Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Jun 2014 16:30:57 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r267285 - in stable/9: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bn crypto/openssl/crypto/cms crypto/openssl/crypto/ec cr...
Message-ID:  <201406091630.s59GUvfR098723@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Mon Jun  9 16:30:56 2014
New Revision: 267285
URL: http://svnweb.freebsd.org/changeset/base/267285

Log:
  Merge OpenSSL 0.9.8za.
  
  Approved by:	re (kib), so (delphij)

Modified:
  stable/9/crypto/openssl/ACKNOWLEDGMENTS
  stable/9/crypto/openssl/CHANGES
  stable/9/crypto/openssl/Configure
  stable/9/crypto/openssl/FAQ
  stable/9/crypto/openssl/Makefile
  stable/9/crypto/openssl/Makefile.org
  stable/9/crypto/openssl/NEWS
  stable/9/crypto/openssl/README
  stable/9/crypto/openssl/apps/apps.c
  stable/9/crypto/openssl/apps/ocsp.c
  stable/9/crypto/openssl/apps/req.c
  stable/9/crypto/openssl/apps/s_cb.c
  stable/9/crypto/openssl/apps/smime.c
  stable/9/crypto/openssl/crypto/asn1/a_int.c
  stable/9/crypto/openssl/crypto/asn1/a_strnid.c
  stable/9/crypto/openssl/crypto/asn1/t_pkey.c
  stable/9/crypto/openssl/crypto/bn/bn_mont.c
  stable/9/crypto/openssl/crypto/cms/cms_cd.c
  stable/9/crypto/openssl/crypto/cms/cms_env.c
  stable/9/crypto/openssl/crypto/cms/cms_lib.c
  stable/9/crypto/openssl/crypto/cms/cms_sd.c
  stable/9/crypto/openssl/crypto/cms/cms_smime.c
  stable/9/crypto/openssl/crypto/ec/ec_lib.c
  stable/9/crypto/openssl/crypto/engine/eng_all.c
  stable/9/crypto/openssl/crypto/engine/engine.h
  stable/9/crypto/openssl/crypto/err/err_all.c
  stable/9/crypto/openssl/crypto/err/openssl.ec
  stable/9/crypto/openssl/crypto/evp/bio_b64.c
  stable/9/crypto/openssl/crypto/evp/encode.c
  stable/9/crypto/openssl/crypto/opensslv.h
  stable/9/crypto/openssl/crypto/pkcs12/p12_crt.c
  stable/9/crypto/openssl/crypto/pkcs12/p12_kiss.c
  stable/9/crypto/openssl/crypto/x86cpuid.pl
  stable/9/crypto/openssl/demos/x509/mkreq.c
  stable/9/crypto/openssl/doc/apps/smime.pod
  stable/9/crypto/openssl/doc/apps/verify.pod
  stable/9/crypto/openssl/doc/crypto/CONF_modules_free.pod
  stable/9/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
  stable/9/crypto/openssl/doc/crypto/ERR_get_error.pod
  stable/9/crypto/openssl/doc/crypto/OPENSSL_config.pod
  stable/9/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
  stable/9/crypto/openssl/doc/crypto/ecdsa.pod
  stable/9/crypto/openssl/doc/fingerprints.txt
  stable/9/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
  stable/9/crypto/openssl/doc/ssl/SSL_accept.pod
  stable/9/crypto/openssl/doc/ssl/SSL_clear.pod
  stable/9/crypto/openssl/doc/ssl/SSL_connect.pod
  stable/9/crypto/openssl/doc/ssl/SSL_do_handshake.pod
  stable/9/crypto/openssl/doc/ssl/SSL_read.pod
  stable/9/crypto/openssl/doc/ssl/SSL_session_reused.pod
  stable/9/crypto/openssl/doc/ssl/SSL_set_fd.pod
  stable/9/crypto/openssl/doc/ssl/SSL_set_session.pod
  stable/9/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
  stable/9/crypto/openssl/doc/ssl/SSL_shutdown.pod
  stable/9/crypto/openssl/doc/ssl/SSL_write.pod
  stable/9/crypto/openssl/openssl.spec
  stable/9/crypto/openssl/ssl/d1_both.c
  stable/9/crypto/openssl/ssl/d1_lib.c
  stable/9/crypto/openssl/ssl/d1_pkt.c
  stable/9/crypto/openssl/ssl/d1_srvr.c
  stable/9/crypto/openssl/ssl/s23_clnt.c
  stable/9/crypto/openssl/ssl/s3_cbc.c
  stable/9/crypto/openssl/ssl/s3_clnt.c
  stable/9/crypto/openssl/ssl/s3_enc.c
  stable/9/crypto/openssl/ssl/s3_lib.c
  stable/9/crypto/openssl/ssl/s3_pkt.c
  stable/9/crypto/openssl/ssl/s3_srvr.c
  stable/9/crypto/openssl/ssl/ssl.h
  stable/9/crypto/openssl/ssl/ssl3.h
  stable/9/crypto/openssl/ssl/ssl_err.c
  stable/9/crypto/openssl/ssl/ssl_lib.c
  stable/9/crypto/openssl/ssl/ssl_stat.c
  stable/9/crypto/openssl/ssl/ssltest.c
  stable/9/crypto/openssl/ssl/t1_enc.c
  stable/9/crypto/openssl/ssl/t1_lib.c
  stable/9/crypto/openssl/ssl/tls1.h
  stable/9/crypto/openssl/test/Makefile
  stable/9/crypto/openssl/test/cms-test.pl
  stable/9/crypto/openssl/test/testssl
  stable/9/crypto/openssl/util/libeay.num
  stable/9/crypto/openssl/util/pl/VC-32.pl
  stable/9/secure/lib/libcrypto/Makefile.inc
  stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/9/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/9/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/9/secure/lib/libcrypto/man/BIO_f_md.3
  stable/9/secure/lib/libcrypto/man/BIO_f_null.3
  stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/9/secure/lib/libcrypto/man/BIO_find_type.3
  stable/9/secure/lib/libcrypto/man/BIO_new.3
  stable/9/secure/lib/libcrypto/man/BIO_push.3
  stable/9/secure/lib/libcrypto/man/BIO_read.3
  stable/9/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/9/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/9/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/9/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/9/secure/lib/libcrypto/man/BIO_s_file.3
  stable/9/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/9/secure/lib/libcrypto/man/BIO_s_null.3
  stable/9/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/9/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/9/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/9/secure/lib/libcrypto/man/BN_add.3
  stable/9/secure/lib/libcrypto/man/BN_add_word.3
  stable/9/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/9/secure/lib/libcrypto/man/BN_cmp.3
  stable/9/secure/lib/libcrypto/man/BN_copy.3
  stable/9/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/9/secure/lib/libcrypto/man/BN_new.3
  stable/9/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/9/secure/lib/libcrypto/man/BN_rand.3
  stable/9/secure/lib/libcrypto/man/BN_set_bit.3
  stable/9/secure/lib/libcrypto/man/BN_swap.3
  stable/9/secure/lib/libcrypto/man/BN_zero.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/9/secure/lib/libcrypto/man/DH_generate_key.3
  stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DH_new.3
  stable/9/secure/lib/libcrypto/man/DH_set_method.3
  stable/9/secure/lib/libcrypto/man/DH_size.3
  stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/9/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DSA_new.3
  stable/9/secure/lib/libcrypto/man/DSA_set_method.3
  stable/9/secure/lib/libcrypto/man/DSA_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_size.3
  stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/9/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/9/secure/lib/libcrypto/man/ERR_error_string.3
  stable/9/secure/lib/libcrypto/man/ERR_get_error.3
  stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/9/secure/lib/libcrypto/man/ERR_put_error.3
  stable/9/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/9/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/9/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/9/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/9/secure/lib/libcrypto/man/PKCS12_create.3
  stable/9/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/9/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/9/secure/lib/libcrypto/man/RAND_add.3
  stable/9/secure/lib/libcrypto/man/RAND_bytes.3
  stable/9/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/9/secure/lib/libcrypto/man/RAND_egd.3
  stable/9/secure/lib/libcrypto/man/RAND_load_file.3
  stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/9/secure/lib/libcrypto/man/RSA_check_key.3
  stable/9/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/RSA_new.3
  stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/9/secure/lib/libcrypto/man/RSA_print.3
  stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_set_method.3
  stable/9/secure/lib/libcrypto/man/RSA_sign.3
  stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/9/secure/lib/libcrypto/man/RSA_size.3
  stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/9/secure/lib/libcrypto/man/X509_new.3
  stable/9/secure/lib/libcrypto/man/bio.3
  stable/9/secure/lib/libcrypto/man/blowfish.3
  stable/9/secure/lib/libcrypto/man/bn.3
  stable/9/secure/lib/libcrypto/man/bn_internal.3
  stable/9/secure/lib/libcrypto/man/buffer.3
  stable/9/secure/lib/libcrypto/man/crypto.3
  stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/9/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_X509.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/9/secure/lib/libcrypto/man/des.3
  stable/9/secure/lib/libcrypto/man/dh.3
  stable/9/secure/lib/libcrypto/man/dsa.3
  stable/9/secure/lib/libcrypto/man/ecdsa.3
  stable/9/secure/lib/libcrypto/man/engine.3
  stable/9/secure/lib/libcrypto/man/err.3
  stable/9/secure/lib/libcrypto/man/evp.3
  stable/9/secure/lib/libcrypto/man/hmac.3
  stable/9/secure/lib/libcrypto/man/lh_stats.3
  stable/9/secure/lib/libcrypto/man/lhash.3
  stable/9/secure/lib/libcrypto/man/md5.3
  stable/9/secure/lib/libcrypto/man/mdc2.3
  stable/9/secure/lib/libcrypto/man/pem.3
  stable/9/secure/lib/libcrypto/man/rand.3
  stable/9/secure/lib/libcrypto/man/rc4.3
  stable/9/secure/lib/libcrypto/man/ripemd.3
  stable/9/secure/lib/libcrypto/man/rsa.3
  stable/9/secure/lib/libcrypto/man/sha.3
  stable/9/secure/lib/libcrypto/man/threads.3
  stable/9/secure/lib/libcrypto/man/ui.3
  stable/9/secure/lib/libcrypto/man/ui_compat.3
  stable/9/secure/lib/libcrypto/man/x509.3
  stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_free.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/9/secure/lib/libssl/man/SSL_CTX_new.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/9/secure/lib/libssl/man/SSL_accept.3
  stable/9/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/9/secure/lib/libssl/man/SSL_clear.3
  stable/9/secure/lib/libssl/man/SSL_connect.3
  stable/9/secure/lib/libssl/man/SSL_do_handshake.3
  stable/9/secure/lib/libssl/man/SSL_free.3
  stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/9/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/9/secure/lib/libssl/man/SSL_get_error.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_get_fd.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/9/secure/lib/libssl/man/SSL_get_rbio.3
  stable/9/secure/lib/libssl/man/SSL_get_session.3
  stable/9/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_get_version.3
  stable/9/secure/lib/libssl/man/SSL_library_init.3
  stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/9/secure/lib/libssl/man/SSL_new.3
  stable/9/secure/lib/libssl/man/SSL_pending.3
  stable/9/secure/lib/libssl/man/SSL_read.3
  stable/9/secure/lib/libssl/man/SSL_rstate_string.3
  stable/9/secure/lib/libssl/man/SSL_session_reused.3
  stable/9/secure/lib/libssl/man/SSL_set_bio.3
  stable/9/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/9/secure/lib/libssl/man/SSL_set_fd.3
  stable/9/secure/lib/libssl/man/SSL_set_session.3
  stable/9/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_state_string.3
  stable/9/secure/lib/libssl/man/SSL_want.3
  stable/9/secure/lib/libssl/man/SSL_write.3
  stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/9/secure/lib/libssl/man/ssl.3
  stable/9/secure/usr.bin/openssl/man/CA.pl.1
  stable/9/secure/usr.bin/openssl/man/asn1parse.1
  stable/9/secure/usr.bin/openssl/man/ca.1
  stable/9/secure/usr.bin/openssl/man/ciphers.1
  stable/9/secure/usr.bin/openssl/man/crl.1
  stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/9/secure/usr.bin/openssl/man/dgst.1
  stable/9/secure/usr.bin/openssl/man/dhparam.1
  stable/9/secure/usr.bin/openssl/man/dsa.1
  stable/9/secure/usr.bin/openssl/man/dsaparam.1
  stable/9/secure/usr.bin/openssl/man/ec.1
  stable/9/secure/usr.bin/openssl/man/ecparam.1
  stable/9/secure/usr.bin/openssl/man/enc.1
  stable/9/secure/usr.bin/openssl/man/errstr.1
  stable/9/secure/usr.bin/openssl/man/gendsa.1
  stable/9/secure/usr.bin/openssl/man/genrsa.1
  stable/9/secure/usr.bin/openssl/man/nseq.1
  stable/9/secure/usr.bin/openssl/man/ocsp.1
  stable/9/secure/usr.bin/openssl/man/openssl.1
  stable/9/secure/usr.bin/openssl/man/passwd.1
  stable/9/secure/usr.bin/openssl/man/pkcs12.1
  stable/9/secure/usr.bin/openssl/man/pkcs7.1
  stable/9/secure/usr.bin/openssl/man/pkcs8.1
  stable/9/secure/usr.bin/openssl/man/rand.1
  stable/9/secure/usr.bin/openssl/man/req.1
  stable/9/secure/usr.bin/openssl/man/rsa.1
  stable/9/secure/usr.bin/openssl/man/rsautl.1
  stable/9/secure/usr.bin/openssl/man/s_client.1
  stable/9/secure/usr.bin/openssl/man/s_server.1
  stable/9/secure/usr.bin/openssl/man/s_time.1
  stable/9/secure/usr.bin/openssl/man/sess_id.1
  stable/9/secure/usr.bin/openssl/man/smime.1
  stable/9/secure/usr.bin/openssl/man/speed.1
  stable/9/secure/usr.bin/openssl/man/spkac.1
  stable/9/secure/usr.bin/openssl/man/verify.1
  stable/9/secure/usr.bin/openssl/man/version.1
  stable/9/secure/usr.bin/openssl/man/x509.1
  stable/9/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/9/crypto/openssl/   (props changed)

Modified: stable/9/crypto/openssl/ACKNOWLEDGMENTS
==============================================================================
--- stable/9/crypto/openssl/ACKNOWLEDGMENTS	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/ACKNOWLEDGMENTS	Mon Jun  9 16:30:56 2014	(r267285)
@@ -10,13 +10,18 @@ OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 
+Major support:
+
+	Qualys		http://www.qualys.com/
+
 Very significant support:
 
-	OpenGear: www.opengear.com
+	OpenGear:	http://www.opengear.com/
 
 Significant support:
 
-	PSW Group: www.psw.net
+	PSW Group:	http://www.psw.net/
+	Acano Ltd.	http://acano.com/
 
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.

Modified: stable/9/crypto/openssl/CHANGES
==============================================================================
--- stable/9/crypto/openssl/CHANGES	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/CHANGES	Mon Jun  9 16:30:56 2014	(r267285)
@@ -2,6 +2,64 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+     Thanks to mancha for backporting the fix to the 0.9.8 branch.
+
+  *) Fix handling of warning-level alerts in SSL23 client mode so they
+     don't cause client-side termination (eg. on SNI unrecognized_name
+     warnings). Add client and server support for six additional alerts
+     per RFC 6066 and RFC 4279.
+     [mancha]
+
+  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
+     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
+     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+     [Rob Stradling, Adam Langley]
+
  Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
 
   *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.

Modified: stable/9/crypto/openssl/Configure
==============================================================================
--- stable/9/crypto/openssl/Configure	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/Configure	Mon Jun  9 16:30:56 2014	(r267285)
@@ -166,7 +166,7 @@ my %table=(
 "debug-ben-debug-noopt",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG  -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
 "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

Modified: stable/9/crypto/openssl/FAQ
==============================================================================
--- stable/9/crypto/openssl/FAQ	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/FAQ	Mon Jun  9 16:30:56 2014	(r267285)
@@ -87,7 +87,7 @@ OpenSSL 1.0.1d was released on Feb 5th, 
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
 
 
 * Where is the documentation?
@@ -768,6 +768,9 @@ openssl-security@openssl.org if you don'
 acknowledging receipt then resend or mail it directly to one of the
 more active team members (e.g. Steve).
 
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues. 
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?

Modified: stable/9/crypto/openssl/Makefile
==============================================================================
--- stable/9/crypto/openssl/Makefile	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/Makefile	Mon Jun  9 16:30:56 2014	(r267285)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.8y
+VERSION=0.9.8za
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8
@@ -71,7 +71,7 @@ ARD=ar $(ARFLAGS) d
 RANLIB= /usr/bin/ranlib
 PERL= /usr/bin/perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 

Modified: stable/9/crypto/openssl/Makefile.org
==============================================================================
--- stable/9/crypto/openssl/Makefile.org	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/Makefile.org	Mon Jun  9 16:30:56 2014	(r267285)
@@ -69,7 +69,7 @@ ARD=ar $(ARFLAGS) d
 RANLIB= ranlib
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 

Modified: stable/9/crypto/openssl/NEWS
==============================================================================
--- stable/9/crypto/openssl/NEWS	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/NEWS	Mon Jun  9 16:30:56 2014	(r267285)
@@ -5,34 +5,44 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
+  Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2014-0076
+      o Fix for CVE-2010-5298
+      o Fix to TLS alert handling.
+
+  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
 
       o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
       o Fix OCSP bad key DoS attack CVE-2013-0166
 
-  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
+  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
 
       o Fix DTLS record length checking bug CVE-2012-2333
 
-  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
+  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
 
       o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
 
-  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
+  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
 
       o Fix for ASN1 overflow bug CVE-2012-2110
 
-  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u:
+  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
 
       o Fix for CMS/PKCS#7 MMA CVE-2012-0884
       o Corrected fix for CVE-2011-4619
       o Various DTLS fixes.
 
-  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t:
+  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
 
       o Fix for DTLS DoS issue CVE-2012-0050
 
-  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s:
+  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
 
       o Fix for DTLS plaintext recovery attack CVE-2011-4108
       o Fix policy check double free error CVE-2011-4109
@@ -40,20 +50,20 @@
       o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
       o Check for malformed RFC3779 data CVE-2011-4577
 
-  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
 
       o Fix for security issue CVE-2011-0014
 
-  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
 
       o Fix for security issue CVE-2010-4180
       o Fix for CVE-2010-4252
 
-  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
 
       o Fix for security issue CVE-2010-3864.
 
-  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
 
       o Fix for security issue CVE-2010-0742.
       o Various DTLS fixes.
@@ -61,12 +71,12 @@
       o Fix for no-rc4 compilation.
       o Chil ENGINE unload workaround.
 
-  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
 
       o CFB cipher definition fixes.
       o Fix security issues CVE-2010-0740 and CVE-2010-0433.
 
-  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
 
       o Cipher definition fixes.
       o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -78,33 +88,33 @@
       o Ticket and SNI coexistence fixes.
       o Many fixes to DTLS handling. 
 
-  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
 
       o Temporary work around for CVE-2009-3555: disable renegotiation.
 
-  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
 
       o Fix various build issues.
       o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
 
-  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
 
       o Fix security issue (CVE-2008-5077)
       o Merge FIPS 140-2 branch code.
 
-  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
 
       o CryptoAPI ENGINE support.
       o Various precautionary measures.
       o Fix for bugs affecting certificate request creation.
       o Support for local machine keyset attribute in PKCS#12 files.
 
-  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
 
       o Backport of CMS functionality to 0.9.8.
       o Fixes for bugs introduced with 0.9.8f.
 
-  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
 
       o Add gcc 4.2 support.
       o Add support for AES and SSE2 assembly lanugauge optimization
@@ -115,23 +125,23 @@
       o RFC4507bis support.
       o TLS Extensions support.
 
-  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
 
       o Various ciphersuite selection fixes.
       o RFC3779 support.
 
-  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
 
       o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
       o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
       o Changes to ciphersuite selection algorithm
 
-  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
 
       o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
       o New cipher Camellia
 
-  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
 
       o Cipher string fixes.
       o Fixes for VC++ 2005.
@@ -141,12 +151,12 @@
       o Built in dynamic engine compilation support on Win32.
       o Fixes auto dynamic engine loading in Win32.
 
-  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
 
       o Fix potential SSL 2.0 rollback, CVE-2005-2969
       o Extended Windows CE support
 
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
 
       o Major work on the BIGNUM library for higher efficiency and to
         make operations more streamlined and less contradictory.  This
@@ -220,36 +230,36 @@
       o Added initial support for Win64.
       o Added alternate pkg-config files.
 
-  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
 
       o FIPS 1.1.1 module linking.
       o Various ciphersuite selection fixes.
 
-  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
 
       o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
       o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
 
-  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
 
       o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
 
-  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
 
       o Visual C++ 2005 fixes.
       o Update Windows build system for FIPS.
 
-  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
 
       o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
 
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
 
       o Fix SSL 2.0 Rollback, CVE-2005-2969
       o Allow use of fixed-length exponent on DSA signing
       o Default fixed-window RSA, DSA, DH private-key operations
 
-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
 
       o More compilation issues fixed.
       o Adaptation to more modern Kerberos API.
@@ -258,7 +268,7 @@
       o More constification.
       o Added processing of proxy certificates (RFC 3820).
 
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
 
       o Several compilation issues fixed.
       o Many memory allocation failure checks added.
@@ -266,12 +276,12 @@
       o Mandatory basic checks on certificates.
       o Performance improvements.
 
-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
 
       o Fix race condition in CRL checking code.
       o Fixes to PKCS#7 (S/MIME) code.
 
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
 
       o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
       o Security: Fix null-pointer assignment in do_change_cipher_spec()
@@ -279,14 +289,14 @@
       o Multiple X509 verification fixes
       o Speed up HMAC and other operations
 
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
 
       o Security: fix various ASN1 parsing bugs.
       o New -ignore_err option to OCSP utility.
       o Various interop and bug fixes in S/MIME code.
       o SSL/TLS protocol fix for unrequested client certificates.
 
-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
         Bleichbacher's attack 
@@ -297,7 +307,7 @@
       o ASN.1: treat domainComponent correctly.
       o Documentation: fixes and additions.
 
-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
 
       o Security: Important security related bugfixes.
       o Enhanced compatibility with MIT Kerberos.
@@ -308,7 +318,7 @@
       o SSL/TLS: now handles manual certificate chain building.
       o SSL/TLS: certain session ID malfunctions corrected.
 
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
 
       o New library section OCSP.
       o Complete rewrite of ASN1 code.
@@ -354,23 +364,23 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
 
       o Security: fix various ASN1 parsing bugs.
       o SSL/TLS protocol fix for unrequested client certificates.
 
-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
         Bleichbacher's attack 
       o Security: make RSA blinding default.
       o Build: shared library support fixes.
 
-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
 
       o Important security related bugfixes.
 
-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
 
       o New configuration targets for Tandem OSS and A/UX.
       o New OIDs for Microsoft attributes.
@@ -384,25 +394,25 @@
       o Fixes for smaller building problems.
       o Updates of manuals, FAQ and other instructive documents.
 
-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
 
       o Important building fixes on Unix.
 
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
 
       o Various important bugfixes.
 
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
 
       o Important security related bugfixes.
       o Various SSL/TLS library bugfixes.
 
-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
 
       o Various SSL/TLS library bugfixes.
       o Fix DH parameter generation for 'non-standard' generators.
 
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
 
       o Various SSL/TLS library bugfixes.
       o BIGNUM library fixes.
@@ -415,7 +425,7 @@
         Broadcom and Cryptographic Appliance's keyserver
         [in 0.9.6c-engine release].
 
-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
 
       o Security fix: PRNG improvements.
       o Security fix: RSA OAEP check.
@@ -432,7 +442,7 @@
       o Increase default size for BIO buffering filter.
       o Compatibility fixes in some scripts.
 
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
 
       o Security fix: change behavior of OpenSSL to avoid using
         environment variables when running as root.
@@ -457,7 +467,7 @@
       o New function BN_rand_range().
       o Add "-rand" option to openssl s_client and s_server.
 
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
 
       o Some documentation for BIO and SSL libraries.
       o Enhanced chain verification using key identifiers.
@@ -472,7 +482,7 @@
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.
 
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
 
       o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
       o Shared library support for HPUX and Solaris-gcc
@@ -481,7 +491,7 @@
       o New 'rand' application
       o New way to check for existence of algorithms from scripts
 
-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
 
       o S/MIME support in new 'smime' command
       o Documentation for the OpenSSL command line application
@@ -517,7 +527,7 @@
       o Enhanced support for Alpha Linux
       o Experimental MacOS support
 
-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
 
       o Transparent support for PKCS#8 format private keys: these are used
         by several software packages and are more secure than the standard
@@ -528,7 +538,7 @@
       o New pipe-like BIO that allows using the SSL library when actual I/O
         must be handled by the application (BIO pair)
 
-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
       o Lots of enhancements and cleanups to the Configuration mechanism
       o RSA OEAP related fixes
       o Added `openssl ca -revoke' option for revoking a certificate
@@ -542,7 +552,7 @@
       o Sparc assembler bignum implementation, optimized hash functions
       o Option to disable selected ciphers
 
-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
       o Fixed a security hole related to session resumption
       o Fixed RSA encryption routines for the p < q case
       o "ALL" in cipher lists now means "everything except NULL ciphers"
@@ -564,7 +574,7 @@
       o Lots of memory leak fixes.
       o Lots of bug fixes.
 
-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
       o Integration of the popular NO_RSA/NO_DSA patches
       o Initial support for compression inside the SSL record layer
       o Added BIO proxy and filtering functionality

Modified: stable/9/crypto/openssl/README
==============================================================================
--- stable/9/crypto/openssl/README	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/README	Mon Jun  9 16:30:56 2014	(r267285)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8y 5 Feb 2013
+ OpenSSL 0.9.8za 5 Jun 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -190,7 +190,7 @@
  reason as to why that feature isn't implemented.
 
  Patches should be as up to date as possible, preferably relative to the
- current CVS or the last snapshot. They should follow the coding style of
+ current Git or the last snapshot. They should follow the coding style of
  OpenSSL and compile without warnings. Some of the core team developer targets
  can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
  compiles on many varied platforms: try to ensure you only use portable

Modified: stable/9/crypto/openssl/apps/apps.c
==============================================================================
--- stable/9/crypto/openssl/apps/apps.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/apps/apps.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -558,12 +558,12 @@ int password_callback(char *buf, int buf
 
 		if (ok >= 0)
 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-				PW_MIN_LENGTH,BUFSIZ-1);
+				PW_MIN_LENGTH,bufsiz-1);
 		if (ok >= 0 && verify)
 			{
 			buff = (char *)OPENSSL_malloc(bufsiz);
 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-				PW_MIN_LENGTH,BUFSIZ-1, buf);
+				PW_MIN_LENGTH,bufsiz-1, buf);
 			}
 		if (ok >= 0)
 			do

Modified: stable/9/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/9/crypto/openssl/apps/ocsp.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/apps/ocsp.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -98,6 +98,7 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 	char **args;
 	char *host = NULL, *port = NULL, *path = "/";
+	char *thost = NULL, *tport = NULL, *tpath = NULL;
 	char *reqin = NULL, *respin = NULL;
 	char *reqout = NULL, *respout = NULL;
 	char *signfile = NULL, *keyfile = NULL;
@@ -173,6 +174,12 @@ int MAIN(int argc, char **argv)
 			}
 		else if (!strcmp(*args, "-url"))
 			{
+			if (thost)
+				OPENSSL_free(thost);
+			if (tport)
+				OPENSSL_free(tport);
+			if (tpath)
+				OPENSSL_free(tpath);
 			if (args[1])
 				{
 				args++;
@@ -181,6 +188,9 @@ int MAIN(int argc, char **argv)
 					BIO_printf(bio_err, "Error parsing URL\n");
 					badarg = 1;
 					}
+				thost = host;
+				tport = port;
+				tpath = path;
 				}
 			else badarg = 1;
 			}
@@ -871,12 +881,12 @@ end:
 	sk_X509_pop_free(sign_other, X509_free);
 	sk_X509_pop_free(verify_other, X509_free);
 
-	if (use_ssl != -1)
-		{
-		OPENSSL_free(host);
-		OPENSSL_free(port);
-		OPENSSL_free(path);
-		}
+	if (thost)
+		OPENSSL_free(thost);
+	if (tport)
+		OPENSSL_free(tport);
+	if (tpath)
+		OPENSSL_free(tpath);
 
 	OPENSSL_EXIT(ret);
 }

Modified: stable/9/crypto/openssl/apps/req.c
==============================================================================
--- stable/9/crypto/openssl/apps/req.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/apps/req.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -1574,7 +1574,13 @@ start:
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, n_min, n_max)) goto start;
+	if(!req_check_len(i, n_min, n_max))
+		{
+		if (batch || value)
+			return 0;
+		goto start;
+		}
+
 	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
 				(unsigned char *) buf, -1,-1,mval)) goto err;
 	ret=1;
@@ -1633,7 +1639,12 @@ start:
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
-	if(!req_check_len(i, n_min, n_max)) goto start;
+	if(!req_check_len(i, n_min, n_max))
+		{
+		if (batch || value)
+			return 0;
+		goto start;
+		}
 
 	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
 					(unsigned char *)buf, -1)) {

Modified: stable/9/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/9/crypto/openssl/apps/s_cb.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/apps/s_cb.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -518,6 +518,24 @@ void MS_CALLBACK msg_cb(int write_p, int
 				case 100:
 					str_details2 = " no_renegotiation";
 					break;
+				case 110:
+					str_details2 = " unsupported_extension";
+					break;
+				case 111:
+					str_details2 = " certificate_unobtainable";
+					break;
+				case 112:
+					str_details2 = " unrecognized_name";
+					break;
+				case 113:
+					str_details2 = " bad_certificate_status_response";
+					break;
+				case 114:
+					str_details2 = " bad_certificate_hash_value";
+					break;
+				case 115:
+					str_details2 = " unknown_psk_identity";
+					break;
 					}
 				}
 			}

Modified: stable/9/crypto/openssl/apps/smime.c
==============================================================================
--- stable/9/crypto/openssl/apps/smime.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/apps/smime.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -521,8 +521,8 @@ int MAIN(int argc, char **argv)
 		{
 		if (!cipher)
 			{
-#ifndef OPENSSL_NO_RC2			
-			cipher = EVP_rc2_40_cbc();
+#ifndef OPENSSL_NO_DES			
+			cipher = EVP_des_ede3_cbc();
 #else
 			BIO_printf(bio_err, "No cipher selected\n");
 			goto end;

Modified: stable/9/crypto/openssl/crypto/asn1/a_int.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/a_int.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/asn1/a_int.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
 	int pad=0,ret,i,neg;
 	unsigned char *p,*n,pb=0;
 
-	if ((a == NULL) || (a->data == NULL)) return(0);
+	if (a == NULL) return(0);
 	neg=a->type & V_ASN1_NEG;
 	if (a->length == 0)
 		ret=1;

Modified: stable/9/crypto/openssl/crypto/asn1/a_strnid.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/a_strnid.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/asn1/a_strnid.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -75,7 +75,7 @@ static int table_cmp(const void *a, cons
  * certain software (e.g. Netscape) has problems with them.
  */
 
-static unsigned long global_mask = 0xFFFFFFFFL;
+static unsigned long global_mask = B_ASN1_UTF8STRING;
 
 void ASN1_STRING_set_default_mask(unsigned long mask)
 {

Modified: stable/9/crypto/openssl/crypto/asn1/t_pkey.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/t_pkey.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/asn1/t_pkey.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -208,11 +208,6 @@ int DSA_print(BIO *bp, const DSA *x, int
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
-	else
-		{
-		DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
-		goto err;
-		}
 	if (x->q)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
 			buf_len = i;

Modified: stable/9/crypto/openssl/crypto/bn/bn_mont.c
==============================================================================
--- stable/9/crypto/openssl/crypto/bn/bn_mont.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/bn/bn_mont.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CT
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 					const BIGNUM *mod, BN_CTX *ctx)
 	{
-	int got_write_lock = 0;
 	BN_MONT_CTX *ret;
 
 	CRYPTO_r_lock(lock);
-	if (!*pmont)
+	ret = *pmont;
+	CRYPTO_r_unlock(lock);
+	if (ret)
+		return ret;
+
+	/* We don't want to serialise globally while doing our lazy-init math in
+	 * BN_MONT_CTX_set. That punishes threads that are doing independent
+	 * things. Instead, punish the case where more than one thread tries to
+	 * lazy-init the same 'pmont', by having each do the lazy-init math work
+	 * independently and only use the one from the thread that wins the race
+	 * (the losers throw away the work they've done). */
+	ret = BN_MONT_CTX_new();
+	if (!ret)
+		return NULL;
+	if (!BN_MONT_CTX_set(ret, mod, ctx))
 		{
-		CRYPTO_r_unlock(lock);
-		CRYPTO_w_lock(lock);
-		got_write_lock = 1;
+		BN_MONT_CTX_free(ret);
+		return NULL;
+		}
 
-		if (!*pmont)
-			{
-			ret = BN_MONT_CTX_new();
-			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
-				BN_MONT_CTX_free(ret);
-			else
-				*pmont = ret;
-			}
+	/* The locked compare-and-set, after the local work is done. */
+	CRYPTO_w_lock(lock);
+	if (*pmont)
+		{
+		BN_MONT_CTX_free(ret);
+		ret = *pmont;
 		}
-	
-	ret = *pmont;
-	
-	if (got_write_lock)
-		CRYPTO_w_unlock(lock);
 	else
-		CRYPTO_r_unlock(lock);
-		
+		*pmont = ret;
+	CRYPTO_w_unlock(lock);
 	return ret;
 	}

Modified: stable/9/crypto/openssl/crypto/cms/cms_cd.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_cd.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/cms/cms_cd.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -58,7 +58,9 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include "cms_lcl.h"
 
 DECLARE_ASN1_ITEM(CMS_CompressedData)

Modified: stable/9/crypto/openssl/crypto/cms/cms_env.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_env.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/cms/cms_env.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -185,6 +185,8 @@ CMS_RecipientInfo *CMS_add1_recipient_ce
 	if (flags & CMS_USE_KEYID)
 		{
 		ktri->version = 2;
+		if (env->version < 2)
+			env->version = 2;
 		type = CMS_RECIPINFO_KEYIDENTIFIER;
 		}
 	else

Modified: stable/9/crypto/openssl/crypto/cms/cms_lib.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_lib.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/cms/cms_lib.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -477,8 +477,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, 
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return 0;
-	if (!pcerts)
-		return 0;
 	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
 		{
 		cch = sk_CMS_CertificateChoices_value(*pcerts, i);

Modified: stable/9/crypto/openssl/crypto/cms/cms_sd.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_sd.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/cms/cms_sd.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -157,8 +157,8 @@ static void cms_sd_set_version(CMS_Signe
 			if (sd->version < 3)
 				sd->version = 3;
 			}
-		else
-			sd->version = 1;
+		else if (si->version < 1)
+			si->version = 1;
 		}
 
 	if (sd->version < 1)

Modified: stable/9/crypto/openssl/crypto/cms/cms_smime.c
==============================================================================
--- stable/9/crypto/openssl/crypto/cms/cms_smime.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/cms/cms_smime.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -622,7 +622,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
-	int debug = 0;
+	int debug = 0, ri_match = 0;
 	ris = CMS_get0_RecipientInfos(cms);
 	if (ris)
 		debug = cms->d.envelopedData->encryptedContentInfo->debug;
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
 		ri = sk_CMS_RecipientInfo_value(ris, i);
 		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
 				continue;
+		ri_match = 1;
 		/* If we have a cert try matching RecipientInfo
 		 * otherwise try them all.
 		 */
@@ -666,7 +667,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf
 			}
 		}
 	/* If no cert and not debugging always return success */
-	if (!cert && !debug)
+	if (ri_match && !cert && !debug)
 		{
 		ERR_clear_error();
 		return 1;

Modified: stable/9/crypto/openssl/crypto/ec/ec_lib.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec_lib.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/ec/ec_lib.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, cons
 	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
 	    EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
 		return 1;
-	/* compare the curve name (if present) */
+	/* compare the curve name (if present in both) */
 	if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-	    EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
-		return 0;
+	    EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+		return 1;
 
 	if (!ctx)
 		ctx_new = ctx = BN_CTX_new();
@@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, 
 	if (group->meth->point_cmp == 0)
 		{
 		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
+		return -1;
 		}
 	if ((group->meth != a->meth) || (a->meth != b->meth))
 		{
 		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
+		return -1;
 		}
 	return group->meth->point_cmp(group, a, b, ctx);
 	}

Modified: stable/9/crypto/openssl/crypto/engine/eng_all.c
==============================================================================
--- stable/9/crypto/openssl/crypto/engine/eng_all.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/engine/eng_all.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
 	ENGINE_load_gmp();
 #endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+	ENGINE_load_capi();
+#endif
 #endif
 #ifndef OPENSSL_NO_HW
 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 	ENGINE_load_cryptodev();
 #endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-	ENGINE_load_capi();
-#endif
 #endif
 	}
 

Modified: stable/9/crypto/openssl/crypto/engine/engine.h
==============================================================================
--- stable/9/crypto/openssl/crypto/engine/engine.h	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/engine/engine.h	Mon Jun  9 16:30:56 2014	(r267285)
@@ -335,15 +335,15 @@ void ENGINE_load_gmp(void);
 void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
-#endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
 #ifdef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
 #endif
 #endif
+#endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_padlock(void);
+void ENGINE_load_builtin_engines(void);
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
  * "registry" handling. */

Modified: stable/9/crypto/openssl/crypto/err/err_all.c
==============================================================================
--- stable/9/crypto/openssl/crypto/err/err_all.c	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/err/err_all.c	Mon Jun  9 16:30:56 2014	(r267285)
@@ -104,7 +104,9 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 
 void ERR_load_crypto_strings(void)
 	{

Modified: stable/9/crypto/openssl/crypto/err/openssl.ec
==============================================================================
--- stable/9/crypto/openssl/crypto/err/openssl.ec	Mon Jun  9 15:46:11 2014	(r267284)
+++ stable/9/crypto/openssl/crypto/err/openssl.ec	Mon Jun  9 16:30:56 2014	(r267285)
@@ -71,6 +71,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURIT
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
 R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME			1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE	1114
 

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406091630.s59GUvfR098723>