From owner-svn-src-all@FreeBSD.ORG Wed Feb 13 23:07:26 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BBDC2144; Wed, 13 Feb 2013 23:07:26 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 8CFB8696; Wed, 13 Feb 2013 23:07:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1DN7QDO057625; Wed, 13 Feb 2013 23:07:26 GMT (envelope-from jkim@svn.freebsd.org) Received: (from jkim@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1DN7LwQ057588; Wed, 13 Feb 2013 23:07:21 GMT (envelope-from jkim@svn.freebsd.org) Message-Id: <201302132307.r1DN7LwQ057588@svn.freebsd.org> From: Jung-uk Kim Date: Wed, 13 Feb 2013 23:07:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r246772 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn c... X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 23:07:26 -0000 Author: jkim Date: Wed Feb 13 23:07:20 2013 New Revision: 246772 URL: http://svnweb.freebsd.org/changeset/base/246772 Log: Merge OpenSSL 1.0.1e. Approved by: secteam (simon), benl (silence) Added: head/crypto/openssl/crypto/evp/evp_cnf.c - copied unchanged from r246770, vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c head/crypto/openssl/doc/crypto/EVP_PKEY_verify_recover.pod - copied unchanged from r246770, vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_verify_recover.pod head/crypto/openssl/ssl/s3_cbc.c - copied unchanged from r246770, vendor-crypto/openssl/dist/ssl/s3_cbc.c head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 - copied, changed from r246771, head/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 Deleted: head/crypto/openssl/doc/crypto/EVP_PKEY_verifyrecover.pod head/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 Modified: head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/FAQ head/crypto/openssl/Makefile head/crypto/openssl/Makefile.org head/crypto/openssl/NEWS head/crypto/openssl/PROBLEMS head/crypto/openssl/README head/crypto/openssl/apps/apps.c head/crypto/openssl/apps/ca.c head/crypto/openssl/apps/cms.c head/crypto/openssl/apps/dgst.c head/crypto/openssl/apps/dhparam.c head/crypto/openssl/apps/dsaparam.c head/crypto/openssl/apps/genrsa.c head/crypto/openssl/apps/ocsp.c head/crypto/openssl/apps/s_cb.c head/crypto/openssl/apps/s_client.c head/crypto/openssl/apps/s_server.c head/crypto/openssl/apps/speed.c head/crypto/openssl/apps/srp.c head/crypto/openssl/apps/verify.c head/crypto/openssl/apps/x509.c head/crypto/openssl/crypto/aes/asm/aes-mips.pl head/crypto/openssl/crypto/aes/asm/aes-s390x.pl head/crypto/openssl/crypto/aes/asm/aes-x86_64.pl head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl head/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl head/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl head/crypto/openssl/crypto/asn1/a_strex.c head/crypto/openssl/crypto/asn1/a_verify.c head/crypto/openssl/crypto/asn1/x_pubkey.c head/crypto/openssl/crypto/bio/bss_dgram.c head/crypto/openssl/crypto/bn/asm/mips.pl head/crypto/openssl/crypto/bn/asm/modexp512-x86_64.pl head/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl head/crypto/openssl/crypto/bn/bn_div.c head/crypto/openssl/crypto/bn/bn_gcd.c head/crypto/openssl/crypto/bn/bn_lcl.h head/crypto/openssl/crypto/camellia/asm/cmll-x86_64.pl head/crypto/openssl/crypto/cms/cms_cd.c head/crypto/openssl/crypto/cms/cms_enc.c head/crypto/openssl/crypto/cms/cms_lib.c head/crypto/openssl/crypto/conf/conf_mall.c head/crypto/openssl/crypto/cryptlib.c head/crypto/openssl/crypto/cryptlib.h head/crypto/openssl/crypto/crypto.h head/crypto/openssl/crypto/des/set_key.c head/crypto/openssl/crypto/des/str2key.c head/crypto/openssl/crypto/ec/ec.h head/crypto/openssl/crypto/ec/ec_key.c head/crypto/openssl/crypto/ec/ec_pmeth.c head/crypto/openssl/crypto/ec/ecp_mont.c head/crypto/openssl/crypto/ec/ectest.c head/crypto/openssl/crypto/ecdh/Makefile head/crypto/openssl/crypto/ecdh/ech_key.c head/crypto/openssl/crypto/ecdh/ech_lib.c head/crypto/openssl/crypto/ecdsa/ecs_lib.c head/crypto/openssl/crypto/err/err_all.c head/crypto/openssl/crypto/evp/Makefile head/crypto/openssl/crypto/evp/digest.c head/crypto/openssl/crypto/evp/e_aes.c head/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c head/crypto/openssl/crypto/evp/evp.h head/crypto/openssl/crypto/evp/evp_err.c head/crypto/openssl/crypto/evp/m_dss.c head/crypto/openssl/crypto/evp/m_dss1.c head/crypto/openssl/crypto/evp/m_sha1.c head/crypto/openssl/crypto/evp/p_sign.c head/crypto/openssl/crypto/evp/p_verify.c head/crypto/openssl/crypto/md4/md4_dgst.c head/crypto/openssl/crypto/md4/md4_locl.h head/crypto/openssl/crypto/md5/asm/md5-x86_64.pl head/crypto/openssl/crypto/md5/md5_locl.h head/crypto/openssl/crypto/mdc2/mdc2dgst.c head/crypto/openssl/crypto/mem.c head/crypto/openssl/crypto/modes/asm/ghash-x86.pl head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl head/crypto/openssl/crypto/modes/gcm128.c head/crypto/openssl/crypto/objects/o_names.c head/crypto/openssl/crypto/ocsp/ocsp_vfy.c head/crypto/openssl/crypto/opensslv.h head/crypto/openssl/crypto/pem/pem_all.c head/crypto/openssl/crypto/pem/pem_lib.c head/crypto/openssl/crypto/pem/pem_seal.c head/crypto/openssl/crypto/perlasm/cbc.pl head/crypto/openssl/crypto/perlasm/x86masm.pl head/crypto/openssl/crypto/pkcs12/p12_key.c head/crypto/openssl/crypto/pkcs7/bio_pk7.c head/crypto/openssl/crypto/ppccap.c head/crypto/openssl/crypto/rand/md_rand.c head/crypto/openssl/crypto/rand/rand_lib.c head/crypto/openssl/crypto/rand/randfile.c head/crypto/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl head/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl head/crypto/openssl/crypto/ripemd/rmd_dgst.c head/crypto/openssl/crypto/ripemd/rmd_locl.h head/crypto/openssl/crypto/rsa/rsa.h head/crypto/openssl/crypto/rsa/rsa_eay.c head/crypto/openssl/crypto/rsa/rsa_oaep.c head/crypto/openssl/crypto/sha/asm/sha1-armv4-large.pl head/crypto/openssl/crypto/sha/asm/sha1-ia64.pl head/crypto/openssl/crypto/sha/asm/sha1-sparcv9a.pl head/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl head/crypto/openssl/crypto/sha/asm/sha512-586.pl head/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl head/crypto/openssl/crypto/sha/sha1_one.c head/crypto/openssl/crypto/sha/sha1dgst.c head/crypto/openssl/crypto/sha/sha256.c head/crypto/openssl/crypto/sha/sha_dgst.c head/crypto/openssl/crypto/sha/sha_locl.h head/crypto/openssl/crypto/sparccpuid.S head/crypto/openssl/crypto/srp/srp_vfy.c head/crypto/openssl/crypto/symhacks.h head/crypto/openssl/crypto/ui/ui_openssl.c head/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl head/crypto/openssl/crypto/whrlpool/asm/wp-x86_64.pl head/crypto/openssl/crypto/x509/x509_cmp.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/crypto/x509v3/v3_purp.c head/crypto/openssl/crypto/x86_64cpuid.pl head/crypto/openssl/crypto/x86cpuid.pl head/crypto/openssl/doc/apps/CA.pl.pod head/crypto/openssl/doc/apps/verify.pod head/crypto/openssl/doc/apps/x509.pod head/crypto/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod head/crypto/openssl/doc/crypto/EVP_PKEY_decrypt.pod head/crypto/openssl/doc/crypto/EVP_PKEY_derive.pod head/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod head/crypto/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod head/crypto/openssl/doc/crypto/EVP_PKEY_keygen.pod head/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod head/crypto/openssl/doc/crypto/EVP_PKEY_verify.pod head/crypto/openssl/engines/ccgost/gost89.c head/crypto/openssl/engines/ccgost/gost_crypt.c head/crypto/openssl/engines/ccgost/gost_eng.c head/crypto/openssl/engines/ccgost/gost_lcl.h head/crypto/openssl/engines/ccgost/gosthash.c head/crypto/openssl/engines/e_capi.c head/crypto/openssl/ssl/Makefile head/crypto/openssl/ssl/d1_enc.c head/crypto/openssl/ssl/d1_pkt.c head/crypto/openssl/ssl/d1_srtp.c head/crypto/openssl/ssl/dtls1.h head/crypto/openssl/ssl/s2_clnt.c head/crypto/openssl/ssl/s2_pkt.c head/crypto/openssl/ssl/s2_srvr.c head/crypto/openssl/ssl/s3_both.c head/crypto/openssl/ssl/s3_clnt.c head/crypto/openssl/ssl/s3_enc.c head/crypto/openssl/ssl/s3_lib.c head/crypto/openssl/ssl/s3_pkt.c head/crypto/openssl/ssl/s3_srvr.c head/crypto/openssl/ssl/ssl.h head/crypto/openssl/ssl/ssl3.h head/crypto/openssl/ssl/ssl_algs.c head/crypto/openssl/ssl/ssl_cert.c head/crypto/openssl/ssl/ssl_ciph.c head/crypto/openssl/ssl/ssl_err.c head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/ssl/ssl_locl.h head/crypto/openssl/ssl/ssl_rsa.c head/crypto/openssl/ssl/ssltest.c head/crypto/openssl/ssl/t1_enc.c head/crypto/openssl/ssl/t1_lib.c head/crypto/openssl/ssl/tls_srp.c head/crypto/openssl/util/libeay.num head/crypto/openssl/util/pl/VC-32.pl head/secure/lib/libcrypto/Makefile head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/Makefile.man head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/BIO_ctrl.3 head/secure/lib/libcrypto/man/BIO_f_base64.3 head/secure/lib/libcrypto/man/BIO_f_buffer.3 head/secure/lib/libcrypto/man/BIO_f_cipher.3 head/secure/lib/libcrypto/man/BIO_f_md.3 head/secure/lib/libcrypto/man/BIO_f_null.3 head/secure/lib/libcrypto/man/BIO_f_ssl.3 head/secure/lib/libcrypto/man/BIO_find_type.3 head/secure/lib/libcrypto/man/BIO_new.3 head/secure/lib/libcrypto/man/BIO_new_CMS.3 head/secure/lib/libcrypto/man/BIO_push.3 head/secure/lib/libcrypto/man/BIO_read.3 head/secure/lib/libcrypto/man/BIO_s_accept.3 head/secure/lib/libcrypto/man/BIO_s_bio.3 head/secure/lib/libcrypto/man/BIO_s_connect.3 head/secure/lib/libcrypto/man/BIO_s_fd.3 head/secure/lib/libcrypto/man/BIO_s_file.3 head/secure/lib/libcrypto/man/BIO_s_mem.3 head/secure/lib/libcrypto/man/BIO_s_null.3 head/secure/lib/libcrypto/man/BIO_s_socket.3 head/secure/lib/libcrypto/man/BIO_set_callback.3 head/secure/lib/libcrypto/man/BIO_should_retry.3 head/secure/lib/libcrypto/man/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/BN_CTX_new.3 head/secure/lib/libcrypto/man/BN_CTX_start.3 head/secure/lib/libcrypto/man/BN_add.3 head/secure/lib/libcrypto/man/BN_add_word.3 head/secure/lib/libcrypto/man/BN_bn2bin.3 head/secure/lib/libcrypto/man/BN_cmp.3 head/secure/lib/libcrypto/man/BN_copy.3 head/secure/lib/libcrypto/man/BN_generate_prime.3 head/secure/lib/libcrypto/man/BN_mod_inverse.3 head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/BN_new.3 head/secure/lib/libcrypto/man/BN_num_bytes.3 head/secure/lib/libcrypto/man/BN_rand.3 head/secure/lib/libcrypto/man/BN_set_bit.3 head/secure/lib/libcrypto/man/BN_swap.3 head/secure/lib/libcrypto/man/BN_zero.3 head/secure/lib/libcrypto/man/CMS_add0_cert.3 head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/CMS_compress.3 head/secure/lib/libcrypto/man/CMS_decrypt.3 head/secure/lib/libcrypto/man/CMS_encrypt.3 head/secure/lib/libcrypto/man/CMS_final.3 head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/CMS_get0_type.3 head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/CMS_sign.3 head/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 head/secure/lib/libcrypto/man/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/CMS_uncompress.3 head/secure/lib/libcrypto/man/CMS_verify.3 head/secure/lib/libcrypto/man/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/CONF_modules_free.3 head/secure/lib/libcrypto/man/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 head/secure/lib/libcrypto/man/DH_generate_key.3 head/secure/lib/libcrypto/man/DH_generate_parameters.3 head/secure/lib/libcrypto/man/DH_get_ex_new_index.3 head/secure/lib/libcrypto/man/DH_new.3 head/secure/lib/libcrypto/man/DH_set_method.3 head/secure/lib/libcrypto/man/DH_size.3 head/secure/lib/libcrypto/man/DSA_SIG_new.3 head/secure/lib/libcrypto/man/DSA_do_sign.3 head/secure/lib/libcrypto/man/DSA_dup_DH.3 head/secure/lib/libcrypto/man/DSA_generate_key.3 head/secure/lib/libcrypto/man/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/DSA_new.3 head/secure/lib/libcrypto/man/DSA_set_method.3 head/secure/lib/libcrypto/man/DSA_sign.3 head/secure/lib/libcrypto/man/DSA_size.3 head/secure/lib/libcrypto/man/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/ERR_clear_error.3 head/secure/lib/libcrypto/man/ERR_error_string.3 head/secure/lib/libcrypto/man/ERR_get_error.3 head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/ERR_load_strings.3 head/secure/lib/libcrypto/man/ERR_print_errors.3 head/secure/lib/libcrypto/man/ERR_put_error.3 head/secure/lib/libcrypto/man/ERR_remove_state.3 head/secure/lib/libcrypto/man/ERR_set_mark.3 head/secure/lib/libcrypto/man/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/EVP_DigestInit.3 head/secure/lib/libcrypto/man/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/EVP_OpenInit.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/EVP_SealInit.3 head/secure/lib/libcrypto/man/EVP_SignInit.3 head/secure/lib/libcrypto/man/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/OPENSSL_config.3 head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/PKCS12_create.3 head/secure/lib/libcrypto/man/PKCS12_parse.3 head/secure/lib/libcrypto/man/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/PKCS7_sign.3 head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/PKCS7_verify.3 head/secure/lib/libcrypto/man/RAND_add.3 head/secure/lib/libcrypto/man/RAND_bytes.3 head/secure/lib/libcrypto/man/RAND_cleanup.3 head/secure/lib/libcrypto/man/RAND_egd.3 head/secure/lib/libcrypto/man/RAND_load_file.3 head/secure/lib/libcrypto/man/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/RSA_blinding_on.3 head/secure/lib/libcrypto/man/RSA_check_key.3 head/secure/lib/libcrypto/man/RSA_generate_key.3 head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 head/secure/lib/libcrypto/man/RSA_new.3 head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/RSA_print.3 head/secure/lib/libcrypto/man/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/RSA_set_method.3 head/secure/lib/libcrypto/man/RSA_sign.3 head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/RSA_size.3 head/secure/lib/libcrypto/man/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/X509_new.3 head/secure/lib/libcrypto/man/X509_verify_cert.3 head/secure/lib/libcrypto/man/bio.3 head/secure/lib/libcrypto/man/blowfish.3 head/secure/lib/libcrypto/man/bn.3 head/secure/lib/libcrypto/man/bn_internal.3 head/secure/lib/libcrypto/man/buffer.3 head/secure/lib/libcrypto/man/crypto.3 head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 head/secure/lib/libcrypto/man/d2i_DHparams.3 head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 head/secure/lib/libcrypto/man/d2i_X509.3 head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 head/secure/lib/libcrypto/man/d2i_X509_CRL.3 head/secure/lib/libcrypto/man/d2i_X509_NAME.3 head/secure/lib/libcrypto/man/d2i_X509_REQ.3 head/secure/lib/libcrypto/man/d2i_X509_SIG.3 head/secure/lib/libcrypto/man/des.3 head/secure/lib/libcrypto/man/dh.3 head/secure/lib/libcrypto/man/dsa.3 head/secure/lib/libcrypto/man/ecdsa.3 head/secure/lib/libcrypto/man/engine.3 head/secure/lib/libcrypto/man/err.3 head/secure/lib/libcrypto/man/evp.3 head/secure/lib/libcrypto/man/hmac.3 head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/lh_stats.3 head/secure/lib/libcrypto/man/lhash.3 head/secure/lib/libcrypto/man/md5.3 head/secure/lib/libcrypto/man/mdc2.3 head/secure/lib/libcrypto/man/pem.3 head/secure/lib/libcrypto/man/rand.3 head/secure/lib/libcrypto/man/rc4.3 head/secure/lib/libcrypto/man/ripemd.3 head/secure/lib/libcrypto/man/rsa.3 head/secure/lib/libcrypto/man/sha.3 head/secure/lib/libcrypto/man/threads.3 head/secure/lib/libcrypto/man/ui.3 head/secure/lib/libcrypto/man/ui_compat.3 head/secure/lib/libcrypto/man/x509.3 head/secure/lib/libssl/Makefile head/secure/lib/libssl/man/SSL_CIPHER_get_name.3 head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libssl/man/SSL_CTX_add_session.3 head/secure/lib/libssl/man/SSL_CTX_ctrl.3 head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 head/secure/lib/libssl/man/SSL_CTX_free.3 head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 head/secure/lib/libssl/man/SSL_CTX_new.3 head/secure/lib/libssl/man/SSL_CTX_sess_number.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libssl/man/SSL_CTX_sessions.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 head/secure/lib/libssl/man/SSL_CTX_set_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_options.3 head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 head/secure/lib/libssl/man/SSL_CTX_set_timeout.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 head/secure/lib/libssl/man/SSL_CTX_set_verify.3 head/secure/lib/libssl/man/SSL_CTX_use_certificate.3 head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libssl/man/SSL_SESSION_free.3 head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_SESSION_get_time.3 head/secure/lib/libssl/man/SSL_accept.3 head/secure/lib/libssl/man/SSL_alert_type_string.3 head/secure/lib/libssl/man/SSL_clear.3 head/secure/lib/libssl/man/SSL_connect.3 head/secure/lib/libssl/man/SSL_do_handshake.3 head/secure/lib/libssl/man/SSL_free.3 head/secure/lib/libssl/man/SSL_get_SSL_CTX.3 head/secure/lib/libssl/man/SSL_get_ciphers.3 head/secure/lib/libssl/man/SSL_get_client_CA_list.3 head/secure/lib/libssl/man/SSL_get_current_cipher.3 head/secure/lib/libssl/man/SSL_get_default_timeout.3 head/secure/lib/libssl/man/SSL_get_error.3 head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 head/secure/lib/libssl/man/SSL_get_ex_new_index.3 head/secure/lib/libssl/man/SSL_get_fd.3 head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 head/secure/lib/libssl/man/SSL_get_peer_certificate.3 head/secure/lib/libssl/man/SSL_get_psk_identity.3 head/secure/lib/libssl/man/SSL_get_rbio.3 head/secure/lib/libssl/man/SSL_get_session.3 head/secure/lib/libssl/man/SSL_get_verify_result.3 head/secure/lib/libssl/man/SSL_get_version.3 head/secure/lib/libssl/man/SSL_library_init.3 head/secure/lib/libssl/man/SSL_load_client_CA_file.3 head/secure/lib/libssl/man/SSL_new.3 head/secure/lib/libssl/man/SSL_pending.3 head/secure/lib/libssl/man/SSL_read.3 head/secure/lib/libssl/man/SSL_rstate_string.3 head/secure/lib/libssl/man/SSL_session_reused.3 head/secure/lib/libssl/man/SSL_set_bio.3 head/secure/lib/libssl/man/SSL_set_connect_state.3 head/secure/lib/libssl/man/SSL_set_fd.3 head/secure/lib/libssl/man/SSL_set_session.3 head/secure/lib/libssl/man/SSL_set_shutdown.3 head/secure/lib/libssl/man/SSL_set_verify_result.3 head/secure/lib/libssl/man/SSL_shutdown.3 head/secure/lib/libssl/man/SSL_state_string.3 head/secure/lib/libssl/man/SSL_want.3 head/secure/lib/libssl/man/SSL_write.3 head/secure/lib/libssl/man/d2i_SSL_SESSION.3 head/secure/lib/libssl/man/ssl.3 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 head/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/CHANGES Wed Feb 13 23:07:20 2013 (r246772) @@ -2,6 +2,53 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] + + *) + + Changes between 1.0.1c and 1.0.1d [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode + ciphersuites which can be exploited in a denial of service attack. + Thanks go to and to Adam Langley for discovering + and detecting this bug and to Wolfgang Ettlinger + for independently discovering this issue. + (CVE-2012-2686) + [Adam Langley] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Make openssl verify return errors. + [Chris Palmer and Ben Laurie] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + [Rob Stradling ] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + *) Don't use TLS 1.0 record version number in initial client hello + if renegotiating. + [Steve Henson] + Changes between 1.0.1b and 1.0.1c [10 May 2012] *) Sanity check record length before skipping explicit IV in TLS Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/Configure Wed Feb 13 23:07:20 2013 (r246772) @@ -171,20 +171,22 @@ my %table=( "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", "debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", +"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", @@ -243,7 +245,7 @@ my %table=( "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -464,8 +466,8 @@ my %table=( "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) Modified: head/crypto/openssl/FAQ ============================================================================== --- head/crypto/openssl/FAQ Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/FAQ Wed Feb 13 23:07:20 2013 (r246772) @@ -83,11 +83,11 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 1.0.1c was released on May 10th, 2012. +OpenSSL 1.0.1e was released on Feb 11th, 2013. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at , or get it by anonymous CVS access. +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. * Where is the documentation? Modified: head/crypto/openssl/Makefile ============================================================================== --- head/crypto/openssl/Makefile Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/Makefile Wed Feb 13 23:07:20 2013 (r246772) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1c +VERSION=1.0.1e MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -71,7 +71,7 @@ RANLIB= /usr/bin/ranlib NM= nm PERL= /usr/bin/perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib @@ -446,7 +446,7 @@ rehash.time: certs apps [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) && \ + $(PERL) tools/c_rehash certs/demo) && \ touch rehash.time; \ else :; fi Modified: head/crypto/openssl/Makefile.org ============================================================================== --- head/crypto/openssl/Makefile.org Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/Makefile.org Wed Feb 13 23:07:20 2013 (r246772) @@ -69,7 +69,7 @@ RANLIB= ranlib NM= nm PERL= perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib @@ -444,7 +444,7 @@ rehash.time: certs apps [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) && \ + $(PERL) tools/c_rehash certs/demo) && \ touch rehash.time; \ else :; fi Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/NEWS Wed Feb 13 23:07:20 2013 (r246772) @@ -5,6 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: + + o Corrected fix for CVE-2013-0169 + + Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: + + o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. + o Include the fips configuration module. + o Fix OCSP bad key DoS attack CVE-2013-0166 + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix for TLS AESNI record handling flaw CVE-2012-2686 + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: o Fix TLS/DTLS record length checking bug CVE-2012-2333 Modified: head/crypto/openssl/PROBLEMS ============================================================================== --- head/crypto/openssl/PROBLEMS Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/PROBLEMS Wed Feb 13 23:07:20 2013 (r246772) @@ -197,3 +197,17 @@ reconfigure with additional no-sse2 [or We don't have framework to associate -ldl with no-dso, therefore the only way is to edit Makefile right after ./config no-dso and remove -ldl from EX_LIBS line. + +* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH. + +Compiler bug, presumably at particular patch level. Remaining +hpux*-parisc*-cc configurations can be affected too. Drop optimization +level to +O2 when compiling bn_nist.o. + +* solaris64-sparcv9-cc link failure + +Solaris 8 ar can fail to maintain symbol table in .a, which results in +link failures. Apply 109147-09 or later or modify Makefile generated +by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with + + RANLIB= /usr/ccs/bin/ar rs Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/README Wed Feb 13 23:07:20 2013 (r246772) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1c 10 May 2012 + OpenSSL 1.0.1e 11 Feb 2013 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -190,7 +190,7 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current CVS or the last snapshot. They should follow the coding style of + current Git or the last snapshot. They should follow the coding style of OpenSSL and compile without warnings. Some of the core team developer targets can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL compiles on many varied platforms: try to ensure you only use portable Modified: head/crypto/openssl/apps/apps.c ============================================================================== --- head/crypto/openssl/apps/apps.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/apps.c Wed Feb 13 23:07:20 2013 (r246772) @@ -2132,7 +2132,7 @@ X509_NAME *parse_name(char *subject, lon X509_NAME *n = NULL; int nid; - if (!buf || !ne_types || !ne_values) + if (!buf || !ne_types || !ne_values || !mval) { BIO_printf(bio_err, "malloc error\n"); goto error; @@ -2236,6 +2236,7 @@ X509_NAME *parse_name(char *subject, lon OPENSSL_free(ne_values); OPENSSL_free(ne_types); OPENSSL_free(buf); + OPENSSL_free(mval); return n; error: @@ -2244,6 +2245,8 @@ error: OPENSSL_free(ne_values); if (ne_types) OPENSSL_free(ne_types); + if (mval) + OPENSSL_free(mval); if (buf) OPENSSL_free(buf); return NULL; Modified: head/crypto/openssl/apps/ca.c ============================================================================== --- head/crypto/openssl/apps/ca.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/ca.c Wed Feb 13 23:07:20 2013 (r246772) @@ -1408,6 +1408,7 @@ bad: if (!NCONF_get_number(conf,section, ENV_DEFAULT_CRL_HOURS, &crlhours)) crlhours = 0; + ERR_clear_error(); } if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) { Modified: head/crypto/openssl/apps/cms.c ============================================================================== --- head/crypto/openssl/apps/cms.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/cms.c Wed Feb 13 23:07:20 2013 (r246772) @@ -233,6 +233,8 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-camellia256")) cipher = EVP_camellia_256_cbc(); #endif + else if (!strcmp (*args, "-debug_decrypt")) + flags |= CMS_DEBUG_DECRYPT; else if (!strcmp (*args, "-text")) flags |= CMS_TEXT; else if (!strcmp (*args, "-nointern")) @@ -1039,6 +1041,8 @@ int MAIN(int argc, char **argv) ret = 4; if (operation == SMIME_DECRYPT) { + if (flags & CMS_DEBUG_DECRYPT) + CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); if (secret_key) { Modified: head/crypto/openssl/apps/dgst.c ============================================================================== --- head/crypto/openssl/apps/dgst.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/dgst.c Wed Feb 13 23:07:20 2013 (r246772) @@ -216,10 +216,10 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow=1; else if (!strcmp(*argv,"-fips-fingerprint")) hmac_key = "etaonrishdlcupfm"; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) Modified: head/crypto/openssl/apps/dhparam.c ============================================================================== --- head/crypto/openssl/apps/dhparam.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/dhparam.c Wed Feb 13 23:07:20 2013 (r246772) @@ -332,7 +332,6 @@ bad: BIO_printf(bio_err,"This is going to take a long time\n"); if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { - if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } Modified: head/crypto/openssl/apps/dsaparam.c ============================================================================== --- head/crypto/openssl/apps/dsaparam.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/dsaparam.c Wed Feb 13 23:07:20 2013 (r246772) @@ -326,6 +326,7 @@ bad: goto end; } #endif + ERR_print_errors(bio_err); BIO_printf(bio_err,"Error, DSA key generation failed\n"); goto end; } @@ -429,13 +430,19 @@ bad: assert(need_rand); if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; - if (!DSA_generate_key(dsakey)) goto end; + if (!DSA_generate_key(dsakey)) + { + ERR_print_errors(bio_err); + DSA_free(dsakey); + goto end; + } if (outformat == FORMAT_ASN1) i=i2d_DSAPrivateKey_bio(out,dsakey); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); + DSA_free(dsakey); goto end; } DSA_free(dsakey); Modified: head/crypto/openssl/apps/genrsa.c ============================================================================== --- head/crypto/openssl/apps/genrsa.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/genrsa.c Wed Feb 13 23:07:20 2013 (r246772) @@ -78,7 +78,7 @@ #include #include -#define DEFBITS 512 +#define DEFBITS 1024 #undef PROG #define PROG genrsa_main Modified: head/crypto/openssl/apps/ocsp.c ============================================================================== --- head/crypto/openssl/apps/ocsp.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/ocsp.c Wed Feb 13 23:07:20 2013 (r246772) @@ -617,7 +617,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-ndays n number of days before next update\n"); BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); - BIO_printf (bio_err, "- use specified digest in the request"); + BIO_printf (bio_err, "- use specified digest in the request\n"); goto end; } Modified: head/crypto/openssl/apps/s_cb.c ============================================================================== --- head/crypto/openssl/apps/s_cb.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/s_cb.c Wed Feb 13 23:07:20 2013 (r246772) @@ -237,8 +237,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *c /* If we are using DSA, we can copy the parameters from * the private key */ - - + + /* Now we know that a key and cert have been set against * the SSL context */ if (!SSL_CTX_check_private_key(ctx)) @@ -436,6 +436,8 @@ void MS_CALLBACK msg_cb(int write_p, int if (version == SSL3_VERSION || version == TLS1_VERSION || + version == TLS1_1_VERSION || + version == TLS1_2_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { Modified: head/crypto/openssl/apps/s_client.c ============================================================================== --- head/crypto/openssl/apps/s_client.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/s_client.c Wed Feb 13 23:07:20 2013 (r246772) @@ -357,12 +357,14 @@ static void sc_usage(void) BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); -# if !defined(OPENSSL_NO_NEXTPROTONEG) +# ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); # endif #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +#ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +#endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } @@ -502,7 +504,9 @@ static char * MS_CALLBACK ssl_give_srp_c } #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif # ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -536,7 +540,7 @@ static int next_proto_cb(SSL *s, unsigne ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; } -# endif +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ #endif enum @@ -945,11 +949,13 @@ int MAIN(int argc, char **argv) jpake_secret = *++argv; } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1130,6 +1136,8 @@ bad: BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } +#endif +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif @@ -1890,6 +1898,10 @@ end: print_stuff(bio_c_out,con,1); SSL_free(con); } +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) + if (next_proto.data) + OPENSSL_free(next_proto.data); +#endif if (ctx != NULL) SSL_CTX_free(ctx); if (cert) X509_free(cert); @@ -1897,6 +1909,8 @@ end: EVP_PKEY_free(key); if (pass) OPENSSL_free(pass); + if (vpm) + X509_VERIFY_PARAM_free(vpm); if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } @@ -2061,6 +2075,7 @@ static void print_stuff(BIO *bio, SSL *s } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); @@ -2068,6 +2083,7 @@ static void print_stuff(BIO *bio, SSL *s BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) Modified: head/crypto/openssl/apps/s_server.c ============================================================================== --- head/crypto/openssl/apps/s_server.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/s_server.c Wed Feb 13 23:07:20 2013 (r246772) @@ -556,7 +556,9 @@ static void sv_usage(void) # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif +# ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +# endif #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); @@ -923,7 +925,9 @@ static char *jpake_secret = NULL; #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif +#ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; +#endif int MAIN(int argc, char *argv[]) { @@ -1206,13 +1210,13 @@ int MAIN(int argc, char *argv[]) { if (--argc < 1) goto bad; srp_verifier_file = *(++argv); - meth=TLSv1_server_method(); + meth = TLSv1_server_method(); } else if (strcmp(*argv, "-srpuserseed") == 0) { if (--argc < 1) goto bad; srpuserseed = *(++argv); - meth=TLSv1_server_method(); + meth = TLSv1_server_method(); } #endif else if (strcmp(*argv,"-www") == 0) @@ -1319,11 +1323,13 @@ int MAIN(int argc, char *argv[]) jpake_secret = *(++argv); } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1431,25 +1437,24 @@ bad: goto end; } } - -# ifndef OPENSSL_NO_NEXTPROTONEG - if (next_proto_neg_in) - { - unsigned short len; - next_proto.data = next_protos_parse(&len, - next_proto_neg_in); - if (next_proto.data == NULL) - goto end; - next_proto.len = len; - } - else - { - next_proto.data = NULL; - } -# endif #endif } +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) + if (next_proto_neg_in) + { + unsigned short len; + next_proto.data = next_protos_parse(&len, next_proto_neg_in); + if (next_proto.data == NULL) + goto end; + next_proto.len = len; + } + else + { + next_proto.data = NULL; + } +#endif + if (s_dcert_file) { @@ -1550,8 +1555,10 @@ bad: else SSL_CTX_sess_set_cache_size(ctx,128); +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); +#endif #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -1730,7 +1737,7 @@ bad: } #endif - if (!set_cert_key_stuff(ctx,s_cert,s_key)) + if (!set_cert_key_stuff(ctx, s_cert, s_key)) goto end; #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) @@ -1738,7 +1745,7 @@ bad: #endif if (s_dcert != NULL) { - if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) + if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) goto end; } @@ -1893,7 +1900,15 @@ end: OPENSSL_free(pass); if (dpass) OPENSSL_free(dpass); + if (vpm) + X509_VERIFY_PARAM_free(vpm); #ifndef OPENSSL_NO_TLSEXT + if (tlscstatp.host) + OPENSSL_free(tlscstatp.host); + if (tlscstatp.port) + OPENSSL_free(tlscstatp.port); + if (tlscstatp.path) + OPENSSL_free(tlscstatp.path); if (ctx2 != NULL) SSL_CTX_free(ctx2); if (s_cert2) X509_free(s_cert2); @@ -2433,6 +2448,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); + #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); if (next_proto_neg) @@ -2442,6 +2458,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(con); @@ -2450,6 +2467,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) @@ -2701,6 +2719,11 @@ static int www_body(char *hostname, int } BIO_puts(io,"\n"); + BIO_printf(io, + "Secure Renegotiation IS%s supported\n", + SSL_get_secure_renegotiation_support(con) ? + "" : " NOT"); + /* The following is evil and should not really * be done */ BIO_printf(io,"Ciphers supported in s_server binary\n"); Modified: head/crypto/openssl/apps/speed.c ============================================================================== --- head/crypto/openssl/apps/speed.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/speed.c Wed Feb 13 23:07:20 2013 (r246772) @@ -254,7 +254,7 @@ static const char *names[ALGOR_NUM]={ "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", "evp","sha256","sha512","whirlpool", - "aes-128 ige","aes-192 ige","aes-256 ige","ghash"}; + "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; #ifndef OPENSSL_NO_RSA @@ -299,7 +299,7 @@ static SIGRETTYPE sig_done(int sig) #if defined(_WIN32) #if !defined(SIGALRM) -#define SIGALRM +# define SIGALRM #endif static unsigned int lapse,schlock; static void alarm_win32(unsigned int secs) { lapse = secs*1000; } Modified: head/crypto/openssl/apps/srp.c ============================================================================== --- head/crypto/openssl/apps/srp.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/srp.c Wed Feb 13 23:07:20 2013 (r246772) @@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id if (type == DB_SRP_INDEX) for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); - if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid])) + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); + if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) return i; } else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) return i; @@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO * if (indx >= 0 && verbose) { int j; - char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx); + char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); for (j = 0; j < DB_NUMBER; j++) { @@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *b { if (verbose > 0) { - char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); if (pp[DB_srptype][0] != 'I') { @@ -517,7 +517,7 @@ bad: /* Lets check some fields */ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX) { @@ -533,8 +533,8 @@ bad: if (gNindex >= 0) { - gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex); - print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ; + gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex); + print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { @@ -587,7 +587,7 @@ bad: if (userindex >= 0) { /* reactivation of a new user */ - char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); row[DB_srptype][0] = 'V'; @@ -634,7 +634,7 @@ bad: else { - char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); char type = row[DB_srptype][0]; if (type == 'v') { @@ -664,9 +664,9 @@ bad: if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) { - BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); - errors++; - goto err; + BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); + errors++; + goto err; } row[DB_srptype][0] = 'v'; @@ -689,7 +689,7 @@ bad: } else { - char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex); + char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); xpp[DB_srptype][0] = 'R'; @@ -714,7 +714,7 @@ bad: /* Lets check some fields */ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i); + pp = sk_OPENSSL_PSTRING_value(db->db->data,i); if (pp[DB_srptype][0] == 'v') { Modified: head/crypto/openssl/apps/verify.c ============================================================================== --- head/crypto/openssl/apps/verify.c Wed Feb 13 22:38:20 2013 (r246771) +++ head/crypto/openssl/apps/verify.c Wed Feb 13 23:07:20 2013 (r246772) @@ -222,11 +222,19 @@ int MAIN(int argc, char **argv) goto end; } - if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); + ret = 0; + if (argc < 1) + { + if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e)) + ret = -1; + } else + { for (i=0; i