Date: Thu, 2 Nov 2017 18:22:54 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r325335 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto... Message-ID: <201711021822.vA2IMsqQ080258@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Thu Nov 2 18:22:53 2017 New Revision: 325335 URL: https://svnweb.freebsd.org/changeset/base/325335 Log: MFC: r318899 Merge OpenSSL 1.0.2l. Added: stable/11/crypto/openssl/doc/man3/ - copied from r318899, head/crypto/openssl/doc/man3/ stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 - copied unchanged from r318899, head/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 Modified: stable/11/crypto/openssl/CHANGES stable/11/crypto/openssl/Configure stable/11/crypto/openssl/LICENSE stable/11/crypto/openssl/Makefile stable/11/crypto/openssl/Makefile.org stable/11/crypto/openssl/NEWS stable/11/crypto/openssl/README stable/11/crypto/openssl/apps/ca.c stable/11/crypto/openssl/apps/dhparam.c stable/11/crypto/openssl/apps/enc.c stable/11/crypto/openssl/apps/engine.c stable/11/crypto/openssl/apps/pkeyutl.c stable/11/crypto/openssl/apps/prime.c stable/11/crypto/openssl/apps/progs.h stable/11/crypto/openssl/apps/progs.pl stable/11/crypto/openssl/apps/req.c stable/11/crypto/openssl/apps/s_client.c stable/11/crypto/openssl/apps/s_server.c stable/11/crypto/openssl/apps/srp.c stable/11/crypto/openssl/appveyor.yml stable/11/crypto/openssl/config stable/11/crypto/openssl/crypto/aes/Makefile stable/11/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl stable/11/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl stable/11/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl stable/11/crypto/openssl/crypto/asn1/a_bitstr.c stable/11/crypto/openssl/crypto/asn1/a_digest.c stable/11/crypto/openssl/crypto/asn1/a_gentm.c stable/11/crypto/openssl/crypto/asn1/a_strnid.c stable/11/crypto/openssl/crypto/asn1/a_time.c stable/11/crypto/openssl/crypto/asn1/a_utctm.c stable/11/crypto/openssl/crypto/asn1/f_enum.c stable/11/crypto/openssl/crypto/asn1/f_int.c stable/11/crypto/openssl/crypto/asn1/tasn_dec.c stable/11/crypto/openssl/crypto/asn1/tasn_new.c stable/11/crypto/openssl/crypto/asn1/x_long.c stable/11/crypto/openssl/crypto/asn1/x_name.c stable/11/crypto/openssl/crypto/bio/b_print.c stable/11/crypto/openssl/crypto/bio/bio_cb.c stable/11/crypto/openssl/crypto/bio/bss_file.c stable/11/crypto/openssl/crypto/bn/Makefile stable/11/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl stable/11/crypto/openssl/crypto/bn/bn_prime.c stable/11/crypto/openssl/crypto/bn/bn_prime.h stable/11/crypto/openssl/crypto/bn/bn_prime.pl stable/11/crypto/openssl/crypto/bn/bn_print.c stable/11/crypto/openssl/crypto/comp/c_rle.c stable/11/crypto/openssl/crypto/conf/conf.h stable/11/crypto/openssl/crypto/conf/conf_def.c stable/11/crypto/openssl/crypto/conf/conf_err.c stable/11/crypto/openssl/crypto/des/Makefile stable/11/crypto/openssl/crypto/des/set_key.c stable/11/crypto/openssl/crypto/dh/dh.h stable/11/crypto/openssl/crypto/ec/ec_ameth.c stable/11/crypto/openssl/crypto/ec/ec_asn1.c stable/11/crypto/openssl/crypto/ec/ec_mult.c stable/11/crypto/openssl/crypto/ec/eck_prn.c stable/11/crypto/openssl/crypto/engine/eng_cryptodev.c stable/11/crypto/openssl/crypto/err/err.c stable/11/crypto/openssl/crypto/err/err.h stable/11/crypto/openssl/crypto/evp/e_aes.c stable/11/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c stable/11/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c stable/11/crypto/openssl/crypto/evp/e_des3.c stable/11/crypto/openssl/crypto/evp/evp_enc.c stable/11/crypto/openssl/crypto/evp/pmeth_lib.c stable/11/crypto/openssl/crypto/ex_data.c stable/11/crypto/openssl/crypto/hmac/hm_pmeth.c stable/11/crypto/openssl/crypto/md5/Makefile stable/11/crypto/openssl/crypto/mem.c stable/11/crypto/openssl/crypto/modes/Makefile stable/11/crypto/openssl/crypto/o_dir.c stable/11/crypto/openssl/crypto/o_time.c stable/11/crypto/openssl/crypto/opensslv.h stable/11/crypto/openssl/crypto/perlasm/x86_64-xlate.pl stable/11/crypto/openssl/crypto/pkcs12/p12_mutl.c stable/11/crypto/openssl/crypto/ppccap.c stable/11/crypto/openssl/crypto/rand/md_rand.c stable/11/crypto/openssl/crypto/rc4/Makefile stable/11/crypto/openssl/crypto/rsa/rsa_pmeth.c stable/11/crypto/openssl/crypto/rsa/rsa_pss.c stable/11/crypto/openssl/crypto/sha/Makefile stable/11/crypto/openssl/crypto/srp/srp_vfy.c stable/11/crypto/openssl/crypto/txt_db/txt_db.c stable/11/crypto/openssl/crypto/ui/ui_lib.c stable/11/crypto/openssl/crypto/x509/x509_lu.c stable/11/crypto/openssl/crypto/x509v3/v3_alt.c stable/11/crypto/openssl/crypto/x509v3/v3_cpols.c stable/11/crypto/openssl/crypto/x509v3/v3_info.c stable/11/crypto/openssl/crypto/x509v3/v3_purp.c stable/11/crypto/openssl/crypto/x86_64cpuid.pl stable/11/crypto/openssl/crypto/x86cpuid.pl stable/11/crypto/openssl/doc/apps/ciphers.pod stable/11/crypto/openssl/doc/apps/config.pod stable/11/crypto/openssl/doc/apps/genrsa.pod stable/11/crypto/openssl/doc/apps/req.pod stable/11/crypto/openssl/doc/apps/s_client.pod stable/11/crypto/openssl/doc/apps/s_server.pod stable/11/crypto/openssl/doc/crypto/EVP_EncryptInit.pod stable/11/crypto/openssl/doc/crypto/RSA_private_encrypt.pod stable/11/crypto/openssl/doc/crypto/RSA_public_encrypt.pod stable/11/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod stable/11/crypto/openssl/doc/crypto/des.pod stable/11/crypto/openssl/ssl/d1_both.c stable/11/crypto/openssl/ssl/d1_clnt.c stable/11/crypto/openssl/ssl/d1_pkt.c stable/11/crypto/openssl/ssl/d1_srvr.c stable/11/crypto/openssl/ssl/s23_clnt.c stable/11/crypto/openssl/ssl/s23_srvr.c stable/11/crypto/openssl/ssl/s3_clnt.c stable/11/crypto/openssl/ssl/s3_enc.c stable/11/crypto/openssl/ssl/s3_lib.c stable/11/crypto/openssl/ssl/s3_pkt.c stable/11/crypto/openssl/ssl/s3_srvr.c stable/11/crypto/openssl/ssl/ssl_cert.c stable/11/crypto/openssl/ssl/ssl_ciph.c stable/11/crypto/openssl/ssl/ssl_lib.c stable/11/crypto/openssl/ssl/ssl_locl.h stable/11/crypto/openssl/ssl/ssl_rsa.c stable/11/crypto/openssl/ssl/ssl_sess.c stable/11/crypto/openssl/ssl/ssltest.c stable/11/crypto/openssl/ssl/t1_ext.c stable/11/crypto/openssl/ssl/t1_lib.c stable/11/crypto/openssl/util/domd stable/11/crypto/openssl/util/mk1mf.pl stable/11/secure/lib/libcrypto/Makefile.inc stable/11/secure/lib/libcrypto/Makefile.man stable/11/secure/lib/libcrypto/amd64/aesni-sha1-x86_64.S stable/11/secure/lib/libcrypto/amd64/aesni-sha256-x86_64.S stable/11/secure/lib/libcrypto/amd64/x86_64cpuid.S stable/11/secure/lib/libcrypto/arm/bsaes-armv7.S stable/11/secure/lib/libcrypto/i386/x86cpuid.S stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3 stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/11/secure/lib/libcrypto/man/BIO_ctrl.3 stable/11/secure/lib/libcrypto/man/BIO_f_base64.3 stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/11/secure/lib/libcrypto/man/BIO_f_md.3 stable/11/secure/lib/libcrypto/man/BIO_f_null.3 stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/11/secure/lib/libcrypto/man/BIO_find_type.3 stable/11/secure/lib/libcrypto/man/BIO_new.3 stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/11/secure/lib/libcrypto/man/BIO_push.3 stable/11/secure/lib/libcrypto/man/BIO_read.3 stable/11/secure/lib/libcrypto/man/BIO_s_accept.3 stable/11/secure/lib/libcrypto/man/BIO_s_bio.3 stable/11/secure/lib/libcrypto/man/BIO_s_connect.3 stable/11/secure/lib/libcrypto/man/BIO_s_fd.3 stable/11/secure/lib/libcrypto/man/BIO_s_file.3 stable/11/secure/lib/libcrypto/man/BIO_s_mem.3 stable/11/secure/lib/libcrypto/man/BIO_s_null.3 stable/11/secure/lib/libcrypto/man/BIO_s_socket.3 stable/11/secure/lib/libcrypto/man/BIO_set_callback.3 stable/11/secure/lib/libcrypto/man/BIO_should_retry.3 stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_start.3 stable/11/secure/lib/libcrypto/man/BN_add.3 stable/11/secure/lib/libcrypto/man/BN_add_word.3 stable/11/secure/lib/libcrypto/man/BN_bn2bin.3 stable/11/secure/lib/libcrypto/man/BN_cmp.3 stable/11/secure/lib/libcrypto/man/BN_copy.3 stable/11/secure/lib/libcrypto/man/BN_generate_prime.3 stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/11/secure/lib/libcrypto/man/BN_new.3 stable/11/secure/lib/libcrypto/man/BN_num_bytes.3 stable/11/secure/lib/libcrypto/man/BN_rand.3 stable/11/secure/lib/libcrypto/man/BN_set_bit.3 stable/11/secure/lib/libcrypto/man/BN_swap.3 stable/11/secure/lib/libcrypto/man/BN_zero.3 stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/11/secure/lib/libcrypto/man/CMS_compress.3 stable/11/secure/lib/libcrypto/man/CMS_decrypt.3 stable/11/secure/lib/libcrypto/man/CMS_encrypt.3 stable/11/secure/lib/libcrypto/man/CMS_final.3 stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_type.3 stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/11/secure/lib/libcrypto/man/CMS_sign.3 stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/11/secure/lib/libcrypto/man/CMS_uncompress.3 stable/11/secure/lib/libcrypto/man/CMS_verify.3 stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/11/secure/lib/libcrypto/man/CONF_modules_free.3 stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/11/secure/lib/libcrypto/man/DH_generate_key.3 stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DH_new.3 stable/11/secure/lib/libcrypto/man/DH_set_method.3 stable/11/secure/lib/libcrypto/man/DH_size.3 stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/11/secure/lib/libcrypto/man/DSA_do_sign.3 stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/11/secure/lib/libcrypto/man/DSA_generate_key.3 stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DSA_new.3 stable/11/secure/lib/libcrypto/man/DSA_set_method.3 stable/11/secure/lib/libcrypto/man/DSA_sign.3 stable/11/secure/lib/libcrypto/man/DSA_size.3 stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3 stable/11/secure/lib/libcrypto/man/EC_KEY_new.3 stable/11/secure/lib/libcrypto/man/EC_POINT_add.3 stable/11/secure/lib/libcrypto/man/EC_POINT_new.3 stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/11/secure/lib/libcrypto/man/ERR_clear_error.3 stable/11/secure/lib/libcrypto/man/ERR_error_string.3 stable/11/secure/lib/libcrypto/man/ERR_get_error.3 stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/11/secure/lib/libcrypto/man/ERR_load_strings.3 stable/11/secure/lib/libcrypto/man/ERR_print_errors.3 stable/11/secure/lib/libcrypto/man/ERR_put_error.3 stable/11/secure/lib/libcrypto/man/ERR_remove_state.3 stable/11/secure/lib/libcrypto/man/ERR_set_mark.3 stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/11/secure/lib/libcrypto/man/EVP_SealInit.3 stable/11/secure/lib/libcrypto/man/EVP_SignInit.3 stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/11/secure/lib/libcrypto/man/OPENSSL_config.3 stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/11/secure/lib/libcrypto/man/PKCS12_create.3 stable/11/secure/lib/libcrypto/man/PKCS12_parse.3 stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/11/secure/lib/libcrypto/man/PKCS7_verify.3 stable/11/secure/lib/libcrypto/man/RAND_add.3 stable/11/secure/lib/libcrypto/man/RAND_bytes.3 stable/11/secure/lib/libcrypto/man/RAND_cleanup.3 stable/11/secure/lib/libcrypto/man/RAND_egd.3 stable/11/secure/lib/libcrypto/man/RAND_load_file.3 stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/11/secure/lib/libcrypto/man/RSA_check_key.3 stable/11/secure/lib/libcrypto/man/RSA_generate_key.3 stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/RSA_new.3 stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/11/secure/lib/libcrypto/man/RSA_print.3 stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_set_method.3 stable/11/secure/lib/libcrypto/man/RSA_sign.3 stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/11/secure/lib/libcrypto/man/RSA_size.3 stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/11/secure/lib/libcrypto/man/X509_check_host.3 stable/11/secure/lib/libcrypto/man/X509_new.3 stable/11/secure/lib/libcrypto/man/X509_verify_cert.3 stable/11/secure/lib/libcrypto/man/bio.3 stable/11/secure/lib/libcrypto/man/blowfish.3 stable/11/secure/lib/libcrypto/man/bn.3 stable/11/secure/lib/libcrypto/man/bn_internal.3 stable/11/secure/lib/libcrypto/man/buffer.3 stable/11/secure/lib/libcrypto/man/crypto.3 stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 stable/11/secure/lib/libcrypto/man/d2i_DHparams.3 stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3 stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_X509.3 stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/11/secure/lib/libcrypto/man/des.3 stable/11/secure/lib/libcrypto/man/dh.3 stable/11/secure/lib/libcrypto/man/dsa.3 stable/11/secure/lib/libcrypto/man/ec.3 stable/11/secure/lib/libcrypto/man/ecdsa.3 stable/11/secure/lib/libcrypto/man/engine.3 stable/11/secure/lib/libcrypto/man/err.3 stable/11/secure/lib/libcrypto/man/evp.3 stable/11/secure/lib/libcrypto/man/hmac.3 stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/11/secure/lib/libcrypto/man/lh_stats.3 stable/11/secure/lib/libcrypto/man/lhash.3 stable/11/secure/lib/libcrypto/man/md5.3 stable/11/secure/lib/libcrypto/man/mdc2.3 stable/11/secure/lib/libcrypto/man/pem.3 stable/11/secure/lib/libcrypto/man/rand.3 stable/11/secure/lib/libcrypto/man/rc4.3 stable/11/secure/lib/libcrypto/man/ripemd.3 stable/11/secure/lib/libcrypto/man/rsa.3 stable/11/secure/lib/libcrypto/man/sha.3 stable/11/secure/lib/libcrypto/man/threads.3 stable/11/secure/lib/libcrypto/man/ui.3 stable/11/secure/lib/libcrypto/man/ui_compat.3 stable/11/secure/lib/libcrypto/man/x509.3 stable/11/secure/lib/libssl/Makefile.man stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_free.3 stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/11/secure/lib/libssl/man/SSL_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 stable/11/secure/lib/libssl/man/SSL_SESSION_free.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/11/secure/lib/libssl/man/SSL_accept.3 stable/11/secure/lib/libssl/man/SSL_alert_type_string.3 stable/11/secure/lib/libssl/man/SSL_check_chain.3 stable/11/secure/lib/libssl/man/SSL_clear.3 stable/11/secure/lib/libssl/man/SSL_connect.3 stable/11/secure/lib/libssl/man/SSL_do_handshake.3 stable/11/secure/lib/libssl/man/SSL_free.3 stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/11/secure/lib/libssl/man/SSL_get_ciphers.3 stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/11/secure/lib/libssl/man/SSL_get_error.3 stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_get_fd.3 stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3 stable/11/secure/lib/libssl/man/SSL_get_rbio.3 stable/11/secure/lib/libssl/man/SSL_get_session.3 stable/11/secure/lib/libssl/man/SSL_get_verify_result.3 stable/11/secure/lib/libssl/man/SSL_get_version.3 stable/11/secure/lib/libssl/man/SSL_library_init.3 stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/11/secure/lib/libssl/man/SSL_new.3 stable/11/secure/lib/libssl/man/SSL_pending.3 stable/11/secure/lib/libssl/man/SSL_read.3 stable/11/secure/lib/libssl/man/SSL_rstate_string.3 stable/11/secure/lib/libssl/man/SSL_session_reused.3 stable/11/secure/lib/libssl/man/SSL_set_bio.3 stable/11/secure/lib/libssl/man/SSL_set_connect_state.3 stable/11/secure/lib/libssl/man/SSL_set_fd.3 stable/11/secure/lib/libssl/man/SSL_set_session.3 stable/11/secure/lib/libssl/man/SSL_set_shutdown.3 stable/11/secure/lib/libssl/man/SSL_set_verify_result.3 stable/11/secure/lib/libssl/man/SSL_shutdown.3 stable/11/secure/lib/libssl/man/SSL_state_string.3 stable/11/secure/lib/libssl/man/SSL_want.3 stable/11/secure/lib/libssl/man/SSL_write.3 stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/11/secure/lib/libssl/man/ssl.3 stable/11/secure/usr.bin/openssl/Makefile.man stable/11/secure/usr.bin/openssl/man/CA.pl.1 stable/11/secure/usr.bin/openssl/man/asn1parse.1 stable/11/secure/usr.bin/openssl/man/c_rehash.1 stable/11/secure/usr.bin/openssl/man/ca.1 stable/11/secure/usr.bin/openssl/man/ciphers.1 stable/11/secure/usr.bin/openssl/man/cms.1 stable/11/secure/usr.bin/openssl/man/crl.1 stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/11/secure/usr.bin/openssl/man/dgst.1 stable/11/secure/usr.bin/openssl/man/dhparam.1 stable/11/secure/usr.bin/openssl/man/dsa.1 stable/11/secure/usr.bin/openssl/man/dsaparam.1 stable/11/secure/usr.bin/openssl/man/ec.1 stable/11/secure/usr.bin/openssl/man/ecparam.1 stable/11/secure/usr.bin/openssl/man/enc.1 stable/11/secure/usr.bin/openssl/man/errstr.1 stable/11/secure/usr.bin/openssl/man/gendsa.1 stable/11/secure/usr.bin/openssl/man/genpkey.1 stable/11/secure/usr.bin/openssl/man/genrsa.1 stable/11/secure/usr.bin/openssl/man/nseq.1 stable/11/secure/usr.bin/openssl/man/ocsp.1 stable/11/secure/usr.bin/openssl/man/openssl.1 stable/11/secure/usr.bin/openssl/man/passwd.1 stable/11/secure/usr.bin/openssl/man/pkcs12.1 stable/11/secure/usr.bin/openssl/man/pkcs7.1 stable/11/secure/usr.bin/openssl/man/pkcs8.1 stable/11/secure/usr.bin/openssl/man/pkey.1 stable/11/secure/usr.bin/openssl/man/pkeyparam.1 stable/11/secure/usr.bin/openssl/man/pkeyutl.1 stable/11/secure/usr.bin/openssl/man/rand.1 stable/11/secure/usr.bin/openssl/man/req.1 stable/11/secure/usr.bin/openssl/man/rsa.1 stable/11/secure/usr.bin/openssl/man/rsautl.1 stable/11/secure/usr.bin/openssl/man/s_client.1 stable/11/secure/usr.bin/openssl/man/s_server.1 stable/11/secure/usr.bin/openssl/man/s_time.1 stable/11/secure/usr.bin/openssl/man/sess_id.1 stable/11/secure/usr.bin/openssl/man/smime.1 stable/11/secure/usr.bin/openssl/man/speed.1 stable/11/secure/usr.bin/openssl/man/spkac.1 stable/11/secure/usr.bin/openssl/man/ts.1 stable/11/secure/usr.bin/openssl/man/tsget.1 stable/11/secure/usr.bin/openssl/man/verify.1 stable/11/secure/usr.bin/openssl/man/version.1 stable/11/secure/usr.bin/openssl/man/x509.1 stable/11/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/11/ (props changed) Modified: stable/11/crypto/openssl/CHANGES ============================================================================== --- stable/11/crypto/openssl/CHANGES Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/CHANGES Thu Nov 2 18:22:53 2017 (r325335) @@ -2,6 +2,12 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2k and 1.0.2l [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] *) Truncated packet could crash via OOB read Modified: stable/11/crypto/openssl/Configure ============================================================================== --- stable/11/crypto/openssl/Configure Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/Configure Thu Nov 2 18:22:53 2017 (r325335) @@ -109,7 +109,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable- # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; # TODO(openssl-team): fix problems and investigate if (at least) the following # warnings can also be enabled: @@ -2041,12 +2041,13 @@ EOF close(OUT); } else { my $make_command = "$make PERL=\'$perl\'"; - my $make_targets = ""; - $make_targets .= " links" if $symlink; - $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; - $make_targets .= " gentests" if $symlink; - (system $make_command.$make_targets) == 0 or exit $? - if $make_targets ne ""; + my @make_targets = (); + push @make_targets, "links" if $symlink; + push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend; + push @make_targets, "gentests" if $symlink; + foreach my $make_target (@make_targets) { + (system "$make_command $make_target") == 0 or exit $?; + } if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); @@ -2056,8 +2057,8 @@ EOF &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { - $warn_make_depend++; - } + $warn_make_depend++; + } } # create the ms/version32.rc file if needed Modified: stable/11/crypto/openssl/LICENSE ============================================================================== --- stable/11/crypto/openssl/LICENSE Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/LICENSE Thu Nov 2 18:22:53 2017 (r325335) @@ -2,7 +2,7 @@ LICENSE ISSUES ============== - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + The OpenSSL toolkit stays under a double license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: stable/11/crypto/openssl/Makefile ============================================================================== --- stable/11/crypto/openssl/Makefile Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/Makefile Thu Nov 2 18:22:53 2017 (r325335) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2k +VERSION=1.0.2l MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -425,6 +425,14 @@ clean: libclean do \ rm -fr $$i/*; \ done + +distclean: clean + -$(RM) `find . -name .git -prune -o -type l -print` + $(RM) apps/CA.pl + $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem + $(RM) tools/c_rehash + $(RM) crypto/opensslconf.h + $(RM) Makefile Makefile.bak makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ Modified: stable/11/crypto/openssl/Makefile.org ============================================================================== --- stable/11/crypto/openssl/Makefile.org Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/Makefile.org Thu Nov 2 18:22:53 2017 (r325335) @@ -424,6 +424,14 @@ clean: libclean rm -fr $$i/*; \ done +distclean: clean + -$(RM) `find . -name .git -prune -o -type l -print` + $(RM) apps/CA.pl + $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem + $(RM) tools/c_rehash + $(RM) crypto/opensslconf.h + $(RM) Makefile Makefile.bak + makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ sh util/do_ms.sh Modified: stable/11/crypto/openssl/NEWS ============================================================================== --- stable/11/crypto/openssl/NEWS Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/NEWS Thu Nov 2 18:22:53 2017 (r325335) @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] + + o config now recognises 64-bit mingw and chooses mingw64 instead of mingw + Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) Modified: stable/11/crypto/openssl/README ============================================================================== --- stable/11/crypto/openssl/README Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/README Thu Nov 2 18:22:53 2017 (r325335) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2k 26 Jan 2017 + OpenSSL 1.0.2l 25 May 2017 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/11/crypto/openssl/apps/ca.c ============================================================================== --- stable/11/crypto/openssl/apps/ca.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/ca.c Thu Nov 2 18:22:53 2017 (r325335) @@ -2126,10 +2126,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -2137,11 +2135,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto err; } + irow = NULL; ok = 1; err: - for (i = 0; i < DB_NUMBER; i++) - if (row[i] != NULL) + if (irow != NULL) { + for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); + OPENSSL_free(irow); + } if (CAname != NULL) X509_NAME_free(CAname); @@ -2396,17 +2397,19 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { BIO_printf(bio_err, "failed to update database\n"); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); + OPENSSL_free(irow); goto err; } + + for (i = 0; i < DB_NUMBER; i++) + row[i] = NULL; /* Revoke Certificate */ if (type == -1) Modified: stable/11/crypto/openssl/apps/dhparam.c ============================================================================== --- stable/11/crypto/openssl/apps/dhparam.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/dhparam.c Thu Nov 2 18:22:53 2017 (r325335) @@ -381,10 +381,19 @@ int MAIN(int argc, char **argv) } else # endif { - if (informat == FORMAT_ASN1) + if (informat == FORMAT_ASN1) { + /* + * We have no PEM header to determine what type of DH params it + * is. We'll just try both. + */ dh = d2i_DHparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + /* BIO_reset() returns 0 for success for file BIOs only!!! */ + if (dh == NULL && BIO_reset(in) == 0) + dh = d2i_DHxparams_bio(in, NULL); + } else { + /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); + } if (dh == NULL) { BIO_printf(bio_err, "unable to load DH parameters\n"); @@ -484,10 +493,13 @@ int MAIN(int argc, char **argv) } if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_DHparams_bio(out, dh); - else if (outformat == FORMAT_PEM) { - if (dh->q) + if (outformat == FORMAT_ASN1) { + if (dh->q != NULL) + i = i2d_DHxparams_bio(out, dh); + else + i = i2d_DHparams_bio(out, dh); + } else if (outformat == FORMAT_PEM) { + if (dh->q != NULL) i = PEM_write_bio_DHxparams(out, dh); else i = PEM_write_bio_DHparams(out, dh); Modified: stable/11/crypto/openssl/apps/enc.c ============================================================================== --- stable/11/crypto/openssl/apps/enc.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/enc.c Thu Nov 2 18:22:53 2017 (r325335) @@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size); #define BSIZE (8*1024) #define PROG enc_main -static void show_ciphers(const OBJ_NAME *name, void *bio_) +struct doall_enc_ciphers { + BIO *bio; + int n; +}; + +static void show_ciphers(const OBJ_NAME *name, void *arg) { - BIO *bio = bio_; - static int n; + struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg; + const EVP_CIPHER *cipher; if (!islower((unsigned char)*name->name)) return; - BIO_printf(bio, "-%-25s", name->name); - if (++n == 3) { - BIO_printf(bio, "\n"); - n = 0; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; } else - BIO_printf(bio, " "); + BIO_printf(dec->bio, " "); } int MAIN(int, char **); @@ -130,6 +142,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; const EVP_MD *dgst = NULL; int non_fips_allow = 0; + struct doall_enc_ciphers dec; apps_startup(); @@ -311,8 +324,10 @@ int MAIN(int argc, char **argv) #endif BIO_printf(bio_err, "Cipher Types\n"); + dec.n = 0; + dec.bio = bio_err; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, bio_err); + show_ciphers, &dec); BIO_printf(bio_err, "\n"); goto end; Modified: stable/11/crypto/openssl/apps/engine.c ============================================================================== --- stable/11/crypto/openssl/apps/engine.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/engine.c Thu Nov 2 18:22:53 2017 (r325335) @@ -108,12 +108,15 @@ static int append_buf(char **buf, const char *s, int * } if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { + char *p = *buf; + *size += step; *buf = OPENSSL_realloc(*buf, *size); + if (*buf == NULL) { + OPENSSL_free(p); + return 0; + } } - - if (*buf == NULL) - return 0; if (**buf != '\0') BUF_strlcat(*buf, ", ", *size); Modified: stable/11/crypto/openssl/apps/pkeyutl.c ============================================================================== --- stable/11/crypto/openssl/apps/pkeyutl.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/pkeyutl.c Thu Nov 2 18:22:53 2017 (r325335) @@ -322,8 +322,10 @@ int MAIN(int argc, char **argv) buf_in, (size_t)buf_inlen); if (rv == 0) BIO_puts(out, "Signature Verification Failure\n"); - else if (rv == 1) + else if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); + ret = 0; + } if (rv >= 0) goto end; } else { Modified: stable/11/crypto/openssl/apps/prime.c ============================================================================== --- stable/11/crypto/openssl/apps/prime.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/prime.c Thu Nov 2 18:22:53 2017 (r325335) @@ -155,5 +155,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "%-14s hex\n", "-hex"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>"); + BIO_printf(bio_err, "%-14s generate prime\n", "-generate"); + BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>"); + BIO_printf(bio_err, "%-14s safe prime\n", "-safe"); return 1; } Modified: stable/11/crypto/openssl/apps/progs.h ============================================================================== --- stable/11/crypto/openssl/apps/progs.h Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/progs.h Thu Nov 2 18:22:53 2017 (r325335) @@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv[]); typedef struct { int type; const char *name; - int (*func) (int argc, char *argv[]); + int (*func)(int argc, char *argv[]); } FUNCTION; DECLARE_LHASH_OF(FUNCTION); Modified: stable/11/crypto/openssl/apps/progs.pl ============================================================================== --- stable/11/crypto/openssl/apps/progs.pl Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/progs.pl Thu Nov 2 18:22:53 2017 (r325335) @@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for open grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func)(int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) @@ -60,7 +60,7 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n"; } foreach ( @@ -86,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -101,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; Modified: stable/11/crypto/openssl/apps/req.c ============================================================================== --- stable/11/crypto/openssl/apps/req.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/req.c Thu Nov 2 18:22:53 2017 (r325335) @@ -331,7 +331,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -447,6 +446,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -753,7 +755,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; Modified: stable/11/crypto/openssl/apps/s_client.c ============================================================================== --- stable/11/crypto/openssl/apps/s_client.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/s_client.c Thu Nov 2 18:22:53 2017 (r325335) @@ -2132,6 +2132,7 @@ int MAIN(int argc, char **argv) BIO_free(bio_c_msg); bio_c_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } Modified: stable/11/crypto/openssl/apps/s_server.c ============================================================================== --- stable/11/crypto/openssl/apps/s_server.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/s_server.c Thu Nov 2 18:22:53 2017 (r325335) @@ -2132,6 +2132,7 @@ int MAIN(int argc, char *argv[]) BIO_free(bio_s_msg); bio_s_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } Modified: stable/11/crypto/openssl/apps/srp.c ============================================================================== --- stable/11/crypto/openssl/apps/srp.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/apps/srp.c Thu Nov 2 18:22:53 2017 (r325335) @@ -183,10 +183,8 @@ static int update_index(CA_DB *db, BIO *bio, char **ro return 0; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { Modified: stable/11/crypto/openssl/appveyor.yml ============================================================================== --- stable/11/crypto/openssl/appveyor.yml Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/appveyor.yml Thu Nov 2 18:22:53 2017 (r325335) @@ -50,11 +50,3 @@ build_script: test_script: - nmake /f ms\%MAK% test - -notifications: - - provider: Email - to: - - openssl-commits@openssl.org - on_build_success: false - on_build_failure: true - on_build_status_changed: true Modified: stable/11/crypto/openssl/config ============================================================================== --- stable/11/crypto/openssl/config Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/config Thu Nov 2 18:22:53 2017 (r325335) @@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "mips-sony-newsos4"; exit 0; ;; + # The following combinations are supported + # MINGW64* on x86_64 => mingw64 + # MINGW32* on x86_64 => mingw + # MINGW32* on i?86 => mingw + # + # MINGW64* on i?86 isn't expected to work... + MINGW64*:*:*:x86_64) + echo "${MACHINE}-whatever-mingw64"; exit 0; + ;; MINGW*) echo "${MACHINE}-whatever-mingw"; exit 0; ;; Modified: stable/11/crypto/openssl/crypto/aes/Makefile ============================================================================== --- stable/11/crypto/openssl/crypto/aes/Makefile Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/aes/Makefile Thu Nov 2 18:22:53 2017 (r325335) @@ -133,7 +133,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. Modified: stable/11/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl ============================================================================== --- stable/11/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Nov 2 18:22:53 2017 (r325335) @@ -1702,6 +1702,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization Modified: stable/11/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl ============================================================================== --- stable/11/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Nov 2 18:22:53 2017 (r325335) @@ -1299,6 +1299,7 @@ $code.=<<___; mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization Modified: stable/11/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl ============================================================================== --- stable/11/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl Thu Nov 2 18:22:53 2017 (r325335) @@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt: vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[5],@XMM[0] @ and input are preserved bl AES_decrypt - vld1.8 {@XMM[0]}, [$fp,:64] @ load result + vld1.8 {@XMM[0]}, [$fp] @ load result veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV vmov @XMM[15], @XMM[5] @ @XMM[5] holds input vst1.8 {@XMM[0]}, [$rounds] @ write output Modified: stable/11/crypto/openssl/crypto/asn1/a_bitstr.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_bitstr.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_bitstr.c Thu Nov 2 18:22:53 2017 (r325335) @@ -114,10 +114,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned c *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); - p += len; - if (len > 0) + if (len > 0) { + memcpy(p, d, len); + p += len; p[-1] &= (0xff << bits); + } *pp = p; return (ret); } Modified: stable/11/crypto/openssl/crypto/asn1/a_digest.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_digest.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_digest.c Thu Nov 2 18:22:53 2017 (r325335) @@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, p = str; i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } @@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD if (!str) return (0); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } Modified: stable/11/crypto/openssl/crypto/asn1/a_gentm.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_gentm.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_gentm.c Thu Nov 2 18:22:53 2017 (r325335) @@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const AS if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; Modified: stable/11/crypto/openssl/crypto/asn1/a_strnid.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_strnid.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_strnid.c Thu Nov 2 18:22:53 2017 (r325335) @@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = { {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, Modified: stable/11/crypto/openssl/crypto/asn1/a_time.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_time.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_time.c Thu Nov 2 18:22:53 2017 (r325335) @@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *ret; + ASN1_GENERALIZEDTIME *ret = NULL; char *str; int newlen; @@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN if (!out || !*out) { if (!(ret = ASN1_GENERALIZEDTIME_new())) - return NULL; - if (out) - *out = ret; - } else + goto err; + } else { ret = *out; + } /* If already GeneralizedTime just copy across */ if (t->type == V_ASN1_GENERALIZEDTIME) { if (!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; + goto err; + goto done; } /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; + goto err; /* ASN1_STRING_set() allocated 'len + 1' bytes. */ newlen = t->length + 2 + 1; str = (char *)ret->data; @@ -173,8 +172,17 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN BUF_strlcat(str, (char *)t->data, newlen); - return ret; + done: + if (out != NULL && *out == NULL) + *out = ret; + return ret; + + err: + if (out == NULL || *out != ret) + ASN1_GENERALIZEDTIME_free(ret); + return NULL; } + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { Modified: stable/11/crypto/openssl/crypto/asn1/a_utctm.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_utctm.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/a_utctm.c Thu Nov 2 18:22:53 2017 (r325335) @@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTI if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; Modified: stable/11/crypto/openssl/crypto/asn1/f_enum.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/f_enum.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/f_enum.c Thu Nov 2 18:22:53 2017 (r325335) @@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } Modified: stable/11/crypto/openssl/crypto/asn1/f_int.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/f_int.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/f_int.c Thu Nov 2 18:22:53 2017 (r325335) @@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char * bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } Modified: stable/11/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/tasn_dec.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/tasn_dec.c Thu Nov 2 18:22:53 2017 (r325335) @@ -673,6 +673,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item)); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); goto err; } Modified: stable/11/crypto/openssl/crypto/asn1/tasn_new.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/tasn_new.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/tasn_new.c Thu Nov 2 18:22:53 2017 (r325335) @@ -158,7 +158,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -186,10 +186,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!ASN1_template_new(pseqval, tt)) - goto memerr; + goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; } #ifdef CRYPTO_MDEBUG @@ -198,6 +198,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, #endif return 1; + memerr2: + ASN1_item_ex_free(pval, it); memerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG @@ -206,9 +208,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, #endif return 0; + auxerr2: + ASN1_item_ex_free(pval, it); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); - ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); Modified: stable/11/crypto/openssl/crypto/asn1/x_long.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/x_long.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/x_long.c Thu Nov 2 18:22:53 2017 (r325335) @@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char * * set. */ if (ltmp < 0) - utmp = -ltmp - 1; + utmp = 0 - (unsigned long)ltmp - 1; else utmp = ltmp; clen = BN_num_bits_word(utmp); @@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char * static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; + int neg = -1, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; + + if (len) { + /* + * Check possible pad byte. Worst case, we're skipping past actual + * content, but since that's only with 0x00 and 0xff and we set neg + * accordingly, the result will be correct in the end anyway. + */ + switch (cont[0]) { + case 0xff: + cont++; + len--; + neg = 1; + break; + case 0: + cont++; + len--; + neg = 0; + break; + } + } if (len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - neg = 1; - else - neg = 0; + if (neg == -1) { + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + } utmp = 0; for (i = 0; i < len; i++) { utmp <<= 8; @@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned } ltmp = (long)utmp; if (neg) { - ltmp++; ltmp = -ltmp; + ltmp--; } if (ltmp == it->size) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); Modified: stable/11/crypto/openssl/crypto/asn1/x_name.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/x_name.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/asn1/x_name.c Thu Nov 2 18:22:53 2017 (r325335) @@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const *pval = NULL; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, @@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, entry->set = i; if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; + sk_X509_NAME_ENTRY_set(entries, j, NULL); } - sk_X509_NAME_ENTRY_free(entries); } - sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ret = x509_name_canon(nm.x); if (!ret) goto err; + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); nm.x->modified = 0; *val = nm.a; *in = p; @@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, err: if (nm.x != NULL) X509_NAME_free(nm.x); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_pop_free); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned return ret; } -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_free(ne); -} - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -} - static int x509_name_encode(X509_NAME *a) { union { @@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto memerr; + } set = entry->set; } if (!sk_X509_NAME_ENTRY_push(entries, entry)) @@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto err; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto err; + } set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); Modified: stable/11/crypto/openssl/crypto/bio/b_print.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/b_print.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/bio/b_print.c Thu Nov 2 18:22:53 2017 (r325335) @@ -502,7 +502,7 @@ fmtint(char **sbuffer, if (!(flags & DP_F_UNSIGNED)) { if (value < 0) { signvalue = '-'; - uvalue = -value; + uvalue = -(unsigned LLONG)value; } else if (flags & DP_F_PLUS) signvalue = '+'; else if (flags & DP_F_SPACE) Modified: stable/11/crypto/openssl/crypto/bio/bio_cb.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/bio_cb.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/bio/bio_cb.c Thu Nov 2 18:22:53 2017 (r325335) @@ -78,6 +78,9 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + /* Ignore errors and continue printing the other information. */ + if (len < 0) + len = 0; p = buf + len; p_maxlen = sizeof(buf) - len; Modified: stable/11/crypto/openssl/crypto/bio/bss_file.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/bss_file.c Thu Nov 2 18:20:05 2017 (r325334) +++ stable/11/crypto/openssl/crypto/bio/bss_file.c Thu Nov 2 18:22:53 2017 (r325335) @@ -251,7 +251,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, in ret = fread(out, 1, (int)outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : - ferror((FILE *)b->ptr)) { + ferror((FILE *)b->ptr)) { SYSerr(SYS_F_FREAD, get_last_sys_error()); BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ret = -1; @@ -287,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, lon FILE *fp = (FILE *)b->ptr; FILE **fpp; char p[4]; + int st; switch (cmd) { case BIO_C_FILE_SEEK: @@ -318,8 +319,11 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, lon # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) # define _IOB_ENTRIES 20 # endif -# if defined(_IOB_ENTRIES) /* Safety net to catch purely internal BIO_set_fp calls */ +# if defined(_MSC_VER) && _MSC_VER>=1900 + if (ptr == stdin || ptr == stdout || ptr == stderr) + BIO_clear_flags(b, BIO_FLAGS_UPLINK); +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK); @@ -424,10 +428,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, lon b->shutdown = (int)num; break; case BIO_CTRL_FLUSH: - if (b->flags & BIO_FLAGS_UPLINK) - UP_fflush(b->ptr); - else - fflush((FILE *)b->ptr); + st = b->flags & BIO_FLAGS_UPLINK + ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); + if (st == EOF) { + SYSerr(SYS_F_FFLUSH, get_last_sys_error()); + ERR_add_error_data(1, "fflush()"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711021822.vA2IMsqQ080258>