERR_print_errors.3 stable/8/secure/lib/libcrypto/man/ERR_put_error.3 stable/8/secure/lib/libcrypto/man/ERR_remove_state.3 stable/8/secure/lib/libcrypto/man/ERR_set_mark.3 stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/8/secure/lib/libcrypto/man/EVP_SealInit.3 stable/8/secure/lib/libcrypto/man/EVP_SignInit.3 stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/8/secure/lib/libcrypto/man/OPENSSL_config.3 stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/8/secure/lib/libcrypto/man/PKCS12_create.3 stable/8/secure/lib/libcrypto/man/PKCS12_parse.3 stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_sign.3 stable/8/secure/lib/libcrypto/man/PKCS7_verify.3 stable/8/secure/lib/libcrypto/man/RAND_add.3 stable/8/secure/lib/libcrypto/man/RAND_bytes.3 stable/8/secure/lib/libcrypto/man/RAND_cleanup.3 stable/8/secure/lib/libcrypto/man/RAND_egd.3 stable/8/secure/lib/libcrypto/man/RAND_load_file.3 stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/8/secure/lib/libcrypto/man/RSA_check_key.3 stable/8/secure/lib/libcrypto/man/RSA_generate_key.3 stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/RSA_new.3 stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/8/secure/lib/libcrypto/man/RSA_print.3 stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_set_method.3 stable/8/secure/lib/libcrypto/man/RSA_sign.3 stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/8/secure/lib/libcrypto/man/RSA_size.3 stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/8/secure/lib/libcrypto/man/X509_new.3 stable/8/secure/lib/libcrypto/man/bio.3 stable/8/secure/lib/libcrypto/man/blowfish.3 stable/8/secure/lib/libcrypto/man/bn.3 stable/8/secure/lib/libcrypto/man/bn_internal.3 stable/8/secure/lib/libcrypto/man/buffer.3 stable/8/secure/lib/libcrypto/man/crypto.3 stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/8/secure/lib/libcrypto/man/d2i_DHparams.3 stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_X509.3 stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/8/secure/lib/libcrypto/man/des.3 stable/8/secure/lib/libcrypto/man/dh.3 stable/8/secure/lib/libcrypto/man/dsa.3 stable/8/secure/lib/libcrypto/man/ecdsa.3 stable/8/secure/lib/libcrypto/man/engine.3 stable/8/secure/lib/libcrypto/man/err.3 stable/8/secure/lib/libcrypto/man/evp.3 stable/8/secure/lib/libcrypto/man/hmac.3 stable/8/secure/lib/libcrypto/man/lh_stats.3 stable/8/secure/lib/libcrypto/man/lhash.3 stable/8/secure/lib/libcrypto/man/md5.3 stable/8/secure/lib/libcrypto/man/mdc2.3 stable/8/secure/lib/libcrypto/man/pem.3 stable/8/secure/lib/libcrypto/man/rand.3 stable/8/secure/lib/libcrypto/man/rc4.3 stable/8/secure/lib/libcrypto/man/ripemd.3 stable/8/secure/lib/libcrypto/man/rsa.3 stable/8/secure/lib/libcrypto/man/sha.3 stable/8/secure/lib/libcrypto/man/threads.3 stable/8/secure/lib/libcrypto/man/ui.3 stable/8/secure/lib/libcrypto/man/ui_compat.3 stable/8/secure/lib/libcrypto/man/x509.3 stable/8/secure/lib/libssl/Makefile.man stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_free.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/8/secure/lib/libssl/man/SSL_CTX_new.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/8/secure/lib/libssl/man/SSL_SESSION_free.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/8/secure/lib/libssl/man/SSL_accept.3 stable/8/secure/lib/libssl/man/SSL_alert_type_string.3 stable/8/secure/lib/libssl/man/SSL_clear.3 stable/8/secure/lib/libssl/man/SSL_connect.3 stable/8/secure/lib/libssl/man/SSL_do_handshake.3 stable/8/secure/lib/libssl/man/SSL_free.3 stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/8/secure/lib/libssl/man/SSL_get_ciphers.3 stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/8/secure/lib/libssl/man/SSL_get_error.3 stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_get_fd.3 stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/8/secure/lib/libssl/man/SSL_get_rbio.3 stable/8/secure/lib/libssl/man/SSL_get_session.3 stable/8/secure/lib/libssl/man/SSL_get_verify_result.3 stable/8/secure/lib/libssl/man/SSL_get_version.3 stable/8/secure/lib/libssl/man/SSL_library_init.3 stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/8/secure/lib/libssl/man/SSL_new.3 stable/8/secure/lib/libssl/man/SSL_pending.3 stable/8/secure/lib/libssl/man/SSL_read.3 stable/8/secure/lib/libssl/man/SSL_rstate_string.3 stable/8/secure/lib/libssl/man/SSL_session_reused.3 stable/8/secure/lib/libssl/man/SSL_set_bio.3 stable/8/secure/lib/libssl/man/SSL_set_connect_state.3 stable/8/secure/lib/libssl/man/SSL_set_fd.3 stable/8/secure/lib/libssl/man/SSL_set_session.3 stable/8/secure/lib/libssl/man/SSL_set_shutdown.3 stable/8/secure/lib/libssl/man/SSL_set_verify_result.3 stable/8/secure/lib/libssl/man/SSL_shutdown.3 stable/8/secure/lib/libssl/man/SSL_state_string.3 stable/8/secure/lib/libssl/man/SSL_want.3 stable/8/secure/lib/libssl/man/SSL_write.3 stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/8/secure/lib/libssl/man/ssl.3 stable/8/secure/usr.bin/openssl/man/CA.pl.1 stable/8/secure/usr.bin/openssl/man/asn1parse.1 stable/8/secure/usr.bin/openssl/man/ca.1 stable/8/secure/usr.bin/openssl/man/ciphers.1 stable/8/secure/usr.bin/openssl/man/crl.1 stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/8/secure/usr.bin/openssl/man/dgst.1 stable/8/secure/usr.bin/openssl/man/dhparam.1 stable/8/secure/usr.bin/openssl/man/dsa.1 stable/8/secure/usr.bin/openssl/man/dsaparam.1 stable/8/secure/usr.bin/openssl/man/ec.1 stable/8/secure/usr.bin/openssl/man/ecparam.1 stable/8/secure/usr.bin/openssl/man/enc.1 stable/8/secure/usr.bin/openssl/man/errstr.1 stable/8/secure/usr.bin/openssl/man/gendsa.1 stable/8/secure/usr.bin/openssl/man/genrsa.1 stable/8/secure/usr.bin/openssl/man/nseq.1 stable/8/secure/usr.bin/openssl/man/ocsp.1 stable/8/secure/usr.bin/openssl/man/openssl.1 stable/8/secure/usr.bin/openssl/man/passwd.1 stable/8/secure/usr.bin/openssl/man/pkcs12.1 stable/8/secure/usr.bin/openssl/man/pkcs7.1 stable/8/secure/usr.bin/openssl/man/pkcs8.1 stable/8/secure/usr.bin/openssl/man/rand.1 stable/8/secure/usr.bin/openssl/man/req.1 stable/8/secure/usr.bin/openssl/man/rsa.1 stable/8/secure/usr.bin/openssl/man/rsautl.1 stable/8/secure/usr.bin/openssl/man/s_client.1 stable/8/secure/usr.bin/openssl/man/s_server.1 stable/8/secure/usr.bin/openssl/man/s_time.1 stable/8/secure/usr.bin/openssl/man/sess_id.1 stable/8/secure/usr.bin/openssl/man/smime.1 stable/8/secure/usr.bin/openssl/man/speed.1 stable/8/secure/usr.bin/openssl/man/spkac.1 stable/8/secure/usr.bin/openssl/man/verify.1 stable/8/secure/usr.bin/openssl/man/version.1 stable/8/secure/usr.bin/openssl/man/x509.1 stable/8/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/8/crypto/openssl/ (props changed) Changes in other areas also in this revision: Added: stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) Deleted: stable/9/crypto/openssl/crypto/pkcs7/bio_ber.c stable/9/crypto/openssl/crypto/pkcs7/dec.c stable/9/crypto/openssl/crypto/pkcs7/des.pem stable/9/crypto/openssl/crypto/pkcs7/doc stable/9/crypto/openssl/crypto/pkcs7/enc.c stable/9/crypto/openssl/crypto/pkcs7/es1.pem stable/9/crypto/openssl/crypto/pkcs7/example.c stable/9/crypto/openssl/crypto/pkcs7/example.h stable/9/crypto/openssl/crypto/pkcs7/info.pem stable/9/crypto/openssl/crypto/pkcs7/infokey.pem stable/9/crypto/openssl/crypto/pkcs7/p7/ stable/9/crypto/openssl/crypto/pkcs7/server.pem stable/9/crypto/openssl/crypto/pkcs7/sign.c stable/9/crypto/openssl/crypto/pkcs7/t/ stable/9/crypto/openssl/crypto/pkcs7/verify.c stable/9/crypto/openssl/demos/eay/ stable/9/crypto/openssl/demos/maurice/ Modified: stable/9/crypto/openssl/CHANGES stable/9/crypto/openssl/FAQ stable/9/crypto/openssl/Makefile stable/9/crypto/openssl/NEWS stable/9/crypto/openssl/README stable/9/crypto/openssl/apps/apps.c stable/9/crypto/openssl/apps/ca.c stable/9/crypto/openssl/apps/crl2p7.c stable/9/crypto/openssl/apps/ocsp.c stable/9/crypto/openssl/apps/s_server.c stable/9/crypto/openssl/apps/speed.c stable/9/crypto/openssl/crypto/asn1/a_object.c stable/9/crypto/openssl/crypto/asn1/asn1_lib.c stable/9/crypto/openssl/crypto/asn1/asn_mime.c stable/9/crypto/openssl/crypto/asn1/asn_pack.c stable/9/crypto/openssl/crypto/asn1/evp_asn1.c stable/9/crypto/openssl/crypto/asn1/t_x509.c stable/9/crypto/openssl/crypto/asn1/tasn_enc.c stable/9/crypto/openssl/crypto/bio/bio_lib.c stable/9/crypto/openssl/crypto/bn/bn_gf2m.c stable/9/crypto/openssl/crypto/bn/bn_lib.c stable/9/crypto/openssl/crypto/bn/bn_sqr.c stable/9/crypto/openssl/crypto/conf/conf_api.c stable/9/crypto/openssl/crypto/conf/conf_def.c stable/9/crypto/openssl/crypto/ec/ec_lib.c stable/9/crypto/openssl/crypto/ec/ecp_smpl.c stable/9/crypto/openssl/crypto/idea/ideatest.c stable/9/crypto/openssl/crypto/objects/obj_dat.c stable/9/crypto/openssl/crypto/ocsp/ocsp_ht.c stable/9/crypto/openssl/crypto/ocsp/ocsp_lib.c stable/9/crypto/openssl/crypto/opensslv.h stable/9/crypto/openssl/crypto/pkcs7/Makefile stable/9/crypto/openssl/crypto/rsa/rsa_eay.c stable/9/crypto/openssl/crypto/ui/ui_lib.c stable/9/crypto/openssl/doc/apps/asn1parse.pod stable/9/crypto/openssl/doc/apps/ca.pod stable/9/crypto/openssl/doc/apps/crl.pod stable/9/crypto/openssl/doc/apps/dhparam.pod stable/9/crypto/openssl/doc/apps/dsa.pod stable/9/crypto/openssl/doc/apps/ecparam.pod stable/9/crypto/openssl/doc/apps/gendsa.pod stable/9/crypto/openssl/doc/apps/genrsa.pod stable/9/crypto/openssl/doc/apps/rsa.pod stable/9/crypto/openssl/doc/apps/s_client.pod stable/9/crypto/openssl/doc/apps/s_server.pod stable/9/crypto/openssl/doc/apps/verify.pod stable/9/crypto/openssl/doc/apps/x509.pod stable/9/crypto/openssl/doc/apps/x509v3_config.pod stable/9/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/9/crypto/openssl/doc/crypto/BIO_f_base64.pod stable/9/crypto/openssl/doc/crypto/BIO_push.pod stable/9/crypto/openssl/doc/crypto/ERR_get_error.pod stable/9/crypto/openssl/doc/crypto/RSA_set_method.pod stable/9/crypto/openssl/doc/crypto/RSA_sign.pod stable/9/crypto/openssl/doc/crypto/des.pod stable/9/crypto/openssl/doc/crypto/err.pod stable/9/crypto/openssl/doc/crypto/pem.pod stable/9/crypto/openssl/doc/crypto/ui.pod stable/9/crypto/openssl/doc/fingerprints.txt stable/9/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod stable/9/crypto/openssl/doc/ssl/SSL_get_version.pod stable/9/crypto/openssl/doc/ssl/SSL_shutdown.pod stable/9/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod stable/9/crypto/openssl/openssl.spec stable/9/crypto/openssl/ssl/d1_both.c stable/9/crypto/openssl/ssl/d1_clnt.c stable/9/crypto/openssl/ssl/d1_srvr.c stable/9/crypto/openssl/ssl/s23_lib.c stable/9/crypto/openssl/ssl/s23_srvr.c stable/9/crypto/openssl/ssl/s3_clnt.c stable/9/crypto/openssl/ssl/s3_pkt.c stable/9/crypto/openssl/ssl/s3_srvr.c stable/9/crypto/openssl/ssl/ssl_ciph.c stable/9/crypto/openssl/ssl/ssl_stat.c stable/9/crypto/openssl/ssl/t1_lib.c stable/9/crypto/openssl/util/mkerr.pl stable/9/secure/lib/libcrypto/Makefile stable/9/secure/lib/libcrypto/Makefile.inc stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/9/secure/lib/libcrypto/man/BIO_ctrl.3 stable/9/secure/lib/libcrypto/man/BIO_f_base64.3 stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/9/secure/lib/libcrypto/man/BIO_f_md.3 stable/9/secure/lib/libcrypto/man/BIO_f_null.3 stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/9/secure/lib/libcrypto/man/BIO_find_type.3 stable/9/secure/lib/libcrypto/man/BIO_new.3 stable/9/secure/lib/libcrypto/man/BIO_push.3 stable/9/secure/lib/libcrypto/man/BIO_read.3 stable/9/secure/lib/libcrypto/man/BIO_s_accept.3 stable/9/secure/lib/libcrypto/man/BIO_s_bio.3 stable/9/secure/lib/libcrypto/man/BIO_s_connect.3 stable/9/secure/lib/libcrypto/man/BIO_s_fd.3 stable/9/secure/lib/libcrypto/man/BIO_s_file.3 stable/9/secure/lib/libcrypto/man/BIO_s_mem.3 stable/9/secure/lib/libcrypto/man/BIO_s_null.3 stable/9/secure/lib/libcrypto/man/BIO_s_socket.3 stable/9/secure/lib/libcrypto/man/BIO_set_callback.3 stable/9/secure/lib/libcrypto/man/BIO_should_retry.3 stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_start.3 stable/9/secure/lib/libcrypto/man/BN_add.3 stable/9/secure/lib/libcrypto/man/BN_add_word.3 stable/9/secure/lib/libcrypto/man/BN_bn2bin.3 stable/9/secure/lib/libcrypto/man/BN_cmp.3 stable/9/secure/lib/libcrypto/man/BN_copy.3 stable/9/secure/lib/libcrypto/man/BN_generate_prime.3 stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/9/secure/lib/libcrypto/man/BN_new.3 stable/9/secure/lib/libcrypto/man/BN_num_bytes.3 stable/9/secure/lib/libcrypto/man/BN_rand.3 stable/9/secure/lib/libcrypto/man/BN_set_bit.3 stable/9/secure/lib/libcrypto/man/BN_swap.3 stable/9/secure/lib/libcrypto/man/BN_zero.3 stable/9/secure/lib/libcrypto/man/CONF_modules_free.3 stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/9/secure/lib/libcrypto/man/DH_generate_key.3 stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DH_new.3 stable/9/secure/lib/libcrypto/man/DH_set_method.3 stable/9/secure/lib/libcrypto/man/DH_size.3 stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/9/secure/lib/libcrypto/man/DSA_do_sign.3 stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/9/secure/lib/libcrypto/man/DSA_generate_key.3 stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DSA_new.3 stable/9/secure/lib/libcrypto/man/DSA_set_method.3 stable/9/secure/lib/libcrypto/man/DSA_sign.3 stable/9/secure/lib/libcrypto/man/DSA_size.3 stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/9/secure/lib/libcrypto/man/ERR_clear_error.3 stable/9/secure/lib/libcrypto/man/ERR_error_string.3 stable/9/secure/lib/libcrypto/man/ERR_get_error.3 stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/9/secure/lib/libcrypto/man/ERR_load_strings.3 stable/9/secure/lib/libcrypto/man/ERR_print_errors.3 stable/9/secure/lib/libcrypto/man/ERR_put_error.3 stable/9/secure/lib/libcrypto/man/ERR_remove_state.3 stable/9/secure/lib/libcrypto/man/ERR_set_mark.3 stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/9/secure/lib/libcrypto/man/EVP_SealInit.3 stable/9/secure/lib/libcrypto/man/EVP_SignInit.3 stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/9/secure/lib/libcrypto/man/OPENSSL_config.3 stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/9/secure/lib/libcrypto/man/PKCS12_create.3 stable/9/secure/lib/libcrypto/man/PKCS12_parse.3 stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_sign.3 stable/9/secure/lib/libcrypto/man/PKCS7_verify.3 stable/9/secure/lib/libcrypto/man/RAND_add.3 stable/9/secure/lib/libcrypto/man/RAND_bytes.3 stable/9/secure/lib/libcrypto/man/RAND_cleanup.3 stable/9/secure/lib/libcrypto/man/RAND_egd.3 stable/9/secure/lib/libcrypto/man/RAND_load_file.3 stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/9/secure/lib/libcrypto/man/RSA_check_key.3 stable/9/secure/lib/libcrypto/man/RSA_generate_key.3 stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/RSA_new.3 stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/9/secure/lib/libcrypto/man/RSA_print.3 stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_set_method.3 stable/9/secure/lib/libcrypto/man/RSA_sign.3 stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/9/secure/lib/libcrypto/man/RSA_size.3 stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/9/secure/lib/libcrypto/man/X509_new.3 stable/9/secure/lib/libcrypto/man/bio.3 stable/9/secure/lib/libcrypto/man/blowfish.3 stable/9/secure/lib/libcrypto/man/bn.3 stable/9/secure/lib/libcrypto/man/bn_internal.3 stable/9/secure/lib/libcrypto/man/buffer.3 stable/9/secure/lib/libcrypto/man/crypto.3 stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/9/secure/lib/libcrypto/man/d2i_DHparams.3 stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_X509.3 stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/9/secure/lib/libcrypto/man/des.3 stable/9/secure/lib/libcrypto/man/dh.3 stable/9/secure/lib/libcrypto/man/dsa.3 stable/9/secure/lib/libcrypto/man/ecdsa.3 stable/9/secure/lib/libcrypto/man/engine.3 stable/9/secure/lib/libcrypto/man/err.3 stable/9/secure/lib/libcrypto/man/evp.3 stable/9/secure/lib/libcrypto/man/hmac.3 stable/9/secure/lib/libcrypto/man/lh_stats.3 stable/9/secure/lib/libcrypto/man/lhash.3 stable/9/secure/lib/libcrypto/man/md5.3 stable/9/secure/lib/libcrypto/man/mdc2.3 stable/9/secure/lib/libcrypto/man/pem.3 stable/9/secure/lib/libcrypto/man/rand.3 stable/9/secure/lib/libcrypto/man/rc4.3 stable/9/secure/lib/libcrypto/man/ripemd.3 stable/9/secure/lib/libcrypto/man/rsa.3 stable/9/secure/lib/libcrypto/man/sha.3 stable/9/secure/lib/libcrypto/man/threads.3 stable/9/secure/lib/libcrypto/man/ui.3 stable/9/secure/lib/libcrypto/man/ui_compat.3 stable/9/secure/lib/libcrypto/man/x509.3 stable/9/secure/lib/libssl/Makefile.man stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_free.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/9/secure/lib/libssl/man/SSL_CTX_new.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/9/secure/lib/libssl/man/SSL_SESSION_free.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/9/secure/lib/libssl/man/SSL_accept.3 stable/9/secure/lib/libssl/man/SSL_alert_type_string.3 stable/9/secure/lib/libssl/man/SSL_clear.3 stable/9/secure/lib/libssl/man/SSL_connect.3 stable/9/secure/lib/libssl/man/SSL_do_handshake.3 stable/9/secure/lib/libssl/man/SSL_free.3 stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/9/secure/lib/libssl/man/SSL_get_ciphers.3 stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/9/secure/lib/libssl/man/SSL_get_error.3 stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_get_fd.3 stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/9/secure/lib/libssl/man/SSL_get_rbio.3 stable/9/secure/lib/libssl/man/SSL_get_session.3 stable/9/secure/lib/libssl/man/SSL_get_verify_result.3 stable/9/secure/lib/libssl/man/SSL_get_version.3 stable/9/secure/lib/libssl/man/SSL_library_init.3 stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/9/secure/lib/libssl/man/SSL_new.3 stable/9/secure/lib/libssl/man/SSL_pending.3 stable/9/secure/lib/libssl/man/SSL_read.3 stable/9/secure/lib/libssl/man/SSL_rstate_string.3 stable/9/secure/lib/libssl/man/SSL_session_reused.3 stable/9/secure/lib/libssl/man/SSL_set_bio.3 stable/9/secure/lib/libssl/man/SSL_set_connect_state.3 stable/9/secure/lib/libssl/man/SSL_set_fd.3 stable/9/secure/lib/libssl/man/SSL_set_session.3 stable/9/secure/lib/libssl/man/SSL_set_shutdown.3 stable/9/secure/lib/libssl/man/SSL_set_verify_result.3 stable/9/secure/lib/libssl/man/SSL_shutdown.3 stable/9/secure/lib/libssl/man/SSL_state_string.3 stable/9/secure/lib/libssl/man/SSL_want.3 stable/9/secure/lib/libssl/man/SSL_write.3 stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/9/secure/lib/libssl/man/ssl.3 stable/9/secure/usr.bin/openssl/man/CA.pl.1 stable/9/secure/usr.bin/openssl/man/asn1parse.1 stable/9/secure/usr.bin/openssl/man/ca.1 stable/9/secure/usr.bin/openssl/man/ciphers.1 stable/9/secure/usr.bin/openssl/man/crl.1 stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/9/secure/usr.bin/openssl/man/dgst.1 stable/9/secure/usr.bin/openssl/man/dhparam.1 stable/9/secure/usr.bin/openssl/man/dsa.1 stable/9/secure/usr.bin/openssl/man/dsaparam.1 stable/9/secure/usr.bin/openssl/man/ec.1 stable/9/secure/usr.bin/openssl/man/ecparam.1 stable/9/secure/usr.bin/openssl/man/enc.1 stable/9/secure/usr.bin/openssl/man/errstr.1 stable/9/secure/usr.bin/openssl/man/gendsa.1 stable/9/secure/usr.bin/openssl/man/genrsa.1 stable/9/secure/usr.bin/openssl/man/nseq.1 stable/9/secure/usr.bin/openssl/man/ocsp.1 stable/9/secure/usr.bin/openssl/man/openssl.1 stable/9/secure/usr.bin/openssl/man/passwd.1 stable/9/secure/usr.bin/openssl/man/pkcs12.1 stable/9/secure/usr.bin/openssl/man/pkcs7.1 stable/9/secure/usr.bin/openssl/man/pkcs8.1 stable/9/secure/usr.bin/openssl/man/rand.1 stable/9/secure/usr.bin/openssl/man/req.1 stable/9/secure/usr.bin/openssl/man/rsa.1 stable/9/secure/usr.bin/openssl/man/rsautl.1 stable/9/secure/usr.bin/openssl/man/s_client.1 stable/9/secure/usr.bin/openssl/man/s_server.1 stable/9/secure/usr.bin/openssl/man/s_time.1 stable/9/secure/usr.bin/openssl/man/sess_id.1 stable/9/secure/usr.bin/openssl/man/smime.1 stable/9/secure/usr.bin/openssl/man/speed.1 stable/9/secure/usr.bin/openssl/man/spkac.1 stable/9/secure/usr.bin/openssl/man/verify.1 stable/9/secure/usr.bin/openssl/man/version.1 stable/9/secure/usr.bin/openssl/man/x509.1 stable/9/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/9/crypto/openssl/ (props changed) Modified: stable/8/crypto/openssl/CHANGES ============================================================================== --- stable/8/crypto/openssl/CHANGES Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/CHANGES Thu Aug 7 21:06:34 2014 (r269687) @@ -2,6 +2,53 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Modified: stable/8/crypto/openssl/FAQ ============================================================================== --- stable/8/crypto/openssl/FAQ Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/FAQ Thu Aug 7 21:06:34 2014 (r269687) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Modified: stable/8/crypto/openssl/Makefile ============================================================================== --- stable/8/crypto/openssl/Makefile Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/Makefile Thu Aug 7 21:06:34 2014 (r269687) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8za +VERSION=0.9.8zb MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: stable/8/crypto/openssl/NEWS ============================================================================== --- stable/8/crypto/openssl/NEWS Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/NEWS Thu Aug 7 21:06:34 2014 (r269687) @@ -5,6 +5,22 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: + + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3508 + + Known issues in OpenSSL 0.9.8za: + + o Compilation failure of s3_pkt.c on some platforms due to missing + include. Fixed in 0.9.8zb-dev. + o FIPS capable link failure with missing symbol BN_consttime_swap. + Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC + algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 Modified: stable/8/crypto/openssl/README ============================================================================== --- stable/8/crypto/openssl/README Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/README Thu Aug 7 21:06:34 2014 (r269687) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8za 5 Jun 2014 + OpenSSL 0.9.8zb 6 Aug 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/8/crypto/openssl/apps/apps.c ============================================================================== --- stable/8/crypto/openssl/apps/apps.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/apps.c Thu Aug 7 21:06:34 2014 (r269687) @@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -1429,6 +1431,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: stable/8/crypto/openssl/apps/ca.c ============================================================================== --- stable/8/crypto/openssl/apps/ca.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/ca.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: stable/8/crypto/openssl/apps/crl2p7.c ============================================================================== --- stable/8/crypto/openssl/apps/crl2p7.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/crl2p7.c Thu Aug 7 21:06:34 2014 (r269687) @@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_push(certflst,*(++argv))) + { + sk_free(certflst); + goto end; + } } else { Modified: stable/8/crypto/openssl/apps/ocsp.c ============================================================================== --- stable/8/crypto/openssl/apps/ocsp.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/ocsp.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (ctx) SSL_CTX_free(ctx); Modified: stable/8/crypto/openssl/apps/s_server.c ============================================================================== --- stable/8/crypto/openssl/apps/s_server.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/s_server.c Thu Aug 7 21:06:34 2014 (r269687) @@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1095,6 +1095,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -1922,8 +1930,10 @@ again: #ifdef CHARSET_EBCDIC ascii2ebcdic(buf,buf,i); #endif - write(fileno(stdout),buf, - (unsigned int)i); + if (write(fileno(stdout),buf, + (unsigned int)i) != i) + goto err; + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: Modified: stable/8/crypto/openssl/apps/speed.c ============================================================================== --- stable/8/crypto/openssl/apps/speed.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/speed.c Thu Aug 7 21:06:34 2014 (r269687) @@ -2767,7 +2767,11 @@ static int do_multi(int multi) fds=malloc(multi*sizeof *fds); for(n=0 ; n < multi ; ++n) { - pipe(fd); + if (pipe(fd) == -1) + { + fprintf(stderr, "pipe failure\n"); + exit(1); + } fflush(stdout); fflush(stderr); if(fork()) @@ -2779,7 +2783,11 @@ static int do_multi(int multi) { close(fd[0]); close(1); - dup(fd[1]); + if (dup(fd[1]) == -1) + { + fprintf(stderr, "dup failed\n"); + exit(1); + } close(fd[1]); mr=1; usertime=0; Modified: stable/8/crypto/openssl/crypto/asn1/a_object.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/a_object.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/a_object.c Thu Aug 7 21:06:34 2014 (r269687) @@ -285,16 +285,28 @@ err: ASN1_OBJECT_free(ret); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT else ret=(*a); p= *pp; - if ((ret->data == NULL) || (ret->length < len)) + if ((ret->data == NULL) || (ret->length < length)) { if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + ret->data=(unsigned char *)OPENSSL_malloc(length); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } } - memcpy(ret->data,p,(int)len); - ret->length=(int)len; + memcpy(ret->data,p,length); + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Modified: stable/8/crypto/openssl/crypto/asn1/asn1_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn1_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn1_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Modified: stable/8/crypto/openssl/crypto/asn1/asn_mime.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn_mime.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn_mime.c Thu Aug 7 21:06:34 2014 (r269687) @@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Modified: stable/8/crypto/openssl/crypto/asn1/asn_pack.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn_pack.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn_pack.c Thu Aug 7 21:06:34 2014 (r269687) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Modified: stable/8/crypto/openssl/crypto/asn1/evp_asn1.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/evp_asn1.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/evp_asn1.c Thu Aug 7 21:06:34 2014 (r269687) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Modified: stable/8/crypto/openssl/crypto/asn1/t_x509.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/t_x509.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/t_x509.c Thu Aug 7 21:06:34 2014 (r269687) @@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME * l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Modified: stable/8/crypto/openssl/crypto/asn1/tasn_enc.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/tasn_enc.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/tasn_enc.c Thu Aug 7 21:06:34 2014 (r269687) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Modified: stable/8/crypto/openssl/crypto/bio/bio_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bio_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bio/bio_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: stable/8/crypto/openssl/crypto/bn/bn_gf2m.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_gf2m.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_gf2m.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: stable/8/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ @@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} Modified: stable/8/crypto/openssl/crypto/bn/bn_sqr.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_sqr.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_sqr.c Thu Aug 7 21:06:34 2014 (r269687) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Modified: stable/8/crypto/openssl/crypto/conf/conf_api.c ============================================================================== --- stable/8/crypto/openssl/crypto/conf/conf_api.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/conf/conf_api.c Thu Aug 7 21:06:34 2014 (r269687) @@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf v->value=(char *)sk; vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) Modified: stable/8/crypto/openssl/crypto/conf/conf_def.c ============================================================================== --- stable/8/crypto/openssl/crypto/conf/conf_def.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/conf/conf_def.c Thu Aug 7 21:06:34 2014 (r269687) @@ -324,7 +324,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Modified: stable/8/crypto/openssl/crypto/ec/ec_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ec/ec_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ec/ec_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Modified: stable/8/crypto/openssl/crypto/ec/ecp_smpl.c ============================================================================== --- stable/8/crypto/openssl/crypto/ec/ecp_smpl.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ec/ecp_smpl.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_G int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(con } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; - - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; + + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } + + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ + + if (!BN_is_zero(&points[0]->Z)) + { + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; + } + else + { + if (!BN_one(prod_Z[0])) goto err; } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!BN_copy(heap[i], heap[i/2])) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ + if (!BN_is_zero(&points[0]->Z)) + { + /* Replace points[0]->Z by its inverse. */ + if (!BN_copy(&points[0]->Z, tmp)) goto err; + } + + /* Finally, fix up the X and Y coordinates for all points. */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; + + if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - if (group->meth->field_set_to_one != 0) { if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; @@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(con } ret = 1; - + err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (heap != NULL) + if (prod_Z != NULL) { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) + for (i = 0; i < num; i++) { - if (heap[i] != NULL) - BN_clear_free(heap[i]); + if (prod_Z[i] != NULL) + BN_clear_free(prod_Z[i]); } - OPENSSL_free(heap); + OPENSSL_free(prod_Z); } return ret; } Modified: stable/8/crypto/openssl/crypto/idea/ideatest.c ============================================================================== --- stable/8/crypto/openssl/crypto/idea/ideatest.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/idea/ideatest.c Thu Aug 7 21:06:34 2014 (r269687) @@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb } memcpy(cfb_tmp,cfb_iv,8); n=0; - idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks, + idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks, cfb_tmp,&n,IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)CFB_TEST_SIZE-17,&dks, + idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]), + (long)CFB_TEST_SIZE-13,&eks, cfb_tmp,&n,IDEA_DECRYPT); if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0) { Modified: stable/8/crypto/openssl/crypto/objects/obj_dat.c ============================================================================== --- stable/8/crypto/openssl/crypto/objects/obj_dat.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/objects/obj_dat.c Thu Aug 7 21:06:34 2014 (r269687) @@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); - } + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf && buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) + return(0); if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) { @@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i=(int)(l/40); l-=(long)(i*40); } - if (buf && (buf_len > 0)) + if (buf && (buf_len > 1)) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } n++; @@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i = strlen(bndec); if (buf) { - if (buf_len > 0) + if (buf_len > 1) { *buf++ = '.'; + *buf = '\0'; buf_len--; } BUF_strlcpy(buf,bndec,buf_len); @@ -786,4 +789,3 @@ err: OPENSSL_free(buf); return(ok); } - Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c ============================================================================== --- stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c Thu Aug 7 21:06:34 2014 (r269687) @@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, ctx = OCSP_sendreq_new(b, path, req, -1); + if (!ctx) + return NULL; + do { rv = OCSP_sendreq_nbio(&resp, ctx); Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **pho if (!*ppath) goto mem_err; + p = host; + if(host[0] == '[') + { + /* ipv6 literal */ + host++; + p = strchr(host, ']'); + if(!p) goto parse_err; + *p = '\0'; + p++; + } + /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) + if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; Modified: stable/8/crypto/openssl/crypto/opensslv.h ============================================================================== --- stable/8/crypto/openssl/crypto/opensslv.h Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/opensslv.h Thu Aug 7 21:06:34 2014 (r269687) @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081afL +#define OPENSSL_VERSION_NUMBER 0x009081bfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-fips 6 Aug 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-freebsd 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-freebsd 6 Aug 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: stable/8/crypto/openssl/crypto/pkcs7/Makefile ============================================================================== --- stable/8/crypto/openssl/crypto/pkcs7/Makefile Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/pkcs7/Makefile Thu Aug 7 21:06:34 2014 (r269687) @@ -39,20 +39,6 @@ test: all: lib -testapps: enc dec sign verify - -enc: enc.o lib - $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -dec: dec.o lib - $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -sign: sign.o lib - $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -verify: verify.o example.o lib - $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) - lib: $(LIBOBJ) $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. Modified: stable/8/crypto/openssl/crypto/rsa/rsa_eay.c ============================================================================== --- stable/8/crypto/openssl/crypto/rsa/rsa_eay.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/rsa/rsa_eay.c Thu Aug 7 21:06:34 2014 (r269687) @@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int f if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); - if (BN_cmp(ret, f)) + if (BN_cmp(ret, f) > 0) res = f; else res = ret; Modified: stable/8/crypto/openssl/crypto/ui/ui_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ui/ui_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ui/ui_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis break; } } + } default: break; } - } return 0; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***