svn commit: r264278 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/cms ...
Jung-uk Kim
jkim at FreeBSD.org
Tue Apr 8 21:07:09 UTC 2014
Author: jkim
Date: Tue Apr 8 21:06:58 2014
New Revision: 264278
URL: http://svnweb.freebsd.org/changeset/base/264278
Log:
Merge OpenSSL 1.0.1g.
Approved by: benl (maintainer)
Modified:
head/crypto/openssl/CHANGES
head/crypto/openssl/Configure
head/crypto/openssl/FAQ
head/crypto/openssl/Makefile
head/crypto/openssl/Makefile.org
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/apps.c
head/crypto/openssl/apps/crl.c
head/crypto/openssl/apps/dgst.c
head/crypto/openssl/apps/ecparam.c
head/crypto/openssl/apps/req.c
head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
head/crypto/openssl/crypto/asn1/asn1_err.c
head/crypto/openssl/crypto/bio/bss_log.c
head/crypto/openssl/crypto/cms/cms_lib.c
head/crypto/openssl/crypto/cryptlib.c
head/crypto/openssl/crypto/engine/eng_list.c
head/crypto/openssl/crypto/evp/bio_b64.c
head/crypto/openssl/crypto/modes/gcm128.c
head/crypto/openssl/crypto/opensslv.h
head/crypto/openssl/crypto/rand/md_rand.c
head/crypto/openssl/crypto/symhacks.h
head/crypto/openssl/crypto/x509/by_dir.c
head/crypto/openssl/crypto/x509/x509_vfy.c
head/crypto/openssl/doc/apps/config.pod
head/crypto/openssl/doc/apps/crl.pod
head/crypto/openssl/doc/apps/ec.pod
head/crypto/openssl/doc/apps/pkcs12.pod
head/crypto/openssl/doc/apps/req.pod
head/crypto/openssl/doc/apps/s_client.pod
head/crypto/openssl/doc/apps/s_server.pod
head/crypto/openssl/doc/apps/ts.pod
head/crypto/openssl/doc/apps/tsget.pod
head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
head/crypto/openssl/doc/crypto/ERR_get_error.pod
head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
head/crypto/openssl/doc/crypto/pem.pod
head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
head/crypto/openssl/e_os.h
head/crypto/openssl/engines/ccgost/gosthash.c
head/crypto/openssl/ssl/kssl.h
head/crypto/openssl/ssl/s23_clnt.c
head/crypto/openssl/ssl/s3_srvr.c
head/crypto/openssl/ssl/ssl.h
head/crypto/openssl/ssl/t1_enc.c
head/crypto/openssl/ssl/t1_lib.c
head/crypto/openssl/ssl/tls1.h
head/crypto/openssl/util/libeay.num
head/crypto/openssl/util/pl/BC-32.pl
head/crypto/openssl/util/pl/VC-32.pl
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/amd64/vpaes-x86_64.S
head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/BIO_ctrl.3
head/secure/lib/libcrypto/man/BIO_f_base64.3
head/secure/lib/libcrypto/man/BIO_f_buffer.3
head/secure/lib/libcrypto/man/BIO_f_cipher.3
head/secure/lib/libcrypto/man/BIO_f_md.3
head/secure/lib/libcrypto/man/BIO_f_null.3
head/secure/lib/libcrypto/man/BIO_f_ssl.3
head/secure/lib/libcrypto/man/BIO_find_type.3
head/secure/lib/libcrypto/man/BIO_new.3
head/secure/lib/libcrypto/man/BIO_new_CMS.3
head/secure/lib/libcrypto/man/BIO_push.3
head/secure/lib/libcrypto/man/BIO_read.3
head/secure/lib/libcrypto/man/BIO_s_accept.3
head/secure/lib/libcrypto/man/BIO_s_bio.3
head/secure/lib/libcrypto/man/BIO_s_connect.3
head/secure/lib/libcrypto/man/BIO_s_fd.3
head/secure/lib/libcrypto/man/BIO_s_file.3
head/secure/lib/libcrypto/man/BIO_s_mem.3
head/secure/lib/libcrypto/man/BIO_s_null.3
head/secure/lib/libcrypto/man/BIO_s_socket.3
head/secure/lib/libcrypto/man/BIO_set_callback.3
head/secure/lib/libcrypto/man/BIO_should_retry.3
head/secure/lib/libcrypto/man/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/BN_CTX_new.3
head/secure/lib/libcrypto/man/BN_CTX_start.3
head/secure/lib/libcrypto/man/BN_add.3
head/secure/lib/libcrypto/man/BN_add_word.3
head/secure/lib/libcrypto/man/BN_bn2bin.3
head/secure/lib/libcrypto/man/BN_cmp.3
head/secure/lib/libcrypto/man/BN_copy.3
head/secure/lib/libcrypto/man/BN_generate_prime.3
head/secure/lib/libcrypto/man/BN_mod_inverse.3
head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/BN_new.3
head/secure/lib/libcrypto/man/BN_num_bytes.3
head/secure/lib/libcrypto/man/BN_rand.3
head/secure/lib/libcrypto/man/BN_set_bit.3
head/secure/lib/libcrypto/man/BN_swap.3
head/secure/lib/libcrypto/man/BN_zero.3
head/secure/lib/libcrypto/man/CMS_add0_cert.3
head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/CMS_compress.3
head/secure/lib/libcrypto/man/CMS_decrypt.3
head/secure/lib/libcrypto/man/CMS_encrypt.3
head/secure/lib/libcrypto/man/CMS_final.3
head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/CMS_get0_type.3
head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/CMS_sign.3
head/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
head/secure/lib/libcrypto/man/CMS_sign_receipt.3
head/secure/lib/libcrypto/man/CMS_uncompress.3
head/secure/lib/libcrypto/man/CMS_verify.3
head/secure/lib/libcrypto/man/CMS_verify_receipt.3
head/secure/lib/libcrypto/man/CONF_modules_free.3
head/secure/lib/libcrypto/man/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
head/secure/lib/libcrypto/man/DH_generate_key.3
head/secure/lib/libcrypto/man/DH_generate_parameters.3
head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
head/secure/lib/libcrypto/man/DH_new.3
head/secure/lib/libcrypto/man/DH_set_method.3
head/secure/lib/libcrypto/man/DH_size.3
head/secure/lib/libcrypto/man/DSA_SIG_new.3
head/secure/lib/libcrypto/man/DSA_do_sign.3
head/secure/lib/libcrypto/man/DSA_dup_DH.3
head/secure/lib/libcrypto/man/DSA_generate_key.3
head/secure/lib/libcrypto/man/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/DSA_new.3
head/secure/lib/libcrypto/man/DSA_set_method.3
head/secure/lib/libcrypto/man/DSA_sign.3
head/secure/lib/libcrypto/man/DSA_size.3
head/secure/lib/libcrypto/man/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/ERR_clear_error.3
head/secure/lib/libcrypto/man/ERR_error_string.3
head/secure/lib/libcrypto/man/ERR_get_error.3
head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/ERR_load_strings.3
head/secure/lib/libcrypto/man/ERR_print_errors.3
head/secure/lib/libcrypto/man/ERR_put_error.3
head/secure/lib/libcrypto/man/ERR_remove_state.3
head/secure/lib/libcrypto/man/ERR_set_mark.3
head/secure/lib/libcrypto/man/EVP_BytesToKey.3
head/secure/lib/libcrypto/man/EVP_DigestInit.3
head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/EVP_OpenInit.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/EVP_SealInit.3
head/secure/lib/libcrypto/man/EVP_SignInit.3
head/secure/lib/libcrypto/man/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/OPENSSL_Applink.3
head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/OPENSSL_config.3
head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
head/secure/lib/libcrypto/man/PKCS12_create.3
head/secure/lib/libcrypto/man/PKCS12_parse.3
head/secure/lib/libcrypto/man/PKCS7_decrypt.3
head/secure/lib/libcrypto/man/PKCS7_encrypt.3
head/secure/lib/libcrypto/man/PKCS7_sign.3
head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
head/secure/lib/libcrypto/man/PKCS7_verify.3
head/secure/lib/libcrypto/man/RAND_add.3
head/secure/lib/libcrypto/man/RAND_bytes.3
head/secure/lib/libcrypto/man/RAND_cleanup.3
head/secure/lib/libcrypto/man/RAND_egd.3
head/secure/lib/libcrypto/man/RAND_load_file.3
head/secure/lib/libcrypto/man/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/RSA_blinding_on.3
head/secure/lib/libcrypto/man/RSA_check_key.3
head/secure/lib/libcrypto/man/RSA_generate_key.3
head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/RSA_new.3
head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/RSA_print.3
head/secure/lib/libcrypto/man/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/RSA_set_method.3
head/secure/lib/libcrypto/man/RSA_sign.3
head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/RSA_size.3
head/secure/lib/libcrypto/man/SMIME_read_CMS.3
head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
head/secure/lib/libcrypto/man/SMIME_write_CMS.3
head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/X509_new.3
head/secure/lib/libcrypto/man/X509_verify_cert.3
head/secure/lib/libcrypto/man/bio.3
head/secure/lib/libcrypto/man/blowfish.3
head/secure/lib/libcrypto/man/bn.3
head/secure/lib/libcrypto/man/bn_internal.3
head/secure/lib/libcrypto/man/buffer.3
head/secure/lib/libcrypto/man/crypto.3
head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
head/secure/lib/libcrypto/man/d2i_DHparams.3
head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_X509.3
head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
head/secure/lib/libcrypto/man/d2i_X509_CRL.3
head/secure/lib/libcrypto/man/d2i_X509_NAME.3
head/secure/lib/libcrypto/man/d2i_X509_REQ.3
head/secure/lib/libcrypto/man/d2i_X509_SIG.3
head/secure/lib/libcrypto/man/des.3
head/secure/lib/libcrypto/man/dh.3
head/secure/lib/libcrypto/man/dsa.3
head/secure/lib/libcrypto/man/ecdsa.3
head/secure/lib/libcrypto/man/engine.3
head/secure/lib/libcrypto/man/err.3
head/secure/lib/libcrypto/man/evp.3
head/secure/lib/libcrypto/man/hmac.3
head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
head/secure/lib/libcrypto/man/lh_stats.3
head/secure/lib/libcrypto/man/lhash.3
head/secure/lib/libcrypto/man/md5.3
head/secure/lib/libcrypto/man/mdc2.3
head/secure/lib/libcrypto/man/pem.3
head/secure/lib/libcrypto/man/rand.3
head/secure/lib/libcrypto/man/rc4.3
head/secure/lib/libcrypto/man/ripemd.3
head/secure/lib/libcrypto/man/rsa.3
head/secure/lib/libcrypto/man/sha.3
head/secure/lib/libcrypto/man/threads.3
head/secure/lib/libcrypto/man/ui.3
head/secure/lib/libcrypto/man/ui_compat.3
head/secure/lib/libcrypto/man/x509.3
head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_session.3
head/secure/lib/libssl/man/SSL_CTX_ctrl.3
head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
head/secure/lib/libssl/man/SSL_CTX_free.3
head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
head/secure/lib/libssl/man/SSL_CTX_new.3
head/secure/lib/libssl/man/SSL_CTX_sess_number.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libssl/man/SSL_CTX_sessions.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
head/secure/lib/libssl/man/SSL_CTX_set_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_options.3
head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_verify.3
head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libssl/man/SSL_SESSION_free.3
head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_SESSION_get_time.3
head/secure/lib/libssl/man/SSL_accept.3
head/secure/lib/libssl/man/SSL_alert_type_string.3
head/secure/lib/libssl/man/SSL_clear.3
head/secure/lib/libssl/man/SSL_connect.3
head/secure/lib/libssl/man/SSL_do_handshake.3
head/secure/lib/libssl/man/SSL_free.3
head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
head/secure/lib/libssl/man/SSL_get_ciphers.3
head/secure/lib/libssl/man/SSL_get_client_CA_list.3
head/secure/lib/libssl/man/SSL_get_current_cipher.3
head/secure/lib/libssl/man/SSL_get_default_timeout.3
head/secure/lib/libssl/man/SSL_get_error.3
head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
head/secure/lib/libssl/man/SSL_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_get_fd.3
head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
head/secure/lib/libssl/man/SSL_get_peer_certificate.3
head/secure/lib/libssl/man/SSL_get_psk_identity.3
head/secure/lib/libssl/man/SSL_get_rbio.3
head/secure/lib/libssl/man/SSL_get_session.3
head/secure/lib/libssl/man/SSL_get_verify_result.3
head/secure/lib/libssl/man/SSL_get_version.3
head/secure/lib/libssl/man/SSL_library_init.3
head/secure/lib/libssl/man/SSL_load_client_CA_file.3
head/secure/lib/libssl/man/SSL_new.3
head/secure/lib/libssl/man/SSL_pending.3
head/secure/lib/libssl/man/SSL_read.3
head/secure/lib/libssl/man/SSL_rstate_string.3
head/secure/lib/libssl/man/SSL_session_reused.3
head/secure/lib/libssl/man/SSL_set_bio.3
head/secure/lib/libssl/man/SSL_set_connect_state.3
head/secure/lib/libssl/man/SSL_set_fd.3
head/secure/lib/libssl/man/SSL_set_session.3
head/secure/lib/libssl/man/SSL_set_shutdown.3
head/secure/lib/libssl/man/SSL_set_verify_result.3
head/secure/lib/libssl/man/SSL_shutdown.3
head/secure/lib/libssl/man/SSL_state_string.3
head/secure/lib/libssl/man/SSL_want.3
head/secure/lib/libssl/man/SSL_write.3
head/secure/lib/libssl/man/d2i_SSL_SESSION.3
head/secure/lib/libssl/man/ssl.3
head/secure/usr.bin/openssl/man/CA.pl.1
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/openssl.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/CHANGES Tue Apr 8 21:06:58 2014 (r264278)
@@ -2,6 +2,35 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) TLS pad extension: draft-agl-tls-padding-03
+
+ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+ TLS client Hello record length value would otherwise be > 255 and
+ less that 512 pad with a dummy extension containing zeroes so it
+ is at least 512 bytes long.
+
+ [Adam Langley, Steve Henson]
+
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/Configure Tue Apr 8 21:06:58 2014 (r264278)
@@ -526,7 +526,7 @@ my %table=(
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
Modified: head/crypto/openssl/FAQ
==============================================================================
--- head/crypto/openssl/FAQ Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/FAQ Tue Apr 8 21:06:58 2014 (r264278)
@@ -768,6 +768,9 @@ openssl-security at openssl.org if you don'
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve).
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/Makefile Tue Apr 8 21:06:58 2014 (r264278)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1f
+VERSION=1.0.1g
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
- touch -c fips_premain_dso$(EXE_EXT); \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: head/crypto/openssl/Makefile.org
==============================================================================
--- head/crypto/openssl/Makefile.org Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/Makefile.org Tue Apr 8 21:06:58 2014 (r264278)
@@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto CC=$${CC:-$(CC)} build-shared; \
- touch -c fips_premain_dso$(EXE_EXT); \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/NEWS Tue Apr 8 21:06:58 2014 (r264278)
@@ -5,8 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
+
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+ o Don't include gmt_unix_time in TLS server and client random values
o Fix for TLS record tampering bug CVE-2013-4353
o Fix for TLS version checking bug CVE-2013-6449
o Fix for DTLS retransmission bug CVE-2013-6450
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/README Tue Apr 8 21:06:58 2014 (r264278)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1f 6 Jan 2014
+ OpenSSL 1.0.1g 7 Apr 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: head/crypto/openssl/apps/apps.c
==============================================================================
--- head/crypto/openssl/apps/apps.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/apps/apps.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -586,12 +586,12 @@ int password_callback(char *buf, int buf
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert
if (proc==NULL)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
GetCurrentProcessId());
if (proc==NULL) proc = (HANDLE)-1;
Modified: head/crypto/openssl/apps/crl.c
==============================================================================
--- head/crypto/openssl/apps/crl.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/apps/crl.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old - print old-style (MD5) hash value\n",
+#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old=0;
+#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+#ifndef OPENSSL_NO_MD5
+ else if (strcmp(*argv,"-hash_old") == 0)
+ hash_old= ++num;
+#endif
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
+#ifndef OPENSSL_NO_MD5
+ if (hash_old == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
+ }
+#endif
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
Modified: head/crypto/openssl/apps/dgst.c
==============================================================================
--- head/crypto/openssl/apps/dgst.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/apps/dgst.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
Modified: head/crypto/openssl/apps/ecparam.c
==============================================================================
--- head/crypto/openssl/apps/ecparam.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/apps/ecparam.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -105,7 +105,7 @@
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed - if 'explicit' parameters are chosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
+ " parameters are chosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
Modified: head/crypto/openssl/apps/req.c
==============================================================================
--- head/crypto/openssl/apps/req.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/apps/req.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -644,6 +644,11 @@ bad:
if (inrand)
app_RAND_load_files(inrand);
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ {
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
goto end;
}
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;
Modified: head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl Tue Apr 8 21:06:58 2014 (r264278)
@@ -1060,7 +1060,7 @@ _vpaes_consts:
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
___
Modified: head/crypto/openssl/crypto/asn1/asn1_err.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/asn1_err.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/asn1/asn1_err.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
Modified: head/crypto/openssl/crypto/bio/bss_log.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_log.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/bio/bss_log.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp,
static void xopenlog(BIO* bp, char* name, int level)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
bp->ptr = RegisterEventSourceA(NULL,name);
else
bp->ptr = NULL;
Modified: head/crypto/openssl/crypto/cms/cms_lib.c
==============================================================================
--- head/crypto/openssl/crypto/cms/cms_lib.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/cms/cms_lib.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms,
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return 0;
- if (!pcerts)
- return 0;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
{
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
Modified: head/crypto/openssl/crypto/cryptlib.c
==============================================================================
--- head/crypto/openssl/crypto/cryptlib.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/cryptlib.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+ if (check_winnt() && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
Modified: head/crypto/openssl/crypto/engine/eng_list.c
==============================================================================
--- head/crypto/openssl/crypto/engine/eng_list.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/engine/eng_list.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
load_dir, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
goto notfound;
return iterator;
Modified: head/crypto/openssl/crypto/evp/bio_b64.c
==============================================================================
--- head/crypto/openssl/crypto/evp/bio_b64.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/evp/bio_b64.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, i
}
/* we fell off the end without starting */
- if (j == i)
+ if ((j == i) && (num == 0))
{
/* Is this is one long chunk?, if so, keep on
* reading until a new line. */
Modified: head/crypto/openssl/crypto/modes/gcm128.c
==============================================================================
--- head/crypto/openssl/crypto/modes/gcm128.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/modes/gcm128.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT
GCM_MUL(ctx,Yi);
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
}
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT
(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i)
@@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
for (i=0; i<16/sizeof(size_t); ++i) {
@@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
(*block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
}
@@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx,out,GHASH_CHUNK);
@@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
in += i;
@@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
}
if (is_endian.little)
+#ifdef BSWAP4
+ ctr = BSWAP4(ctx->Yi.d[3]);
+#else
ctr = GETU32(ctx->Yi.c+12);
+#endif
else
ctr = ctx->Yi.d[3];
@@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
ctr += GHASH_CHUNK/16;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK;
@@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*stream)(in,out,j,key,ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
out += i;
@@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
++ctr;
if (is_endian.little)
+#ifdef BSWAP4
+ ctx->Yi.d[3] = BSWAP4(ctr);
+#else
PUTU32(ctx->Yi.c+12,ctr);
+#endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
Modified: head/crypto/openssl/crypto/opensslv.h
==============================================================================
--- head/crypto/openssl/crypto/opensslv.h Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/opensslv.h Tue Apr 8 21:06:58 2014 (r264278)
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000106fL
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips 7 Apr 2014"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1f-freebsd 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-freebsd 7 Apr 2014"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: head/crypto/openssl/crypto/rand/md_rand.c
==============================================================================
--- head/crypto/openssl/crypto/rand/md_rand.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/rand/md_rand.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
Modified: head/crypto/openssl/crypto/symhacks.h
==============================================================================
--- head/crypto/openssl/crypto/symhacks.h Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/symhacks.h Tue Apr 8 21:06:58 2014 (r264278)
@@ -204,6 +204,12 @@
#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
#undef SSL_CTX_set_next_proto_select_cb
#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
/* Hack some long ENGINE names */
#undef ENGINE_get_default_BN_mod_exp_crt
Modified: head/crypto/openssl/crypto/x509/by_dir.c
==============================================================================
--- head/crypto/openssl/crypto/x509/by_dir.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/x509/by_dir.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, con
s=dir;
p=s;
- for (;;p++)
+ do
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, con
return 0;
}
}
- if (*p == '\0')
- break;
- }
+ } while (*p++ != '\0');
return 1;
}
Modified: head/crypto/openssl/crypto/x509/x509_vfy.c
==============================================================================
--- head/crypto/openssl/crypto/x509/x509_vfy.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/crypto/x509/x509_vfy.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx,
* a certificate was revoked. This has since been changed since
* critical extension can change the meaning of CRL entries.
*/
- if (crl->flags & EXFLAG_CRITICAL)
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ && (crl->flags & EXFLAG_CRITICAL))
{
- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- return 1;
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok)
Modified: head/crypto/openssl/doc/apps/config.pod
==============================================================================
--- head/crypto/openssl/doc/apps/config.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/config.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -119,7 +119,7 @@ variable points to a section containing
information.
The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
+B<engine_id> below) and further sections containing configuration information
specific to each ENGINE.
Each ENGINE specific section is used to set default algorithms, load
Modified: head/crypto/openssl/doc/apps/crl.pod
==============================================================================
--- head/crypto/openssl/doc/apps/crl.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/crl.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -62,6 +62,11 @@ don't output the encoded version of the
output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
=item B<-issuer>
output the issuer name.
Modified: head/crypto/openssl/doc/apps/ec.pod
==============================================================================
--- head/crypto/openssl/doc/apps/ec.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/ec.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs
This specifies the input format. The B<DER> option with a private key uses
an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.
Modified: head/crypto/openssl/doc/apps/pkcs12.pod
==============================================================================
--- head/crypto/openssl/doc/apps/pkcs12.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/pkcs12.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -67,7 +67,7 @@ by default.
The filename to write certificates and private keys to, standard output by
default. They are all written in PEM format.
-=item B<-pass arg>, B<-passin arg>
+=item B<-passin arg>
the PKCS#12 file (i.e. input file) password source. For more information about
the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
@@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
=item B<-passout arg>
-pass phrase source to encrypt any outputed private keys with. For more
+pass phrase source to encrypt any outputted private keys with. For more
information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
in L<openssl(1)|openssl(1)>.
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
=item B<-noout>
this option inhibits output of the keys and certificates to the output file
Modified: head/crypto/openssl/doc/apps/req.pod
==============================================================================
--- head/crypto/openssl/doc/apps/req.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/req.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
=item B<-newhdr>
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
request. Some software (Netscape certificate server) and some CAs need this.
=item B<-batch>
Modified: head/crypto/openssl/doc/apps/s_client.pod
==============================================================================
--- head/crypto/openssl/doc/apps/s_client.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/s_client.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -10,6 +10,7 @@ s_client - SSL/TLS client program
B<openssl> B<s_client>
[B<-connect host:port>]
[B<-verify depth>]
+[B<-verify_return_error>]
[B<-cert filename>]
[B<-certform DER|PEM>]
[B<-key filename>]
@@ -90,6 +91,11 @@ Currently the verify operation continues
with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure.
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
=item B<-CApath directory>
The directory to use for server certificate verification. This directory
@@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot inc
these will only be supported if its use is disabled, for example by using the
B<-no_sslv2> option.
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
=head1 BUGS
Because this program has a lot of options and also because some of
@@ -293,9 +306,6 @@ the techniques used are rather old, the
hard to read and not a model of how things should be done. A typical
SSL client program would be much simpler.
-The B<-verify> option should really exit if the server verification
-fails.
-
The B<-prexit> option is a bit of a hack. We should really report
information whenever a session is renegotiated.
Modified: head/crypto/openssl/doc/apps/s_server.pod
==============================================================================
--- head/crypto/openssl/doc/apps/s_server.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/s_server.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -111,7 +111,7 @@ by using an appropriate certificate.
=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
=item B<-nocert>
Modified: head/crypto/openssl/doc/apps/ts.pod
==============================================================================
--- head/crypto/openssl/doc/apps/ts.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/ts.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -352,7 +352,7 @@ switch always overrides the settings in
This is the main section and it specifies the name of another section
that contains all the options for the B<-reply> command. This default
-section can be overriden with the B<-section> command line switch. (Optional)
+section can be overridden with the B<-section> command line switch. (Optional)
=item B<oid_file>
@@ -453,7 +453,7 @@ included. Default is no. (Optional)
=head1 ENVIRONMENT VARIABLES
B<OPENSSL_CONF> contains the path of the configuration file and can be
-overriden by the B<-config> command line option.
+overridden by the B<-config> command line option.
=head1 EXAMPLES
Modified: head/crypto/openssl/doc/apps/tsget.pod
==============================================================================
--- head/crypto/openssl/doc/apps/tsget.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/apps/tsget.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -124,7 +124,7 @@ The name of an EGD socket to get random
=item [request]...
List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
-requests are specifed only one request will be sent to the server and it will be
+requests are specified only one request will be sent to the server and it will be
read from the standard input. (Optional)
=back
Modified: head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -48,7 +48,7 @@ necessary parameters are set, by re-crea
BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
-returned in B<r> (this is useful if a B<RSA> object is shared amoung
+returned in B<r> (this is useful if a B<RSA> object is shared among
several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
the inverse blinding.
Modified: head/crypto/openssl/doc/crypto/ERR_get_error.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/ERR_get_error.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/ERR_get_error.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_erro
ERR_get_last_error_line_data() store additional data and flags
associated with the error code in *B<data>
and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true.
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
=head1 RETURN VALUES
Modified: head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encrypti
EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
+The B<salt> parameter is used as a salt in the derivation: it should point to
an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
B<datal> bytes which is used to derive the keying data. B<count> is the
iteration count to use. The derived key and IV will be written to B<key>
Modified: head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -152,7 +152,7 @@ does not remain in memory.
EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
initialized and they always use the default cipher implementation.
EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
Modified: head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -113,7 +113,7 @@ a special status code is set to the veri
to examine the valid policy tree and perform additional checks or simply
log it for debugging purposes.
-By default some addtional features such as indirect CRLs and CRLs signed by
+By default some additional features such as indirect CRLs and CRLs signed by
different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
they are enabled.
Modified: head/crypto/openssl/doc/crypto/pem.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/pem.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/crypto/pem.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -201,7 +201,7 @@ handle PKCS#8 format encrypted and unenc
PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
write a private key in an EVP_PKEY structure in PKCS#8
EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algoritm to
+algorithms. The B<cipher> argument specifies the encryption algorithm to
use: unlike all other PEM routines the encryption is applied at the
PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
Modified: head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
==============================================================================
--- head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -169,8 +169,8 @@ that will always continue the TLS/SSL ha
failure, if wished. The callback realizes a verification depth limit with
more informational output.
-All verification errors are printed, informations about the certificate chain
-are printed on request.
+All verification errors are printed; information about the certificate chain
+is printed on request.
The example is realized for a server that does allow but not require client
certificates.
Modified: head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
==============================================================================
--- head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod Tue Apr 8 21:06:58 2014 (r264278)
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
=over 4
-=item 0
+=item Z<>0
No shutdown setting, yet.
Modified: head/crypto/openssl/e_os.h
==============================================================================
--- head/crypto/openssl/e_os.h Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/e_os.h Tue Apr 8 21:06:58 2014 (r264278)
@@ -368,6 +368,13 @@ static unsigned int _strlen31(const char
# define DEFAULT_HOME "C:"
# endif
+/* Avoid Windows 8 SDK GetVersion deprecated problems */
+#if defined(_MSC_VER) && _MSC_VER>=1800
+# define check_winnt() (1)
+#else
+# define check_winnt() (GetVersion() < 0x80000000)
+#endif
+
#else /* The non-microsoft world */
# ifdef OPENSSL_SYS_VMS
Modified: head/crypto/openssl/engines/ccgost/gosthash.c
==============================================================================
--- head/crypto/openssl/engines/ccgost/gosthash.c Tue Apr 8 21:02:03 2014 (r264277)
+++ head/crypto/openssl/engines/ccgost/gosthash.c Tue Apr 8 21:06:58 2014 (r264278)
@@ -180,8 +180,6 @@ int start_hash(gost_hash_ctx *ctx)
*/
int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
{
- const byte *curptr=block;
- const byte *barrier=block+(length-32);/* Last byte we can safely hash*/
if (ctx->left)
{
/*There are some bytes from previous step*/
@@ -196,24 +194,25 @@ int hash_block(gost_hash_ctx *ctx,const
{
return 1;
}
- curptr=block+add_bytes;
+ block+=add_bytes;
+ length-=add_bytes;
hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
add_blocks(32,ctx->S,ctx->remainder);
ctx->len+=32;
ctx->left=0;
}
- while (curptr<=barrier)
+ while (length>=32)
{
- hash_step(ctx->cipher_ctx,ctx->H,curptr);
+ hash_step(ctx->cipher_ctx,ctx->H,block);
- add_blocks(32,ctx->S,curptr);
+ add_blocks(32,ctx->S,block);
ctx->len+=32;
- curptr+=32;
+ block+=32;
+ length-=32;
}
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list