svn commit: r215912 - in stable/8: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/...

Simon L. Nielsen simon at FreeBSD.org
Fri Nov 26 22:51:00 UTC 2010


Author: simon
Date: Fri Nov 26 22:50:58 2010
New Revision: 215912
URL: http://svn.freebsd.org/changeset/base/215912

Log:
  Merge OpenSSL 0.9.8p into stable/8.
  
  This merges up to and including head/crypto/openssl/ r215697; and
  head/secure/lib/libcrypto/, head/secure/lib/libssl/,
  head/secure/usr.bin/openssl/ r215698.
  
  To make the merge simpler, a hack was added to set MACHINE_CPUARCH.
  
  Security:	CVE-2010-2939, CVE-2010-3864
  Security:	http://www.openssl.org/news/secadv_20101116.txt
  Security:	FreeBSD-SA-10:10.openssl
  Approved by:	re (implicitly - they did not object of the general idea
  		of OpenSSL update)

Modified:
  stable/8/crypto/openssl/CHANGES
  stable/8/crypto/openssl/Configure
  stable/8/crypto/openssl/FAQ
  stable/8/crypto/openssl/Makefile
  stable/8/crypto/openssl/NEWS
  stable/8/crypto/openssl/PROBLEMS
  stable/8/crypto/openssl/README
  stable/8/crypto/openssl/apps/apps.c
  stable/8/crypto/openssl/apps/dh.c
  stable/8/crypto/openssl/apps/dhparam.c
  stable/8/crypto/openssl/apps/dsaparam.c
  stable/8/crypto/openssl/apps/ec.c
  stable/8/crypto/openssl/apps/ecparam.c
  stable/8/crypto/openssl/apps/enc.c
  stable/8/crypto/openssl/apps/gendh.c
  stable/8/crypto/openssl/apps/gendsa.c
  stable/8/crypto/openssl/apps/genrsa.c
  stable/8/crypto/openssl/apps/pkcs7.c
  stable/8/crypto/openssl/apps/rand.c
  stable/8/crypto/openssl/apps/s_server.c
  stable/8/crypto/openssl/apps/s_socket.c
  stable/8/crypto/openssl/apps/speed.c
  stable/8/crypto/openssl/apps/x509.c
  stable/8/crypto/openssl/crypto/aes/aes_wrap.c
  stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
  stable/8/crypto/openssl/crypto/asn1/a_int.c
  stable/8/crypto/openssl/crypto/asn1/n_pkey.c
  stable/8/crypto/openssl/crypto/asn1/t_crl.c
  stable/8/crypto/openssl/crypto/asn1/tasn_dec.c
  stable/8/crypto/openssl/crypto/asn1/x_x509.c
  stable/8/crypto/openssl/crypto/bio/b_sock.c
  stable/8/crypto/openssl/crypto/bio/bf_nbio.c
  stable/8/crypto/openssl/crypto/bio/bio_lib.c
  stable/8/crypto/openssl/crypto/bio/bss_acpt.c
  stable/8/crypto/openssl/crypto/bio/bss_sock.c
  stable/8/crypto/openssl/crypto/bn/bn_exp2.c
  stable/8/crypto/openssl/crypto/bn/bn_mul.c
  stable/8/crypto/openssl/crypto/cms/cms_asn1.c
  stable/8/crypto/openssl/crypto/conf/conf_def.c
  stable/8/crypto/openssl/crypto/des/rpc_des.h
  stable/8/crypto/openssl/crypto/dsa/dsa_gen.c
  stable/8/crypto/openssl/crypto/dsa/dsa_ossl.c
  stable/8/crypto/openssl/crypto/ec/ec2_mult.c
  stable/8/crypto/openssl/crypto/ec/ec_mult.c
  stable/8/crypto/openssl/crypto/ecdh/ech_lib.c
  stable/8/crypto/openssl/crypto/ecdsa/ecs_lib.c
  stable/8/crypto/openssl/crypto/engine/eng_list.c
  stable/8/crypto/openssl/crypto/err/err_prn.c
  stable/8/crypto/openssl/crypto/evp/bio_b64.c
  stable/8/crypto/openssl/crypto/evp/enc_min.c
  stable/8/crypto/openssl/crypto/evp/encode.c
  stable/8/crypto/openssl/crypto/evp/evp_pbe.c
  stable/8/crypto/openssl/crypto/hmac/hmac.c
  stable/8/crypto/openssl/crypto/md32_common.h
  stable/8/crypto/openssl/crypto/o_init.c
  stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c
  stable/8/crypto/openssl/crypto/ocsp/ocsp_prn.c
  stable/8/crypto/openssl/crypto/opensslv.h
  stable/8/crypto/openssl/crypto/pem/pem_lib.c
  stable/8/crypto/openssl/crypto/pkcs12/p12_key.c
  stable/8/crypto/openssl/crypto/pkcs12/p12_npas.c
  stable/8/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/8/crypto/openssl/crypto/pkcs7/pk7_lib.c
  stable/8/crypto/openssl/crypto/pkcs7/pk7_mime.c
  stable/8/crypto/openssl/crypto/pqueue/pqueue.c
  stable/8/crypto/openssl/crypto/rand/rand_nw.c
  stable/8/crypto/openssl/crypto/rand/randfile.c
  stable/8/crypto/openssl/crypto/rc5/rc5_locl.h
  stable/8/crypto/openssl/crypto/rsa/rsa_eay.c
  stable/8/crypto/openssl/crypto/x509/x509.h
  stable/8/crypto/openssl/crypto/x509/x509_vfy.c
  stable/8/crypto/openssl/crypto/x509/x_all.c
  stable/8/crypto/openssl/crypto/x509v3/v3_ncons.c
  stable/8/crypto/openssl/crypto/x509v3/v3_pci.c
  stable/8/crypto/openssl/doc/apps/smime.pod
  stable/8/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod
  stable/8/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
  stable/8/crypto/openssl/doc/crypto/ASN1_STRING_new.pod
  stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
  stable/8/crypto/openssl/doc/crypto/BIO_f_buffer.pod
  stable/8/crypto/openssl/doc/crypto/BIO_should_retry.pod
  stable/8/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod
  stable/8/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
  stable/8/crypto/openssl/doc/crypto/PKCS7_decrypt.pod
  stable/8/crypto/openssl/doc/crypto/PKCS7_encrypt.pod
  stable/8/crypto/openssl/doc/crypto/PKCS7_sign.pod
  stable/8/crypto/openssl/doc/crypto/PKCS7_verify.pod
  stable/8/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
  stable/8/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod
  stable/8/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
  stable/8/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
  stable/8/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
  stable/8/crypto/openssl/doc/crypto/X509_new.pod
  stable/8/crypto/openssl/doc/crypto/bn_internal.pod
  stable/8/crypto/openssl/doc/crypto/ui_compat.pod
  stable/8/crypto/openssl/doc/ssl/SSL_library_init.pod
  stable/8/crypto/openssl/e_os.h
  stable/8/crypto/openssl/engines/e_chil.c
  stable/8/crypto/openssl/engines/e_cswift.c
  stable/8/crypto/openssl/engines/e_ubsec.c
  stable/8/crypto/openssl/fips/mkfipsscr.pl
  stable/8/crypto/openssl/openssl.spec
  stable/8/crypto/openssl/ssl/d1_both.c
  stable/8/crypto/openssl/ssl/d1_clnt.c
  stable/8/crypto/openssl/ssl/d1_enc.c
  stable/8/crypto/openssl/ssl/d1_lib.c
  stable/8/crypto/openssl/ssl/d1_pkt.c
  stable/8/crypto/openssl/ssl/dtls1.h
  stable/8/crypto/openssl/ssl/s23_clnt.c
  stable/8/crypto/openssl/ssl/s23_lib.c
  stable/8/crypto/openssl/ssl/s2_srvr.c
  stable/8/crypto/openssl/ssl/s3_both.c
  stable/8/crypto/openssl/ssl/s3_clnt.c
  stable/8/crypto/openssl/ssl/s3_enc.c
  stable/8/crypto/openssl/ssl/ssl_algs.c
  stable/8/crypto/openssl/ssl/ssl_asn1.c
  stable/8/crypto/openssl/ssl/ssl_cert.c
  stable/8/crypto/openssl/ssl/ssl_ciph.c
  stable/8/crypto/openssl/ssl/ssl_lib.c
  stable/8/crypto/openssl/ssl/ssltest.c
  stable/8/crypto/openssl/ssl/t1_enc.c
  stable/8/crypto/openssl/ssl/t1_lib.c
  stable/8/crypto/openssl/test/cms-test.pl
  stable/8/crypto/openssl/tools/c_rehash
  stable/8/crypto/openssl/tools/c_rehash.in
  stable/8/crypto/openssl/util/libeay.num
  stable/8/crypto/openssl/util/mkdef.pl
  stable/8/crypto/openssl/util/pl/VC-32.pl
  stable/8/secure/lib/libcrypto/Makefile
  stable/8/secure/lib/libcrypto/Makefile.inc
  stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/8/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/8/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/8/secure/lib/libcrypto/man/BIO_f_md.3
  stable/8/secure/lib/libcrypto/man/BIO_f_null.3
  stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/8/secure/lib/libcrypto/man/BIO_find_type.3
  stable/8/secure/lib/libcrypto/man/BIO_new.3
  stable/8/secure/lib/libcrypto/man/BIO_push.3
  stable/8/secure/lib/libcrypto/man/BIO_read.3
  stable/8/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/8/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/8/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/8/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/8/secure/lib/libcrypto/man/BIO_s_file.3
  stable/8/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/8/secure/lib/libcrypto/man/BIO_s_null.3
  stable/8/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/8/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/8/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/8/secure/lib/libcrypto/man/BN_add.3
  stable/8/secure/lib/libcrypto/man/BN_add_word.3
  stable/8/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/8/secure/lib/libcrypto/man/BN_cmp.3
  stable/8/secure/lib/libcrypto/man/BN_copy.3
  stable/8/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/8/secure/lib/libcrypto/man/BN_new.3
  stable/8/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/8/secure/lib/libcrypto/man/BN_rand.3
  stable/8/secure/lib/libcrypto/man/BN_set_bit.3
  stable/8/secure/lib/libcrypto/man/BN_swap.3
  stable/8/secure/lib/libcrypto/man/BN_zero.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/8/secure/lib/libcrypto/man/DH_generate_key.3
  stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DH_new.3
  stable/8/secure/lib/libcrypto/man/DH_set_method.3
  stable/8/secure/lib/libcrypto/man/DH_size.3
  stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/8/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DSA_new.3
  stable/8/secure/lib/libcrypto/man/DSA_set_method.3
  stable/8/secure/lib/libcrypto/man/DSA_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_size.3
  stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/8/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/8/secure/lib/libcrypto/man/ERR_error_string.3
  stable/8/secure/lib/libcrypto/man/ERR_get_error.3
  stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/8/secure/lib/libcrypto/man/ERR_put_error.3
  stable/8/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/8/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/8/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/8/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/8/secure/lib/libcrypto/man/PKCS12_create.3
  stable/8/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/8/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/8/secure/lib/libcrypto/man/RAND_add.3
  stable/8/secure/lib/libcrypto/man/RAND_bytes.3
  stable/8/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/8/secure/lib/libcrypto/man/RAND_egd.3
  stable/8/secure/lib/libcrypto/man/RAND_load_file.3
  stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/8/secure/lib/libcrypto/man/RSA_check_key.3
  stable/8/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/RSA_new.3
  stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/8/secure/lib/libcrypto/man/RSA_print.3
  stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_set_method.3
  stable/8/secure/lib/libcrypto/man/RSA_sign.3
  stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/8/secure/lib/libcrypto/man/RSA_size.3
  stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/8/secure/lib/libcrypto/man/X509_new.3
  stable/8/secure/lib/libcrypto/man/bio.3
  stable/8/secure/lib/libcrypto/man/blowfish.3
  stable/8/secure/lib/libcrypto/man/bn.3
  stable/8/secure/lib/libcrypto/man/bn_internal.3
  stable/8/secure/lib/libcrypto/man/buffer.3
  stable/8/secure/lib/libcrypto/man/crypto.3
  stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/8/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_X509.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/8/secure/lib/libcrypto/man/des.3
  stable/8/secure/lib/libcrypto/man/dh.3
  stable/8/secure/lib/libcrypto/man/dsa.3
  stable/8/secure/lib/libcrypto/man/ecdsa.3
  stable/8/secure/lib/libcrypto/man/engine.3
  stable/8/secure/lib/libcrypto/man/err.3
  stable/8/secure/lib/libcrypto/man/evp.3
  stable/8/secure/lib/libcrypto/man/hmac.3
  stable/8/secure/lib/libcrypto/man/lh_stats.3
  stable/8/secure/lib/libcrypto/man/lhash.3
  stable/8/secure/lib/libcrypto/man/md5.3
  stable/8/secure/lib/libcrypto/man/mdc2.3
  stable/8/secure/lib/libcrypto/man/pem.3
  stable/8/secure/lib/libcrypto/man/rand.3
  stable/8/secure/lib/libcrypto/man/rc4.3
  stable/8/secure/lib/libcrypto/man/ripemd.3
  stable/8/secure/lib/libcrypto/man/rsa.3
  stable/8/secure/lib/libcrypto/man/sha.3
  stable/8/secure/lib/libcrypto/man/threads.3
  stable/8/secure/lib/libcrypto/man/ui.3
  stable/8/secure/lib/libcrypto/man/ui_compat.3
  stable/8/secure/lib/libcrypto/man/x509.3
  stable/8/secure/lib/libcrypto/opensslconf-mips.h
  stable/8/secure/lib/libcrypto/opensslconf-powerpc.h
  stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_free.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/8/secure/lib/libssl/man/SSL_CTX_new.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/8/secure/lib/libssl/man/SSL_accept.3
  stable/8/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/8/secure/lib/libssl/man/SSL_clear.3
  stable/8/secure/lib/libssl/man/SSL_connect.3
  stable/8/secure/lib/libssl/man/SSL_do_handshake.3
  stable/8/secure/lib/libssl/man/SSL_free.3
  stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/8/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/8/secure/lib/libssl/man/SSL_get_error.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_get_fd.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/8/secure/lib/libssl/man/SSL_get_rbio.3
  stable/8/secure/lib/libssl/man/SSL_get_session.3
  stable/8/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_get_version.3
  stable/8/secure/lib/libssl/man/SSL_library_init.3
  stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/8/secure/lib/libssl/man/SSL_new.3
  stable/8/secure/lib/libssl/man/SSL_pending.3
  stable/8/secure/lib/libssl/man/SSL_read.3
  stable/8/secure/lib/libssl/man/SSL_rstate_string.3
  stable/8/secure/lib/libssl/man/SSL_session_reused.3
  stable/8/secure/lib/libssl/man/SSL_set_bio.3
  stable/8/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/8/secure/lib/libssl/man/SSL_set_fd.3
  stable/8/secure/lib/libssl/man/SSL_set_session.3
  stable/8/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_state_string.3
  stable/8/secure/lib/libssl/man/SSL_want.3
  stable/8/secure/lib/libssl/man/SSL_write.3
  stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/8/secure/lib/libssl/man/ssl.3
  stable/8/secure/usr.bin/openssl/man/CA.pl.1
  stable/8/secure/usr.bin/openssl/man/asn1parse.1
  stable/8/secure/usr.bin/openssl/man/ca.1
  stable/8/secure/usr.bin/openssl/man/ciphers.1
  stable/8/secure/usr.bin/openssl/man/crl.1
  stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/8/secure/usr.bin/openssl/man/dgst.1
  stable/8/secure/usr.bin/openssl/man/dhparam.1
  stable/8/secure/usr.bin/openssl/man/dsa.1
  stable/8/secure/usr.bin/openssl/man/dsaparam.1
  stable/8/secure/usr.bin/openssl/man/ec.1
  stable/8/secure/usr.bin/openssl/man/ecparam.1
  stable/8/secure/usr.bin/openssl/man/enc.1
  stable/8/secure/usr.bin/openssl/man/errstr.1
  stable/8/secure/usr.bin/openssl/man/gendsa.1
  stable/8/secure/usr.bin/openssl/man/genrsa.1
  stable/8/secure/usr.bin/openssl/man/nseq.1
  stable/8/secure/usr.bin/openssl/man/ocsp.1
  stable/8/secure/usr.bin/openssl/man/openssl.1
  stable/8/secure/usr.bin/openssl/man/passwd.1
  stable/8/secure/usr.bin/openssl/man/pkcs12.1
  stable/8/secure/usr.bin/openssl/man/pkcs7.1
  stable/8/secure/usr.bin/openssl/man/pkcs8.1
  stable/8/secure/usr.bin/openssl/man/rand.1
  stable/8/secure/usr.bin/openssl/man/req.1
  stable/8/secure/usr.bin/openssl/man/rsa.1
  stable/8/secure/usr.bin/openssl/man/rsautl.1
  stable/8/secure/usr.bin/openssl/man/s_client.1
  stable/8/secure/usr.bin/openssl/man/s_server.1
  stable/8/secure/usr.bin/openssl/man/s_time.1
  stable/8/secure/usr.bin/openssl/man/sess_id.1
  stable/8/secure/usr.bin/openssl/man/smime.1
  stable/8/secure/usr.bin/openssl/man/speed.1
  stable/8/secure/usr.bin/openssl/man/spkac.1
  stable/8/secure/usr.bin/openssl/man/verify.1
  stable/8/secure/usr.bin/openssl/man/version.1
  stable/8/secure/usr.bin/openssl/man/x509.1
  stable/8/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/8/crypto/openssl/   (props changed)
  stable/8/secure/lib/libcrypto/   (props changed)
  stable/8/secure/lib/libssl/   (props changed)
  stable/8/secure/usr.bin/openssl/   (props changed)

Modified: stable/8/crypto/openssl/CHANGES
==============================================================================
--- stable/8/crypto/openssl/CHANGES	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/CHANGES	Fri Nov 26 22:50:58 2010	(r215912)
@@ -2,6 +2,51 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
+  *) Don't reencode certificate when calculating signature: cache and use
+     the original encoding instead. This makes signature verification of
+     some broken encodings work correctly.
+     [Steve Henson]
+
+  *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+     is also one of the inputs.
+     [Emilia Käsper <emilia.kasper at esat.kuleuven.be> (Google)]
+
+  *) Don't repeatedly append PBE algorithms to table if they already exist.
+     Sort table on each new add. This effectively makes the table read only
+     after all algorithms are added and subsequent calls to PKCS12_pbe_add
+     etc are non-op.
+     [Steve Henson]
+
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+  [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+  OpenSSL 1.0.0.]
+
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit at gmail.com>]
+
+  *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+     common in certificates and some applications which only call
+     SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+     [Steve Henson]
+
+  *) VMS fixes: 
+     Reduce copying into .apps and .test in makevms.com
+     Don't try to use blank CA certificate in CA.com
+     Allow use of C files from original directories in maketests.com
+     [Steven M. Schweda" <sms at antinode.info>]
+
  Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
 
   *) When rejecting SSL/TLS records due to an incorrect version number, never

Modified: stable/8/crypto/openssl/Configure
==============================================================================
--- stable/8/crypto/openssl/Configure	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/Configure	Fri Nov 26 22:50:58 2010	(r215912)
@@ -1812,11 +1812,11 @@ EOF
 	(system $make_command.$make_targets) == 0 or exit $?
 		if $make_targets ne "";
 	if ( $perl =~ m@^/@) {
-	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
 	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
 	} else {
 	    # No path for Perl known ...
-	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {

Modified: stable/8/crypto/openssl/FAQ
==============================================================================
--- stable/8/crypto/openssl/FAQ	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/FAQ	Fri Nov 26 22:50:58 2010	(r215912)
@@ -70,6 +70,7 @@ OpenSSL  -  Frequently Asked Questions
 * I think I've detected a memory leak, is this a bug?
 * Why does Valgrind complain about the use of uninitialized data?
 * Why doesn't a memory BIO work when a file does?
+* Where are the declarations and implementations of d2i_X509() etc?
 
 ===============================================================================
 
@@ -78,7 +79,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8n was released on Mar 24th, 2010.
+OpenSSL 1.0.0b was released on Nov 16th, 2010.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -94,14 +95,17 @@ explains how to install this library.
 
 OpenSSL includes a command line utility that can be used to perform a
 variety of cryptographic functions.  It is described in the openssl(1)
-manpage.  Documentation for developers is currently being written.  A
-few manual pages already are available; overviews over libcrypto and
+manpage.  Documentation for developers is currently being written. Many
+manual pages are available; overviews over libcrypto and
 libssl are given in the crypto(3) and ssl(3) manpages.
 
 The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
 different directory if you specified one as described in INSTALL).
 In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>.
+<URL: http://www.openssl.org/docs/>. Note that the online documents refer
+to the very latest development versions of OpenSSL and may include features
+not present in released versions. If in doubt refer to the documentation
+that came with the version of OpenSSL you are using.
 
 For information on parts of libcrypto that are not yet documented, you
 might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@@ -717,8 +721,10 @@ file.
 
 Multi-threaded applications must provide two callback functions to
 OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback().  This is described in the threads(3)
-manpage.
+CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
+including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
+and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
+and friends. This is described in the threads(3) manpage.
 
 * I've compiled a program under Windows and it crashes: why?
 
@@ -962,4 +968,15 @@ is needed. This must be done by calling:
 See the manual pages for more details.
 
 
+* Where are the declarations and implementations of d2i_X509() etc?
+
+These are defined and implemented by macros of the form:
+
+
+ DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+The implementation passes an ASN1 "template" defining the structure into an
+ASN1 interpreter using generalised functions such as ASN1_item_d2i().
+
+
 ===============================================================================

Modified: stable/8/crypto/openssl/Makefile
==============================================================================
--- stable/8/crypto/openssl/Makefile	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/Makefile	Fri Nov 26 22:50:58 2010	(r215912)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.8n
+VERSION=0.9.8p
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8

Modified: stable/8/crypto/openssl/NEWS
==============================================================================
--- stable/8/crypto/openssl/NEWS	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/NEWS	Fri Nov 26 22:50:58 2010	(r215912)
@@ -5,6 +5,18 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+
+      o Fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+
+      o Fix for security issue CVE-2010-0742.
+      o Various DTLS fixes.
+      o Recognise SHA2 certificates if only SSL algorithms added.
+      o Fix for no-rc4 compilation.
+      o Chil ENGINE unload workaround.
+
   Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
 
       o CFB cipher definition fixes.

Modified: stable/8/crypto/openssl/PROBLEMS
==============================================================================
--- stable/8/crypto/openssl/PROBLEMS	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/PROBLEMS	Fri Nov 26 22:50:58 2010	(r215912)
@@ -36,7 +36,9 @@ may differ on your machine.
 
 
 As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
+OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
+passing -Wl,-search_paths_first, but it's unknown if the flag was
+supported from the initial MacOS X release.
 
 
 * Parallell make leads to errors

Modified: stable/8/crypto/openssl/README
==============================================================================
--- stable/8/crypto/openssl/README	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/README	Fri Nov 26 22:50:58 2010	(r215912)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8n
+ OpenSSL 0.9.8p 16 Nov 2010
 
  Copyright (c) 1998-2009 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/8/crypto/openssl/apps/apps.c
==============================================================================
--- stable/8/crypto/openssl/apps/apps.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/apps.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -351,13 +351,12 @@ void program_name(char *in, char *out, i
 
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
-	int num,len,i;
+	int num,i;
 	char *p;
 
 	*argc=0;
 	*argv=NULL;
 
-	len=strlen(buf);
 	i=0;
 	if (arg->count == 0)
 		{
@@ -866,10 +865,17 @@ EVP_PKEY *load_key(BIO *err, const char 
 	if (format == FORMAT_ENGINE)
 		{
 		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
+			BIO_printf(err,"no engine specified\n");
 		else
+			{
 			pkey = ENGINE_load_private_key(e, file,
 				ui_method, &cb_data);
+			if (!pkey) 
+				{
+				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
+				ERR_print_errors(err);
+				}	
+			}
 		goto end;
 		}
 #endif
@@ -919,8 +925,11 @@ EVP_PKEY *load_key(BIO *err, const char 
 		}
  end:
 	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
+	if (pkey == NULL) 
+		{
 		BIO_printf(err,"unable to load %s\n", key_descrip);
+		ERR_print_errors(err);
+		}	
 	return(pkey);
 	}
 

Modified: stable/8/crypto/openssl/apps/dh.c
==============================================================================
--- stable/8/crypto/openssl/apps/dh.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/dh.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -88,9 +88,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -189,7 +186,7 @@ bad:
 	ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	in=BIO_new(BIO_s_file());

Modified: stable/8/crypto/openssl/apps/dhparam.c
==============================================================================
--- stable/8/crypto/openssl/apps/dhparam.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/dhparam.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -149,9 +149,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef OPENSSL_NO_DSA
@@ -270,7 +267,7 @@ bad:
 	ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if (g && !num)

Modified: stable/8/crypto/openssl/apps/dsaparam.c
==============================================================================
--- stable/8/crypto/openssl/apps/dsaparam.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/dsaparam.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -111,9 +111,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@@ -278,7 +275,7 @@ bad:
 		}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if (need_rand)
@@ -357,12 +354,10 @@ bad:
 	if (C)
 		{
 		unsigned char *data;
-		int l,len,bits_p,bits_q,bits_g;
+		int l,len,bits_p;
 
 		len=BN_num_bytes(dsa->p);
 		bits_p=BN_num_bits(dsa->p);
-		bits_q=BN_num_bits(dsa->q);
-		bits_g=BN_num_bits(dsa->g);
 		data=(unsigned char *)OPENSSL_malloc(len+20);
 		if (data == NULL)
 			{

Modified: stable/8/crypto/openssl/apps/ec.c
==============================================================================
--- stable/8/crypto/openssl/apps/ec.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/ec.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -85,9 +85,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE 	*e = NULL;
-#endif
 	int 	ret = 1;
 	EC_KEY 	*eckey = NULL;
 	const EC_GROUP *group;
@@ -254,7 +251,7 @@ bad:
 	ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 

Modified: stable/8/crypto/openssl/apps/ecparam.c
==============================================================================
--- stable/8/crypto/openssl/apps/ecparam.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/ecparam.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -129,9 +129,6 @@ int MAIN(int argc, char **argv)
 	char	*infile = NULL, *outfile = NULL, *prog;
 	BIO 	*in = NULL, *out = NULL;
 	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE	*e = NULL;
-#endif
 	char	*engine = NULL;
 
 	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@@ -340,7 +337,7 @@ bad:
 		}
 
 #ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
+	setup_engine(bio_err, engine, 0);
 #endif
 
 	if (list_curves)

Modified: stable/8/crypto/openssl/apps/enc.c
==============================================================================
--- stable/8/crypto/openssl/apps/enc.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/enc.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -100,9 +100,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	static const char magic[]="Salted__";
 	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
@@ -311,7 +308,7 @@ bad:
 		}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)

Modified: stable/8/crypto/openssl/apps/gendh.c
==============================================================================
--- stable/8/crypto/openssl/apps/gendh.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/gendh.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -89,9 +89,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	BN_GENCB cb;
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
@@ -163,7 +160,7 @@ bad:
 		}
 		
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	out=BIO_new(BIO_s_file());

Modified: stable/8/crypto/openssl/apps/gendsa.c
==============================================================================
--- stable/8/crypto/openssl/apps/gendsa.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/gendsa.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -78,9 +78,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@@ -206,7 +203,7 @@ bad:
 		}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {

Modified: stable/8/crypto/openssl/apps/genrsa.c
==============================================================================
--- stable/8/crypto/openssl/apps/genrsa.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/genrsa.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -89,9 +89,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	BN_GENCB cb;
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	int ret=1;
 	int i,num=DEFBITS;
 	long l;
@@ -235,7 +232,7 @@ bad:
 	}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	if (outfile == NULL)

Modified: stable/8/crypto/openssl/apps/pkcs7.c
==============================================================================
--- stable/8/crypto/openssl/apps/pkcs7.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/pkcs7.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -82,9 +82,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -180,7 +177,7 @@ bad:
 	ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	in=BIO_new(BIO_s_file());

Modified: stable/8/crypto/openssl/apps/rand.c
==============================================================================
--- stable/8/crypto/openssl/apps/rand.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/rand.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -77,9 +77,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@@ -178,7 +175,7 @@ int MAIN(int argc, char **argv)
 		}
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));

Modified: stable/8/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/8/crypto/openssl/apps/s_server.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/s_server.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -2075,12 +2075,14 @@ static int www_body(char *hostname, int 
 	{
 	char *buf=NULL;
 	int ret=1;
-	int i,j,k,blank,dot;
+	int i,j,k,dot;
 	struct stat st_buf;
 	SSL *con;
 	SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
+#ifdef RENEG
 	long total_bytes;
+#endif
 
 	buf=OPENSSL_malloc(bufsize);
 	if (buf == NULL) return(0);
@@ -2151,7 +2153,6 @@ static int www_body(char *hostname, int 
 		SSL_set_msg_callback_arg(con, bio_s_out);
 		}
 
-	blank=0;
 	for (;;)
 		{
 		if (hack)
@@ -2388,7 +2389,9 @@ static int www_body(char *hostname, int 
                                         BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
                                 }
 			/* send the file */
+#ifdef RENEG
 			total_bytes=0;
+#endif
 			for (;;)
 				{
 				i=BIO_read(file,buf,bufsize);

Modified: stable/8/crypto/openssl/apps/s_socket.c
==============================================================================
--- stable/8/crypto/openssl/apps/s_socket.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/s_socket.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -329,7 +329,7 @@ static int init_server_long(int *sock, i
 	{
 	int ret=0;
 	struct sockaddr_in server;
-	int s= -1,i;
+	int s= -1;
 
 	if (!ssl_sock_init()) return(0);
 
@@ -368,7 +368,6 @@ static int init_server_long(int *sock, i
 		}
 	/* Make it 128 for linux */
 	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
-	i=0;
 	*sock=s;
 	ret=1;
 err:
@@ -386,7 +385,7 @@ static int init_server(int *sock, int po
 
 static int do_accept(int acc_sock, int *sock, char **host)
 	{
-	int ret,i;
+	int ret;
 	struct hostent *h1,*h2;
 	static struct sockaddr_in from;
 	int len;
@@ -409,6 +408,7 @@ redoit:
 	if (ret == INVALID_SOCKET)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+		int i;
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
@@ -463,7 +463,6 @@ redoit:
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			return(0);
 			}
-		i=0;
 		if (h2->h_addrtype != AF_INET)
 			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");

Modified: stable/8/crypto/openssl/apps/speed.c
==============================================================================
--- stable/8/crypto/openssl/apps/speed.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/speed.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -500,9 +500,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 	long count=0,save_count=0;
@@ -593,7 +590,6 @@ int MAIN(int argc, char **argv)
 	unsigned char DES_iv[8];
 	unsigned char iv[2*MAX_BLOCK_SIZE/8];
 #ifndef OPENSSL_NO_DES
-	DES_cblock *buf_as_des_cblock = NULL;
 	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@@ -806,9 +802,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
-#ifndef OPENSSL_NO_DES
-	buf_as_des_cblock = (DES_cblock *)buf;
-#endif
 	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@@ -883,7 +876,7 @@ int MAIN(int argc, char **argv)
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
-                        e = setup_engine(bio_err, *argv, 0);
+                        setup_engine(bio_err, *argv, 0);
 			/* j will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
@@ -1388,7 +1381,8 @@ int MAIN(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (it=count; it; it--)
-			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+			DES_ecb_encrypt((DES_cblock *)buf,
+				(DES_cblock *)buf,
 				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);

Modified: stable/8/crypto/openssl/apps/x509.c
==============================================================================
--- stable/8/crypto/openssl/apps/x509.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/apps/x509.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -539,7 +539,6 @@ bad:
 	if (reqfile)
 		{
 		EVP_PKEY *pkey;
-		X509_CINF *ci;
 		BIO *in;
 
 		if (!sign_flag && !CA_flag)
@@ -607,7 +606,6 @@ bad:
 		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 
 		if ((x=X509_new()) == NULL) goto end;
-		ci=x->cert_info;
 
 		if (sno == NULL)
 			{

Modified: stable/8/crypto/openssl/crypto/aes/aes_wrap.c
==============================================================================
--- stable/8/crypto/openssl/crypto/aes/aes_wrap.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/aes/aes_wrap.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const uns
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(R, B + 8, 8);
 			}
@@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const u
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(B + 8, R, 8);
 			AES_decrypt(B, B, key);

Modified: stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
==============================================================================
--- stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl	Fri Nov 26 22:50:58 2010	(r215912)
@@ -751,7 +751,19 @@ $code.=<<___;
 AES_set_encrypt_key:
 	push	%rbx
 	push	%rbp
+	sub	\$8,%rsp
 
+	call	_x86_64_AES_set_encrypt_key
+
+	mov	8(%rsp),%rbp
+	mov	16(%rsp),%rbx
+	add	\$24,%rsp
+	ret
+.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align	16
+_x86_64_AES_set_encrypt_key:
 	mov	%esi,%ecx			# %ecx=bits
 	mov	%rdi,%rsi			# %rsi=userKey
 	mov	%rdx,%rdi			# %rdi=key
@@ -938,10 +950,8 @@ $code.=<<___;
 .Lbadpointer:
 	mov	\$-1,%rax
 .Lexit:
-	pop	%rbp
-	pop	%rbx
-	ret
-.size	AES_set_encrypt_key,.-AES_set_encrypt_key
+	.byte	0xf3,0xc3		# rep ret
+.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 ___
 
 sub deckey()
@@ -973,15 +983,14 @@ $code.=<<___;
 .type	AES_set_decrypt_key,\@function,3
 .align	16
 AES_set_decrypt_key:
-	push	%rdx
-	call	AES_set_encrypt_key
-	cmp	\$0,%eax
-	je	.Lproceed
-	lea	24(%rsp),%rsp
-	ret
-.Lproceed:
+	push	%rbx
+	push	%rbp
+	push	%rdx			# save key schedule
+
+	call	_x86_64_AES_set_encrypt_key
 	mov	(%rsp),%r8		# restore key schedule
-	mov	%rbx,(%rsp)
+	cmp	\$0,%eax
+	jne	.Labort
 
 	mov	240(%r8),%ecx		# pull number of rounds
 	xor	%rdi,%rdi
@@ -1023,7 +1032,10 @@ $code.=<<___;
 	jnz	.Lpermute
 
 	xor	%rax,%rax
-	pop	%rbx
+.Labort:
+	mov	8(%rsp),%rbp
+	mov	16(%rsp),%rbx
+	add	\$24,%rsp
 	ret
 .size	AES_set_decrypt_key,.-AES_set_decrypt_key
 ___

Modified: stable/8/crypto/openssl/crypto/asn1/a_int.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/a_int.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/asn1/a_int.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INT
 	{
 	ASN1_INTEGER *ret=NULL;
 	const unsigned char *p;
-	unsigned char *to,*s;
+	unsigned char *s;
 	long len;
 	int inf,tag,xclass;
 	int i;
@@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INT
 		i=ERR_R_MALLOC_FAILURE;
 		goto err;
 		}
-	to=s;
 	ret->type=V_ASN1_INTEGER;
 	if(len) {
 		if ((*p == 0) && (len != 1))

Modified: stable/8/crypto/openssl/crypto/asn1/n_pkey.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/n_pkey.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/asn1/n_pkey.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned
 		 int sgckey)
 	{
 	RSA *ret=NULL;
-	const unsigned char *p, *kp;
+	const unsigned char *p;
 	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
 
 	p = *pp;
@@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned
 		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
 		goto err;
 	}
-	kp = enckey->enckey->digest->data;
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
 	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;

Modified: stable/8/crypto/openssl/crypto/asn1/t_crl.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/t_crl.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/asn1/t_crl.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x
 	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
-	int i, n;
+	int i;
 	char *p;
 
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
@@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x
 	else BIO_printf(out,"NONE");
 	BIO_printf(out,"\n");
 
-	n=X509_CRL_get_ext_count(x);
 	X509V3_extensions_print(out, "CRL extensions",
 						x->crl->extensions, 0, 8);
 

Modified: stable/8/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, 
 	int i;
 	int otag;
 	int ret = 0;
-	ASN1_VALUE *pchval, **pchptr, *ptmpval;
+	ASN1_VALUE **pchptr, *ptmpval;
 	if (!pval)
 		return 0;
 	if (aux && aux->asn1_cb)
@@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, 
 			goto err;
 			}
 		/* CHOICE type, try each possibility in turn */
-		pchval = NULL;
 		p = *in;
 		for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
 			{

Modified: stable/8/crypto/openssl/crypto/asn1/x_x509.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/x_x509.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/asn1/x_x509.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
 	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
 	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
 	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
 	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
 	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */

Modified: stable/8/crypto/openssl/crypto/bio/b_sock.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/b_sock.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bio/b_sock.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -659,7 +659,14 @@ again:
 #ifdef SO_REUSEADDR
 		err_num=get_last_socket_error();
 		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+			/* Some versions of Windows define EADDRINUSE to
+			 * a dummy value.
+			 */
+			(err_num == WSAEADDRINUSE))
+#else
 			(err_num == EADDRINUSE))
+#endif
 			{
 			memcpy((char *)&client,(char *)&server,sizeof(server));
 			if (strcmp(h,"*") == 0)

Modified: stable/8/crypto/openssl/crypto/bio/bf_nbio.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/bf_nbio.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bio/bf_nbio.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
 	
 static int nbiof_read(BIO *b, char *out, int outl)
 	{
-	NBIO_TEST *nt;
 	int ret=0;
 #if 1
 	int num;
@@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out,
 
 	if (out == NULL) return(0);
 	if (b->next_bio == NULL) return(0);
-	nt=(NBIO_TEST *)b->ptr;
 
 	BIO_clear_retry_flags(b);
 #if 1

Modified: stable/8/crypto/openssl/crypto/bio/bio_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/bio_lib.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bio/bio_lib.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method
 
 int BIO_free(BIO *a)
 	{
-	int ret=0,i;
+	int i;
 
 	if (a == NULL) return(0);
 
@@ -133,7 +133,7 @@ int BIO_free(BIO *a)
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
 	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
-	ret=a->method->destroy(a);
+	a->method->destroy(a);
 	OPENSSL_free(a);
 	return(1);
 	}

Modified: stable/8/crypto/openssl/crypto/bio/bss_acpt.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/bss_acpt.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bio/bss_acpt.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char
 
 static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
-	BIO *dbio;
 	int *ip;
 	long ret=1;
 	BIO_ACCEPT *data;
@@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, l
 		ret=(long)data->bind_mode;
 		break;
 	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-/*		if (data->param_port) EAY EAY
+/*		dbio=(BIO *)ptr;
+		if (data->param_port) EAY EAY
 			BIO_set_port(dbio,data->param_port);
 		if (data->param_hostname)
 			BIO_set_hostname(dbio,data->param_hostname);

Modified: stable/8/crypto/openssl/crypto/bio/bss_sock.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/bss_sock.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bio/bss_sock.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, l
 
 	switch (cmd)
 		{
-	case BIO_CTRL_RESET:
-		num=0;
-	case BIO_C_FILE_SEEK:
-		ret=0;
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		ret=0;
-		break;
 	case BIO_C_SET_FD:
 		sock_free(b);
 		b->num= *((int *)ptr);
@@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, l
 	case BIO_CTRL_SET_CLOSE:
 		b->shutdown=(int)num;
 		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
 	case BIO_CTRL_DUP:
 	case BIO_CTRL_FLUSH:
 		ret=1;

Modified: stable/8/crypto/openssl/crypto/bn/bn_exp2.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_exp2.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bn/bn_exp2.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const B
 			r_is_one = 0;
 			}
 		}
-	BN_from_montgomery(rr,r,mont,ctx);
+	if (!BN_from_montgomery(rr,r,mont,ctx))
+		goto err;
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

Modified: stable/8/crypto/openssl/crypto/bn/bn_mul.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_mul.c	Fri Nov 26 22:46:32 2010	(r215911)
+++ stable/8/crypto/openssl/crypto/bn/bn_mul.c	Fri Nov 26 22:50:58 2010	(r215912)
@@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, 
 	     int tna, int tnb, BN_ULONG *t)
 	{
 	int i,j,n2=n*2;
-	int c1,c2,neg,zero;
+	int c1,c2,neg;
 	BN_ULONG ln,lo,*p;
 
 # ifdef BN_COUNT
@@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, 
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
 	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
 	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	zero=neg=0;
+	neg=0;
 	switch (c1*3+c2)
 		{
 	case -4:
@@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, 
 		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
 		break;
 	case -3:
-		zero=1;
 		/* break; */
 	case -2:
 		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
@@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, 
 	case -1:
 	case 0:
 	case 1:
-		zero=1;
 		/* break; */
 	case 2:
 		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
@@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, 
 		neg=1;
 		break;
 	case 3:
-		zero=1;
 		/* break; */
 	case 4:
 		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
@@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c
 		{
 		if (i >= -1 && i <= 1)
 			{
-			int sav_j =0;
 			/* Find out the power of two lower or equal
 			   to the longest of the two numbers */
 			if (i >= 0)
@@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c
 				{
 				j = BN_num_bits_word((BN_ULONG)bl);

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-src-all mailing list