From delphij at FreeBSD.org Wed Feb 25 05:56:21 2015 From: delphij at FreeBSD.org (Xin LI) Date: Wed, 25 Feb 2015 05:56:18 +0000 (UTC) Subject: svn commit: r279264 - in releng: 10.0 10.0/crypto/openssl 10.0/crypto/openssl/apps 10.0/crypto/openssl/crypto 10.0/crypto/openssl/crypto/aes/asm 10.0/crypto/openssl/crypto/asn1 10.0/crypto/openssl/... Message-ID: <201502250556.t1P5uIsj088883@svn.freebsd.org> Author: delphij Date: Wed Feb 25 05:56:16 2015 New Revision: 279264 URL: https://svnweb.freebsd.org/changeset/base/279264 Log: Fix integer overflow in IGMP protocol. [SA-15:04] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 1.0.1l. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so Added: releng/10.0/crypto/openssl/crypto/constant_time_locl.h (contents, props changed) releng/10.0/crypto/openssl/crypto/constant_time_test.c (contents, props changed) releng/10.0/crypto/openssl/doc/apps/c_rehash.pod releng/10.0/crypto/openssl/doc/crypto/CMS_add1_signer.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod releng/10.0/crypto/openssl/ssl/heartbeat_test.c (contents, props changed) releng/10.0/crypto/openssl/ssl/ssl_utst.c (contents, props changed) releng/10.0/crypto/openssl/util/mkbuildinf.pl (contents, props changed) releng/10.0/secure/lib/libcrypto/man/CMS_add1_signer.3 (contents, props changed) releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) releng/10.0/secure/usr.bin/openssl/man/c_rehash.1 (contents, props changed) releng/10.1/crypto/openssl/util/mkbuildinf.pl (contents, props changed) Deleted: releng/10.0/crypto/openssl/crypto/bn/asm/mips3.s releng/10.0/crypto/openssl/crypto/pkcs7/bio_ber.c releng/10.0/crypto/openssl/crypto/pkcs7/dec.c releng/10.0/crypto/openssl/crypto/pkcs7/des.pem releng/10.0/crypto/openssl/crypto/pkcs7/doc releng/10.0/crypto/openssl/crypto/pkcs7/enc.c releng/10.0/crypto/openssl/crypto/pkcs7/es1.pem releng/10.0/crypto/openssl/crypto/pkcs7/example.c releng/10.0/crypto/openssl/crypto/pkcs7/example.h releng/10.0/crypto/openssl/crypto/pkcs7/info.pem releng/10.0/crypto/openssl/crypto/pkcs7/infokey.pem releng/10.0/crypto/openssl/crypto/pkcs7/p7/ releng/10.0/crypto/openssl/crypto/pkcs7/server.pem releng/10.0/crypto/openssl/crypto/pkcs7/sign.c releng/10.0/crypto/openssl/crypto/pkcs7/t/ releng/10.0/crypto/openssl/crypto/pkcs7/verify.c releng/10.0/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod releng/10.1/crypto/openssl/crypto/bn/asm/mips3.s Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/ACKNOWLEDGMENTS releng/10.0/crypto/openssl/CHANGES releng/10.0/crypto/openssl/Configure releng/10.0/crypto/openssl/FAQ releng/10.0/crypto/openssl/Makefile releng/10.0/crypto/openssl/Makefile.org releng/10.0/crypto/openssl/NEWS releng/10.0/crypto/openssl/README releng/10.0/crypto/openssl/apps/Makefile releng/10.0/crypto/openssl/apps/apps.c releng/10.0/crypto/openssl/apps/apps.h releng/10.0/crypto/openssl/apps/ca.c releng/10.0/crypto/openssl/apps/ciphers.c releng/10.0/crypto/openssl/apps/crl.c releng/10.0/crypto/openssl/apps/crl2p7.c releng/10.0/crypto/openssl/apps/dgst.c releng/10.0/crypto/openssl/apps/ecparam.c releng/10.0/crypto/openssl/apps/enc.c releng/10.0/crypto/openssl/apps/ocsp.c releng/10.0/crypto/openssl/apps/openssl.c releng/10.0/crypto/openssl/apps/pkcs12.c releng/10.0/crypto/openssl/apps/progs.h releng/10.0/crypto/openssl/apps/progs.pl releng/10.0/crypto/openssl/apps/req.c releng/10.0/crypto/openssl/apps/s_cb.c releng/10.0/crypto/openssl/apps/s_client.c releng/10.0/crypto/openssl/apps/s_server.c releng/10.0/crypto/openssl/apps/s_socket.c releng/10.0/crypto/openssl/apps/s_time.c releng/10.0/crypto/openssl/apps/smime.c releng/10.0/crypto/openssl/apps/speed.c releng/10.0/crypto/openssl/config releng/10.0/crypto/openssl/crypto/Makefile releng/10.0/crypto/openssl/crypto/aes/asm/aes-mips.pl releng/10.0/crypto/openssl/crypto/aes/asm/aes-parisc.pl releng/10.0/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl releng/10.0/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl releng/10.0/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl releng/10.0/crypto/openssl/crypto/armcap.c releng/10.0/crypto/openssl/crypto/asn1/a_int.c releng/10.0/crypto/openssl/crypto/asn1/a_strex.c releng/10.0/crypto/openssl/crypto/asn1/a_strnid.c releng/10.0/crypto/openssl/crypto/asn1/a_utctm.c releng/10.0/crypto/openssl/crypto/asn1/ameth_lib.c releng/10.0/crypto/openssl/crypto/asn1/asn1.h releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c releng/10.0/crypto/openssl/crypto/asn1/asn1_lib.c releng/10.0/crypto/openssl/crypto/asn1/asn_mime.c releng/10.0/crypto/openssl/crypto/asn1/asn_pack.c releng/10.0/crypto/openssl/crypto/asn1/bio_asn1.c releng/10.0/crypto/openssl/crypto/asn1/charmap.pl releng/10.0/crypto/openssl/crypto/asn1/evp_asn1.c releng/10.0/crypto/openssl/crypto/asn1/t_x509.c releng/10.0/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.0/crypto/openssl/crypto/asn1/tasn_enc.c releng/10.0/crypto/openssl/crypto/asn1/x_crl.c releng/10.0/crypto/openssl/crypto/asn1/x_name.c releng/10.0/crypto/openssl/crypto/bio/bio.h releng/10.0/crypto/openssl/crypto/bio/bio_lib.c releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c releng/10.0/crypto/openssl/crypto/bio/bss_log.c releng/10.0/crypto/openssl/crypto/bn/Makefile releng/10.0/crypto/openssl/crypto/bn/asm/mips-mont.pl releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl releng/10.0/crypto/openssl/crypto/bn/asm/parisc-mont.pl releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl releng/10.0/crypto/openssl/crypto/bn/bn.h releng/10.0/crypto/openssl/crypto/bn/bn_ctx.c releng/10.0/crypto/openssl/crypto/bn/bn_div.c releng/10.0/crypto/openssl/crypto/bn/bn_exp.c releng/10.0/crypto/openssl/crypto/bn/bn_lib.c releng/10.0/crypto/openssl/crypto/bn/bn_mont.c releng/10.0/crypto/openssl/crypto/bn/bn_nist.c releng/10.0/crypto/openssl/crypto/bn/bn_sqr.c releng/10.0/crypto/openssl/crypto/bn/bntest.c releng/10.0/crypto/openssl/crypto/bn/exptest.c releng/10.0/crypto/openssl/crypto/buffer/buffer.c releng/10.0/crypto/openssl/crypto/buffer/buffer.h releng/10.0/crypto/openssl/crypto/cms/cms_env.c releng/10.0/crypto/openssl/crypto/cms/cms_lib.c releng/10.0/crypto/openssl/crypto/cms/cms_pwri.c releng/10.0/crypto/openssl/crypto/cms/cms_sd.c releng/10.0/crypto/openssl/crypto/cms/cms_smime.c releng/10.0/crypto/openssl/crypto/conf/conf_def.c releng/10.0/crypto/openssl/crypto/cryptlib.c releng/10.0/crypto/openssl/crypto/cversion.c releng/10.0/crypto/openssl/crypto/dsa/dsa_ameth.c releng/10.0/crypto/openssl/crypto/dso/dso_dlfcn.c releng/10.0/crypto/openssl/crypto/ebcdic.h releng/10.0/crypto/openssl/crypto/ec/ec.h releng/10.0/crypto/openssl/crypto/ec/ec2_smpl.c releng/10.0/crypto/openssl/crypto/ec/ec_ameth.c releng/10.0/crypto/openssl/crypto/ec/ec_asn1.c releng/10.0/crypto/openssl/crypto/ec/ec_lcl.h releng/10.0/crypto/openssl/crypto/ec/ec_lib.c releng/10.0/crypto/openssl/crypto/ec/ec_mult.c releng/10.0/crypto/openssl/crypto/ec/ec_pmeth.c releng/10.0/crypto/openssl/crypto/ec/ecp_mont.c releng/10.0/crypto/openssl/crypto/ec/ecp_nist.c releng/10.0/crypto/openssl/crypto/ec/ecp_nistp256.c releng/10.0/crypto/openssl/crypto/ec/ecp_smpl.c releng/10.0/crypto/openssl/crypto/ec/ectest.c releng/10.0/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.0/crypto/openssl/crypto/engine/eng_dyn.c releng/10.0/crypto/openssl/crypto/engine/eng_list.c releng/10.0/crypto/openssl/crypto/engine/eng_rdrand.c releng/10.0/crypto/openssl/crypto/evp/Makefile releng/10.0/crypto/openssl/crypto/evp/bio_b64.c releng/10.0/crypto/openssl/crypto/evp/digest.c releng/10.0/crypto/openssl/crypto/evp/e_aes.c releng/10.0/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c releng/10.0/crypto/openssl/crypto/evp/e_des3.c releng/10.0/crypto/openssl/crypto/evp/encode.c releng/10.0/crypto/openssl/crypto/evp/evp_enc.c releng/10.0/crypto/openssl/crypto/evp/evp_pbe.c releng/10.0/crypto/openssl/crypto/evp/p5_crpt2.c releng/10.0/crypto/openssl/crypto/idea/ideatest.c releng/10.0/crypto/openssl/crypto/md32_common.h releng/10.0/crypto/openssl/crypto/md5/asm/md5-x86_64.pl releng/10.0/crypto/openssl/crypto/mem.c releng/10.0/crypto/openssl/crypto/modes/Makefile releng/10.0/crypto/openssl/crypto/modes/asm/ghash-parisc.pl releng/10.0/crypto/openssl/crypto/modes/cbc128.c releng/10.0/crypto/openssl/crypto/modes/ccm128.c releng/10.0/crypto/openssl/crypto/modes/cts128.c releng/10.0/crypto/openssl/crypto/modes/gcm128.c releng/10.0/crypto/openssl/crypto/modes/modes.h releng/10.0/crypto/openssl/crypto/modes/modes_lcl.h releng/10.0/crypto/openssl/crypto/objects/obj_dat.h releng/10.0/crypto/openssl/crypto/objects/obj_dat.pl releng/10.0/crypto/openssl/crypto/objects/obj_xref.h releng/10.0/crypto/openssl/crypto/objects/objxref.pl releng/10.0/crypto/openssl/crypto/ocsp/ocsp_ht.c releng/10.0/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/10.0/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/10.0/crypto/openssl/crypto/opensslconf.h releng/10.0/crypto/openssl/crypto/opensslv.h releng/10.0/crypto/openssl/crypto/ossl_typ.h releng/10.0/crypto/openssl/crypto/pariscid.pl releng/10.0/crypto/openssl/crypto/pem/pem_info.c releng/10.0/crypto/openssl/crypto/pem/pvkfmt.c releng/10.0/crypto/openssl/crypto/pkcs12/p12_crt.c releng/10.0/crypto/openssl/crypto/pkcs12/p12_kiss.c releng/10.0/crypto/openssl/crypto/pkcs7/Makefile releng/10.0/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7.h releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7err.c releng/10.0/crypto/openssl/crypto/pqueue/pqueue.h releng/10.0/crypto/openssl/crypto/rand/md_rand.c releng/10.0/crypto/openssl/crypto/rand/rand.h releng/10.0/crypto/openssl/crypto/rand/rand_err.c releng/10.0/crypto/openssl/crypto/rand/rand_lcl.h releng/10.0/crypto/openssl/crypto/rand/rand_lib.c releng/10.0/crypto/openssl/crypto/rand/randfile.c releng/10.0/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl releng/10.0/crypto/openssl/crypto/rsa/Makefile releng/10.0/crypto/openssl/crypto/rsa/rsa.h releng/10.0/crypto/openssl/crypto/rsa/rsa_ameth.c releng/10.0/crypto/openssl/crypto/rsa/rsa_chk.c releng/10.0/crypto/openssl/crypto/rsa/rsa_eay.c releng/10.0/crypto/openssl/crypto/rsa/rsa_err.c releng/10.0/crypto/openssl/crypto/rsa/rsa_oaep.c releng/10.0/crypto/openssl/crypto/rsa/rsa_pk1.c releng/10.0/crypto/openssl/crypto/rsa/rsa_pmeth.c releng/10.0/crypto/openssl/crypto/rsa/rsa_sign.c releng/10.0/crypto/openssl/crypto/sha/Makefile releng/10.0/crypto/openssl/crypto/sha/asm/sha1-mips.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha1-parisc.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha512-mips.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha512-parisc.pl releng/10.0/crypto/openssl/crypto/sha/sha512.c releng/10.0/crypto/openssl/crypto/srp/srp_grps.h releng/10.0/crypto/openssl/crypto/srp/srp_lib.c releng/10.0/crypto/openssl/crypto/srp/srp_vfy.c releng/10.0/crypto/openssl/crypto/stack/safestack.h releng/10.0/crypto/openssl/crypto/symhacks.h releng/10.0/crypto/openssl/crypto/ts/ts_rsp_sign.c releng/10.0/crypto/openssl/crypto/ts/ts_rsp_verify.c releng/10.0/crypto/openssl/crypto/ui/ui_lib.c releng/10.0/crypto/openssl/crypto/x509/by_dir.c releng/10.0/crypto/openssl/crypto/x509/x509_vfy.c releng/10.0/crypto/openssl/crypto/x509/x509_vpm.c releng/10.0/crypto/openssl/crypto/x509/x_all.c releng/10.0/crypto/openssl/crypto/x509v3/v3_ncons.c releng/10.0/crypto/openssl/crypto/x509v3/v3_purp.c releng/10.0/crypto/openssl/crypto/x86cpuid.pl releng/10.0/crypto/openssl/doc/HOWTO/certificates.txt releng/10.0/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/10.0/crypto/openssl/doc/apps/asn1parse.pod releng/10.0/crypto/openssl/doc/apps/ca.pod releng/10.0/crypto/openssl/doc/apps/ciphers.pod releng/10.0/crypto/openssl/doc/apps/cms.pod releng/10.0/crypto/openssl/doc/apps/config.pod releng/10.0/crypto/openssl/doc/apps/crl.pod releng/10.0/crypto/openssl/doc/apps/dgst.pod releng/10.0/crypto/openssl/doc/apps/dhparam.pod releng/10.0/crypto/openssl/doc/apps/dsa.pod releng/10.0/crypto/openssl/doc/apps/ec.pod releng/10.0/crypto/openssl/doc/apps/ecparam.pod releng/10.0/crypto/openssl/doc/apps/enc.pod releng/10.0/crypto/openssl/doc/apps/gendsa.pod releng/10.0/crypto/openssl/doc/apps/genrsa.pod releng/10.0/crypto/openssl/doc/apps/ocsp.pod releng/10.0/crypto/openssl/doc/apps/pkcs12.pod releng/10.0/crypto/openssl/doc/apps/req.pod releng/10.0/crypto/openssl/doc/apps/rsa.pod releng/10.0/crypto/openssl/doc/apps/s_client.pod releng/10.0/crypto/openssl/doc/apps/s_server.pod releng/10.0/crypto/openssl/doc/apps/smime.pod releng/10.0/crypto/openssl/doc/apps/ts.pod releng/10.0/crypto/openssl/doc/apps/tsget.pod releng/10.0/crypto/openssl/doc/apps/verify.pod releng/10.0/crypto/openssl/doc/apps/version.pod releng/10.0/crypto/openssl/doc/apps/x509.pod releng/10.0/crypto/openssl/doc/apps/x509v3_config.pod releng/10.0/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod releng/10.0/crypto/openssl/doc/crypto/BIO_f_base64.pod releng/10.0/crypto/openssl/doc/crypto/BIO_push.pod releng/10.0/crypto/openssl/doc/crypto/BIO_s_accept.pod releng/10.0/crypto/openssl/doc/crypto/BN_BLINDING_new.pod releng/10.0/crypto/openssl/doc/crypto/CMS_decrypt.pod releng/10.0/crypto/openssl/doc/crypto/CONF_modules_free.pod releng/10.0/crypto/openssl/doc/crypto/CONF_modules_load_file.pod releng/10.0/crypto/openssl/doc/crypto/ERR_get_error.pod releng/10.0/crypto/openssl/doc/crypto/EVP_BytesToKey.pod releng/10.0/crypto/openssl/doc/crypto/EVP_DigestInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_EncryptInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod releng/10.0/crypto/openssl/doc/crypto/EVP_SignInit.pod releng/10.0/crypto/openssl/doc/crypto/OPENSSL_config.pod releng/10.0/crypto/openssl/doc/crypto/RSA_set_method.pod releng/10.0/crypto/openssl/doc/crypto/RSA_sign.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_error.pod releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod releng/10.0/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod releng/10.0/crypto/openssl/doc/crypto/des.pod releng/10.0/crypto/openssl/doc/crypto/ecdsa.pod releng/10.0/crypto/openssl/doc/crypto/err.pod releng/10.0/crypto/openssl/doc/crypto/pem.pod releng/10.0/crypto/openssl/doc/crypto/ui.pod releng/10.0/crypto/openssl/doc/fingerprints.txt releng/10.0/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod releng/10.0/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_new.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod releng/10.0/crypto/openssl/doc/ssl/SSL_accept.pod releng/10.0/crypto/openssl/doc/ssl/SSL_clear.pod releng/10.0/crypto/openssl/doc/ssl/SSL_connect.pod releng/10.0/crypto/openssl/doc/ssl/SSL_do_handshake.pod releng/10.0/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod releng/10.0/crypto/openssl/doc/ssl/SSL_get_version.pod releng/10.0/crypto/openssl/doc/ssl/SSL_read.pod releng/10.0/crypto/openssl/doc/ssl/SSL_session_reused.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_fd.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_session.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_shutdown.pod releng/10.0/crypto/openssl/doc/ssl/SSL_shutdown.pod releng/10.0/crypto/openssl/doc/ssl/SSL_write.pod releng/10.0/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod releng/10.0/crypto/openssl/e_os.h releng/10.0/crypto/openssl/engines/ccgost/gost89.h releng/10.0/crypto/openssl/engines/ccgost/gost_ameth.c releng/10.0/crypto/openssl/engines/ccgost/gosthash.c releng/10.0/crypto/openssl/engines/e_padlock.c releng/10.0/crypto/openssl/ssl/Makefile releng/10.0/crypto/openssl/ssl/d1_both.c releng/10.0/crypto/openssl/ssl/d1_clnt.c releng/10.0/crypto/openssl/ssl/d1_enc.c releng/10.0/crypto/openssl/ssl/d1_lib.c releng/10.0/crypto/openssl/ssl/d1_pkt.c releng/10.0/crypto/openssl/ssl/d1_srvr.c releng/10.0/crypto/openssl/ssl/dtls1.h releng/10.0/crypto/openssl/ssl/kssl.c releng/10.0/crypto/openssl/ssl/kssl.h releng/10.0/crypto/openssl/ssl/s23_clnt.c releng/10.0/crypto/openssl/ssl/s23_lib.c releng/10.0/crypto/openssl/ssl/s23_srvr.c releng/10.0/crypto/openssl/ssl/s2_enc.c releng/10.0/crypto/openssl/ssl/s2_lib.c releng/10.0/crypto/openssl/ssl/s2_pkt.c releng/10.0/crypto/openssl/ssl/s2_srvr.c releng/10.0/crypto/openssl/ssl/s3_both.c releng/10.0/crypto/openssl/ssl/s3_cbc.c releng/10.0/crypto/openssl/ssl/s3_clnt.c releng/10.0/crypto/openssl/ssl/s3_enc.c releng/10.0/crypto/openssl/ssl/s3_lib.c releng/10.0/crypto/openssl/ssl/s3_meth.c releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/crypto/openssl/ssl/s3_srvr.c releng/10.0/crypto/openssl/ssl/srtp.h releng/10.0/crypto/openssl/ssl/ssl.h releng/10.0/crypto/openssl/ssl/ssl3.h releng/10.0/crypto/openssl/ssl/ssl_asn1.c releng/10.0/crypto/openssl/ssl/ssl_cert.c releng/10.0/crypto/openssl/ssl/ssl_ciph.c releng/10.0/crypto/openssl/ssl/ssl_err.c releng/10.0/crypto/openssl/ssl/ssl_lib.c releng/10.0/crypto/openssl/ssl/ssl_locl.h releng/10.0/crypto/openssl/ssl/ssl_sess.c releng/10.0/crypto/openssl/ssl/ssl_stat.c releng/10.0/crypto/openssl/ssl/ssltest.c releng/10.0/crypto/openssl/ssl/t1_enc.c releng/10.0/crypto/openssl/ssl/t1_lib.c releng/10.0/crypto/openssl/ssl/tls1.h releng/10.0/crypto/openssl/util/libeay.num releng/10.0/crypto/openssl/util/mk1mf.pl releng/10.0/crypto/openssl/util/mkdef.pl releng/10.0/crypto/openssl/util/mkerr.pl releng/10.0/crypto/openssl/util/pl/BC-32.pl releng/10.0/crypto/openssl/util/pl/VC-32.pl releng/10.0/crypto/openssl/util/pl/netware.pl releng/10.0/crypto/openssl/util/shlib_wrap.sh releng/10.0/crypto/openssl/util/ssleay.num releng/10.0/secure/lib/libcrypto/Makefile releng/10.0/secure/lib/libcrypto/Makefile.inc releng/10.0/secure/lib/libcrypto/Makefile.man releng/10.0/secure/lib/libcrypto/amd64/bsaes-x86_64.S releng/10.0/secure/lib/libcrypto/amd64/vpaes-x86_64.S releng/10.0/secure/lib/libcrypto/i386/x86cpuid.s releng/10.0/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/10.0/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/10.0/secure/lib/libcrypto/man/BIO_ctrl.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_base64.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_md.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_null.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/10.0/secure/lib/libcrypto/man/BIO_find_type.3 releng/10.0/secure/lib/libcrypto/man/BIO_new.3 releng/10.0/secure/lib/libcrypto/man/BIO_new_CMS.3 releng/10.0/secure/lib/libcrypto/man/BIO_push.3 releng/10.0/secure/lib/libcrypto/man/BIO_read.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_accept.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_bio.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_connect.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_fd.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_file.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_mem.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_null.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_socket.3 releng/10.0/secure/lib/libcrypto/man/BIO_set_callback.3 releng/10.0/secure/lib/libcrypto/man/BIO_should_retry.3 releng/10.0/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/10.0/secure/lib/libcrypto/man/BN_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/BN_CTX_start.3 releng/10.0/secure/lib/libcrypto/man/BN_add.3 releng/10.0/secure/lib/libcrypto/man/BN_add_word.3 releng/10.0/secure/lib/libcrypto/man/BN_bn2bin.3 releng/10.0/secure/lib/libcrypto/man/BN_cmp.3 releng/10.0/secure/lib/libcrypto/man/BN_copy.3 releng/10.0/secure/lib/libcrypto/man/BN_generate_prime.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/10.0/secure/lib/libcrypto/man/BN_new.3 releng/10.0/secure/lib/libcrypto/man/BN_num_bytes.3 releng/10.0/secure/lib/libcrypto/man/BN_rand.3 releng/10.0/secure/lib/libcrypto/man/BN_set_bit.3 releng/10.0/secure/lib/libcrypto/man/BN_swap.3 releng/10.0/secure/lib/libcrypto/man/BN_zero.3 releng/10.0/secure/lib/libcrypto/man/CMS_add0_cert.3 releng/10.0/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 releng/10.0/secure/lib/libcrypto/man/CMS_compress.3 releng/10.0/secure/lib/libcrypto/man/CMS_decrypt.3 releng/10.0/secure/lib/libcrypto/man/CMS_encrypt.3 releng/10.0/secure/lib/libcrypto/man/CMS_final.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_type.3 releng/10.0/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign_receipt.3 releng/10.0/secure/lib/libcrypto/man/CMS_uncompress.3 releng/10.0/secure/lib/libcrypto/man/CMS_verify.3 releng/10.0/secure/lib/libcrypto/man/CMS_verify_receipt.3 releng/10.0/secure/lib/libcrypto/man/CONF_modules_free.3 releng/10.0/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/10.0/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/10.0/secure/lib/libcrypto/man/DH_generate_key.3 releng/10.0/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/10.0/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/DH_new.3 releng/10.0/secure/lib/libcrypto/man/DH_set_method.3 releng/10.0/secure/lib/libcrypto/man/DH_size.3 releng/10.0/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/10.0/secure/lib/libcrypto/man/DSA_do_sign.3 releng/10.0/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/10.0/secure/lib/libcrypto/man/DSA_generate_key.3 releng/10.0/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/10.0/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/DSA_new.3 releng/10.0/secure/lib/libcrypto/man/DSA_set_method.3 releng/10.0/secure/lib/libcrypto/man/DSA_sign.3 releng/10.0/secure/lib/libcrypto/man/DSA_size.3 releng/10.0/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/10.0/secure/lib/libcrypto/man/ERR_clear_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_error_string.3 releng/10.0/secure/lib/libcrypto/man/ERR_get_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/10.0/secure/lib/libcrypto/man/ERR_load_strings.3 releng/10.0/secure/lib/libcrypto/man/ERR_print_errors.3 releng/10.0/secure/lib/libcrypto/man/ERR_put_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_remove_state.3 releng/10.0/secure/lib/libcrypto/man/ERR_set_mark.3 releng/10.0/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestSignInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_derive.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_sign.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 releng/10.0/secure/lib/libcrypto/man/EVP_SealInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_SignInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/10.0/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_config.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/10.0/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 releng/10.0/secure/lib/libcrypto/man/PKCS12_create.3 releng/10.0/secure/lib/libcrypto/man/PKCS12_parse.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_sign.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_verify.3 releng/10.0/secure/lib/libcrypto/man/RAND_add.3 releng/10.0/secure/lib/libcrypto/man/RAND_bytes.3 releng/10.0/secure/lib/libcrypto/man/RAND_cleanup.3 releng/10.0/secure/lib/libcrypto/man/RAND_egd.3 releng/10.0/secure/lib/libcrypto/man/RAND_load_file.3 releng/10.0/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/10.0/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/10.0/secure/lib/libcrypto/man/RSA_check_key.3 releng/10.0/secure/lib/libcrypto/man/RSA_generate_key.3 releng/10.0/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/RSA_new.3 releng/10.0/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/10.0/secure/lib/libcrypto/man/RSA_print.3 releng/10.0/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/10.0/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/10.0/secure/lib/libcrypto/man/RSA_set_method.3 releng/10.0/secure/lib/libcrypto/man/RSA_sign.3 releng/10.0/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/10.0/secure/lib/libcrypto/man/RSA_size.3 releng/10.0/secure/lib/libcrypto/man/SMIME_read_CMS.3 releng/10.0/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/10.0/secure/lib/libcrypto/man/SMIME_write_CMS.3 releng/10.0/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 releng/10.0/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 releng/10.0/secure/lib/libcrypto/man/X509_new.3 releng/10.0/secure/lib/libcrypto/man/X509_verify_cert.3 releng/10.0/secure/lib/libcrypto/man/bio.3 releng/10.0/secure/lib/libcrypto/man/blowfish.3 releng/10.0/secure/lib/libcrypto/man/bn.3 releng/10.0/secure/lib/libcrypto/man/bn_internal.3 releng/10.0/secure/lib/libcrypto/man/buffer.3 releng/10.0/secure/lib/libcrypto/man/crypto.3 releng/10.0/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/10.0/secure/lib/libcrypto/man/d2i_DHparams.3 releng/10.0/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/10.0/secure/lib/libcrypto/man/des.3 releng/10.0/secure/lib/libcrypto/man/dh.3 releng/10.0/secure/lib/libcrypto/man/dsa.3 releng/10.0/secure/lib/libcrypto/man/ecdsa.3 releng/10.0/secure/lib/libcrypto/man/engine.3 releng/10.0/secure/lib/libcrypto/man/err.3 releng/10.0/secure/lib/libcrypto/man/evp.3 releng/10.0/secure/lib/libcrypto/man/hmac.3 releng/10.0/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 releng/10.0/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 releng/10.0/secure/lib/libcrypto/man/lh_stats.3 releng/10.0/secure/lib/libcrypto/man/lhash.3 releng/10.0/secure/lib/libcrypto/man/md5.3 releng/10.0/secure/lib/libcrypto/man/mdc2.3 releng/10.0/secure/lib/libcrypto/man/pem.3 releng/10.0/secure/lib/libcrypto/man/rand.3 releng/10.0/secure/lib/libcrypto/man/rc4.3 releng/10.0/secure/lib/libcrypto/man/ripemd.3 releng/10.0/secure/lib/libcrypto/man/rsa.3 releng/10.0/secure/lib/libcrypto/man/sha.3 releng/10.0/secure/lib/libcrypto/man/threads.3 releng/10.0/secure/lib/libcrypto/man/ui.3 releng/10.0/secure/lib/libcrypto/man/ui_compat.3 releng/10.0/secure/lib/libcrypto/man/x509.3 releng/10.0/secure/lib/libssl/Makefile.man releng/10.0/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/10.0/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_free.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_new.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_free.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/10.0/secure/lib/libssl/man/SSL_accept.3 releng/10.0/secure/lib/libssl/man/SSL_alert_type_string.3 releng/10.0/secure/lib/libssl/man/SSL_clear.3 releng/10.0/secure/lib/libssl/man/SSL_connect.3 releng/10.0/secure/lib/libssl/man/SSL_do_handshake.3 releng/10.0/secure/lib/libssl/man/SSL_free.3 releng/10.0/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/10.0/secure/lib/libssl/man/SSL_get_ciphers.3 releng/10.0/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/10.0/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/10.0/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/10.0/secure/lib/libssl/man/SSL_get_error.3 releng/10.0/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/10.0/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_get_fd.3 releng/10.0/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/10.0/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/10.0/secure/lib/libssl/man/SSL_get_psk_identity.3 releng/10.0/secure/lib/libssl/man/SSL_get_rbio.3 releng/10.0/secure/lib/libssl/man/SSL_get_session.3 releng/10.0/secure/lib/libssl/man/SSL_get_verify_result.3 releng/10.0/secure/lib/libssl/man/SSL_get_version.3 releng/10.0/secure/lib/libssl/man/SSL_library_init.3 releng/10.0/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/10.0/secure/lib/libssl/man/SSL_new.3 releng/10.0/secure/lib/libssl/man/SSL_pending.3 releng/10.0/secure/lib/libssl/man/SSL_read.3 releng/10.0/secure/lib/libssl/man/SSL_rstate_string.3 releng/10.0/secure/lib/libssl/man/SSL_session_reused.3 releng/10.0/secure/lib/libssl/man/SSL_set_bio.3 releng/10.0/secure/lib/libssl/man/SSL_set_connect_state.3 releng/10.0/secure/lib/libssl/man/SSL_set_fd.3 releng/10.0/secure/lib/libssl/man/SSL_set_session.3 releng/10.0/secure/lib/libssl/man/SSL_set_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_set_verify_result.3 releng/10.0/secure/lib/libssl/man/SSL_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_state_string.3 releng/10.0/secure/lib/libssl/man/SSL_want.3 releng/10.0/secure/lib/libssl/man/SSL_write.3 releng/10.0/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/10.0/secure/lib/libssl/man/ssl.3 releng/10.0/secure/usr.bin/openssl/Makefile.man releng/10.0/secure/usr.bin/openssl/man/CA.pl.1 releng/10.0/secure/usr.bin/openssl/man/asn1parse.1 releng/10.0/secure/usr.bin/openssl/man/ca.1 releng/10.0/secure/usr.bin/openssl/man/ciphers.1 releng/10.0/secure/usr.bin/openssl/man/cms.1 releng/10.0/secure/usr.bin/openssl/man/crl.1 releng/10.0/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/10.0/secure/usr.bin/openssl/man/dgst.1 releng/10.0/secure/usr.bin/openssl/man/dhparam.1 releng/10.0/secure/usr.bin/openssl/man/dsa.1 releng/10.0/secure/usr.bin/openssl/man/dsaparam.1 releng/10.0/secure/usr.bin/openssl/man/ec.1 releng/10.0/secure/usr.bin/openssl/man/ecparam.1 releng/10.0/secure/usr.bin/openssl/man/enc.1 releng/10.0/secure/usr.bin/openssl/man/errstr.1 releng/10.0/secure/usr.bin/openssl/man/gendsa.1 releng/10.0/secure/usr.bin/openssl/man/genpkey.1 releng/10.0/secure/usr.bin/openssl/man/genrsa.1 releng/10.0/secure/usr.bin/openssl/man/nseq.1 releng/10.0/secure/usr.bin/openssl/man/ocsp.1 releng/10.0/secure/usr.bin/openssl/man/openssl.1 releng/10.0/secure/usr.bin/openssl/man/passwd.1 releng/10.0/secure/usr.bin/openssl/man/pkcs12.1 releng/10.0/secure/usr.bin/openssl/man/pkcs7.1 releng/10.0/secure/usr.bin/openssl/man/pkcs8.1 releng/10.0/secure/usr.bin/openssl/man/pkey.1 releng/10.0/secure/usr.bin/openssl/man/pkeyparam.1 releng/10.0/secure/usr.bin/openssl/man/pkeyutl.1 releng/10.0/secure/usr.bin/openssl/man/rand.1 releng/10.0/secure/usr.bin/openssl/man/req.1 releng/10.0/secure/usr.bin/openssl/man/rsa.1 releng/10.0/secure/usr.bin/openssl/man/rsautl.1 releng/10.0/secure/usr.bin/openssl/man/s_client.1 releng/10.0/secure/usr.bin/openssl/man/s_server.1 releng/10.0/secure/usr.bin/openssl/man/s_time.1 releng/10.0/secure/usr.bin/openssl/man/sess_id.1 releng/10.0/secure/usr.bin/openssl/man/smime.1 releng/10.0/secure/usr.bin/openssl/man/speed.1 releng/10.0/secure/usr.bin/openssl/man/spkac.1 releng/10.0/secure/usr.bin/openssl/man/ts.1 releng/10.0/secure/usr.bin/openssl/man/tsget.1 releng/10.0/secure/usr.bin/openssl/man/verify.1 releng/10.0/secure/usr.bin/openssl/man/version.1 releng/10.0/secure/usr.bin/openssl/man/x509.1 releng/10.0/secure/usr.bin/openssl/man/x509v3_config.1 releng/10.0/sys/conf/newvers.sh releng/10.0/sys/netinet/igmp.c releng/10.0/usr.sbin/freebsd-update/freebsd-update.sh releng/10.1/UPDATING releng/10.1/crypto/openssl/CHANGES releng/10.1/crypto/openssl/Configure releng/10.1/crypto/openssl/Makefile releng/10.1/crypto/openssl/NEWS releng/10.1/crypto/openssl/README releng/10.1/crypto/openssl/apps/ca.c releng/10.1/crypto/openssl/apps/dgst.c releng/10.1/crypto/openssl/apps/ocsp.c releng/10.1/crypto/openssl/apps/openssl.c releng/10.1/crypto/openssl/apps/s_client.c releng/10.1/crypto/openssl/apps/s_server.c releng/10.1/crypto/openssl/apps/s_time.c releng/10.1/crypto/openssl/apps/speed.c releng/10.1/crypto/openssl/crypto/Makefile releng/10.1/crypto/openssl/crypto/aes/asm/aes-mips.pl releng/10.1/crypto/openssl/crypto/asn1/asn1.h releng/10.1/crypto/openssl/crypto/asn1/asn1_err.c releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.1/crypto/openssl/crypto/asn1/x_name.c releng/10.1/crypto/openssl/crypto/bio/bio.h releng/10.1/crypto/openssl/crypto/bio/bss_dgram.c releng/10.1/crypto/openssl/crypto/bn/bn.h releng/10.1/crypto/openssl/crypto/bn/bn_ctx.c releng/10.1/crypto/openssl/crypto/bn/bn_div.c releng/10.1/crypto/openssl/crypto/bn/bntest.c releng/10.1/crypto/openssl/crypto/constant_time_locl.h releng/10.1/crypto/openssl/crypto/cversion.c releng/10.1/crypto/openssl/crypto/dso/dso_dlfcn.c releng/10.1/crypto/openssl/crypto/ec/ec_lib.c releng/10.1/crypto/openssl/crypto/ec/ec_mult.c releng/10.1/crypto/openssl/crypto/ec/ec_pmeth.c releng/10.1/crypto/openssl/crypto/ec/ecp_nistp256.c releng/10.1/crypto/openssl/crypto/ec/ectest.c releng/10.1/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.1/crypto/openssl/crypto/engine/eng_dyn.c releng/10.1/crypto/openssl/crypto/evp/Makefile releng/10.1/crypto/openssl/crypto/evp/e_des3.c releng/10.1/crypto/openssl/crypto/evp/evp_enc.c releng/10.1/crypto/openssl/crypto/md32_common.h releng/10.1/crypto/openssl/crypto/mem.c releng/10.1/crypto/openssl/crypto/objects/obj_xref.h releng/10.1/crypto/openssl/crypto/objects/objxref.pl releng/10.1/crypto/openssl/crypto/opensslv.h releng/10.1/crypto/openssl/crypto/sha/asm/sha1-mips.pl releng/10.1/crypto/openssl/crypto/sha/asm/sha512-mips.pl releng/10.1/crypto/openssl/crypto/ts/ts_rsp_sign.c releng/10.1/crypto/openssl/crypto/x509/x509_vpm.c releng/10.1/crypto/openssl/crypto/x509v3/v3_ncons.c releng/10.1/crypto/openssl/doc/HOWTO/certificates.txt releng/10.1/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/10.1/crypto/openssl/doc/apps/dgst.pod releng/10.1/crypto/openssl/doc/apps/ocsp.pod releng/10.1/crypto/openssl/doc/crypto/EVP_EncryptInit.pod releng/10.1/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod releng/10.1/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod releng/10.1/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/10.1/crypto/openssl/e_os.h releng/10.1/crypto/openssl/engines/e_padlock.c releng/10.1/crypto/openssl/ssl/d1_both.c releng/10.1/crypto/openssl/ssl/d1_clnt.c releng/10.1/crypto/openssl/ssl/d1_enc.c releng/10.1/crypto/openssl/ssl/d1_lib.c releng/10.1/crypto/openssl/ssl/d1_pkt.c releng/10.1/crypto/openssl/ssl/d1_srvr.c releng/10.1/crypto/openssl/ssl/dtls1.h releng/10.1/crypto/openssl/ssl/kssl.c releng/10.1/crypto/openssl/ssl/s23_srvr.c releng/10.1/crypto/openssl/ssl/s2_enc.c releng/10.1/crypto/openssl/ssl/s2_pkt.c releng/10.1/crypto/openssl/ssl/s2_srvr.c releng/10.1/crypto/openssl/ssl/s3_both.c releng/10.1/crypto/openssl/ssl/s3_clnt.c releng/10.1/crypto/openssl/ssl/s3_enc.c releng/10.1/crypto/openssl/ssl/s3_lib.c releng/10.1/crypto/openssl/ssl/s3_meth.c releng/10.1/crypto/openssl/ssl/s3_pkt.c releng/10.1/crypto/openssl/ssl/s3_srvr.c releng/10.1/crypto/openssl/ssl/srtp.h releng/10.1/crypto/openssl/ssl/ssl.h releng/10.1/crypto/openssl/ssl/ssl3.h releng/10.1/crypto/openssl/ssl/ssl_cert.c releng/10.1/crypto/openssl/ssl/ssl_ciph.c releng/10.1/crypto/openssl/ssl/ssl_lib.c releng/10.1/crypto/openssl/ssl/ssl_locl.h releng/10.1/crypto/openssl/ssl/ssl_sess.c releng/10.1/crypto/openssl/ssl/ssltest.c releng/10.1/crypto/openssl/ssl/t1_enc.c releng/10.1/crypto/openssl/ssl/t1_lib.c releng/10.1/crypto/openssl/util/mk1mf.pl releng/10.1/crypto/openssl/util/mkdef.pl releng/10.1/crypto/openssl/util/pl/netware.pl releng/10.1/crypto/openssl/util/ssleay.num releng/10.1/secure/lib/libcrypto/Makefile releng/10.1/secure/lib/libcrypto/Makefile.inc releng/10.1/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/10.1/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/10.1/secure/lib/libcrypto/man/BIO_ctrl.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_base64.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_md.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_null.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/10.1/secure/lib/libcrypto/man/BIO_find_type.3 releng/10.1/secure/lib/libcrypto/man/BIO_new.3 releng/10.1/secure/lib/libcrypto/man/BIO_new_CMS.3 releng/10.1/secure/lib/libcrypto/man/BIO_push.3 releng/10.1/secure/lib/libcrypto/man/BIO_read.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_accept.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_bio.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_connect.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_fd.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_file.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_mem.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_null.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_socket.3 releng/10.1/secure/lib/libcrypto/man/BIO_set_callback.3 releng/10.1/secure/lib/libcrypto/man/BIO_should_retry.3 releng/10.1/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/10.1/secure/lib/libcrypto/man/BN_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/BN_CTX_start.3 releng/10.1/secure/lib/libcrypto/man/BN_add.3 releng/10.1/secure/lib/libcrypto/man/BN_add_word.3 releng/10.1/secure/lib/libcrypto/man/BN_bn2bin.3 releng/10.1/secure/lib/libcrypto/man/BN_cmp.3 releng/10.1/secure/lib/libcrypto/man/BN_copy.3 releng/10.1/secure/lib/libcrypto/man/BN_generate_prime.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/10.1/secure/lib/libcrypto/man/BN_new.3 releng/10.1/secure/lib/libcrypto/man/BN_num_bytes.3 releng/10.1/secure/lib/libcrypto/man/BN_rand.3 releng/10.1/secure/lib/libcrypto/man/BN_set_bit.3 releng/10.1/secure/lib/libcrypto/man/BN_swap.3 releng/10.1/secure/lib/libcrypto/man/BN_zero.3 releng/10.1/secure/lib/libcrypto/man/CMS_add0_cert.3 releng/10.1/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 releng/10.1/secure/lib/libcrypto/man/CMS_add1_signer.3 releng/10.1/secure/lib/libcrypto/man/CMS_compress.3 releng/10.1/secure/lib/libcrypto/man/CMS_decrypt.3 releng/10.1/secure/lib/libcrypto/man/CMS_encrypt.3 releng/10.1/secure/lib/libcrypto/man/CMS_final.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_type.3 releng/10.1/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 releng/10.1/secure/lib/libcrypto/man/CMS_sign.3 releng/10.1/secure/lib/libcrypto/man/CMS_sign_receipt.3 releng/10.1/secure/lib/libcrypto/man/CMS_uncompress.3 releng/10.1/secure/lib/libcrypto/man/CMS_verify.3 releng/10.1/secure/lib/libcrypto/man/CMS_verify_receipt.3 releng/10.1/secure/lib/libcrypto/man/CONF_modules_free.3 releng/10.1/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/10.1/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/10.1/secure/lib/libcrypto/man/DH_generate_key.3 releng/10.1/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/10.1/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/DH_new.3 releng/10.1/secure/lib/libcrypto/man/DH_set_method.3 releng/10.1/secure/lib/libcrypto/man/DH_size.3 releng/10.1/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/10.1/secure/lib/libcrypto/man/DSA_do_sign.3 releng/10.1/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/10.1/secure/lib/libcrypto/man/DSA_generate_key.3 releng/10.1/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/10.1/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/DSA_new.3 releng/10.1/secure/lib/libcrypto/man/DSA_set_method.3 releng/10.1/secure/lib/libcrypto/man/DSA_sign.3 releng/10.1/secure/lib/libcrypto/man/DSA_size.3 releng/10.1/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/10.1/secure/lib/libcrypto/man/ERR_clear_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_error_string.3 releng/10.1/secure/lib/libcrypto/man/ERR_get_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/10.1/secure/lib/libcrypto/man/ERR_load_strings.3 releng/10.1/secure/lib/libcrypto/man/ERR_print_errors.3 releng/10.1/secure/lib/libcrypto/man/ERR_put_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_remove_state.3 releng/10.1/secure/lib/libcrypto/man/ERR_set_mark.3 releng/10.1/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestSignInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_derive.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_sign.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 releng/10.1/secure/lib/libcrypto/man/EVP_SealInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_SignInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/10.1/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_config.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/10.1/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 releng/10.1/secure/lib/libcrypto/man/PKCS12_create.3 releng/10.1/secure/lib/libcrypto/man/PKCS12_parse.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_sign.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_verify.3 releng/10.1/secure/lib/libcrypto/man/RAND_add.3 releng/10.1/secure/lib/libcrypto/man/RAND_bytes.3 releng/10.1/secure/lib/libcrypto/man/RAND_cleanup.3 releng/10.1/secure/lib/libcrypto/man/RAND_egd.3 releng/10.1/secure/lib/libcrypto/man/RAND_load_file.3 releng/10.1/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/10.1/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/10.1/secure/lib/libcrypto/man/RSA_check_key.3 releng/10.1/secure/lib/libcrypto/man/RSA_generate_key.3 releng/10.1/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/RSA_new.3 releng/10.1/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/10.1/secure/lib/libcrypto/man/RSA_print.3 releng/10.1/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/10.1/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/10.1/secure/lib/libcrypto/man/RSA_set_method.3 releng/10.1/secure/lib/libcrypto/man/RSA_sign.3 releng/10.1/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/10.1/secure/lib/libcrypto/man/RSA_size.3 releng/10.1/secure/lib/libcrypto/man/SMIME_read_CMS.3 releng/10.1/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/10.1/secure/lib/libcrypto/man/SMIME_write_CMS.3 releng/10.1/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 releng/10.1/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 releng/10.1/secure/lib/libcrypto/man/X509_new.3 releng/10.1/secure/lib/libcrypto/man/X509_verify_cert.3 releng/10.1/secure/lib/libcrypto/man/bio.3 releng/10.1/secure/lib/libcrypto/man/blowfish.3 releng/10.1/secure/lib/libcrypto/man/bn.3 releng/10.1/secure/lib/libcrypto/man/bn_internal.3 releng/10.1/secure/lib/libcrypto/man/buffer.3 releng/10.1/secure/lib/libcrypto/man/crypto.3 releng/10.1/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/10.1/secure/lib/libcrypto/man/d2i_DHparams.3 releng/10.1/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/10.1/secure/lib/libcrypto/man/des.3 releng/10.1/secure/lib/libcrypto/man/dh.3 releng/10.1/secure/lib/libcrypto/man/dsa.3 releng/10.1/secure/lib/libcrypto/man/ecdsa.3 releng/10.1/secure/lib/libcrypto/man/engine.3 releng/10.1/secure/lib/libcrypto/man/err.3 releng/10.1/secure/lib/libcrypto/man/evp.3 releng/10.1/secure/lib/libcrypto/man/hmac.3 releng/10.1/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 releng/10.1/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 releng/10.1/secure/lib/libcrypto/man/lh_stats.3 releng/10.1/secure/lib/libcrypto/man/lhash.3 releng/10.1/secure/lib/libcrypto/man/md5.3 releng/10.1/secure/lib/libcrypto/man/mdc2.3 releng/10.1/secure/lib/libcrypto/man/pem.3 releng/10.1/secure/lib/libcrypto/man/rand.3 releng/10.1/secure/lib/libcrypto/man/rc4.3 releng/10.1/secure/lib/libcrypto/man/ripemd.3 releng/10.1/secure/lib/libcrypto/man/rsa.3 releng/10.1/secure/lib/libcrypto/man/sha.3 releng/10.1/secure/lib/libcrypto/man/threads.3 releng/10.1/secure/lib/libcrypto/man/ui.3 releng/10.1/secure/lib/libcrypto/man/ui_compat.3 releng/10.1/secure/lib/libcrypto/man/x509.3 releng/10.1/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/10.1/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_free.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_new.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_free.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/10.1/secure/lib/libssl/man/SSL_accept.3 releng/10.1/secure/lib/libssl/man/SSL_alert_type_string.3 releng/10.1/secure/lib/libssl/man/SSL_clear.3 releng/10.1/secure/lib/libssl/man/SSL_connect.3 releng/10.1/secure/lib/libssl/man/SSL_do_handshake.3 releng/10.1/secure/lib/libssl/man/SSL_free.3 releng/10.1/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/10.1/secure/lib/libssl/man/SSL_get_ciphers.3 releng/10.1/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/10.1/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/10.1/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/10.1/secure/lib/libssl/man/SSL_get_error.3 releng/10.1/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/10.1/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_get_fd.3 releng/10.1/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/10.1/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/10.1/secure/lib/libssl/man/SSL_get_psk_identity.3 releng/10.1/secure/lib/libssl/man/SSL_get_rbio.3 releng/10.1/secure/lib/libssl/man/SSL_get_session.3 releng/10.1/secure/lib/libssl/man/SSL_get_verify_result.3 releng/10.1/secure/lib/libssl/man/SSL_get_version.3 releng/10.1/secure/lib/libssl/man/SSL_library_init.3 releng/10.1/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/10.1/secure/lib/libssl/man/SSL_new.3 releng/10.1/secure/lib/libssl/man/SSL_pending.3 releng/10.1/secure/lib/libssl/man/SSL_read.3 releng/10.1/secure/lib/libssl/man/SSL_rstate_string.3 releng/10.1/secure/lib/libssl/man/SSL_session_reused.3 releng/10.1/secure/lib/libssl/man/SSL_set_bio.3 releng/10.1/secure/lib/libssl/man/SSL_set_connect_state.3 releng/10.1/secure/lib/libssl/man/SSL_set_fd.3 releng/10.1/secure/lib/libssl/man/SSL_set_session.3 releng/10.1/secure/lib/libssl/man/SSL_set_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_set_verify_result.3 releng/10.1/secure/lib/libssl/man/SSL_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_state_string.3 releng/10.1/secure/lib/libssl/man/SSL_want.3 releng/10.1/secure/lib/libssl/man/SSL_write.3 releng/10.1/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/10.1/secure/lib/libssl/man/ssl.3 releng/10.1/secure/usr.bin/openssl/man/CA.pl.1 releng/10.1/secure/usr.bin/openssl/man/asn1parse.1 releng/10.1/secure/usr.bin/openssl/man/c_rehash.1 releng/10.1/secure/usr.bin/openssl/man/ca.1 releng/10.1/secure/usr.bin/openssl/man/ciphers.1 releng/10.1/secure/usr.bin/openssl/man/cms.1 releng/10.1/secure/usr.bin/openssl/man/crl.1 releng/10.1/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/10.1/secure/usr.bin/openssl/man/dgst.1 releng/10.1/secure/usr.bin/openssl/man/dhparam.1 releng/10.1/secure/usr.bin/openssl/man/dsa.1 releng/10.1/secure/usr.bin/openssl/man/dsaparam.1 releng/10.1/secure/usr.bin/openssl/man/ec.1 releng/10.1/secure/usr.bin/openssl/man/ecparam.1 releng/10.1/secure/usr.bin/openssl/man/enc.1 releng/10.1/secure/usr.bin/openssl/man/errstr.1 releng/10.1/secure/usr.bin/openssl/man/gendsa.1 releng/10.1/secure/usr.bin/openssl/man/genpkey.1 releng/10.1/secure/usr.bin/openssl/man/genrsa.1 releng/10.1/secure/usr.bin/openssl/man/nseq.1 releng/10.1/secure/usr.bin/openssl/man/ocsp.1 releng/10.1/secure/usr.bin/openssl/man/openssl.1 releng/10.1/secure/usr.bin/openssl/man/passwd.1 releng/10.1/secure/usr.bin/openssl/man/pkcs12.1 releng/10.1/secure/usr.bin/openssl/man/pkcs7.1 releng/10.1/secure/usr.bin/openssl/man/pkcs8.1 releng/10.1/secure/usr.bin/openssl/man/pkey.1 releng/10.1/secure/usr.bin/openssl/man/pkeyparam.1 releng/10.1/secure/usr.bin/openssl/man/pkeyutl.1 releng/10.1/secure/usr.bin/openssl/man/rand.1 releng/10.1/secure/usr.bin/openssl/man/req.1 releng/10.1/secure/usr.bin/openssl/man/rsa.1 releng/10.1/secure/usr.bin/openssl/man/rsautl.1 releng/10.1/secure/usr.bin/openssl/man/s_client.1 releng/10.1/secure/usr.bin/openssl/man/s_server.1 releng/10.1/secure/usr.bin/openssl/man/s_time.1 releng/10.1/secure/usr.bin/openssl/man/sess_id.1 releng/10.1/secure/usr.bin/openssl/man/smime.1 releng/10.1/secure/usr.bin/openssl/man/speed.1 releng/10.1/secure/usr.bin/openssl/man/spkac.1 releng/10.1/secure/usr.bin/openssl/man/ts.1 releng/10.1/secure/usr.bin/openssl/man/tsget.1 releng/10.1/secure/usr.bin/openssl/man/verify.1 releng/10.1/secure/usr.bin/openssl/man/version.1 releng/10.1/secure/usr.bin/openssl/man/x509.1 releng/10.1/secure/usr.bin/openssl/man/x509v3_config.1 releng/10.1/sys/conf/newvers.sh releng/10.1/sys/dev/vt/vt_core.c releng/10.1/sys/netinet/igmp.c releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/UPDATING Wed Feb 25 05:56:16 2015 (r279264) @@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150225: p18 FreeBSD-SA-15:04.igmp + FreeBSD-EN-15:01.vt + FreeBSD-EN-15:02.openssl + FreeBSD-EN-15:03.freebsd-update + + Fix integer overflow in IGMP protocol. [SA-15:04] + + Fix vt(4) crash with improper ioctl parameters. [EN-15:01] + + Updated base system OpenSSL to 1.0.1l. [EN-15:02] + + Fix freebsd-update libraries update ordering issue. [EN-15:03] + 20150127: p17 FreeBSD-SA-15:02.kmem FreeBSD-SA-15:03.sctp Modified: releng/10.0/crypto/openssl/ACKNOWLEDGMENTS ============================================================================== --- releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:56:16 2015 (r279264) @@ -10,13 +10,18 @@ OpenSSL project. We would like to identify and thank the following such sponsors for their past or current significant support of the OpenSSL project: +Major support: + + Qualys http://www.qualys.com/ + Very significant support: - OpenGear: www.opengear.com + OpenGear: http://www.opengear.com/ Significant support: - PSW Group: www.psw.net + PSW Group: http://www.psw.net/ + Acano Ltd. http://acano.com/ Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. Modified: releng/10.0/crypto/openssl/CHANGES ============================================================================== --- releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:56:16 2015 (r279264) @@ -2,9 +2,376 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + + *) Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. + [David Benjamin, Emilia K?sper] + + *) Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) + [Emilia K?sper] + + *) Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. + + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. + [Emilia K?sper] + + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gr?bert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia K?sper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietam?ki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia K?sper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to J?ri Aedla for reporting this issue. (CVE-2014-0195) + [J?ri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gr?bert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gr?bert, Ivan Fratric, Steve Henson] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) TLS pad extension: draft-agl-tls-padding-03 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + [Adam Langley, Steve Henson] + + Changes between 1.0.1e and 1.0.1f [6 Jan 2014] + + *) Fix for TLS record tampering bug. A carefully crafted invalid + handshake could crash OpenSSL with a NULL pointer exception. + Thanks to Anton Johansson for reporting this issues. + (CVE-2013-4353) + + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] - *) + *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI + supporting platforms or when small records were transferred. + [Andy Polyakov, Steve Henson] Changes between 1.0.1c and 1.0.1d [5 Feb 2013] @@ -404,6 +771,63 @@ Add command line options to s_client/s_server. [Steve Henson] + Changes between 1.0.0j and 1.0.0k [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia K?sper for the initial patch. + (CVE-2013-0169) + [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + (This is a backport) + [Rob Stradling ] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + Changes between 1.0.0i and 1.0.0j [10 May 2012] + + [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after + OpenSSL 1.0.1.] + + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + Changes between 1.0.0h and 1.0.0i [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness @@ -1394,6 +1818,86 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + Changes between 0.9.8x and 0.9.8y [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia K?sper for the initial patch. + (CVE-2013-0169) + [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + (This is a backport) + [Rob Stradling ] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + Changes between 0.9.8w and 0.9.8x [10 May 2012] + + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + Changes between 0.9.8v and 0.9.8w [23 Apr 2012] + + *) The fix for CVE-2012-2110 did not take into account that the + 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an + int in OpenSSL 0.9.8, making it still vulnerable. Fix by + rejecting negative len parameter. (CVE-2012-2131) + [Tomas Hoger ] + + Changes between 0.9.8u and 0.9.8v [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + + Changes between 0.9.8t and 0.9.8u [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode for discovering this bug. + [Steve Henson] + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. @@ -1401,7 +1905,7 @@ Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) [Antonio Martin] - + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension Modified: releng/10.0/crypto/openssl/Configure ============================================================================== --- releng/10.0/crypto/openssl/Configure Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Configure Wed Feb 25 05:56:16 2015 (r279264) @@ -178,7 +178,7 @@ my %table=( "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -526,7 +526,7 @@ my %table=( # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target -"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 @@ -720,6 +720,7 @@ my %disabled = ( # "what" => "co "sctp" => "default", "shared" => "default", "store" => "experimental", + "unit-test" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -727,7 +728,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE"; +my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -803,6 +804,11 @@ PROCESS_ARGS: { $disabled{"tls1"} = "option(tls)" } + elsif ($1 eq "ssl3-method") + { + $disabled{"ssl3-method"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } else { $disabled{$1} = "option"; @@ -1766,6 +1772,9 @@ open(OUT,'>crypto/opensslconf.h.new') || print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; +print OUT "#ifdef __cplusplus\n"; +print OUT "extern \"C\" {\n"; +print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; @@ -1870,6 +1879,9 @@ while () { print OUT $_; } } close(IN); +print OUT "#ifdef __cplusplus\n"; +print OUT "}\n"; +print OUT "#endif\n"; close(OUT); rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; Modified: releng/10.0/crypto/openssl/FAQ ============================================================================== --- releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:56:16 2015 (r279264) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt @@ -768,6 +763,9 @@ openssl-security at openssl.org if you don' acknowledging receipt then resend or mail it directly to one of the more active team members (e.g. Steve). +Note that bugs only present in the openssl utility are not in general +considered to be security issues. + [PROG] ======================================================================== * Is OpenSSL thread-safe? Modified: releng/10.0/crypto/openssl/Makefile ============================================================================== --- releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:56:16 2015 (r279264) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1e +VERSION=1.0.1l MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= EX_LIBS= EXE_EXT= @@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto build-shared; \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: releng/10.0/crypto/openssl/Makefile.org ============================================================================== --- releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:56:16 2015 (r279264) @@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto build-shared; \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: releng/10.0/crypto/openssl/NEWS ============================================================================== --- releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:56:16 2015 (r279264) @@ -5,11 +5,67 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + + o Build fixes for the Windows and OpenVMS platforms + + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] + + o Fix for CVE-2014-3512 + o Fix for CVE-2014-3511 + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3509 + o Fix for CVE-2014-5139 + o Fix for CVE-2014-3508 + + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] + + o Fix for CVE-2014-0224 + o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 + o Fix for CVE-2014-0195 + o Fix for CVE-2014-3470 + o Fix for CVE-2010-5298 + + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] + + o Fix for CVE-2014-0160 + o Add TLS padding extension workaround for broken servers. + o Fix for CVE-2014-0076 + + Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] + + o Don't include gmt_unix_time in TLS server and client random values + o Fix for TLS record tampering bug CVE-2013-4353 + o Fix for TLS version checking bug CVE-2013-6449 + o Fix for DTLS retransmission bug CVE-2013-6450 + + Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: o Corrected fix for CVE-2013-0169 - Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: + Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]: o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. @@ -17,24 +73,24 @@ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix for TLS AESNI record handling flaw CVE-2012-2686 - Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]: o Fix TLS/DTLS record length checking bug CVE-2012-2333 o Don't attempt to use non-FIPS composite ciphers in FIPS mode. - Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: + Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]: o Fix compilation error on non-x86 platforms. o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 - Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: + Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. - Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]: o TLS/DTLS heartbeat support. o SCTP support. @@ -47,17 +103,30 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. - Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: + Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. - Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: + Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 - Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f: + Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 @@ -65,7 +134,7 @@ o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 o Check for malformed RFC3779 data CVE-2011-4577 - Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: + Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]: o Fix for CRL vulnerability issue CVE-2011-3207 o Fix for ECDH crashes CVE-2011-3210 @@ -73,11 +142,11 @@ o Support ECDH ciphersuites for certificates using SHA2 algorithms. o Various DTLS fixes. - Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 @@ -85,18 +154,18 @@ o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. - Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: + Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]: o Fix for security issue CVE-2010-3864. o Fix for CVE-2010-2939 o Fix WIN32 build system for GOST ENGINE. - Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]: o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. - Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. @@ -119,20 +188,55 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: + + o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) + + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: + + o Fix for DTLS DoS issue CVE-2012-0050 + + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Fix policy check double free error CVE-2011-4109 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + o Check for malformed RFC3779 data CVE-2011-4577 + + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. @@ -140,12 +244,12 @@ o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. o Fix security issues CVE-2010-0740 and CVE-2010-0433. - Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: o Cipher definition fixes. o Workaround for slow RAND_poll() on some WIN32 versions. @@ -157,33 +261,33 @@ o Ticket and SNI coexistence fixes. o Many fixes to DTLS handling. - Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: o Temporary work around for CVE-2009-3555: disable renegotiation. - Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: o Fix various build issues. o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) - Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From delphij at FreeBSD.org Wed Feb 25 05:57:01 2015 From: delphij at FreeBSD.org (Xin LI) Date: Wed, 25 Feb 2015 05:56:56 +0000 (UTC) Subject: svn commit: r279265 - in releng: 8.4 8.4/contrib/bind9/lib/dns 8.4/crypto/openssl 8.4/crypto/openssl/apps 8.4/crypto/openssl/crypto 8.4/crypto/openssl/crypto/asn1 8.4/crypto/openssl/crypto/bio 8.4/... Message-ID: <201502250556.t1P5uuXI089096@svn.freebsd.org> Author: delphij Date: Wed Feb 25 05:56:54 2015 New Revision: 279265 URL: https://svnweb.freebsd.org/changeset/base/279265 Log: Fix integer overflow in IGMP protocol. [SA-15:04] Fix BIND remote denial of service vulnerability. [SA-15:05] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 0.9.8zd. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so Added: releng/8.4/crypto/openssl/crypto/constant_time_locl.h (contents, props changed) releng/8.4/crypto/openssl/crypto/constant_time_test.c (contents, props changed) releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod releng/8.4/crypto/openssl/test/constant_time_test.c (contents, props changed) releng/8.4/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) releng/9.3/crypto/openssl/crypto/constant_time_locl.h (contents, props changed) releng/9.3/crypto/openssl/crypto/constant_time_test.c (contents, props changed) releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod releng/9.3/crypto/openssl/test/constant_time_test.c (contents, props changed) releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) Deleted: releng/8.4/crypto/openssl/crypto/pkcs7/bio_ber.c releng/8.4/crypto/openssl/crypto/pkcs7/dec.c releng/8.4/crypto/openssl/crypto/pkcs7/des.pem releng/8.4/crypto/openssl/crypto/pkcs7/doc releng/8.4/crypto/openssl/crypto/pkcs7/enc.c releng/8.4/crypto/openssl/crypto/pkcs7/es1.pem releng/8.4/crypto/openssl/crypto/pkcs7/example.c releng/8.4/crypto/openssl/crypto/pkcs7/example.h releng/8.4/crypto/openssl/crypto/pkcs7/info.pem releng/8.4/crypto/openssl/crypto/pkcs7/infokey.pem releng/8.4/crypto/openssl/crypto/pkcs7/p7/ releng/8.4/crypto/openssl/crypto/pkcs7/server.pem releng/8.4/crypto/openssl/crypto/pkcs7/sign.c releng/8.4/crypto/openssl/crypto/pkcs7/t/ releng/8.4/crypto/openssl/crypto/pkcs7/verify.c releng/8.4/crypto/openssl/demos/eay/ releng/8.4/crypto/openssl/demos/maurice/ releng/9.3/crypto/openssl/crypto/pkcs7/bio_ber.c releng/9.3/crypto/openssl/crypto/pkcs7/dec.c releng/9.3/crypto/openssl/crypto/pkcs7/des.pem releng/9.3/crypto/openssl/crypto/pkcs7/doc releng/9.3/crypto/openssl/crypto/pkcs7/enc.c releng/9.3/crypto/openssl/crypto/pkcs7/es1.pem releng/9.3/crypto/openssl/crypto/pkcs7/example.c releng/9.3/crypto/openssl/crypto/pkcs7/example.h releng/9.3/crypto/openssl/crypto/pkcs7/info.pem releng/9.3/crypto/openssl/crypto/pkcs7/infokey.pem releng/9.3/crypto/openssl/crypto/pkcs7/p7/ releng/9.3/crypto/openssl/crypto/pkcs7/server.pem releng/9.3/crypto/openssl/crypto/pkcs7/sign.c releng/9.3/crypto/openssl/crypto/pkcs7/t/ releng/9.3/crypto/openssl/crypto/pkcs7/verify.c releng/9.3/crypto/openssl/demos/eay/ releng/9.3/crypto/openssl/demos/maurice/ Modified: releng/8.4/UPDATING releng/8.4/contrib/bind9/lib/dns/zone.c releng/8.4/crypto/openssl/ACKNOWLEDGMENTS releng/8.4/crypto/openssl/CHANGES releng/8.4/crypto/openssl/Configure releng/8.4/crypto/openssl/FAQ releng/8.4/crypto/openssl/Makefile releng/8.4/crypto/openssl/Makefile.org releng/8.4/crypto/openssl/NEWS releng/8.4/crypto/openssl/README releng/8.4/crypto/openssl/apps/apps.c releng/8.4/crypto/openssl/apps/ca.c releng/8.4/crypto/openssl/apps/crl2p7.c releng/8.4/crypto/openssl/apps/ocsp.c releng/8.4/crypto/openssl/apps/req.c releng/8.4/crypto/openssl/apps/s_server.c releng/8.4/crypto/openssl/apps/smime.c releng/8.4/crypto/openssl/apps/speed.c releng/8.4/crypto/openssl/crypto/LPdir_vms.c releng/8.4/crypto/openssl/crypto/LPdir_win.c releng/8.4/crypto/openssl/crypto/Makefile releng/8.4/crypto/openssl/crypto/asn1/a_int.c releng/8.4/crypto/openssl/crypto/asn1/a_strnid.c releng/8.4/crypto/openssl/crypto/asn1/asn1_lib.c releng/8.4/crypto/openssl/crypto/asn1/asn_mime.c releng/8.4/crypto/openssl/crypto/asn1/asn_pack.c releng/8.4/crypto/openssl/crypto/asn1/evp_asn1.c releng/8.4/crypto/openssl/crypto/asn1/t_pkey.c releng/8.4/crypto/openssl/crypto/asn1/t_x509.c releng/8.4/crypto/openssl/crypto/asn1/tasn_enc.c releng/8.4/crypto/openssl/crypto/bio/bio_lib.c releng/8.4/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/8.4/crypto/openssl/crypto/bn/bn_exp.c releng/8.4/crypto/openssl/crypto/bn/bn_gf2m.c releng/8.4/crypto/openssl/crypto/bn/bn_lib.c releng/8.4/crypto/openssl/crypto/bn/bn_mont.c releng/8.4/crypto/openssl/crypto/bn/bn_sqr.c releng/8.4/crypto/openssl/crypto/bn/exptest.c releng/8.4/crypto/openssl/crypto/cms/cms_cd.c releng/8.4/crypto/openssl/crypto/cms/cms_env.c releng/8.4/crypto/openssl/crypto/cms/cms_lib.c releng/8.4/crypto/openssl/crypto/cms/cms_sd.c releng/8.4/crypto/openssl/crypto/cms/cms_smime.c releng/8.4/crypto/openssl/crypto/conf/conf_api.c releng/8.4/crypto/openssl/crypto/conf/conf_def.c releng/8.4/crypto/openssl/crypto/ec/ec_key.c releng/8.4/crypto/openssl/crypto/ec/ec_lib.c releng/8.4/crypto/openssl/crypto/ec/ecp_smpl.c releng/8.4/crypto/openssl/crypto/ecdsa/Makefile releng/8.4/crypto/openssl/crypto/engine/eng_all.c releng/8.4/crypto/openssl/crypto/engine/engine.h releng/8.4/crypto/openssl/crypto/err/err_all.c releng/8.4/crypto/openssl/crypto/evp/bio_b64.c releng/8.4/crypto/openssl/crypto/evp/encode.c releng/8.4/crypto/openssl/crypto/idea/ideatest.c releng/8.4/crypto/openssl/crypto/md32_common.h releng/8.4/crypto/openssl/crypto/ocsp/ocsp_ht.c releng/8.4/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/8.4/crypto/openssl/crypto/opensslv.h releng/8.4/crypto/openssl/crypto/pkcs12/p12_crt.c releng/8.4/crypto/openssl/crypto/pkcs12/p12_kiss.c releng/8.4/crypto/openssl/crypto/pkcs7/Makefile releng/8.4/crypto/openssl/crypto/rand/md_rand.c releng/8.4/crypto/openssl/crypto/rsa/Makefile releng/8.4/crypto/openssl/crypto/rsa/rsa.h releng/8.4/crypto/openssl/crypto/rsa/rsa_eay.c releng/8.4/crypto/openssl/crypto/rsa/rsa_err.c releng/8.4/crypto/openssl/crypto/rsa/rsa_oaep.c releng/8.4/crypto/openssl/crypto/rsa/rsa_pk1.c releng/8.4/crypto/openssl/crypto/rsa/rsa_sign.c releng/8.4/crypto/openssl/crypto/ui/ui_lib.c releng/8.4/crypto/openssl/crypto/x86cpuid.pl releng/8.4/crypto/openssl/demos/x509/mkreq.c releng/8.4/crypto/openssl/doc/apps/asn1parse.pod releng/8.4/crypto/openssl/doc/apps/ca.pod releng/8.4/crypto/openssl/doc/apps/crl.pod releng/8.4/crypto/openssl/doc/apps/dhparam.pod releng/8.4/crypto/openssl/doc/apps/dsa.pod releng/8.4/crypto/openssl/doc/apps/ecparam.pod releng/8.4/crypto/openssl/doc/apps/gendsa.pod releng/8.4/crypto/openssl/doc/apps/genrsa.pod releng/8.4/crypto/openssl/doc/apps/rsa.pod releng/8.4/crypto/openssl/doc/apps/s_client.pod releng/8.4/crypto/openssl/doc/apps/s_server.pod releng/8.4/crypto/openssl/doc/apps/smime.pod releng/8.4/crypto/openssl/doc/apps/verify.pod releng/8.4/crypto/openssl/doc/apps/x509.pod releng/8.4/crypto/openssl/doc/apps/x509v3_config.pod releng/8.4/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod releng/8.4/crypto/openssl/doc/crypto/BIO_f_base64.pod releng/8.4/crypto/openssl/doc/crypto/BIO_push.pod releng/8.4/crypto/openssl/doc/crypto/CONF_modules_free.pod releng/8.4/crypto/openssl/doc/crypto/CONF_modules_load_file.pod releng/8.4/crypto/openssl/doc/crypto/ERR_get_error.pod releng/8.4/crypto/openssl/doc/crypto/OPENSSL_config.pod releng/8.4/crypto/openssl/doc/crypto/RSA_set_method.pod releng/8.4/crypto/openssl/doc/crypto/RSA_sign.pod releng/8.4/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod releng/8.4/crypto/openssl/doc/crypto/des.pod releng/8.4/crypto/openssl/doc/crypto/ecdsa.pod releng/8.4/crypto/openssl/doc/crypto/err.pod releng/8.4/crypto/openssl/doc/crypto/pem.pod releng/8.4/crypto/openssl/doc/crypto/ui.pod releng/8.4/crypto/openssl/doc/fingerprints.txt releng/8.4/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod releng/8.4/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod releng/8.4/crypto/openssl/doc/ssl/SSL_accept.pod releng/8.4/crypto/openssl/doc/ssl/SSL_clear.pod releng/8.4/crypto/openssl/doc/ssl/SSL_connect.pod releng/8.4/crypto/openssl/doc/ssl/SSL_do_handshake.pod releng/8.4/crypto/openssl/doc/ssl/SSL_get_version.pod releng/8.4/crypto/openssl/doc/ssl/SSL_read.pod releng/8.4/crypto/openssl/doc/ssl/SSL_session_reused.pod releng/8.4/crypto/openssl/doc/ssl/SSL_set_fd.pod releng/8.4/crypto/openssl/doc/ssl/SSL_set_session.pod releng/8.4/crypto/openssl/doc/ssl/SSL_set_shutdown.pod releng/8.4/crypto/openssl/doc/ssl/SSL_shutdown.pod releng/8.4/crypto/openssl/doc/ssl/SSL_write.pod releng/8.4/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod releng/8.4/crypto/openssl/e_os.h releng/8.4/crypto/openssl/openssl.spec releng/8.4/crypto/openssl/ssl/Makefile releng/8.4/crypto/openssl/ssl/d1_both.c releng/8.4/crypto/openssl/ssl/d1_lib.c releng/8.4/crypto/openssl/ssl/d1_pkt.c releng/8.4/crypto/openssl/ssl/d1_srvr.c releng/8.4/crypto/openssl/ssl/s23_lib.c releng/8.4/crypto/openssl/ssl/s3_cbc.c releng/8.4/crypto/openssl/ssl/s3_clnt.c releng/8.4/crypto/openssl/ssl/s3_lib.c releng/8.4/crypto/openssl/ssl/s3_pkt.c releng/8.4/crypto/openssl/ssl/s3_srvr.c releng/8.4/crypto/openssl/ssl/ssl.h releng/8.4/crypto/openssl/ssl/ssl3.h releng/8.4/crypto/openssl/ssl/ssl_ciph.c releng/8.4/crypto/openssl/ssl/ssl_lib.c releng/8.4/crypto/openssl/ssl/ssl_stat.c releng/8.4/crypto/openssl/ssl/ssltest.c releng/8.4/crypto/openssl/ssl/t1_enc.c releng/8.4/crypto/openssl/ssl/t1_lib.c releng/8.4/crypto/openssl/ssl/tls1.h releng/8.4/crypto/openssl/test/Makefile releng/8.4/crypto/openssl/test/cms-test.pl releng/8.4/crypto/openssl/test/testssl releng/8.4/crypto/openssl/util/libeay.num releng/8.4/crypto/openssl/util/mk1mf.pl releng/8.4/crypto/openssl/util/mkerr.pl releng/8.4/crypto/openssl/util/pl/VC-32.pl releng/8.4/secure/lib/libcrypto/Makefile releng/8.4/secure/lib/libcrypto/Makefile.inc releng/8.4/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/8.4/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/8.4/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/8.4/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/8.4/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/8.4/secure/lib/libcrypto/man/BIO_ctrl.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_base64.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_md.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_null.3 releng/8.4/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/8.4/secure/lib/libcrypto/man/BIO_find_type.3 releng/8.4/secure/lib/libcrypto/man/BIO_new.3 releng/8.4/secure/lib/libcrypto/man/BIO_push.3 releng/8.4/secure/lib/libcrypto/man/BIO_read.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_accept.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_bio.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_connect.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_fd.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_file.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_mem.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_null.3 releng/8.4/secure/lib/libcrypto/man/BIO_s_socket.3 releng/8.4/secure/lib/libcrypto/man/BIO_set_callback.3 releng/8.4/secure/lib/libcrypto/man/BIO_should_retry.3 releng/8.4/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/8.4/secure/lib/libcrypto/man/BN_CTX_new.3 releng/8.4/secure/lib/libcrypto/man/BN_CTX_start.3 releng/8.4/secure/lib/libcrypto/man/BN_add.3 releng/8.4/secure/lib/libcrypto/man/BN_add_word.3 releng/8.4/secure/lib/libcrypto/man/BN_bn2bin.3 releng/8.4/secure/lib/libcrypto/man/BN_cmp.3 releng/8.4/secure/lib/libcrypto/man/BN_copy.3 releng/8.4/secure/lib/libcrypto/man/BN_generate_prime.3 releng/8.4/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/8.4/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/8.4/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/8.4/secure/lib/libcrypto/man/BN_new.3 releng/8.4/secure/lib/libcrypto/man/BN_num_bytes.3 releng/8.4/secure/lib/libcrypto/man/BN_rand.3 releng/8.4/secure/lib/libcrypto/man/BN_set_bit.3 releng/8.4/secure/lib/libcrypto/man/BN_swap.3 releng/8.4/secure/lib/libcrypto/man/BN_zero.3 releng/8.4/secure/lib/libcrypto/man/CONF_modules_free.3 releng/8.4/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/8.4/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/8.4/secure/lib/libcrypto/man/DH_generate_key.3 releng/8.4/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/8.4/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/8.4/secure/lib/libcrypto/man/DH_new.3 releng/8.4/secure/lib/libcrypto/man/DH_set_method.3 releng/8.4/secure/lib/libcrypto/man/DH_size.3 releng/8.4/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/8.4/secure/lib/libcrypto/man/DSA_do_sign.3 releng/8.4/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/8.4/secure/lib/libcrypto/man/DSA_generate_key.3 releng/8.4/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/8.4/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/8.4/secure/lib/libcrypto/man/DSA_new.3 releng/8.4/secure/lib/libcrypto/man/DSA_set_method.3 releng/8.4/secure/lib/libcrypto/man/DSA_sign.3 releng/8.4/secure/lib/libcrypto/man/DSA_size.3 releng/8.4/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/8.4/secure/lib/libcrypto/man/ERR_clear_error.3 releng/8.4/secure/lib/libcrypto/man/ERR_error_string.3 releng/8.4/secure/lib/libcrypto/man/ERR_get_error.3 releng/8.4/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/8.4/secure/lib/libcrypto/man/ERR_load_strings.3 releng/8.4/secure/lib/libcrypto/man/ERR_print_errors.3 releng/8.4/secure/lib/libcrypto/man/ERR_put_error.3 releng/8.4/secure/lib/libcrypto/man/ERR_remove_state.3 releng/8.4/secure/lib/libcrypto/man/ERR_set_mark.3 releng/8.4/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/8.4/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/8.4/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/8.4/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/8.4/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/8.4/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/8.4/secure/lib/libcrypto/man/EVP_SealInit.3 releng/8.4/secure/lib/libcrypto/man/EVP_SignInit.3 releng/8.4/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/8.4/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/8.4/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/8.4/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/8.4/secure/lib/libcrypto/man/OPENSSL_config.3 releng/8.4/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/8.4/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/8.4/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/8.4/secure/lib/libcrypto/man/PKCS12_create.3 releng/8.4/secure/lib/libcrypto/man/PKCS12_parse.3 releng/8.4/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/8.4/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/8.4/secure/lib/libcrypto/man/PKCS7_sign.3 releng/8.4/secure/lib/libcrypto/man/PKCS7_verify.3 releng/8.4/secure/lib/libcrypto/man/RAND_add.3 releng/8.4/secure/lib/libcrypto/man/RAND_bytes.3 releng/8.4/secure/lib/libcrypto/man/RAND_cleanup.3 releng/8.4/secure/lib/libcrypto/man/RAND_egd.3 releng/8.4/secure/lib/libcrypto/man/RAND_load_file.3 releng/8.4/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/8.4/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/8.4/secure/lib/libcrypto/man/RSA_check_key.3 releng/8.4/secure/lib/libcrypto/man/RSA_generate_key.3 releng/8.4/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/8.4/secure/lib/libcrypto/man/RSA_new.3 releng/8.4/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/8.4/secure/lib/libcrypto/man/RSA_print.3 releng/8.4/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/8.4/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/8.4/secure/lib/libcrypto/man/RSA_set_method.3 releng/8.4/secure/lib/libcrypto/man/RSA_sign.3 releng/8.4/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/8.4/secure/lib/libcrypto/man/RSA_size.3 releng/8.4/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/8.4/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/8.4/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/8.4/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/8.4/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/8.4/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/8.4/secure/lib/libcrypto/man/X509_new.3 releng/8.4/secure/lib/libcrypto/man/bio.3 releng/8.4/secure/lib/libcrypto/man/blowfish.3 releng/8.4/secure/lib/libcrypto/man/bn.3 releng/8.4/secure/lib/libcrypto/man/bn_internal.3 releng/8.4/secure/lib/libcrypto/man/buffer.3 releng/8.4/secure/lib/libcrypto/man/crypto.3 releng/8.4/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/8.4/secure/lib/libcrypto/man/d2i_DHparams.3 releng/8.4/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/8.4/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/8.4/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/8.4/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/8.4/secure/lib/libcrypto/man/des.3 releng/8.4/secure/lib/libcrypto/man/dh.3 releng/8.4/secure/lib/libcrypto/man/dsa.3 releng/8.4/secure/lib/libcrypto/man/ecdsa.3 releng/8.4/secure/lib/libcrypto/man/engine.3 releng/8.4/secure/lib/libcrypto/man/err.3 releng/8.4/secure/lib/libcrypto/man/evp.3 releng/8.4/secure/lib/libcrypto/man/hmac.3 releng/8.4/secure/lib/libcrypto/man/lh_stats.3 releng/8.4/secure/lib/libcrypto/man/lhash.3 releng/8.4/secure/lib/libcrypto/man/md5.3 releng/8.4/secure/lib/libcrypto/man/mdc2.3 releng/8.4/secure/lib/libcrypto/man/pem.3 releng/8.4/secure/lib/libcrypto/man/rand.3 releng/8.4/secure/lib/libcrypto/man/rc4.3 releng/8.4/secure/lib/libcrypto/man/ripemd.3 releng/8.4/secure/lib/libcrypto/man/rsa.3 releng/8.4/secure/lib/libcrypto/man/sha.3 releng/8.4/secure/lib/libcrypto/man/threads.3 releng/8.4/secure/lib/libcrypto/man/ui.3 releng/8.4/secure/lib/libcrypto/man/ui_compat.3 releng/8.4/secure/lib/libcrypto/man/x509.3 releng/8.4/secure/lib/libssl/Makefile.man releng/8.4/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/8.4/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_free.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_new.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/8.4/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/8.4/secure/lib/libssl/man/SSL_SESSION_free.3 releng/8.4/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/8.4/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/8.4/secure/lib/libssl/man/SSL_accept.3 releng/8.4/secure/lib/libssl/man/SSL_alert_type_string.3 releng/8.4/secure/lib/libssl/man/SSL_clear.3 releng/8.4/secure/lib/libssl/man/SSL_connect.3 releng/8.4/secure/lib/libssl/man/SSL_do_handshake.3 releng/8.4/secure/lib/libssl/man/SSL_free.3 releng/8.4/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/8.4/secure/lib/libssl/man/SSL_get_ciphers.3 releng/8.4/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/8.4/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/8.4/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/8.4/secure/lib/libssl/man/SSL_get_error.3 releng/8.4/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/8.4/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/8.4/secure/lib/libssl/man/SSL_get_fd.3 releng/8.4/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/8.4/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/8.4/secure/lib/libssl/man/SSL_get_rbio.3 releng/8.4/secure/lib/libssl/man/SSL_get_session.3 releng/8.4/secure/lib/libssl/man/SSL_get_verify_result.3 releng/8.4/secure/lib/libssl/man/SSL_get_version.3 releng/8.4/secure/lib/libssl/man/SSL_library_init.3 releng/8.4/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/8.4/secure/lib/libssl/man/SSL_new.3 releng/8.4/secure/lib/libssl/man/SSL_pending.3 releng/8.4/secure/lib/libssl/man/SSL_read.3 releng/8.4/secure/lib/libssl/man/SSL_rstate_string.3 releng/8.4/secure/lib/libssl/man/SSL_session_reused.3 releng/8.4/secure/lib/libssl/man/SSL_set_bio.3 releng/8.4/secure/lib/libssl/man/SSL_set_connect_state.3 releng/8.4/secure/lib/libssl/man/SSL_set_fd.3 releng/8.4/secure/lib/libssl/man/SSL_set_session.3 releng/8.4/secure/lib/libssl/man/SSL_set_shutdown.3 releng/8.4/secure/lib/libssl/man/SSL_set_verify_result.3 releng/8.4/secure/lib/libssl/man/SSL_shutdown.3 releng/8.4/secure/lib/libssl/man/SSL_state_string.3 releng/8.4/secure/lib/libssl/man/SSL_want.3 releng/8.4/secure/lib/libssl/man/SSL_write.3 releng/8.4/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/8.4/secure/lib/libssl/man/ssl.3 releng/8.4/secure/usr.bin/openssl/man/CA.pl.1 releng/8.4/secure/usr.bin/openssl/man/asn1parse.1 releng/8.4/secure/usr.bin/openssl/man/ca.1 releng/8.4/secure/usr.bin/openssl/man/ciphers.1 releng/8.4/secure/usr.bin/openssl/man/crl.1 releng/8.4/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/8.4/secure/usr.bin/openssl/man/dgst.1 releng/8.4/secure/usr.bin/openssl/man/dhparam.1 releng/8.4/secure/usr.bin/openssl/man/dsa.1 releng/8.4/secure/usr.bin/openssl/man/dsaparam.1 releng/8.4/secure/usr.bin/openssl/man/ec.1 releng/8.4/secure/usr.bin/openssl/man/ecparam.1 releng/8.4/secure/usr.bin/openssl/man/enc.1 releng/8.4/secure/usr.bin/openssl/man/errstr.1 releng/8.4/secure/usr.bin/openssl/man/gendsa.1 releng/8.4/secure/usr.bin/openssl/man/genrsa.1 releng/8.4/secure/usr.bin/openssl/man/nseq.1 releng/8.4/secure/usr.bin/openssl/man/ocsp.1 releng/8.4/secure/usr.bin/openssl/man/openssl.1 releng/8.4/secure/usr.bin/openssl/man/passwd.1 releng/8.4/secure/usr.bin/openssl/man/pkcs12.1 releng/8.4/secure/usr.bin/openssl/man/pkcs7.1 releng/8.4/secure/usr.bin/openssl/man/pkcs8.1 releng/8.4/secure/usr.bin/openssl/man/rand.1 releng/8.4/secure/usr.bin/openssl/man/req.1 releng/8.4/secure/usr.bin/openssl/man/rsa.1 releng/8.4/secure/usr.bin/openssl/man/rsautl.1 releng/8.4/secure/usr.bin/openssl/man/s_client.1 releng/8.4/secure/usr.bin/openssl/man/s_server.1 releng/8.4/secure/usr.bin/openssl/man/s_time.1 releng/8.4/secure/usr.bin/openssl/man/sess_id.1 releng/8.4/secure/usr.bin/openssl/man/smime.1 releng/8.4/secure/usr.bin/openssl/man/speed.1 releng/8.4/secure/usr.bin/openssl/man/spkac.1 releng/8.4/secure/usr.bin/openssl/man/verify.1 releng/8.4/secure/usr.bin/openssl/man/version.1 releng/8.4/secure/usr.bin/openssl/man/x509.1 releng/8.4/secure/usr.bin/openssl/man/x509v3_config.1 releng/8.4/sys/conf/newvers.sh releng/8.4/sys/netinet/igmp.c releng/8.4/usr.sbin/freebsd-update/freebsd-update.sh releng/9.3/UPDATING releng/9.3/contrib/bind9/lib/dns/zone.c releng/9.3/crypto/openssl/CHANGES releng/9.3/crypto/openssl/FAQ releng/9.3/crypto/openssl/Makefile releng/9.3/crypto/openssl/NEWS releng/9.3/crypto/openssl/README releng/9.3/crypto/openssl/apps/apps.c releng/9.3/crypto/openssl/apps/ca.c releng/9.3/crypto/openssl/apps/crl2p7.c releng/9.3/crypto/openssl/apps/ocsp.c releng/9.3/crypto/openssl/apps/s_server.c releng/9.3/crypto/openssl/apps/speed.c releng/9.3/crypto/openssl/crypto/LPdir_vms.c releng/9.3/crypto/openssl/crypto/LPdir_win.c releng/9.3/crypto/openssl/crypto/Makefile releng/9.3/crypto/openssl/crypto/asn1/asn1_lib.c releng/9.3/crypto/openssl/crypto/asn1/asn_mime.c releng/9.3/crypto/openssl/crypto/asn1/asn_pack.c releng/9.3/crypto/openssl/crypto/asn1/evp_asn1.c releng/9.3/crypto/openssl/crypto/asn1/t_x509.c releng/9.3/crypto/openssl/crypto/asn1/tasn_enc.c releng/9.3/crypto/openssl/crypto/bio/bio_lib.c releng/9.3/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/9.3/crypto/openssl/crypto/bn/bn_exp.c releng/9.3/crypto/openssl/crypto/bn/bn_gf2m.c releng/9.3/crypto/openssl/crypto/bn/bn_lib.c releng/9.3/crypto/openssl/crypto/bn/bn_sqr.c releng/9.3/crypto/openssl/crypto/bn/exptest.c releng/9.3/crypto/openssl/crypto/conf/conf_api.c releng/9.3/crypto/openssl/crypto/conf/conf_def.c releng/9.3/crypto/openssl/crypto/ec/ec_key.c releng/9.3/crypto/openssl/crypto/ec/ec_lib.c releng/9.3/crypto/openssl/crypto/ec/ecp_smpl.c releng/9.3/crypto/openssl/crypto/ecdsa/Makefile releng/9.3/crypto/openssl/crypto/idea/ideatest.c releng/9.3/crypto/openssl/crypto/md32_common.h releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ht.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/9.3/crypto/openssl/crypto/opensslv.h releng/9.3/crypto/openssl/crypto/pkcs7/Makefile releng/9.3/crypto/openssl/crypto/rsa/Makefile releng/9.3/crypto/openssl/crypto/rsa/rsa.h releng/9.3/crypto/openssl/crypto/rsa/rsa_eay.c releng/9.3/crypto/openssl/crypto/rsa/rsa_err.c releng/9.3/crypto/openssl/crypto/rsa/rsa_oaep.c releng/9.3/crypto/openssl/crypto/rsa/rsa_pk1.c releng/9.3/crypto/openssl/crypto/rsa/rsa_sign.c releng/9.3/crypto/openssl/crypto/ui/ui_lib.c releng/9.3/crypto/openssl/doc/apps/asn1parse.pod releng/9.3/crypto/openssl/doc/apps/ca.pod releng/9.3/crypto/openssl/doc/apps/crl.pod releng/9.3/crypto/openssl/doc/apps/dhparam.pod releng/9.3/crypto/openssl/doc/apps/dsa.pod releng/9.3/crypto/openssl/doc/apps/ecparam.pod releng/9.3/crypto/openssl/doc/apps/gendsa.pod releng/9.3/crypto/openssl/doc/apps/genrsa.pod releng/9.3/crypto/openssl/doc/apps/rsa.pod releng/9.3/crypto/openssl/doc/apps/s_client.pod releng/9.3/crypto/openssl/doc/apps/s_server.pod releng/9.3/crypto/openssl/doc/apps/verify.pod releng/9.3/crypto/openssl/doc/apps/x509.pod releng/9.3/crypto/openssl/doc/apps/x509v3_config.pod releng/9.3/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod releng/9.3/crypto/openssl/doc/crypto/BIO_f_base64.pod releng/9.3/crypto/openssl/doc/crypto/BIO_push.pod releng/9.3/crypto/openssl/doc/crypto/ERR_get_error.pod releng/9.3/crypto/openssl/doc/crypto/RSA_set_method.pod releng/9.3/crypto/openssl/doc/crypto/RSA_sign.pod releng/9.3/crypto/openssl/doc/crypto/des.pod releng/9.3/crypto/openssl/doc/crypto/err.pod releng/9.3/crypto/openssl/doc/crypto/pem.pod releng/9.3/crypto/openssl/doc/crypto/ui.pod releng/9.3/crypto/openssl/doc/fingerprints.txt releng/9.3/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod releng/9.3/crypto/openssl/doc/ssl/SSL_get_version.pod releng/9.3/crypto/openssl/doc/ssl/SSL_shutdown.pod releng/9.3/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod releng/9.3/crypto/openssl/e_os.h releng/9.3/crypto/openssl/openssl.spec releng/9.3/crypto/openssl/ssl/Makefile releng/9.3/crypto/openssl/ssl/d1_both.c releng/9.3/crypto/openssl/ssl/d1_srvr.c releng/9.3/crypto/openssl/ssl/s23_lib.c releng/9.3/crypto/openssl/ssl/s3_cbc.c releng/9.3/crypto/openssl/ssl/s3_clnt.c releng/9.3/crypto/openssl/ssl/s3_pkt.c releng/9.3/crypto/openssl/ssl/s3_srvr.c releng/9.3/crypto/openssl/ssl/ssl.h releng/9.3/crypto/openssl/ssl/ssl_ciph.c releng/9.3/crypto/openssl/ssl/ssl_lib.c releng/9.3/crypto/openssl/ssl/ssl_stat.c releng/9.3/crypto/openssl/ssl/t1_lib.c releng/9.3/crypto/openssl/test/Makefile releng/9.3/crypto/openssl/util/mk1mf.pl releng/9.3/crypto/openssl/util/mkerr.pl releng/9.3/secure/lib/libcrypto/Makefile releng/9.3/secure/lib/libcrypto/Makefile.inc releng/9.3/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/9.3/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/9.3/secure/lib/libcrypto/man/BIO_ctrl.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_base64.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_md.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_null.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/9.3/secure/lib/libcrypto/man/BIO_find_type.3 releng/9.3/secure/lib/libcrypto/man/BIO_new.3 releng/9.3/secure/lib/libcrypto/man/BIO_push.3 releng/9.3/secure/lib/libcrypto/man/BIO_read.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_accept.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_bio.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_connect.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_fd.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_file.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_mem.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_null.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_socket.3 releng/9.3/secure/lib/libcrypto/man/BIO_set_callback.3 releng/9.3/secure/lib/libcrypto/man/BIO_should_retry.3 releng/9.3/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/9.3/secure/lib/libcrypto/man/BN_CTX_new.3 releng/9.3/secure/lib/libcrypto/man/BN_CTX_start.3 releng/9.3/secure/lib/libcrypto/man/BN_add.3 releng/9.3/secure/lib/libcrypto/man/BN_add_word.3 releng/9.3/secure/lib/libcrypto/man/BN_bn2bin.3 releng/9.3/secure/lib/libcrypto/man/BN_cmp.3 releng/9.3/secure/lib/libcrypto/man/BN_copy.3 releng/9.3/secure/lib/libcrypto/man/BN_generate_prime.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/9.3/secure/lib/libcrypto/man/BN_new.3 releng/9.3/secure/lib/libcrypto/man/BN_num_bytes.3 releng/9.3/secure/lib/libcrypto/man/BN_rand.3 releng/9.3/secure/lib/libcrypto/man/BN_set_bit.3 releng/9.3/secure/lib/libcrypto/man/BN_swap.3 releng/9.3/secure/lib/libcrypto/man/BN_zero.3 releng/9.3/secure/lib/libcrypto/man/CONF_modules_free.3 releng/9.3/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/9.3/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/9.3/secure/lib/libcrypto/man/DH_generate_key.3 releng/9.3/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/9.3/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/DH_new.3 releng/9.3/secure/lib/libcrypto/man/DH_set_method.3 releng/9.3/secure/lib/libcrypto/man/DH_size.3 releng/9.3/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/9.3/secure/lib/libcrypto/man/DSA_do_sign.3 releng/9.3/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/9.3/secure/lib/libcrypto/man/DSA_generate_key.3 releng/9.3/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/9.3/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/DSA_new.3 releng/9.3/secure/lib/libcrypto/man/DSA_set_method.3 releng/9.3/secure/lib/libcrypto/man/DSA_sign.3 releng/9.3/secure/lib/libcrypto/man/DSA_size.3 releng/9.3/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/9.3/secure/lib/libcrypto/man/ERR_clear_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_error_string.3 releng/9.3/secure/lib/libcrypto/man/ERR_get_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/9.3/secure/lib/libcrypto/man/ERR_load_strings.3 releng/9.3/secure/lib/libcrypto/man/ERR_print_errors.3 releng/9.3/secure/lib/libcrypto/man/ERR_put_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_remove_state.3 releng/9.3/secure/lib/libcrypto/man/ERR_set_mark.3 releng/9.3/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/9.3/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/9.3/secure/lib/libcrypto/man/EVP_SealInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_SignInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/9.3/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_config.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/9.3/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/9.3/secure/lib/libcrypto/man/PKCS12_create.3 releng/9.3/secure/lib/libcrypto/man/PKCS12_parse.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_sign.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_verify.3 releng/9.3/secure/lib/libcrypto/man/RAND_add.3 releng/9.3/secure/lib/libcrypto/man/RAND_bytes.3 releng/9.3/secure/lib/libcrypto/man/RAND_cleanup.3 releng/9.3/secure/lib/libcrypto/man/RAND_egd.3 releng/9.3/secure/lib/libcrypto/man/RAND_load_file.3 releng/9.3/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/9.3/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/9.3/secure/lib/libcrypto/man/RSA_check_key.3 releng/9.3/secure/lib/libcrypto/man/RSA_generate_key.3 releng/9.3/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/RSA_new.3 releng/9.3/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/9.3/secure/lib/libcrypto/man/RSA_print.3 releng/9.3/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/9.3/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/9.3/secure/lib/libcrypto/man/RSA_set_method.3 releng/9.3/secure/lib/libcrypto/man/RSA_sign.3 releng/9.3/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/9.3/secure/lib/libcrypto/man/RSA_size.3 releng/9.3/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/9.3/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/9.3/secure/lib/libcrypto/man/X509_new.3 releng/9.3/secure/lib/libcrypto/man/bio.3 releng/9.3/secure/lib/libcrypto/man/blowfish.3 releng/9.3/secure/lib/libcrypto/man/bn.3 releng/9.3/secure/lib/libcrypto/man/bn_internal.3 releng/9.3/secure/lib/libcrypto/man/buffer.3 releng/9.3/secure/lib/libcrypto/man/crypto.3 releng/9.3/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/9.3/secure/lib/libcrypto/man/d2i_DHparams.3 releng/9.3/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/9.3/secure/lib/libcrypto/man/des.3 releng/9.3/secure/lib/libcrypto/man/dh.3 releng/9.3/secure/lib/libcrypto/man/dsa.3 releng/9.3/secure/lib/libcrypto/man/ecdsa.3 releng/9.3/secure/lib/libcrypto/man/engine.3 releng/9.3/secure/lib/libcrypto/man/err.3 releng/9.3/secure/lib/libcrypto/man/evp.3 releng/9.3/secure/lib/libcrypto/man/hmac.3 releng/9.3/secure/lib/libcrypto/man/lh_stats.3 releng/9.3/secure/lib/libcrypto/man/lhash.3 releng/9.3/secure/lib/libcrypto/man/md5.3 releng/9.3/secure/lib/libcrypto/man/mdc2.3 releng/9.3/secure/lib/libcrypto/man/pem.3 releng/9.3/secure/lib/libcrypto/man/rand.3 releng/9.3/secure/lib/libcrypto/man/rc4.3 releng/9.3/secure/lib/libcrypto/man/ripemd.3 releng/9.3/secure/lib/libcrypto/man/rsa.3 releng/9.3/secure/lib/libcrypto/man/sha.3 releng/9.3/secure/lib/libcrypto/man/threads.3 releng/9.3/secure/lib/libcrypto/man/ui.3 releng/9.3/secure/lib/libcrypto/man/ui_compat.3 releng/9.3/secure/lib/libcrypto/man/x509.3 releng/9.3/secure/lib/libssl/Makefile.man releng/9.3/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/9.3/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_free.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_new.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_free.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/9.3/secure/lib/libssl/man/SSL_accept.3 releng/9.3/secure/lib/libssl/man/SSL_alert_type_string.3 releng/9.3/secure/lib/libssl/man/SSL_clear.3 releng/9.3/secure/lib/libssl/man/SSL_connect.3 releng/9.3/secure/lib/libssl/man/SSL_do_handshake.3 releng/9.3/secure/lib/libssl/man/SSL_free.3 releng/9.3/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/9.3/secure/lib/libssl/man/SSL_get_ciphers.3 releng/9.3/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/9.3/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/9.3/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/9.3/secure/lib/libssl/man/SSL_get_error.3 releng/9.3/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/9.3/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_get_fd.3 releng/9.3/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/9.3/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/9.3/secure/lib/libssl/man/SSL_get_rbio.3 releng/9.3/secure/lib/libssl/man/SSL_get_session.3 releng/9.3/secure/lib/libssl/man/SSL_get_verify_result.3 releng/9.3/secure/lib/libssl/man/SSL_get_version.3 releng/9.3/secure/lib/libssl/man/SSL_library_init.3 releng/9.3/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/9.3/secure/lib/libssl/man/SSL_new.3 releng/9.3/secure/lib/libssl/man/SSL_pending.3 releng/9.3/secure/lib/libssl/man/SSL_read.3 releng/9.3/secure/lib/libssl/man/SSL_rstate_string.3 releng/9.3/secure/lib/libssl/man/SSL_session_reused.3 releng/9.3/secure/lib/libssl/man/SSL_set_bio.3 releng/9.3/secure/lib/libssl/man/SSL_set_connect_state.3 releng/9.3/secure/lib/libssl/man/SSL_set_fd.3 releng/9.3/secure/lib/libssl/man/SSL_set_session.3 releng/9.3/secure/lib/libssl/man/SSL_set_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_set_verify_result.3 releng/9.3/secure/lib/libssl/man/SSL_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_state_string.3 releng/9.3/secure/lib/libssl/man/SSL_want.3 releng/9.3/secure/lib/libssl/man/SSL_write.3 releng/9.3/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/9.3/secure/lib/libssl/man/ssl.3 releng/9.3/secure/usr.bin/openssl/man/CA.pl.1 releng/9.3/secure/usr.bin/openssl/man/asn1parse.1 releng/9.3/secure/usr.bin/openssl/man/ca.1 releng/9.3/secure/usr.bin/openssl/man/ciphers.1 releng/9.3/secure/usr.bin/openssl/man/crl.1 releng/9.3/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/9.3/secure/usr.bin/openssl/man/dgst.1 releng/9.3/secure/usr.bin/openssl/man/dhparam.1 releng/9.3/secure/usr.bin/openssl/man/dsa.1 releng/9.3/secure/usr.bin/openssl/man/dsaparam.1 releng/9.3/secure/usr.bin/openssl/man/ec.1 releng/9.3/secure/usr.bin/openssl/man/ecparam.1 releng/9.3/secure/usr.bin/openssl/man/enc.1 releng/9.3/secure/usr.bin/openssl/man/errstr.1 releng/9.3/secure/usr.bin/openssl/man/gendsa.1 releng/9.3/secure/usr.bin/openssl/man/genrsa.1 releng/9.3/secure/usr.bin/openssl/man/nseq.1 releng/9.3/secure/usr.bin/openssl/man/ocsp.1 releng/9.3/secure/usr.bin/openssl/man/openssl.1 releng/9.3/secure/usr.bin/openssl/man/passwd.1 releng/9.3/secure/usr.bin/openssl/man/pkcs12.1 releng/9.3/secure/usr.bin/openssl/man/pkcs7.1 releng/9.3/secure/usr.bin/openssl/man/pkcs8.1 releng/9.3/secure/usr.bin/openssl/man/rand.1 releng/9.3/secure/usr.bin/openssl/man/req.1 releng/9.3/secure/usr.bin/openssl/man/rsa.1 releng/9.3/secure/usr.bin/openssl/man/rsautl.1 releng/9.3/secure/usr.bin/openssl/man/s_client.1 releng/9.3/secure/usr.bin/openssl/man/s_server.1 releng/9.3/secure/usr.bin/openssl/man/s_time.1 releng/9.3/secure/usr.bin/openssl/man/sess_id.1 releng/9.3/secure/usr.bin/openssl/man/smime.1 releng/9.3/secure/usr.bin/openssl/man/speed.1 releng/9.3/secure/usr.bin/openssl/man/spkac.1 releng/9.3/secure/usr.bin/openssl/man/verify.1 releng/9.3/secure/usr.bin/openssl/man/version.1 releng/9.3/secure/usr.bin/openssl/man/x509.1 releng/9.3/secure/usr.bin/openssl/man/x509v3_config.1 releng/9.3/sys/conf/newvers.sh releng/9.3/sys/dev/vt/vt_core.c releng/9.3/sys/netinet/igmp.c releng/9.3/usr.sbin/freebsd-update/freebsd-update.sh Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/UPDATING Wed Feb 25 05:56:54 2015 (r279265) @@ -15,6 +15,22 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20150225: p24 FreeBSD-SA-15:04.igmp + FreeBSD-SA-15:05.bind + FreeBSD-EN-15:01.vt + FreeBSD-EN-15:02.openssl + FreeBSD-EN-15:03.freebsd-update + + Fix integer overflow in IGMP protocol. [SA-15:04] + + Fix BIND remote denial of service vulnerability. [SA-15:05] + + Fix vt(4) crash with improper ioctl parameters. [EN-15:01] + + Updated base system OpenSSL to 0.9.8zd. [EN-15:02] + + Fix freebsd-update libraries update ordering issue. [EN-15:03] + 20150127: p23 FreeBSD-SA-15:02.kmem FreeBSD-SA-15:03.sctp Modified: releng/8.4/contrib/bind9/lib/dns/zone.c ============================================================================== --- releng/8.4/contrib/bind9/lib/dns/zone.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/contrib/bind9/lib/dns/zone.c Wed Feb 25 05:56:54 2015 (r279265) @@ -7687,6 +7687,12 @@ keyfetch_done(isc_task_t *task, isc_even namebuf, tag); trustkey = ISC_TRUE; } + } else { + /* + * No previously known key, and the key is not + * secure, so skip it. + */ + continue; } /* Delete old version */ @@ -7733,7 +7739,7 @@ keyfetch_done(isc_task_t *task, isc_even trust_key(zone, keyname, &dnskey, mctx); } - if (!deletekey) + if (secure && !deletekey) set_refreshkeytimer(zone, &keydata, now); } Modified: releng/8.4/crypto/openssl/ACKNOWLEDGMENTS ============================================================================== --- releng/8.4/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:56:54 2015 (r279265) @@ -10,13 +10,18 @@ OpenSSL project. We would like to identify and thank the following such sponsors for their past or current significant support of the OpenSSL project: +Major support: + + Qualys http://www.qualys.com/ + Very significant support: - OpenGear: www.opengear.com + OpenGear: http://www.opengear.com/ Significant support: - PSW Group: www.psw.net + PSW Group: http://www.psw.net/ + Acano Ltd. http://acano.com/ Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. Modified: releng/8.4/crypto/openssl/CHANGES ============================================================================== --- releng/8.4/crypto/openssl/CHANGES Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/CHANGES Wed Feb 25 05:56:54 2015 (r279265) @@ -2,6 +2,229 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + + Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gr?bert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia K?sper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia K?sper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to J?ri Aedla for reporting this issue. (CVE-2014-0195) + [J?ri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gr?bert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gr?bert, Ivan Fratric, Steve Henson] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + Thanks to mancha for backporting the fix to the 0.9.8 branch. + + *) Fix handling of warning-level alerts in SSL23 client mode so they + don't cause client-side termination (eg. on SNI unrecognized_name + warnings). Add client and server support for six additional alerts + per RFC 6066 and RFC 4279. + [mancha] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + Changes between 0.9.8x and 0.9.8y [5 Feb 2013] *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. Modified: releng/8.4/crypto/openssl/Configure ============================================================================== --- releng/8.4/crypto/openssl/Configure Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/Configure Wed Feb 25 05:56:54 2015 (r279265) @@ -166,7 +166,7 @@ my %table=( "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", Modified: releng/8.4/crypto/openssl/FAQ ============================================================================== --- releng/8.4/crypto/openssl/FAQ Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/FAQ Wed Feb 25 05:56:54 2015 (r279265) @@ -87,7 +87,7 @@ OpenSSL 1.0.1d was released on Feb 5th, In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at , or get it by anonymous CVS access. +ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. * Where is the documentation? @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt @@ -768,6 +763,9 @@ openssl-security at openssl.org if you don' acknowledging receipt then resend or mail it directly to one of the more active team members (e.g. Steve). +Note that bugs only present in the openssl utility are not in general +considered to be security issues. + [PROG] ======================================================================== * Is OpenSSL thread-safe? Modified: releng/8.4/crypto/openssl/Makefile ============================================================================== --- releng/8.4/crypto/openssl/Makefile Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/Makefile Wed Feb 25 05:56:54 2015 (r279265) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8y +VERSION=0.9.8zd MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -71,7 +71,7 @@ ARD=ar $(ARFLAGS) d RANLIB= /usr/bin/ranlib PERL= /usr/bin/perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib Modified: releng/8.4/crypto/openssl/Makefile.org ============================================================================== --- releng/8.4/crypto/openssl/Makefile.org Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/Makefile.org Wed Feb 25 05:56:54 2015 (r279265) @@ -69,7 +69,7 @@ ARD=ar $(ARFLAGS) d RANLIB= ranlib PERL= perl TAR= tar -TARFLAGS= --no-recursion +TARFLAGS= --no-recursion --record-size=10240 MAKEDEPPROG=makedepend LIBDIR=lib Modified: releng/8.4/crypto/openssl/NEWS ============================================================================== --- releng/8.4/crypto/openssl/NEWS Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/NEWS Wed Feb 25 05:56:54 2015 (r279265) @@ -5,34 +5,76 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: + Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + + Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]: + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + + Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: + + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3508 + + Known issues in OpenSSL 0.9.8za: + + o Compilation failure of s3_pkt.c on some platforms due to missing + include. Fixed in 0.9.8zb-dev. + o FIPS capable link failure with missing symbol BN_consttime_swap. + Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC + algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. + + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: + + o Fix for CVE-2014-0224 + o Fix for CVE-2014-0221 + o Fix for CVE-2014-0195 + o Fix for CVE-2014-3470 + o Fix for CVE-2014-0076 + o Fix for CVE-2010-5298 + o Fix to TLS alert handling. + + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 - Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 - Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) - Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 - Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. - Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 - Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 @@ -40,20 +82,20 @@ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. @@ -61,12 +103,12 @@ o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. o Fix security issues CVE-2010-0740 and CVE-2010-0433. - Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: o Cipher definition fixes. o Workaround for slow RAND_poll() on some WIN32 versions. @@ -78,33 +120,33 @@ o Ticket and SNI coexistence fixes. o Many fixes to DTLS handling. - Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: o Temporary work around for CVE-2009-3555: disable renegotiation. - Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: o Fix various build issues. o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) - Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: + Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]: o Fix security issue (CVE-2008-5077) o Merge FIPS 140-2 branch code. - Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]: o CryptoAPI ENGINE support. o Various precautionary measures. o Fix for bugs affecting certificate request creation. o Support for local machine keyset attribute in PKCS#12 files. - Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: + Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]: o Backport of CMS functionality to 0.9.8. o Fixes for bugs introduced with 0.9.8f. - Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: + Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]: o Add gcc 4.2 support. o Add support for AES and SSE2 assembly lanugauge optimization @@ -115,23 +157,23 @@ o RFC4507bis support. o TLS Extensions support. - Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: + Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]: o Various ciphersuite selection fixes. o RFC3779 support. - Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: + Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) o Changes to ciphersuite selection algorithm - Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 o New cipher Camellia - Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]: o Cipher string fixes. o Fixes for VC++ 2005. @@ -141,12 +183,12 @@ o Built in dynamic engine compilation support on Win32. o Fixes auto dynamic engine loading in Win32. - Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]: o Fix potential SSL 2.0 rollback, CVE-2005-2969 o Extended Windows CE support - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]: o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This @@ -220,36 +262,36 @@ o Added initial support for Win64. o Added alternate pkg-config files. - Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: + Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]: o FIPS 1.1.1 module linking. o Various ciphersuite selection fixes. - Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) - Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 - Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]: o Visual C++ 2005 fixes. o Update Windows build system for FIPS. - Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: + Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: o Fix SSL 2.0 Rollback, CVE-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations - Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]: o More compilation issues fixed. o Adaptation to more modern Kerberos API. @@ -258,7 +300,7 @@ o More constification. o Added processing of proxy certificates (RFC 3820). - Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: + Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]: o Several compilation issues fixed. o Many memory allocation failure checks added. @@ -266,12 +308,12 @@ o Mandatory basic checks on certificates. o Performance improvements. - Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: + Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]: o Fix race condition in CRL checking code. o Fixes to PKCS#7 (S/MIME) code. - Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: + Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]: o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug o Security: Fix null-pointer assignment in do_change_cipher_spec() @@ -279,14 +321,14 @@ o Multiple X509 verification fixes o Speed up HMAC and other operations - Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: + Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o New -ignore_err option to OCSP utility. o Various interop and bug fixes in S/MIME code. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack @@ -297,7 +339,7 @@ o ASN.1: treat domainComponent correctly. o Documentation: fixes and additions. - Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]: o Security: Important security related bugfixes. o Enhanced compatibility with MIT Kerberos. @@ -308,7 +350,7 @@ o SSL/TLS: now handles manual certificate chain building. o SSL/TLS: certain session ID malfunctions corrected. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]: o New library section OCSP. o Complete rewrite of ASN1 code. @@ -354,23 +396,23 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). - Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: + Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack o Security: make RSA blinding default. o Build: shared library support fixes. - Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]: o Important security related bugfixes. - Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]: o New configuration targets for Tandem OSS and A/UX. o New OIDs for Microsoft attributes. @@ -384,25 +426,25 @@ o Fixes for smaller building problems. o Updates of manuals, FAQ and other instructive documents. - Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: + Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]: o Important building fixes on Unix. - Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]: o Various important bugfixes. - Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]: o Important security related bugfixes. o Various SSL/TLS library bugfixes. - Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. - Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]: o Various SSL/TLS library bugfixes. o BIGNUM library fixes. @@ -415,7 +457,7 @@ Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. - Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]: o Security fix: PRNG improvements. o Security fix: RSA OAEP check. @@ -432,7 +474,7 @@ o Increase default size for BIO buffering filter. o Compatibility fixes in some scripts. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]: o Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. @@ -457,7 +499,7 @@ o New function BN_rand_range(). o Add "-rand" option to openssl s_client and s_server. - Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: + Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]: o Some documentation for BIO and SSL libraries. o Enhanced chain verification using key identifiers. @@ -472,7 +514,7 @@ [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. - Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: + Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]: o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 o Shared library support for HPUX and Solaris-gcc @@ -481,7 +523,7 @@ o New 'rand' application o New way to check for existence of algorithms from scripts - Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: + Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]: o S/MIME support in new 'smime' command o Documentation for the OpenSSL command line application @@ -517,7 +559,7 @@ o Enhanced support for Alpha Linux o Experimental MacOS support - Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: + Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]: o Transparent support for PKCS#8 format private keys: these are used by several software packages and are more secure than the standard @@ -528,7 +570,7 @@ o New pipe-like BIO that allows using the SSL library when actual I/O must be handled by the application (BIO pair) - Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: + Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]: o Lots of enhancements and cleanups to the Configuration mechanism o RSA OEAP related fixes o Added `openssl ca -revoke' option for revoking a certificate @@ -542,7 +584,7 @@ o Sparc assembler bignum implementation, optimized hash functions o Option to disable selected ciphers - Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: + Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]: o Fixed a security hole related to session resumption o Fixed RSA encryption routines for the p < q case o "ALL" in cipher lists now means "everything except NULL ciphers" @@ -564,7 +606,7 @@ o Lots of memory leak fixes. o Lots of bug fixes. - Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: + Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]: o Integration of the popular NO_RSA/NO_DSA patches o Initial support for compression inside the SSL record layer o Added BIO proxy and filtering functionality Modified: releng/8.4/crypto/openssl/README ============================================================================== --- releng/8.4/crypto/openssl/README Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/README Wed Feb 25 05:56:54 2015 (r279265) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8y 5 Feb 2013 + OpenSSL 0.9.8zd 8 Jan 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -190,7 +190,7 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the - current CVS or the last snapshot. They should follow the coding style of + current Git or the last snapshot. They should follow the coding style of OpenSSL and compile without warnings. Some of the core team developer targets can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL compiles on many varied platforms: try to ensure you only use portable Modified: releng/8.4/crypto/openssl/apps/apps.c ============================================================================== --- releng/8.4/crypto/openssl/apps/apps.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/apps/apps.c Wed Feb 25 05:56:54 2015 (r279265) @@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -558,12 +560,12 @@ int password_callback(char *buf, int buf if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, - PW_MIN_LENGTH,BUFSIZ-1); + PW_MIN_LENGTH,bufsiz-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, - PW_MIN_LENGTH,BUFSIZ-1, buf); + PW_MIN_LENGTH,bufsiz-1, buf); } if (ok >= 0) do @@ -1429,6 +1431,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: releng/8.4/crypto/openssl/apps/ca.c ============================================================================== --- releng/8.4/crypto/openssl/apps/ca.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/apps/ca.c Wed Feb 25 05:56:54 2015 (r279265) @@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: releng/8.4/crypto/openssl/apps/crl2p7.c ============================================================================== --- releng/8.4/crypto/openssl/apps/crl2p7.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/apps/crl2p7.c Wed Feb 25 05:56:54 2015 (r279265) @@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_push(certflst,*(++argv))) + { + sk_free(certflst); + goto end; + } } else { Modified: releng/8.4/crypto/openssl/apps/ocsp.c ============================================================================== --- releng/8.4/crypto/openssl/apps/ocsp.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/apps/ocsp.c Wed Feb 25 05:56:54 2015 (r279265) @@ -98,6 +98,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; char **args; char *host = NULL, *port = NULL, *path = "/"; + char *thost = NULL, *tport = NULL, *tpath = NULL; char *reqin = NULL, *respin = NULL; char *reqout = NULL, *respout = NULL; char *signfile = NULL, *keyfile = NULL; @@ -173,6 +174,12 @@ int MAIN(int argc, char **argv) } else if (!strcmp(*args, "-url")) { + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); if (args[1]) { args++; @@ -181,6 +188,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Error parsing URL\n"); badarg = 1; } + thost = host; + tport = port; + tpath = path; } else badarg = 1; } @@ -871,12 +881,12 @@ end: sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); - if (use_ssl != -1) - { - OPENSSL_free(host); - OPENSSL_free(port); - OPENSSL_free(path); - } + if (thost) + OPENSSL_free(thost); + if (tport) + OPENSSL_free(tport); + if (tpath) + OPENSSL_free(tpath); OPENSSL_EXIT(ret); } @@ -1334,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (ctx) SSL_CTX_free(ctx); Modified: releng/8.4/crypto/openssl/apps/req.c ============================================================================== --- releng/8.4/crypto/openssl/apps/req.c Wed Feb 25 05:56:16 2015 (r279264) +++ releng/8.4/crypto/openssl/apps/req.c Wed Feb 25 05:56:54 2015 (r279265) @@ -1574,7 +1574,13 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, n_min, n_max)) goto start; + if(!req_check_len(i, n_min, n_max)) + { + if (batch || value) + return 0; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***