Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Aug 2018 18:32:53 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r337982 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/a...
Message-ID:  <201808171832.w7HIWrSP086571@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Fri Aug 17 18:32:53 2018
New Revision: 337982
URL: https://svnweb.freebsd.org/changeset/base/337982

Log:
  MFC:	r337791
  
  Merge OpenSSL 1.0.2p.

Added:
  stable/11/crypto/openssl/crypto/bn_int.h
     - copied unchanged from r337791, head/crypto/openssl/crypto/bn_int.h
  stable/11/crypto/openssl/doc/man3/
     - copied from r337791, head/crypto/openssl/doc/man3/
  stable/11/secure/lib/libcrypto/man/X509_cmp_time.3
     - copied unchanged from r337791, head/secure/lib/libcrypto/man/X509_cmp_time.3
Modified:
  stable/11/crypto/openssl/CHANGES
  stable/11/crypto/openssl/CONTRIBUTING
  stable/11/crypto/openssl/Configure
  stable/11/crypto/openssl/Makefile
  stable/11/crypto/openssl/NEWS
  stable/11/crypto/openssl/README
  stable/11/crypto/openssl/apps/apps.c
  stable/11/crypto/openssl/apps/asn1pars.c
  stable/11/crypto/openssl/apps/ca.c
  stable/11/crypto/openssl/apps/ocsp.c
  stable/11/crypto/openssl/apps/passwd.c
  stable/11/crypto/openssl/apps/s_apps.h
  stable/11/crypto/openssl/apps/s_client.c
  stable/11/crypto/openssl/apps/s_server.c
  stable/11/crypto/openssl/apps/s_socket.c
  stable/11/crypto/openssl/apps/verify.c
  stable/11/crypto/openssl/crypto/Makefile
  stable/11/crypto/openssl/crypto/asn1/a_bool.c
  stable/11/crypto/openssl/crypto/asn1/a_object.c
  stable/11/crypto/openssl/crypto/asn1/a_strex.c
  stable/11/crypto/openssl/crypto/asn1/ameth_lib.c
  stable/11/crypto/openssl/crypto/asn1/asn1.h
  stable/11/crypto/openssl/crypto/asn1/asn1_err.c
  stable/11/crypto/openssl/crypto/asn1/tasn_enc.c
  stable/11/crypto/openssl/crypto/bio/bss_log.c
  stable/11/crypto/openssl/crypto/bio/bss_mem.c
  stable/11/crypto/openssl/crypto/bn/Makefile
  stable/11/crypto/openssl/crypto/bn/asm/armv4-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/ia64-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/mips-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/parisc-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/ppc-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
  stable/11/crypto/openssl/crypto/bn/asm/s390x-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/via-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/vis3-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/x86-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
  stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
  stable/11/crypto/openssl/crypto/bn/bn.h
  stable/11/crypto/openssl/crypto/bn/bn_div.c
  stable/11/crypto/openssl/crypto/bn/bn_exp.c
  stable/11/crypto/openssl/crypto/bn/bn_gf2m.c
  stable/11/crypto/openssl/crypto/bn/bn_lcl.h
  stable/11/crypto/openssl/crypto/bn/bn_lib.c
  stable/11/crypto/openssl/crypto/bn/bn_mod.c
  stable/11/crypto/openssl/crypto/bn/bn_mont.c
  stable/11/crypto/openssl/crypto/bn/bn_sqr.c
  stable/11/crypto/openssl/crypto/conf/conf_api.c
  stable/11/crypto/openssl/crypto/dh/dh_key.c
  stable/11/crypto/openssl/crypto/dh/dh_pmeth.c
  stable/11/crypto/openssl/crypto/dsa/dsa.h
  stable/11/crypto/openssl/crypto/dsa/dsa_err.c
  stable/11/crypto/openssl/crypto/dsa/dsa_gen.c
  stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c
  stable/11/crypto/openssl/crypto/dsa/dsa_pmeth.c
  stable/11/crypto/openssl/crypto/ec/ec_ameth.c
  stable/11/crypto/openssl/crypto/ec/ec_lib.c
  stable/11/crypto/openssl/crypto/ec/ecp_nistz256.c
  stable/11/crypto/openssl/crypto/ecdsa/Makefile
  stable/11/crypto/openssl/crypto/ecdsa/ecdsatest.c
  stable/11/crypto/openssl/crypto/ecdsa/ecs_ossl.c
  stable/11/crypto/openssl/crypto/engine/eng_lib.c
  stable/11/crypto/openssl/crypto/engine/tb_asnmth.c
  stable/11/crypto/openssl/crypto/o_time.c
  stable/11/crypto/openssl/crypto/opensslv.h
  stable/11/crypto/openssl/crypto/pem/pem.h
  stable/11/crypto/openssl/crypto/pem/pem_lib.c
  stable/11/crypto/openssl/crypto/pem/pem_pk8.c
  stable/11/crypto/openssl/crypto/pem/pem_pkey.c
  stable/11/crypto/openssl/crypto/pem/pvkfmt.c
  stable/11/crypto/openssl/crypto/pkcs12/p12_asn.c
  stable/11/crypto/openssl/crypto/rsa/Makefile
  stable/11/crypto/openssl/crypto/rsa/rsa_eay.c
  stable/11/crypto/openssl/crypto/rsa/rsa_gen.c
  stable/11/crypto/openssl/crypto/rsa/rsa_oaep.c
  stable/11/crypto/openssl/crypto/rsa/rsa_pk1.c
  stable/11/crypto/openssl/crypto/rsa/rsa_sign.c
  stable/11/crypto/openssl/crypto/rsa/rsa_ssl.c
  stable/11/crypto/openssl/crypto/sha/asm/sha1-586.pl
  stable/11/crypto/openssl/crypto/sha/asm/sha256-586.pl
  stable/11/crypto/openssl/crypto/ui/ui_openssl.c
  stable/11/crypto/openssl/crypto/x509/x509_cmp.c
  stable/11/crypto/openssl/crypto/x509/x509_lu.c
  stable/11/crypto/openssl/crypto/x509/x509_vfy.c
  stable/11/crypto/openssl/crypto/x509v3/v3_purp.c
  stable/11/crypto/openssl/doc/apps/cms.pod
  stable/11/crypto/openssl/doc/apps/config.pod
  stable/11/crypto/openssl/doc/apps/genpkey.pod
  stable/11/crypto/openssl/doc/apps/s_client.pod
  stable/11/crypto/openssl/doc/crypto/BIO_s_fd.pod
  stable/11/crypto/openssl/doc/crypto/BN_add.pod
  stable/11/crypto/openssl/doc/crypto/BN_bn2bin.pod
  stable/11/crypto/openssl/doc/crypto/BN_generate_prime.pod
  stable/11/crypto/openssl/doc/crypto/CMS_encrypt.pod
  stable/11/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod
  stable/11/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod
  stable/11/crypto/openssl/doc/crypto/DSA_do_sign.pod
  stable/11/crypto/openssl/doc/crypto/DSA_sign.pod
  stable/11/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
  stable/11/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
  stable/11/crypto/openssl/doc/crypto/ecdsa.pod
  stable/11/crypto/openssl/doc/crypto/pem.pod
  stable/11/crypto/openssl/doc/fingerprints.txt
  stable/11/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
  stable/11/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
  stable/11/crypto/openssl/doc/ssl/SSL_get_session.pod
  stable/11/crypto/openssl/doc/ssl/SSL_get_version.pod
  stable/11/crypto/openssl/doc/ssl/ssl.pod
  stable/11/crypto/openssl/ssl/d1_both.c
  stable/11/crypto/openssl/ssl/s3_lib.c
  stable/11/crypto/openssl/ssl/s3_srvr.c
  stable/11/crypto/openssl/ssl/ssl.h
  stable/11/crypto/openssl/ssl/ssl_lib.c
  stable/11/crypto/openssl/ssl/ssl_locl.h
  stable/11/crypto/openssl/ssl/t1_lib.c
  stable/11/crypto/openssl/ssl/t1_trce.c
  stable/11/crypto/openssl/util/domd
  stable/11/secure/lib/libcrypto/Makefile.inc
  stable/11/secure/lib/libcrypto/Makefile.man
  stable/11/secure/lib/libcrypto/amd64/x86_64-mont.S
  stable/11/secure/lib/libcrypto/amd64/x86_64-mont5.S
  stable/11/secure/lib/libcrypto/arm/armv4-mont.S
  stable/11/secure/lib/libcrypto/i386/x86-mont.S
  stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3
  stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/11/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/11/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/11/secure/lib/libcrypto/man/BIO_f_md.3
  stable/11/secure/lib/libcrypto/man/BIO_f_null.3
  stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/11/secure/lib/libcrypto/man/BIO_find_type.3
  stable/11/secure/lib/libcrypto/man/BIO_new.3
  stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3
  stable/11/secure/lib/libcrypto/man/BIO_push.3
  stable/11/secure/lib/libcrypto/man/BIO_read.3
  stable/11/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/11/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/11/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/11/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/11/secure/lib/libcrypto/man/BIO_s_file.3
  stable/11/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/11/secure/lib/libcrypto/man/BIO_s_null.3
  stable/11/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/11/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/11/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/11/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/11/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/11/secure/lib/libcrypto/man/BN_add.3
  stable/11/secure/lib/libcrypto/man/BN_add_word.3
  stable/11/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/11/secure/lib/libcrypto/man/BN_cmp.3
  stable/11/secure/lib/libcrypto/man/BN_copy.3
  stable/11/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/11/secure/lib/libcrypto/man/BN_new.3
  stable/11/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/11/secure/lib/libcrypto/man/BN_rand.3
  stable/11/secure/lib/libcrypto/man/BN_set_bit.3
  stable/11/secure/lib/libcrypto/man/BN_swap.3
  stable/11/secure/lib/libcrypto/man/BN_zero.3
  stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3
  stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3
  stable/11/secure/lib/libcrypto/man/CMS_compress.3
  stable/11/secure/lib/libcrypto/man/CMS_decrypt.3
  stable/11/secure/lib/libcrypto/man/CMS_encrypt.3
  stable/11/secure/lib/libcrypto/man/CMS_final.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_type.3
  stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  stable/11/secure/lib/libcrypto/man/CMS_sign.3
  stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3
  stable/11/secure/lib/libcrypto/man/CMS_uncompress.3
  stable/11/secure/lib/libcrypto/man/CMS_verify.3
  stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3
  stable/11/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/11/secure/lib/libcrypto/man/DH_generate_key.3
  stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/DH_new.3
  stable/11/secure/lib/libcrypto/man/DH_set_method.3
  stable/11/secure/lib/libcrypto/man/DH_size.3
  stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/11/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/11/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/DSA_new.3
  stable/11/secure/lib/libcrypto/man/DSA_set_method.3
  stable/11/secure/lib/libcrypto/man/DSA_sign.3
  stable/11/secure/lib/libcrypto/man/DSA_size.3
  stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3
  stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3
  stable/11/secure/lib/libcrypto/man/EC_KEY_new.3
  stable/11/secure/lib/libcrypto/man/EC_POINT_add.3
  stable/11/secure/lib/libcrypto/man/EC_POINT_new.3
  stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/11/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/11/secure/lib/libcrypto/man/ERR_error_string.3
  stable/11/secure/lib/libcrypto/man/ERR_get_error.3
  stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/11/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/11/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/11/secure/lib/libcrypto/man/ERR_put_error.3
  stable/11/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/11/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3
  stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  stable/11/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/11/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  stable/11/secure/lib/libcrypto/man/PKCS12_create.3
  stable/11/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/11/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  stable/11/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/11/secure/lib/libcrypto/man/RAND_add.3
  stable/11/secure/lib/libcrypto/man/RAND_bytes.3
  stable/11/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/11/secure/lib/libcrypto/man/RAND_egd.3
  stable/11/secure/lib/libcrypto/man/RAND_load_file.3
  stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/11/secure/lib/libcrypto/man/RSA_check_key.3
  stable/11/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/RSA_new.3
  stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/11/secure/lib/libcrypto/man/RSA_print.3
  stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/11/secure/lib/libcrypto/man/RSA_set_method.3
  stable/11/secure/lib/libcrypto/man/RSA_sign.3
  stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/11/secure/lib/libcrypto/man/RSA_size.3
  stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3
  stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3
  stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  stable/11/secure/lib/libcrypto/man/X509_check_host.3
  stable/11/secure/lib/libcrypto/man/X509_check_private_key.3
  stable/11/secure/lib/libcrypto/man/X509_new.3
  stable/11/secure/lib/libcrypto/man/X509_verify_cert.3
  stable/11/secure/lib/libcrypto/man/bio.3
  stable/11/secure/lib/libcrypto/man/blowfish.3
  stable/11/secure/lib/libcrypto/man/bn.3
  stable/11/secure/lib/libcrypto/man/bn_internal.3
  stable/11/secure/lib/libcrypto/man/buffer.3
  stable/11/secure/lib/libcrypto/man/crypto.3
  stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
  stable/11/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3
  stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/11/secure/lib/libcrypto/man/d2i_X509.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/11/secure/lib/libcrypto/man/des.3
  stable/11/secure/lib/libcrypto/man/dh.3
  stable/11/secure/lib/libcrypto/man/dsa.3
  stable/11/secure/lib/libcrypto/man/ec.3
  stable/11/secure/lib/libcrypto/man/ecdsa.3
  stable/11/secure/lib/libcrypto/man/engine.3
  stable/11/secure/lib/libcrypto/man/err.3
  stable/11/secure/lib/libcrypto/man/evp.3
  stable/11/secure/lib/libcrypto/man/hmac.3
  stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  stable/11/secure/lib/libcrypto/man/lh_stats.3
  stable/11/secure/lib/libcrypto/man/lhash.3
  stable/11/secure/lib/libcrypto/man/md5.3
  stable/11/secure/lib/libcrypto/man/mdc2.3
  stable/11/secure/lib/libcrypto/man/pem.3
  stable/11/secure/lib/libcrypto/man/rand.3
  stable/11/secure/lib/libcrypto/man/rc4.3
  stable/11/secure/lib/libcrypto/man/ripemd.3
  stable/11/secure/lib/libcrypto/man/rsa.3
  stable/11/secure/lib/libcrypto/man/sha.3
  stable/11/secure/lib/libcrypto/man/threads.3
  stable/11/secure/lib/libcrypto/man/ui.3
  stable/11/secure/lib/libcrypto/man/ui_compat.3
  stable/11/secure/lib/libcrypto/man/x509.3
  stable/11/secure/lib/libssl/Makefile.man
  stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
  stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3
  stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/11/secure/lib/libssl/man/SSL_CTX_free.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/11/secure/lib/libssl/man/SSL_CTX_new.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/11/secure/lib/libssl/man/SSL_accept.3
  stable/11/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/11/secure/lib/libssl/man/SSL_check_chain.3
  stable/11/secure/lib/libssl/man/SSL_clear.3
  stable/11/secure/lib/libssl/man/SSL_connect.3
  stable/11/secure/lib/libssl/man/SSL_do_handshake.3
  stable/11/secure/lib/libssl/man/SSL_export_keying_material.3
  stable/11/secure/lib/libssl/man/SSL_free.3
  stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/11/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/11/secure/lib/libssl/man/SSL_get_error.3
  stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_get_fd.3
  stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3
  stable/11/secure/lib/libssl/man/SSL_get_rbio.3
  stable/11/secure/lib/libssl/man/SSL_get_session.3
  stable/11/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/11/secure/lib/libssl/man/SSL_get_version.3
  stable/11/secure/lib/libssl/man/SSL_library_init.3
  stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/11/secure/lib/libssl/man/SSL_new.3
  stable/11/secure/lib/libssl/man/SSL_pending.3
  stable/11/secure/lib/libssl/man/SSL_read.3
  stable/11/secure/lib/libssl/man/SSL_rstate_string.3
  stable/11/secure/lib/libssl/man/SSL_session_reused.3
  stable/11/secure/lib/libssl/man/SSL_set_bio.3
  stable/11/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/11/secure/lib/libssl/man/SSL_set_fd.3
  stable/11/secure/lib/libssl/man/SSL_set_session.3
  stable/11/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/11/secure/lib/libssl/man/SSL_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_state_string.3
  stable/11/secure/lib/libssl/man/SSL_want.3
  stable/11/secure/lib/libssl/man/SSL_write.3
  stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/11/secure/lib/libssl/man/ssl.3
  stable/11/secure/usr.bin/openssl/man/CA.pl.1
  stable/11/secure/usr.bin/openssl/man/asn1parse.1
  stable/11/secure/usr.bin/openssl/man/ca.1
  stable/11/secure/usr.bin/openssl/man/ciphers.1
  stable/11/secure/usr.bin/openssl/man/cms.1
  stable/11/secure/usr.bin/openssl/man/crl.1
  stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/11/secure/usr.bin/openssl/man/dgst.1
  stable/11/secure/usr.bin/openssl/man/dhparam.1
  stable/11/secure/usr.bin/openssl/man/dsa.1
  stable/11/secure/usr.bin/openssl/man/dsaparam.1
  stable/11/secure/usr.bin/openssl/man/ec.1
  stable/11/secure/usr.bin/openssl/man/ecparam.1
  stable/11/secure/usr.bin/openssl/man/enc.1
  stable/11/secure/usr.bin/openssl/man/errstr.1
  stable/11/secure/usr.bin/openssl/man/gendsa.1
  stable/11/secure/usr.bin/openssl/man/genpkey.1
  stable/11/secure/usr.bin/openssl/man/genrsa.1
  stable/11/secure/usr.bin/openssl/man/nseq.1
  stable/11/secure/usr.bin/openssl/man/ocsp.1
  stable/11/secure/usr.bin/openssl/man/openssl.1
  stable/11/secure/usr.bin/openssl/man/passwd.1
  stable/11/secure/usr.bin/openssl/man/pkcs12.1
  stable/11/secure/usr.bin/openssl/man/pkcs7.1
  stable/11/secure/usr.bin/openssl/man/pkcs8.1
  stable/11/secure/usr.bin/openssl/man/pkey.1
  stable/11/secure/usr.bin/openssl/man/pkeyparam.1
  stable/11/secure/usr.bin/openssl/man/pkeyutl.1
  stable/11/secure/usr.bin/openssl/man/rand.1
  stable/11/secure/usr.bin/openssl/man/req.1
  stable/11/secure/usr.bin/openssl/man/rsa.1
  stable/11/secure/usr.bin/openssl/man/rsautl.1
  stable/11/secure/usr.bin/openssl/man/s_client.1
  stable/11/secure/usr.bin/openssl/man/s_server.1
  stable/11/secure/usr.bin/openssl/man/s_time.1
  stable/11/secure/usr.bin/openssl/man/sess_id.1
  stable/11/secure/usr.bin/openssl/man/smime.1
  stable/11/secure/usr.bin/openssl/man/speed.1
  stable/11/secure/usr.bin/openssl/man/spkac.1
  stable/11/secure/usr.bin/openssl/man/ts.1
  stable/11/secure/usr.bin/openssl/man/tsget.1
  stable/11/secure/usr.bin/openssl/man/verify.1
  stable/11/secure/usr.bin/openssl/man/version.1
  stable/11/secure/usr.bin/openssl/man/x509.1
  stable/11/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/crypto/openssl/CHANGES
==============================================================================
--- stable/11/crypto/openssl/CHANGES	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/CHANGES	Fri Aug 17 18:32:53 2018	(r337982)
@@ -7,6 +7,64 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+
+  *) Client DoS due to large DH parameter
+
+     During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+     malicious server can send a very large prime value to the client. This will
+     cause the client to spend an unreasonably long period of time generating a
+     key for this prime resulting in a hang until the client has finished. This
+     could be exploited in a Denial Of Service attack.
+
+     This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+     (CVE-2018-0732)
+     [Guido Vranken]
+
+  *) Cache timing vulnerability in RSA Key Generation
+
+     The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+     a cache timing side channel attack. An attacker with sufficient access to
+     mount cache timing attacks during the RSA key generation process could
+     recover the private key.
+
+     This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+     Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+     (CVE-2018-0737)
+     [Billy Brumley]
+
+  *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
+     parameter is no longer accepted, as it leads to a corrupt table.  NULL
+     pem_str is reserved for alias entries only.
+     [Richard Levitte]
+
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
+  *) Change generating and checking of primes so that the error rate of not
+     being prime depends on the intended use based on the size of the input.
+     For larger primes this will result in more rounds of Miller-Rabin.
+     The maximal error rate for primes with more than 1080 bits is lowered
+     to 2^-128.
+     [Kurt Roeckx, Annie Yousar]
+
+  *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+     [Kurt Roeckx]
+
+  *) Add blinding to ECDSA and DSA signatures to protect against side channel
+     attacks discovered by Keegan Ryan (NCC Group).
+     [Matt Caswell]
+
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
+  *) Certificate time validation (X509_cmp_time) enforces stricter
+     compliance with RFC 5280. Fractional seconds and timezone offsets
+     are no longer allowed.
+     [Emilia Käsper]
+
  Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
 
   *) Constructed ASN.1 types with a recursive definition could exceed the stack

Modified: stable/11/crypto/openssl/CONTRIBUTING
==============================================================================
--- stable/11/crypto/openssl/CONTRIBUTING	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/CONTRIBUTING	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1,27 +1,27 @@
-HOW TO CONTRIBUTE PATCHES TO OpenSSL
-------------------------------------
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
 
 (Please visit https://www.openssl.org/community/getting-started.html for
 other ideas about how to contribute.)
 
-Development is coordinated on the openssl-dev mailing list (see the
-above link or https://mta.openssl.org for information on subscribing).
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community you might want to discuss it on the openssl-dev mailing
-list first.  Someone may be already working on the same thing or there
-may be a good reason as to why that feature isn't implemented.
+Development is done on GitHub, https://github.com/openssl/openssl.
 
-To submit a patch, make a pull request on GitHub.  If you think the patch
-could use feedback from the community, please start a thread on openssl-dev
-to discuss it.
+To request new features or report bugs, please open an issue on GitHub
 
-Having addressed the following items before the PR will help make the
-acceptance and review process faster:
+To submit a patch, please open a pull request on GitHub.  If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community.  Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
 
-    1. Anything other than trivial contributions will require a contributor
-    licensing agreement, giving us permission to use your code. See
-    https://www.openssl.org/policies/cla.html for details.
+To make it easier to review and accept your pull request, please follow these
+guidelines:
 
+    1. Anything other than a trivial contribution requires a Contributor
+    License Agreement (CLA), giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.  If your
+    contribution is too small to require a CLA, put "CLA: trivial" on a
+    line by itself in your commit message body.
+
     2.  All source files should start with the following text (with
     appropriate comment characters at the start of each line and the
     year(s) updated):
@@ -34,21 +34,21 @@ acceptance and review process faster:
         https://www.openssl.org/source/license.html
 
     3.  Patches should be as current as possible; expect to have to rebase
-    often. We do not accept merge commits; You will be asked to remove
-    them before a patch is considered acceptable.
+    often. We do not accept merge commits, you will have to remove them
+    (usually by rebasing) before it will be acceptable.
 
     4.  Patches should follow our coding style (see
-    https://www.openssl.org/policies/codingstyle.html) and compile without
-    warnings. Where gcc or clang is availble you should use the
+    https://www.openssl.org/policies/codingstyle.html) and compile
+    without warnings. Where gcc or clang is available you should use the
     --strict-warnings Configure option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.
-    Clean builds via Travis and AppVeyor are expected, and done whenever
-    a PR is created or updated.
+    platforms: try to ensure you only use portable features.  Clean builds
+    via Travis and AppVeyor are required, and they are started automatically
+    whenever a PR is created or updated.
 
     5.  When at all possible, patches should include tests. These can
     either be added to an existing test, or completely new.  Please see
     test/README for information on the test framework.
 
     6.  New features or changed functionality must include
-    documentation. Please look at the "pod" files in doc/apps, doc/crypto
-    and doc/ssl for examples of our style.
+    documentation. Please look at the "pod" files in doc for
+    examples of our style.

Modified: stable/11/crypto/openssl/Configure
==============================================================================
--- stable/11/crypto/openssl/Configure	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/Configure	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled))
 				$depflags .= " -DOPENSSL_NO_$ALGO";
 				}
 			}
+                        if (/^comp$/)	{ $zlib = 0; }
 		}
 
 	print "\n";
@@ -1671,6 +1672,13 @@ while (<PIPE>) {
 }
 close(PIPE);
 
+# Xcode did not handle $cc -M before clang support
+my $cc_as_makedepend = 0;
+if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
+                                    && !defined($predefined{__clang__}))) {
+  $cc_as_makedepend = 1;
+}
+
 if ($strict_warnings)
 	{
 	my $wopt;
@@ -1730,14 +1738,14 @@ while (<IN>)
 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
 		s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
 		}
 	else	{
 		s/^CC=.*$/CC= $cc/;
 		s/^AR=\s*ar/AR= $ar/;
 		s/^RANLIB=.*/RANLIB= $ranlib/;
 		s/^RC=.*/RC= $windres/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
 		}
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;

Modified: stable/11/crypto/openssl/Makefile
==============================================================================
--- stable/11/crypto/openssl/Makefile	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/Makefile	Fri Aug 17 18:32:53 2018	(r337982)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2o
+VERSION=1.0.2p
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0

Modified: stable/11/crypto/openssl/NEWS
==============================================================================
--- stable/11/crypto/openssl/NEWS	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/NEWS	Fri Aug 17 18:32:53 2018	(r337982)
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
+
+      o Client DoS due to large DH parameter (CVE-2018-0732)
+      o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
   Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
 
       o Constructed ASN.1 types with a recursive definition could exceed the

Modified: stable/11/crypto/openssl/README
==============================================================================
--- stable/11/crypto/openssl/README	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/README	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1,7 +1,7 @@
 
- OpenSSL 1.0.2o 27 Mar 2018
+ OpenSSL 1.0.2p 14 Aug 2018
 
- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2018 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

Modified: stable/11/crypto/openssl/apps/apps.c
==============================================================================
--- stable/11/crypto/openssl/apps/apps.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/apps.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
     };
     if (set_multi_opts(flags, arg, ex_tbl) == 0)
         return 0;
-    if ((*flags & XN_FLAG_SEP_MASK) == 0)
+    if (*flags != XN_FLAG_COMPAT
+        && (*flags & XN_FLAG_SEP_MASK) == 0)
         *flags |= XN_FLAG_SEP_CPLUS_SPC;
     return 1;
 }

Modified: stable/11/crypto/openssl/apps/asn1pars.c
==============================================================================
--- stable/11/crypto/openssl/apps/asn1pars.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/asn1pars.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
             ASN1_TYPE *atmp;
             int typ;
             j = atoi(sk_OPENSSL_STRING_value(osk, i));
-            if (j == 0) {
+            if (j <= 0 || j >= tmplen) {
                 BIO_printf(bio_err, "'%s' is an invalid number\n",
                            sk_OPENSSL_STRING_value(osk, i));
                 continue;
@@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
         num = tmplen;
     }
 
-    if (offset >= num) {
-        BIO_printf(bio_err, "Error: offset too large\n");
+    if (offset < 0 || offset >= num) {
+        BIO_printf(bio_err, "Error: offset out of range\n");
         goto end;
     }
 
     num -= offset;
 
-    if ((length == 0) || ((long)length > num))
+    if (length == 0 || length > (unsigned int)num)
         length = (unsigned int)num;
     if (derout) {
         if (BIO_write(derout, str + offset, length) != (int)length) {

Modified: stable/11/crypto/openssl/apps/ca.c
==============================================================================
--- stable/11/crypto/openssl/apps/ca.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/ca.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
             if (j > 0) {
                 total_done++;
                 BIO_printf(bio_err, "\n");
-                if (!BN_add_word(serial, 1))
+                if (!BN_add_word(serial, 1)) {
+                    X509_free(x);
                     goto err;
+                }
                 if (!sk_X509_push(cert_sk, x)) {
                     BIO_printf(bio_err, "Memory allocation failure\n");
+                    X509_free(x);
                     goto err;
                 }
             }

Modified: stable/11/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/11/crypto/openssl/apps/ocsp.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/ocsp.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -4,7 +4,7 @@
  * 2000.
  */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
                    OCSP_response_status_str(i), i);
         if (ignore_err)
             goto redo_accept;
-        ret = 0;
         goto end;
     }
 

Modified: stable/11/crypto/openssl/apps/passwd.c
==============================================================================
--- stable/11/crypto/openssl/apps/passwd.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/passwd.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *
     out_buf[0] = '$';
     out_buf[1] = 0;
     assert(strlen(magic) <= 4); /* "1" or "apr1" */
-    strncat(out_buf, magic, 4);
-    strncat(out_buf, "$", 1);
-    strncat(out_buf, salt, 8);
+    BUF_strlcat(out_buf, magic, sizeof(out_buf));
+    BUF_strlcat(out_buf, "$", sizeof(out_buf));
+    BUF_strlcat(out_buf, salt, sizeof(out_buf));
     assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
     salt_out = out_buf + 2 + strlen(magic);
     salt_len = strlen(salt_out);

Modified: stable/11/crypto/openssl/apps/s_apps.h
==============================================================================
--- stable/11/crypto/openssl/apps/s_apps.h	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/s_apps.h	Fri Aug 17 18:32:53 2018	(r337982)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -152,9 +152,8 @@ typedef fd_mask fd_set;
 #define PROTOCOL        "tcp"
 
 int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, int stype,
-                         unsigned char *context), unsigned char *context,
-              int naccept);
+              int (*cb) (int s, int stype, unsigned char *context),
+              unsigned char *context, int naccept);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif

Modified: stable/11/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/11/crypto/openssl/apps/s_client.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/s_client.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -337,7 +337,7 @@ static void sc_usage(void)
     BIO_printf(bio_err,
                " -prexit       - print session information even on connection failure\n");
     BIO_printf(bio_err,
-               " -showcerts    - show all certificates in the chain\n");
+               " -showcerts    - Show all certificates sent by the server\n");
     BIO_printf(bio_err, " -debug        - extra output\n");
 #ifdef WATT32
     BIO_printf(bio_err, " -wdebug       - WATT-32 tcp debugging\n");

Modified: stable/11/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/11/crypto/openssl/apps/s_server.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/s_server.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -209,9 +209,9 @@ typedef unsigned int u_int;
 #ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 #endif
-static int sv_body(char *hostname, int s, int stype, unsigned char *context);
-static int www_body(char *hostname, int s, int stype, unsigned char *context);
-static int rev_body(char *hostname, int s, int stype, unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
 static void close_accept_socket(void);
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
@@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
     char *chCApath = NULL, *chCAfile = NULL;
     char *vfyCApath = NULL, *vfyCAfile = NULL;
     unsigned char *context = NULL;
+#ifndef OPENSSL_NO_DH
     char *dhfile = NULL;
+    int no_dhe = 0;
+#endif
     int badop = 0;
     int ret = 1;
     int build_chain = 0;
-    int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
+    int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
     int state = 0;
     const SSL_METHOD *meth = NULL;
     int socket_type = SOCK_STREAM;
@@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
             if (--argc < 1)
                 goto bad;
             s_chain_file = *(++argv);
-        } else if (strcmp(*argv, "-dhparam") == 0) {
+        }
+#ifndef OPENSSL_NO_DH
+        else if (strcmp(*argv, "-dhparam") == 0) {
             if (--argc < 1)
                 goto bad;
             dhfile = *(++argv);
-        } else if (strcmp(*argv, "-dcertform") == 0) {
+        }
+#endif
+        else if (strcmp(*argv, "-dcertform") == 0) {
             if (--argc < 1)
                 goto bad;
             s_dcert_format = str2fmt(*(++argv));
@@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
             verify_quiet = 1;
         } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
             no_tmp_rsa = 1;
-        } else if (strcmp(*argv, "-no_dhe") == 0) {
+        }
+#ifndef OPENSSL_NO_DH
+        else if (strcmp(*argv, "-no_dhe") == 0) {
             no_dhe = 1;
-        } else if (strcmp(*argv, "-no_ecdhe") == 0) {
+        }
+#endif
+        else if (strcmp(*argv, "-no_ecdhe") == 0) {
             no_ecdhe = 1;
         } else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
             no_resume_ephemeral = 1;
@@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
                SSL_CTX_sess_get_cache_size(ssl_ctx));
 }
 
-static int sv_body(char *hostname, int s, int stype, unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
 {
     char *buf = NULL;
     fd_set readfds;
@@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
 }
 #endif
 
-static int www_body(char *hostname, int s, int stype, unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
 {
     char *buf = NULL;
     int ret = 1;
@@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, 
     return (ret);
 }
 
-static int rev_body(char *hostname, int s, int stype, unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
 {
     char *buf = NULL;
     int i;

Modified: stable/11/crypto/openssl/apps/s_socket.c
==============================================================================
--- stable/11/crypto/openssl/apps/s_socket.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/s_socket.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -109,7 +109,7 @@ static int ssl_sock_init(void);
 static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
 static int init_server(int *sock, int port, int type);
 static int init_server_long(int *sock, int port, char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
+static int do_accept(int acc_sock, int *sock);
 static int host_ip(char *str, unsigned char ip[4]);
 
 # ifdef OPENSSL_SYS_WIN16
@@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[
 }
 
 int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, int stype,
-                         unsigned char *context), unsigned char *context,
-              int naccept)
+              int (*cb) (int s, int stype, unsigned char *context),
+              unsigned char *context, int naccept)
 {
     int sock;
-    char *name = NULL;
     int accept_socket = 0;
     int i;
 
@@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
     }
     for (;;) {
         if (type == SOCK_STREAM) {
-            if (do_accept(accept_socket, &sock, &name) == 0) {
+            if (do_accept(accept_socket, &sock) == 0) {
                 SHUTDOWN(accept_socket);
                 return (0);
             }
         } else
             sock = accept_socket;
-        i = (*cb) (name, sock, type, context);
-        if (name != NULL)
-            OPENSSL_free(name);
+        i = (*cb) (sock, type, context);
         if (type == SOCK_STREAM)
             SHUTDOWN2(sock);
         if (naccept != -1)
@@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
     return (init_server_long(sock, port, NULL, type));
 }
 
-static int do_accept(int acc_sock, int *sock, char **host)
+static int do_accept(int acc_sock, int *sock)
 {
     int ret;
-    struct hostent *h1, *h2;
-    static struct sockaddr_in from;
-    int len;
-/*      struct linger ling; */
 
     if (!ssl_sock_init())
-        return (0);
+        return 0;
 
 # ifndef OPENSSL_SYS_WINDOWS
  redoit:
 # endif
 
-    memset((char *)&from, 0, sizeof(from));
-    len = sizeof(from);
     /*
      * Note: under VMS with SOCKETSHR the fourth parameter is currently of
      * type (int *) whereas under other systems it is (void *) if you don't
      * have a cast it will choke the compiler: if you do have a cast then you
      * can either go for (int *) or (void *).
      */
-    ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+    ret = accept(acc_sock, NULL, NULL);
     if (ret == INVALID_SOCKET) {
 # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
         int i;
@@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **h
         fprintf(stderr, "errno=%d ", errno);
         perror("accept");
 # endif
-        return (0);
+        return 0;
     }
 
-/*-
-    ling.l_onoff=1;
-    ling.l_linger=0;
-    i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
-    if (i < 0) { perror("linger"); return(0); }
-    i=0;
-    i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-    if (i < 0) { perror("keepalive"); return(0); }
-*/
-
-    if (host == NULL)
-        goto end;
-# ifndef BIT_FIELD_LIMITS
-    /* I should use WSAAsyncGetHostByName() under windows */
-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
-                       sizeof(from.sin_addr.s_addr), AF_INET);
-# else
-    h1 = gethostbyaddr((char *)&from.sin_addr,
-                       sizeof(struct in_addr), AF_INET);
-# endif
-    if (h1 == NULL) {
-        BIO_printf(bio_err, "bad gethostbyaddr\n");
-        *host = NULL;
-        /* return(0); */
-    } else {
-        if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
-            perror("OPENSSL_malloc");
-            closesocket(ret);
-            return (0);
-        }
-        BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
-
-        h2 = GetHostByName(*host);
-        if (h2 == NULL) {
-            BIO_printf(bio_err, "gethostbyname failure\n");
-            closesocket(ret);
-            return (0);
-        }
-        if (h2->h_addrtype != AF_INET) {
-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-            closesocket(ret);
-            return (0);
-        }
-    }
- end:
     *sock = ret;
-    return (1);
+    return 1;
 }
 
 int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

Modified: stable/11/crypto/openssl/apps/verify.c
==============================================================================
--- stable/11/crypto/openssl/apps/verify.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/apps/verify.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
     X509_STORE_set_flags(ctx, vflags);
     if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
         ERR_print_errors(bio_err);
+        X509_STORE_CTX_free(csc);
         goto end;
     }
     if (tchain)

Modified: stable/11/crypto/openssl/crypto/Makefile
==============================================================================
--- stable/11/crypto/openssl/crypto/Makefile	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/Makefile	Fri Aug 17 18:32:53 2018	(r337982)
@@ -46,7 +46,7 @@ SRC= $(LIBSRC)
 EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
 	ossl_typ.h
 HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
-	constant_time_locl.h $(EXHEADER)
+	constant_time_locl.h bn_int.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 

Modified: stable/11/crypto/openssl/crypto/asn1/a_bool.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/a_bool.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/a_bool.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -63,17 +63,31 @@
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 {
     int r;
-    unsigned char *p;
+    unsigned char *p, *allocated = NULL;
 
     r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
     if (pp == NULL)
         return (r);
-    p = *pp;
 
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
+            ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }
+
     ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
-    *(p++) = (unsigned char)a;
-    *pp = p;
-    return (r);
+    *p = (unsigned char)a;
+
+
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + 1;
+    return r;
 }
 
 int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)

Modified: stable/11/crypto/openssl/crypto/asn1/a_object.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/a_object.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/a_object.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -66,7 +66,7 @@
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 {
-    unsigned char *p;
+    unsigned char *p, *allocated = NULL;
     int objsize;
 
     if ((a == NULL) || (a->data == NULL))
@@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp
     if (pp == NULL || objsize == -1)
         return objsize;
 
-    p = *pp;
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+            ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }
+
     ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
     memcpy(p, a->data, a->length);
-    p += a->length;
 
-    *pp = p;
-    return (objsize);
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + a->length;
+    return objsize;
 }
 
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)

Modified: stable/11/crypto/openssl/crypto/asn1/a_strex.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/a_strex.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/a_strex.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -4,7 +4,7 @@
  * 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
                   int type, unsigned char flags, char *quotes, char_io *io_ch,
                   void *arg)
 {
-    int i, outlen, len;
+    int i, outlen, len, charwidth;
     unsigned char orflags, *p, *q;
     unsigned long c;
     p = buf;
     q = buf + buflen;
     outlen = 0;
+    charwidth = type & BUF_TYPE_WIDTH_MASK;
+
+    switch (charwidth) {
+    case 4:
+        if (buflen & 3) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    case 2:
+        if (buflen & 1) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    default:
+        break;
+    }
+
     while (p != q) {
         if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
             orflags = CHARTYPE_FIRST_ESC_2253;
         else
             orflags = 0;
-        switch (type & BUF_TYPE_WIDTH_MASK) {
+
+        switch (charwidth) {
         case 4:
             c = ((unsigned long)*p++) << 24;
             c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
             i = UTF8_getc(p, buflen, &c);
             if (i < 0)
                 return -1;      /* Invalid UTF8String */
+            buflen -= i;
             p += i;
             break;
         default:

Modified: stable/11/crypto/openssl/crypto/asn1/ameth_lib.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/ameth_lib.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/ameth_lib.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -3,7 +3,7 @@
  * 2006.
  */
 /* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -304,6 +304,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int fl
             goto err;
     } else
         ameth->info = NULL;
+
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+        goto err;
 
     if (pem_str) {
         ameth->pem_str = BUF_strdup(pem_str);

Modified: stable/11/crypto/openssl/crypto/asn1/asn1.h
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/asn1.h	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/asn1.h	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
  * The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
+
 void ERR_load_ASN1_strings(void);
 
 /* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_D2I_X509                                  156
 # define ASN1_F_D2I_X509_CINF                             157
 # define ASN1_F_D2I_X509_PKEY                             159
+# define ASN1_F_DO_BUF                                    221
 # define ASN1_F_I2D_ASN1_BIO_STREAM                       211
+# define ASN1_F_I2D_ASN1_BOOLEAN                          223
+# define ASN1_F_I2D_ASN1_OBJECT                           222
 # define ASN1_F_I2D_ASN1_SET                              188
 # define ASN1_F_I2D_ASN1_TIME                             160
 # define ASN1_F_I2D_DSA_PUBKEY                            161
@@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_WRONG_TAG                                 168
 # define ASN1_R_WRONG_TYPE                                169
 
-#ifdef  __cplusplus
+# ifdef  __cplusplus
 }
-#endif
+# endif
 #endif

Modified: stable/11/crypto/openssl/crypto/asn1/asn1_err.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/asn1_err.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/asn1_err.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
     {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
     {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+    {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
     {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
+    {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
+    {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
     {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
     {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
     {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},

Modified: stable/11/crypto/openssl/crypto/asn1/tasn_enc.c
==============================================================================
--- stable/11/crypto/openssl/crypto/asn1/tasn_enc.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/asn1/tasn_enc.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -4,7 +4,7 @@
  * 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout
         otmp = (ASN1_OBJECT *)*pval;
         cont = otmp->data;
         len = otmp->length;
+        if (cont == NULL || len == 0)
+            return -1;
         break;
 
     case V_ASN1_NULL:

Modified: stable/11/crypto/openssl/crypto/bio/bss_log.c
==============================================================================
--- stable/11/crypto/openssl/crypto/bio/bss_log.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/bio/bss_log.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -1,6 +1,6 @@
 /* crypto/bio/bss_log.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *i
     if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
         return (0);
     }
-    strncpy(buf, in, inl);
+    memcpy(buf, in, inl);
     buf[inl] = '\0';
 
     i = 0;

Modified: stable/11/crypto/openssl/crypto/bio/bss_mem.c
==============================================================================
--- stable/11/crypto/openssl/crypto/bio/bss_mem.c	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/bio/bss_mem.c	Fri Aug 17 18:32:53 2018	(r337982)
@@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl)
     }
 
     BIO_clear_retry_flags(b);
+    if (inl == 0)
+        return 0;
     blen = bm->length;
     if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
         goto end;

Modified: stable/11/crypto/openssl/crypto/bn/Makefile
==============================================================================
--- stable/11/crypto/openssl/crypto/bn/Makefile	Fri Aug 17 18:24:11 2018	(r337981)
+++ stable/11/crypto/openssl/crypto/bn/Makefile	Fri Aug 17 18:32:53 2018	(r337982)
@@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/
 bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c
+bn_add.o: bn_lcl.h
 bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c
+bn_asm.o: bn_lcl.h
 bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h
+bn_blind.o: bn_blind.c bn_lcl.h
 bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bn_const.o: ../../include/openssl/opensslconf.h
 bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/
 bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c
+bn_ctx.o: bn_lcl.h
 bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include
 bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h
 bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c
+bn_div.o: bn_lcl.h
 bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/
 bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
 bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h
 bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include
 bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c
+bn_exp2.o: bn_lcl.h
 bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c
+bn_gcd.o: bn_lcl.h
 bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c
+bn_gf2m.o: bn_lcl.h
 bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c
+bn_kron.o: bn_lcl.h
 bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_lib.o: bn_lib.c
 bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808171832.w7HIWrSP086571>