From owner-svn-src-all@freebsd.org Thu Jan 28 20:15:28 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FB86A3CA8D; Thu, 28 Jan 2016 20:15:28 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D06CD145A; Thu, 28 Jan 2016 20:15:27 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0SKFQ36001907; Thu, 28 Jan 2016 20:15:26 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0SKFMeF001864; Thu, 28 Jan 2016 20:15:22 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201601282015.u0SKFMeF001864@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 28 Jan 2016 20:15:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r295009 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/bio crypto/openssl/crypto/bn cr... X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2016 20:15:28 -0000 Author: jkim Date: Thu Jan 28 20:15:22 2016 New Revision: 295009 URL: https://svnweb.freebsd.org/changeset/base/295009 Log: Merge OpenSSL 1.0.2f. Relnotes: yes Added: head/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod - copied unchanged from r295001, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod head/crypto/openssl/util/pod2mantest - copied unchanged from r295001, vendor-crypto/openssl/dist/util/pod2mantest head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 (contents, props changed) Modified: head/crypto/openssl/ACKNOWLEDGMENTS head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/INSTALL head/crypto/openssl/LICENSE head/crypto/openssl/Makefile head/crypto/openssl/Makefile.org head/crypto/openssl/NEWS head/crypto/openssl/README head/crypto/openssl/apps/engine.c head/crypto/openssl/apps/ocsp.c head/crypto/openssl/apps/pkcs12.c head/crypto/openssl/apps/pkeyutl.c head/crypto/openssl/apps/s_client.c head/crypto/openssl/apps/s_server.c head/crypto/openssl/apps/speed.c head/crypto/openssl/apps/x509.c head/crypto/openssl/crypto/aes/aes.h head/crypto/openssl/crypto/aes/aes_cbc.c head/crypto/openssl/crypto/aes/aes_cfb.c head/crypto/openssl/crypto/aes/aes_core.c head/crypto/openssl/crypto/aes/aes_ctr.c head/crypto/openssl/crypto/aes/aes_ecb.c head/crypto/openssl/crypto/aes/aes_ige.c head/crypto/openssl/crypto/aes/aes_locl.h head/crypto/openssl/crypto/aes/aes_misc.c head/crypto/openssl/crypto/aes/aes_ofb.c head/crypto/openssl/crypto/aes/aes_x86core.c head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl head/crypto/openssl/crypto/bio/bio.h head/crypto/openssl/crypto/bio/bss_bio.c head/crypto/openssl/crypto/bio/bss_conn.c head/crypto/openssl/crypto/bio/bss_dgram.c head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl head/crypto/openssl/crypto/bn/bn_exp.c head/crypto/openssl/crypto/bn/exptest.c head/crypto/openssl/crypto/camellia/camellia.c head/crypto/openssl/crypto/camellia/camellia.h head/crypto/openssl/crypto/camellia/cmll_cbc.c head/crypto/openssl/crypto/camellia/cmll_cfb.c head/crypto/openssl/crypto/camellia/cmll_ctr.c head/crypto/openssl/crypto/camellia/cmll_ecb.c head/crypto/openssl/crypto/camellia/cmll_locl.h head/crypto/openssl/crypto/camellia/cmll_misc.c head/crypto/openssl/crypto/camellia/cmll_ofb.c head/crypto/openssl/crypto/camellia/cmll_utl.c head/crypto/openssl/crypto/des/des_old.c head/crypto/openssl/crypto/des/des_old.h head/crypto/openssl/crypto/des/des_old2.c head/crypto/openssl/crypto/dh/dh.h head/crypto/openssl/crypto/dh/dh_check.c head/crypto/openssl/crypto/dh/dhtest.c head/crypto/openssl/crypto/dsa/dsa_ossl.c head/crypto/openssl/crypto/dso/dso.h head/crypto/openssl/crypto/dso/dso_dl.c head/crypto/openssl/crypto/dso/dso_dlfcn.c head/crypto/openssl/crypto/dso/dso_lib.c head/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl head/crypto/openssl/crypto/ec/ec2_smpl.c head/crypto/openssl/crypto/ec/ec_key.c head/crypto/openssl/crypto/ec/ecp_nistz256_table.c head/crypto/openssl/crypto/ec/ectest.c head/crypto/openssl/crypto/engine/eng_all.c head/crypto/openssl/crypto/evp/e_camellia.c head/crypto/openssl/crypto/evp/e_old.c head/crypto/openssl/crypto/evp/e_seed.c head/crypto/openssl/crypto/mem_clr.c head/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl head/crypto/openssl/crypto/o_dir.c head/crypto/openssl/crypto/o_dir.h head/crypto/openssl/crypto/o_dir_test.c head/crypto/openssl/crypto/o_str.c head/crypto/openssl/crypto/o_str.h head/crypto/openssl/crypto/o_time.c head/crypto/openssl/crypto/o_time.h head/crypto/openssl/crypto/opensslv.h head/crypto/openssl/crypto/rc4/rc4_utl.c head/crypto/openssl/crypto/rsa/rsa_chk.c head/crypto/openssl/crypto/rsa/rsa_sign.c head/crypto/openssl/crypto/seed/seed_cbc.c head/crypto/openssl/crypto/seed/seed_cfb.c head/crypto/openssl/crypto/seed/seed_ecb.c head/crypto/openssl/crypto/seed/seed_ofb.c head/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl head/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl head/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl head/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl head/crypto/openssl/crypto/sha/sha1test.c head/crypto/openssl/crypto/store/store.h head/crypto/openssl/crypto/store/str_lib.c head/crypto/openssl/crypto/store/str_locl.h head/crypto/openssl/crypto/store/str_mem.c head/crypto/openssl/crypto/store/str_meth.c head/crypto/openssl/crypto/ts/ts_rsp_verify.c head/crypto/openssl/crypto/ui/ui.h head/crypto/openssl/crypto/ui/ui_compat.c head/crypto/openssl/crypto/ui/ui_compat.h head/crypto/openssl/crypto/ui/ui_lib.c head/crypto/openssl/crypto/ui/ui_locl.h head/crypto/openssl/crypto/ui/ui_openssl.c head/crypto/openssl/crypto/ui/ui_util.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/crypto/x509/x509_vfy.h head/crypto/openssl/crypto/x509/x509_vpm.c head/crypto/openssl/crypto/x509v3/v3_pci.c head/crypto/openssl/crypto/x509v3/v3_pcia.c head/crypto/openssl/crypto/x509v3/v3_utl.c head/crypto/openssl/crypto/x509v3/v3nametest.c head/crypto/openssl/doc/apps/s_time.pod head/crypto/openssl/doc/crypto/BIO_s_connect.pod head/crypto/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod head/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod head/crypto/openssl/engines/e_chil.c head/crypto/openssl/ssl/d1_both.c head/crypto/openssl/ssl/kssl.c head/crypto/openssl/ssl/kssl.h head/crypto/openssl/ssl/kssl_lcl.h head/crypto/openssl/ssl/s2_srvr.c head/crypto/openssl/ssl/s3_clnt.c head/crypto/openssl/ssl/s3_lib.c head/crypto/openssl/ssl/s3_srvr.c head/crypto/openssl/ssl/ssl.h head/crypto/openssl/ssl/ssl_err.c head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/ssl/ssl_sess.c head/crypto/openssl/ssl/t1_enc.c head/crypto/openssl/ssl/t1_lib.c head/crypto/openssl/util/domd head/crypto/openssl/util/pl/VC-32.pl head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/BIO_ctrl.3 head/secure/lib/libcrypto/man/BIO_f_base64.3 head/secure/lib/libcrypto/man/BIO_f_buffer.3 head/secure/lib/libcrypto/man/BIO_f_cipher.3 head/secure/lib/libcrypto/man/BIO_f_md.3 head/secure/lib/libcrypto/man/BIO_f_null.3 head/secure/lib/libcrypto/man/BIO_f_ssl.3 head/secure/lib/libcrypto/man/BIO_find_type.3 head/secure/lib/libcrypto/man/BIO_new.3 head/secure/lib/libcrypto/man/BIO_new_CMS.3 head/secure/lib/libcrypto/man/BIO_push.3 head/secure/lib/libcrypto/man/BIO_read.3 head/secure/lib/libcrypto/man/BIO_s_accept.3 head/secure/lib/libcrypto/man/BIO_s_bio.3 head/secure/lib/libcrypto/man/BIO_s_connect.3 head/secure/lib/libcrypto/man/BIO_s_fd.3 head/secure/lib/libcrypto/man/BIO_s_file.3 head/secure/lib/libcrypto/man/BIO_s_mem.3 head/secure/lib/libcrypto/man/BIO_s_null.3 head/secure/lib/libcrypto/man/BIO_s_socket.3 head/secure/lib/libcrypto/man/BIO_set_callback.3 head/secure/lib/libcrypto/man/BIO_should_retry.3 head/secure/lib/libcrypto/man/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/BN_CTX_new.3 head/secure/lib/libcrypto/man/BN_CTX_start.3 head/secure/lib/libcrypto/man/BN_add.3 head/secure/lib/libcrypto/man/BN_add_word.3 head/secure/lib/libcrypto/man/BN_bn2bin.3 head/secure/lib/libcrypto/man/BN_cmp.3 head/secure/lib/libcrypto/man/BN_copy.3 head/secure/lib/libcrypto/man/BN_generate_prime.3 head/secure/lib/libcrypto/man/BN_mod_inverse.3 head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/BN_new.3 head/secure/lib/libcrypto/man/BN_num_bytes.3 head/secure/lib/libcrypto/man/BN_rand.3 head/secure/lib/libcrypto/man/BN_set_bit.3 head/secure/lib/libcrypto/man/BN_swap.3 head/secure/lib/libcrypto/man/BN_zero.3 head/secure/lib/libcrypto/man/CMS_add0_cert.3 head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/CMS_add1_signer.3 head/secure/lib/libcrypto/man/CMS_compress.3 head/secure/lib/libcrypto/man/CMS_decrypt.3 head/secure/lib/libcrypto/man/CMS_encrypt.3 head/secure/lib/libcrypto/man/CMS_final.3 head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/CMS_get0_type.3 head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/CMS_sign.3 head/secure/lib/libcrypto/man/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/CMS_uncompress.3 head/secure/lib/libcrypto/man/CMS_verify.3 head/secure/lib/libcrypto/man/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/CONF_modules_free.3 head/secure/lib/libcrypto/man/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 head/secure/lib/libcrypto/man/DH_generate_key.3 head/secure/lib/libcrypto/man/DH_generate_parameters.3 head/secure/lib/libcrypto/man/DH_get_ex_new_index.3 head/secure/lib/libcrypto/man/DH_new.3 head/secure/lib/libcrypto/man/DH_set_method.3 head/secure/lib/libcrypto/man/DH_size.3 head/secure/lib/libcrypto/man/DSA_SIG_new.3 head/secure/lib/libcrypto/man/DSA_do_sign.3 head/secure/lib/libcrypto/man/DSA_dup_DH.3 head/secure/lib/libcrypto/man/DSA_generate_key.3 head/secure/lib/libcrypto/man/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/DSA_new.3 head/secure/lib/libcrypto/man/DSA_set_method.3 head/secure/lib/libcrypto/man/DSA_sign.3 head/secure/lib/libcrypto/man/DSA_size.3 head/secure/lib/libcrypto/man/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/EC_GROUP_new.3 head/secure/lib/libcrypto/man/EC_KEY_new.3 head/secure/lib/libcrypto/man/EC_POINT_add.3 head/secure/lib/libcrypto/man/EC_POINT_new.3 head/secure/lib/libcrypto/man/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/ERR_clear_error.3 head/secure/lib/libcrypto/man/ERR_error_string.3 head/secure/lib/libcrypto/man/ERR_get_error.3 head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/ERR_load_strings.3 head/secure/lib/libcrypto/man/ERR_print_errors.3 head/secure/lib/libcrypto/man/ERR_put_error.3 head/secure/lib/libcrypto/man/ERR_remove_state.3 head/secure/lib/libcrypto/man/ERR_set_mark.3 head/secure/lib/libcrypto/man/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/EVP_DigestInit.3 head/secure/lib/libcrypto/man/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/EVP_OpenInit.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/EVP_SealInit.3 head/secure/lib/libcrypto/man/EVP_SignInit.3 head/secure/lib/libcrypto/man/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/OPENSSL_config.3 head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/PKCS12_create.3 head/secure/lib/libcrypto/man/PKCS12_parse.3 head/secure/lib/libcrypto/man/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/PKCS7_sign.3 head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/PKCS7_verify.3 head/secure/lib/libcrypto/man/RAND_add.3 head/secure/lib/libcrypto/man/RAND_bytes.3 head/secure/lib/libcrypto/man/RAND_cleanup.3 head/secure/lib/libcrypto/man/RAND_egd.3 head/secure/lib/libcrypto/man/RAND_load_file.3 head/secure/lib/libcrypto/man/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/RSA_blinding_on.3 head/secure/lib/libcrypto/man/RSA_check_key.3 head/secure/lib/libcrypto/man/RSA_generate_key.3 head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/RSA_new.3 head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/RSA_print.3 head/secure/lib/libcrypto/man/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/RSA_set_method.3 head/secure/lib/libcrypto/man/RSA_sign.3 head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/RSA_size.3 head/secure/lib/libcrypto/man/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/X509_check_host.3 head/secure/lib/libcrypto/man/X509_new.3 head/secure/lib/libcrypto/man/X509_verify_cert.3 head/secure/lib/libcrypto/man/bio.3 head/secure/lib/libcrypto/man/blowfish.3 head/secure/lib/libcrypto/man/bn.3 head/secure/lib/libcrypto/man/bn_internal.3 head/secure/lib/libcrypto/man/buffer.3 head/secure/lib/libcrypto/man/crypto.3 head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 head/secure/lib/libcrypto/man/d2i_DHparams.3 head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_ECPKParameters.3 head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_X509.3 head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 head/secure/lib/libcrypto/man/d2i_X509_CRL.3 head/secure/lib/libcrypto/man/d2i_X509_NAME.3 head/secure/lib/libcrypto/man/d2i_X509_REQ.3 head/secure/lib/libcrypto/man/d2i_X509_SIG.3 head/secure/lib/libcrypto/man/des.3 head/secure/lib/libcrypto/man/dh.3 head/secure/lib/libcrypto/man/dsa.3 head/secure/lib/libcrypto/man/ec.3 head/secure/lib/libcrypto/man/ecdsa.3 head/secure/lib/libcrypto/man/engine.3 head/secure/lib/libcrypto/man/err.3 head/secure/lib/libcrypto/man/evp.3 head/secure/lib/libcrypto/man/hmac.3 head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/lh_stats.3 head/secure/lib/libcrypto/man/lhash.3 head/secure/lib/libcrypto/man/md5.3 head/secure/lib/libcrypto/man/mdc2.3 head/secure/lib/libcrypto/man/pem.3 head/secure/lib/libcrypto/man/rand.3 head/secure/lib/libcrypto/man/rc4.3 head/secure/lib/libcrypto/man/ripemd.3 head/secure/lib/libcrypto/man/rsa.3 head/secure/lib/libcrypto/man/sha.3 head/secure/lib/libcrypto/man/threads.3 head/secure/lib/libcrypto/man/ui.3 head/secure/lib/libcrypto/man/ui_compat.3 head/secure/lib/libcrypto/man/x509.3 head/secure/lib/libssl/Makefile.man head/secure/lib/libssl/man/SSL_CIPHER_get_name.3 head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 head/secure/lib/libssl/man/SSL_CONF_CTX_new.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libssl/man/SSL_CONF_cmd.3 head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libssl/man/SSL_CTX_add_session.3 head/secure/lib/libssl/man/SSL_CTX_ctrl.3 head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 head/secure/lib/libssl/man/SSL_CTX_free.3 head/secure/lib/libssl/man/SSL_CTX_get0_param.3 head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 head/secure/lib/libssl/man/SSL_CTX_new.3 head/secure/lib/libssl/man/SSL_CTX_sess_number.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libssl/man/SSL_CTX_sessions.3 head/secure/lib/libssl/man/SSL_CTX_set1_curves.3 head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 head/secure/lib/libssl/man/SSL_CTX_set_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_options.3 head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 head/secure/lib/libssl/man/SSL_CTX_set_timeout.3 head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_verify.3 head/secure/lib/libssl/man/SSL_CTX_use_certificate.3 head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 head/secure/lib/libssl/man/SSL_SESSION_free.3 head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_SESSION_get_time.3 head/secure/lib/libssl/man/SSL_accept.3 head/secure/lib/libssl/man/SSL_alert_type_string.3 head/secure/lib/libssl/man/SSL_check_chain.3 head/secure/lib/libssl/man/SSL_clear.3 head/secure/lib/libssl/man/SSL_connect.3 head/secure/lib/libssl/man/SSL_do_handshake.3 head/secure/lib/libssl/man/SSL_free.3 head/secure/lib/libssl/man/SSL_get_SSL_CTX.3 head/secure/lib/libssl/man/SSL_get_ciphers.3 head/secure/lib/libssl/man/SSL_get_client_CA_list.3 head/secure/lib/libssl/man/SSL_get_current_cipher.3 head/secure/lib/libssl/man/SSL_get_default_timeout.3 head/secure/lib/libssl/man/SSL_get_error.3 head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 head/secure/lib/libssl/man/SSL_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_get_fd.3 head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 head/secure/lib/libssl/man/SSL_get_peer_certificate.3 head/secure/lib/libssl/man/SSL_get_psk_identity.3 head/secure/lib/libssl/man/SSL_get_rbio.3 head/secure/lib/libssl/man/SSL_get_session.3 head/secure/lib/libssl/man/SSL_get_verify_result.3 head/secure/lib/libssl/man/SSL_get_version.3 head/secure/lib/libssl/man/SSL_library_init.3 head/secure/lib/libssl/man/SSL_load_client_CA_file.3 head/secure/lib/libssl/man/SSL_new.3 head/secure/lib/libssl/man/SSL_pending.3 head/secure/lib/libssl/man/SSL_read.3 head/secure/lib/libssl/man/SSL_rstate_string.3 head/secure/lib/libssl/man/SSL_session_reused.3 head/secure/lib/libssl/man/SSL_set_bio.3 head/secure/lib/libssl/man/SSL_set_connect_state.3 head/secure/lib/libssl/man/SSL_set_fd.3 head/secure/lib/libssl/man/SSL_set_session.3 head/secure/lib/libssl/man/SSL_set_shutdown.3 head/secure/lib/libssl/man/SSL_set_verify_result.3 head/secure/lib/libssl/man/SSL_shutdown.3 head/secure/lib/libssl/man/SSL_state_string.3 head/secure/lib/libssl/man/SSL_want.3 head/secure/lib/libssl/man/SSL_write.3 head/secure/lib/libssl/man/d2i_SSL_SESSION.3 head/secure/lib/libssl/man/ssl.3 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/c_rehash.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 head/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/ACKNOWLEDGMENTS ============================================================================== --- head/crypto/openssl/ACKNOWLEDGMENTS Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/ACKNOWLEDGMENTS Thu Jan 28 20:15:22 2016 (r295009) @@ -1,30 +1,2 @@ -The OpenSSL project depends on volunteer efforts and financial support from -the end user community. That support comes in the form of donations and paid -sponsorships, software support contracts, paid consulting services -and commissioned software development. - -Since all these activities support the continued development and improvement -of OpenSSL we consider all these clients and customers as sponsors of the -OpenSSL project. - -We would like to identify and thank the following such sponsors for their past -or current significant support of the OpenSSL project: - -Major support: - - Qualys http://www.qualys.com/ - -Very significant support: - - OpenGear: http://www.opengear.com/ - -Significant support: - - PSW Group: http://www.psw.net/ - Acano Ltd. http://acano.com/ - -Please note that we ask permission to identify sponsors and that some sponsors -we consider eligible for inclusion here have requested to remain anonymous. - -Additional sponsorship or financial support is always welcome: for more -information please contact the OpenSSL Software Foundation. +Please https://www.openssl.org/community/thanks.html for the current +acknowledgements. Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/CHANGES Thu Jan 28 20:15:22 2016 (r295009) @@ -2,6 +2,54 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2e and 1.0.2f [28 Jan 2016] + + *) DH small subgroups + + Historically OpenSSL only ever generated DH parameters based on "safe" + primes. More recently (in version 1.0.2) support was provided for + generating X9.42 style parameter files such as those required for RFC 5114 + support. The primes used in such files may not be "safe". Where an + application is using DH configured with parameters based on primes that are + not "safe" then an attacker could use this fact to find a peer's private + DH exponent. This attack requires that the attacker complete multiple + handshakes in which the peer uses the same private DH exponent. For example + this could be used to discover a TLS server's private DH exponent if it's + reusing the private DH exponent or it's using a static DH ciphersuite. + + OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in + TLS. It is not on by default. If the option is not set then the server + reuses the same private DH exponent for the life of the server process and + would be vulnerable to this attack. It is believed that many popular + applications do set this option and would therefore not be at risk. + + The fix for this issue adds an additional check where a "q" parameter is + available (as is the case in X9.42 based parameters). This detects the + only known attack, and is the only possible defense for static DH + ciphersuites. This could have some performance impact. + + Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by + default and cannot be disabled. This could have some performance impact. + + This issue was reported to OpenSSL by Antonio Sanso (Adobe). + (CVE-2016-0701) + [Matt Caswell] + + *) SSLv2 doesn't block disabled ciphers + + A malicious client can negotiate SSLv2 ciphers that have been disabled on + the server and complete SSLv2 handshakes even if all SSLv2 ciphers have + been disabled, provided that the SSLv2 protocol was not also disabled via + SSL_OP_NO_SSLv2. + + This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram + and Sebastian Schinzel. + (CVE-2015-3197) + [Viktor Dukhovni] + + *) Reject DH handshakes with parameters shorter than 1024 bits. + [Kurt Roeckx] + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] *) BN_mod_exp may produce incorrect results on x86_64 Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/Configure Thu Jan 28 20:15:22 2016 (r295009) @@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unus # -Wextended-offsetof my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; +# Warn that "make depend" should be run? +my $warn_make_depend = 0; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/) # Intel C compi # linker only when --prefix is not /usr. if ($target =~ /^BSD\-/) { - $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); + $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); } if ($sys_id ne "") @@ -2028,14 +2031,8 @@ EOF &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { - print < (note that your message will be recorded in the request tracker publicly readable - via http://www.openssl.org/support/rt.html and will be forwarded to a - public mailing list). Include the output of "make report" in your message. - Please check out the request tracker. Maybe the bug was already - reported or has already been fixed. + at https://www.openssl.org/community/index.html#bugs and will be + forwarded to a public mailing list). Include the output of "make + report" in your message. Please check out the request tracker. Maybe + the bug was already reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] Modified: head/crypto/openssl/LICENSE ============================================================================== --- head/crypto/openssl/LICENSE Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/LICENSE Thu Jan 28 20:15:22 2016 (r295009) @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/crypto/openssl/Makefile ============================================================================== --- head/crypto/openssl/Makefile Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/Makefile Thu Jan 28 20:15:22 2016 (r295009) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2e +VERSION=1.0.2f MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -182,8 +182,7 @@ SHARED_LDFLAGS= GENERAL= Makefile BASENAME= openssl NAME= $(BASENAME)-$(VERSION) -TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar +TARFILE= ../$(NAME).tar EXHEADER= e_os2.h HEADER= e_os.h @@ -501,38 +500,35 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl:0 --group openssl:0 \ - --transform 's|^|openssl-$(VERSION)/|' \ +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ + --owner 0 --group 0 \ + --transform 's|^|$(NAME)/|' \ -cvf - -../$(TARFILE).list: +$(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \ - | sort > ../$(TARFILE).list + \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ + \! -name '.#*' \! -name '*~' \! -type l \ + | sort > $(TARFILE).list -tar: ../$(TARFILE).list +tar: $(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE).gz - -tar-snap: ../$(TARFILE).list - $(TAR_COMMAND) > ../$(TARFILE) - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE) + $(TAR_COMMAND) | gzip --best > $(TARFILE).gz + rm -f $(TARFILE).list + ls -l $(TARFILE).gz + +tar-snap: $(TARFILE).list + $(TAR_COMMAND) > $(TARFILE) + rm -f $(TARFILE).list + ls -l $(TARFILE) dist: $(PERL) Configure dist - @$(MAKE) dist_pem_h @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar install: all install_docs install_sw Modified: head/crypto/openssl/Makefile.org ============================================================================== --- head/crypto/openssl/Makefile.org Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/Makefile.org Thu Jan 28 20:15:22 2016 (r295009) @@ -180,8 +180,7 @@ SHARED_LDFLAGS= GENERAL= Makefile BASENAME= openssl NAME= $(BASENAME)-$(VERSION) -TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar +TARFILE= ../$(NAME).tar EXHEADER= e_os2.h HEADER= e_os.h @@ -499,38 +498,35 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ - --owner openssl:0 --group openssl:0 \ - --transform 's|^|openssl-$(VERSION)/|' \ +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ + --owner 0 --group 0 \ + --transform 's|^|$(NAME)/|' \ -cvf - -../$(TARFILE).list: +$(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \ - | sort > ../$(TARFILE).list + \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \ + \! -name '.#*' \! -name '*~' \! -type l \ + | sort > $(TARFILE).list -tar: ../$(TARFILE).list +tar: $(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE).gz - -tar-snap: ../$(TARFILE).list - $(TAR_COMMAND) > ../$(TARFILE) - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE) + $(TAR_COMMAND) | gzip --best > $(TARFILE).gz + rm -f $(TARFILE).list + ls -l $(TARFILE).gz + +tar-snap: $(TARFILE).list + $(TAR_COMMAND) > $(TARFILE) + rm -f $(TARFILE).list + ls -l $(TARFILE) dist: $(PERL) Configure dist - @$(MAKE) dist_pem_h @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar install: all install_docs install_sw Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/NEWS Thu Jan 28 20:15:22 2016 (r295009) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] + + o DH small subgroups (CVE-2016-0701) + o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/README Thu Jan 28 20:15:22 2016 (r295009) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2e 3 Dec 2015 + OpenSSL 1.0.2f 28 Jan 2016 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -90,11 +90,12 @@ In order to avoid spam, this is a moderated mailing list, and it might take a day for the ticket to show up. (We also scan posts to make sure - that security disclosures aren't publically posted by mistake.) Mail to - this address is recorded in the public RT (request tracker) database (see - https://www.openssl.org/support/rt.html for details) and also forwarded - the public openssl-dev mailing list. Confidential mail may be sent to - openssl-security@openssl.org (PGP key available from the key servers). + that security disclosures aren't publically posted by mistake.) Mail + to this address is recorded in the public RT (request tracker) database + (see https://www.openssl.org/community/index.html#bugs for details) and + also forwarded the public openssl-dev mailing list. Confidential mail + may be sent to openssl-security@openssl.org (PGP key available from the + key servers). Please do NOT use this for general assistance or support queries. Just because something doesn't work the way you expect does not mean it Modified: head/crypto/openssl/apps/engine.c ============================================================================== --- head/crypto/openssl/apps/engine.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/engine.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */ +/* apps/engine.c */ /* * Written by Richard Levitte for the OpenSSL project * 2000. Modified: head/crypto/openssl/apps/ocsp.c ============================================================================== --- head/crypto/openssl/apps/ocsp.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/ocsp.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPO bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); + nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); /* Examine each certificate id in the request */ for (i = 0; i < id_count; i++) { Modified: head/crypto/openssl/apps/pkcs12.c ============================================================================== --- head/crypto/openssl/apps/pkcs12.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/pkcs12.c Thu Jan 28 20:15:22 2016 (r295009) @@ -79,7 +79,8 @@ const EVP_CIPHER *enc; # define CLCERTS 0x8 # define CACERTS 0x10 -int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); +static int get_cert_chain(X509 *cert, X509_STORE *store, + STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, @@ -594,7 +595,7 @@ int MAIN(int argc, char **argv) vret = get_cert_chain(ucert, store, &chain2); X509_STORE_free(store); - if (!vret) { + if (vret == X509_V_OK) { /* Exclude verified certificate */ for (i = 1; i < sk_X509_num(chain2); i++) sk_X509_push(certs, sk_X509_value(chain2, i)); @@ -602,7 +603,7 @@ int MAIN(int argc, char **argv) X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); } else { - if (vret >= 0) + if (vret != X509_V_ERR_UNSPECIFIED) BIO_printf(bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); else @@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1 /* Given a single certificate return a verified chain or NULL if error */ -/* Hope this is OK .... */ - -int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain) +static int get_cert_chain(X509 *cert, X509_STORE *store, + STACK_OF(X509) **chain) { X509_STORE_CTX store_ctx; - STACK_OF(X509) *chn; + STACK_OF(X509) *chn = NULL; int i = 0; - /* - * FIXME: Should really check the return status of X509_STORE_CTX_init - * for an error, but how that fits into the return value of this function - * is less obvious. - */ - X509_STORE_CTX_init(&store_ctx, store, cert, NULL); - if (X509_verify_cert(&store_ctx) <= 0) { - i = X509_STORE_CTX_get_error(&store_ctx); - if (i == 0) - /* - * avoid returning 0 if X509_verify_cert() did not set an - * appropriate error value in the context - */ - i = -1; - chn = NULL; - goto err; - } else + if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) { + *chain = NULL; + return X509_V_ERR_UNSPECIFIED; + } + + if (X509_verify_cert(&store_ctx) > 0) chn = X509_STORE_CTX_get1_chain(&store_ctx); - err: + else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0) + i = X509_V_ERR_UNSPECIFIED; + X509_STORE_CTX_cleanup(&store_ctx); *chain = chn; - return i; } Modified: head/crypto/openssl/apps/pkeyutl.c ============================================================================== --- head/crypto/openssl/apps/pkeyutl.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/pkeyutl.c Thu Jan 28 20:15:22 2016 (r295009) @@ -74,10 +74,11 @@ static void usage(void); static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e); + char *passargin, int pkey_op, ENGINE *e, + int impl); static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file); + const char *file, ENGINE* e); static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, unsigned char *out, size_t *poutlen, @@ -97,6 +98,7 @@ int MAIN(int argc, char **argv) EVP_PKEY_CTX *ctx = NULL; char *passargin = NULL; int keysize = -1; + int engine_impl = 0; unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; size_t buf_outlen; @@ -137,7 +139,7 @@ int MAIN(int argc, char **argv) else { ctx = init_ctx(&keysize, *(++argv), keyform, key_type, - passargin, pkey_op, e); + passargin, pkey_op, e, engine_impl); if (!ctx) { BIO_puts(bio_err, "Error initializing context\n"); ERR_print_errors(bio_err); @@ -147,7 +149,7 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*argv, "-peerkey")) { if (--argc < 1) badarg = 1; - else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) + else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e)) badarg = 1; } else if (!strcmp(*argv, "-passin")) { if (--argc < 1) @@ -171,6 +173,8 @@ int MAIN(int argc, char **argv) badarg = 1; else e = setup_engine(bio_err, *(++argv), 0); + } else if (!strcmp(*argv, "-engine_impl")) { + engine_impl = 1; } #endif else if (!strcmp(*argv, "-pubin")) @@ -368,7 +372,8 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, - "-engine e use engine e, possibly a hardware device.\n"); + "-engine e use engine e, maybe a hardware device, for loading keys.\n"); + BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n"); #endif BIO_printf(bio_err, "-passin arg pass phrase source\n"); @@ -376,10 +381,12 @@ static void usage() static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e) + char *passargin, int pkey_op, ENGINE *e, + int engine_impl) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; + ENGINE *impl = NULL; char *passin = NULL; int rv = -1; X509 *x; @@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys if (!pkey) goto end; - - ctx = EVP_PKEY_CTX_new(pkey, e); - + +#ifndef OPENSSL_NO_ENGINE + if (engine_impl) + impl = e; +#endif + + ctx = EVP_PKEY_CTX_new(pkey, impl); + EVP_PKEY_free(pkey); if (!ctx) @@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys } static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, - const char *file) + const char *file, ENGINE* e) { EVP_PKEY *peer = NULL; + ENGINE* engine = NULL; int ret; if (!ctx) { BIO_puts(err, "-peerkey command before -inkey\n"); return 0; } - peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); + if (peerform == FORMAT_ENGINE) + engine = e; + + peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key"); if (!peer) { BIO_printf(bio_err, "Error reading peer key %s\n", file); Modified: head/crypto/openssl/apps/s_client.c ============================================================================== --- head/crypto/openssl/apps/s_client.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/s_client.c Thu Jan 28 20:15:22 2016 (r295009) @@ -308,7 +308,7 @@ static void sc_usage(void) " -connect host:port - who to connect to (default is %s:%s)\n", SSL_HOST_NAME, PORT_STR); BIO_printf(bio_err, - " -verify_host host - check peer certificate matches \"host\"\n"); + " -verify_hostname host - check peer certificate matches \"host\"\n"); BIO_printf(bio_err, " -verify_email email - check peer certificate matches \"email\"\n"); BIO_printf(bio_err, Modified: head/crypto/openssl/apps/s_server.c ============================================================================== --- head/crypto/openssl/apps/s_server.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/s_server.c Thu Jan 28 20:15:22 2016 (r295009) @@ -498,7 +498,7 @@ static void sv_usage(void) BIO_printf(bio_err, " -accept arg - port to accept on (default is %d)\n", PORT); BIO_printf(bio_err, - " -verify_host host - check peer certificate matches \"host\"\n"); + " -verify_hostname host - check peer certificate matches \"host\"\n"); BIO_printf(bio_err, " -verify_email email - check peer certificate matches \"email\"\n"); BIO_printf(bio_err, Modified: head/crypto/openssl/apps/speed.c ============================================================================== --- head/crypto/openssl/apps/speed.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/speed.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */ +/* apps/speed.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * Modified: head/crypto/openssl/apps/x509.c ============================================================================== --- head/crypto/openssl/apps/x509.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/apps/x509.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - /* Lets just make it 12:00am GMT, Jan 1 1970 */ - /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ - /* 28 days to be certified */ - - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey)) Modified: head/crypto/openssl/crypto/aes/aes.h ============================================================================== --- head/crypto/openssl/crypto/aes/aes.h Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes.h Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_cbc.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_cbc.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_cbc.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_cbc.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_cfb.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_cfb.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_cfb.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_cfb.c */ /* ==================================================================== * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_core.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_core.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_core.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_core.c */ /** * rijndael-alg-fst.c * Modified: head/crypto/openssl/crypto/aes/aes_ctr.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_ctr.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_ctr.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ctr.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_ecb.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_ecb.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_ecb.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ecb.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_ige.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_ige.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_ige.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ige.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_locl.h ============================================================================== --- head/crypto/openssl/crypto/aes/aes_locl.h Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_locl.h Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_misc.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_misc.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_misc.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_misc.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_ofb.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_ofb.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_ofb.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ofb.c */ /* ==================================================================== * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/aes/aes_x86core.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_x86core.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/aes_x86core.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_core.c */ /** * rijndael-alg-fst.c * Modified: head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl ============================================================================== --- head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /mas $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl ============================================================================== --- head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl ============================================================================== --- head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /mas $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } Modified: head/crypto/openssl/crypto/bio/bio.h ============================================================================== --- head/crypto/openssl/crypto/bio/bio.h Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bio/bio.h Thu Jan 28 20:15:22 2016 (r295009) @@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -/* BIO_s_accept_socket() */ +/* BIO_s_accept() */ # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) # define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ @@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +/* BIO_s_accept() and BIO_s_connect() */ # define BIO_do_connect(b) BIO_do_handshake(b) # define BIO_do_accept(b) BIO_do_handshake(b) # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) @@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) # define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +/* BIO_s_file() */ # define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) # define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) +/* BIO_s_fd() and BIO_s_file() */ # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) # define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) Modified: head/crypto/openssl/crypto/bio/bss_bio.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_bio.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bio/bss_bio.c Thu Jan 28 20:15:22 2016 (r295009) @@ -1,4 +1,4 @@ -/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* crypto/bio/bss_bio.c */ /* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * Modified: head/crypto/openssl/crypto/bio/bss_conn.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_conn.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bio/bss_conn.c Thu Jan 28 20:15:22 2016 (r295009) @@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, l { BIO *dbio; int *ip; - const char **pptr; + const char **pptr = NULL; long ret = 1; BIO_CONNECT *data; @@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, l case BIO_C_GET_CONNECT: if (ptr != NULL) { pptr = (const char **)ptr; - if (num == 0) { - *pptr = data->param_hostname; + } - } else if (num == 1) { - *pptr = data->param_port; - } else if (num == 2) { - *pptr = (char *)&(data->ip[0]); - } else if (num == 3) { - *((int *)ptr) = data->port; + if (b->init) { + if (pptr != NULL) { + ret = 1; + if (num == 0) { + *pptr = data->param_hostname; + } else if (num == 1) { + *pptr = data->param_port; + } else if (num == 2) { + *pptr = (char *)&(data->ip[0]); + } else { + ret = 0; + } + } + if (num == 3) { + ret = data->port; } - if ((!b->init) || (ptr == NULL)) + } else { + if (pptr != NULL) *pptr = "not initialized"; - ret = 1; + ret = 0; } break; case BIO_C_SET_CONNECT: Modified: head/crypto/openssl/crypto/bio/bss_dgram.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_dgram.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bio/bss_dgram.c Thu Jan 28 20:15:22 2016 (r295009) @@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, switch (cmd) { case BIO_CTRL_RESET: num = 0; - case BIO_C_FILE_SEEK: ret = 0; break; - case BIO_C_FILE_TELL: case BIO_CTRL_INFO: ret = 0; break; Modified: head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl ============================================================================== --- head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /ma $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } Modified: head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl ============================================================================== --- head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /ma $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } Modified: head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl ============================================================================== --- head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 20:15:22 2016 (r295009) @@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /ma $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } Modified: head/crypto/openssl/crypto/bn/bn_exp.c ============================================================================== --- head/crypto/openssl/crypto/bn/bn_exp.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bn/bn_exp.c Thu Jan 28 20:15:22 2016 (r295009) @@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG } bits = BN_num_bits(p); - if (bits == 0) { - ret = BN_one(r); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else { + ret = BN_one(r); + } return ret; } @@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI } bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else { + ret = BN_one(rr); + } return ret; } @@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU * precomputation memory layout to limit data-dependency to a minimum to * protect secret exponents (cf. the hyper-threading timing attacks pointed * out by Colin Percival, - * http://www.daemong-consideredperthreading-considered-harmful/) + * http://www.daemonology.net/hyperthreading-considered-harmful/) */ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, @@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else { + ret = BN_one(rr); + } return ret; } @@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ if (BN_is_one(m)) { ret = 1; BN_zero(rr); - } else + } else { ret = BN_one(rr); + } return ret; } if (a == 0) { @@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B } bits = BN_num_bits(p); - - if (bits == 0) { - ret = BN_one(r); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else { + ret = BN_one(r); + } return ret; } Modified: head/crypto/openssl/crypto/bn/exptest.c ============================================================================== --- head/crypto/openssl/crypto/bn/exptest.c Thu Jan 28 19:21:01 2016 (r295008) +++ head/crypto/openssl/crypto/bn/exptest.c Thu Jan 28 20:15:22 2016 (r295009) @@ -73,14 +73,34 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; /* + * Test that r == 0 in test_exp_mod_zero(). Returns one on success, + * returns zero and prints debug output otherwise. + */ +static int a_is_zero_mod_one(const char *method, const BIGNUM *r, + const BIGNUM *a) { + if (!BN_is_zero(r)) { + fprintf(stderr, "%s failed:\n", method); + fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); + fprintf(stderr, "a = "); + BN_print_fp(stderr, a); + fprintf(stderr, "\nr = "); + BN_print_fp(stderr, r); + fprintf(stderr, "\n"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***