svn commit: r296465 - in releng/9.3: . crypto/openssl crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf cry...
Xin LI
delphij at FreeBSD.org
Mon Mar 7 16:22:14 UTC 2016
Author: delphij
Date: Mon Mar 7 16:22:11 2016
New Revision: 296465
URL: https://svnweb.freebsd.org/changeset/base/296465
Log:
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl
Approved by: so
Added:
releng/9.3/crypto/openssl/doc/dir-locals.example.el
releng/9.3/crypto/openssl/doc/openssl-c-indent.el
releng/9.3/crypto/openssl/util/indent.pro
releng/9.3/crypto/openssl/util/openssl-format-source
releng/9.3/crypto/openssl/util/su-filter.pl
Deleted:
releng/9.3/crypto/openssl/crypto/des/t/
releng/9.3/crypto/openssl/test/bctest
releng/9.3/crypto/openssl/util/pod2mantest
Modified:
releng/9.3/UPDATING
releng/9.3/crypto/openssl/CHANGES
releng/9.3/crypto/openssl/FAQ
releng/9.3/crypto/openssl/Makefile
releng/9.3/crypto/openssl/Makefile.org
releng/9.3/crypto/openssl/NEWS
releng/9.3/crypto/openssl/README
releng/9.3/crypto/openssl/apps/app_rand.c
releng/9.3/crypto/openssl/apps/apps.c
releng/9.3/crypto/openssl/apps/apps.h
releng/9.3/crypto/openssl/apps/asn1pars.c
releng/9.3/crypto/openssl/apps/ca.c
releng/9.3/crypto/openssl/apps/ciphers.c
releng/9.3/crypto/openssl/apps/cms.c
releng/9.3/crypto/openssl/apps/crl.c
releng/9.3/crypto/openssl/apps/crl2p7.c
releng/9.3/crypto/openssl/apps/dgst.c
releng/9.3/crypto/openssl/apps/dh.c
releng/9.3/crypto/openssl/apps/dhparam.c
releng/9.3/crypto/openssl/apps/dsa.c
releng/9.3/crypto/openssl/apps/dsaparam.c
releng/9.3/crypto/openssl/apps/ec.c
releng/9.3/crypto/openssl/apps/ecparam.c
releng/9.3/crypto/openssl/apps/enc.c
releng/9.3/crypto/openssl/apps/engine.c
releng/9.3/crypto/openssl/apps/errstr.c
releng/9.3/crypto/openssl/apps/gendh.c
releng/9.3/crypto/openssl/apps/gendsa.c
releng/9.3/crypto/openssl/apps/genrsa.c
releng/9.3/crypto/openssl/apps/nseq.c
releng/9.3/crypto/openssl/apps/ocsp.c
releng/9.3/crypto/openssl/apps/openssl.c
releng/9.3/crypto/openssl/apps/passwd.c
releng/9.3/crypto/openssl/apps/pkcs12.c
releng/9.3/crypto/openssl/apps/pkcs7.c
releng/9.3/crypto/openssl/apps/pkcs8.c
releng/9.3/crypto/openssl/apps/prime.c
releng/9.3/crypto/openssl/apps/progs.h
releng/9.3/crypto/openssl/apps/rand.c
releng/9.3/crypto/openssl/apps/req.c
releng/9.3/crypto/openssl/apps/rsa.c
releng/9.3/crypto/openssl/apps/rsautl.c
releng/9.3/crypto/openssl/apps/s_apps.h
releng/9.3/crypto/openssl/apps/s_cb.c
releng/9.3/crypto/openssl/apps/s_client.c
releng/9.3/crypto/openssl/apps/s_server.c
releng/9.3/crypto/openssl/apps/s_socket.c
releng/9.3/crypto/openssl/apps/s_time.c
releng/9.3/crypto/openssl/apps/sess_id.c
releng/9.3/crypto/openssl/apps/smime.c
releng/9.3/crypto/openssl/apps/speed.c
releng/9.3/crypto/openssl/apps/spkac.c
releng/9.3/crypto/openssl/apps/testdsa.h
releng/9.3/crypto/openssl/apps/testrsa.h
releng/9.3/crypto/openssl/apps/timeouts.h
releng/9.3/crypto/openssl/apps/verify.c
releng/9.3/crypto/openssl/apps/version.c
releng/9.3/crypto/openssl/apps/winrand.c
releng/9.3/crypto/openssl/apps/x509.c
releng/9.3/crypto/openssl/bugs/alpha.c
releng/9.3/crypto/openssl/bugs/dggccbug.c
releng/9.3/crypto/openssl/bugs/sgiccbug.c
releng/9.3/crypto/openssl/bugs/stream.c
releng/9.3/crypto/openssl/bugs/ultrixcc.c
releng/9.3/crypto/openssl/crypto/LPdir_nyi.c
releng/9.3/crypto/openssl/crypto/LPdir_unix.c
releng/9.3/crypto/openssl/crypto/LPdir_vms.c
releng/9.3/crypto/openssl/crypto/LPdir_win.c
releng/9.3/crypto/openssl/crypto/LPdir_win32.c
releng/9.3/crypto/openssl/crypto/LPdir_wince.c
releng/9.3/crypto/openssl/crypto/aes/aes.h
releng/9.3/crypto/openssl/crypto/aes/aes_cbc.c
releng/9.3/crypto/openssl/crypto/aes/aes_cfb.c
releng/9.3/crypto/openssl/crypto/aes/aes_core.c
releng/9.3/crypto/openssl/crypto/aes/aes_ctr.c
releng/9.3/crypto/openssl/crypto/aes/aes_ecb.c
releng/9.3/crypto/openssl/crypto/aes/aes_ige.c
releng/9.3/crypto/openssl/crypto/aes/aes_locl.h
releng/9.3/crypto/openssl/crypto/aes/aes_misc.c
releng/9.3/crypto/openssl/crypto/aes/aes_ofb.c
releng/9.3/crypto/openssl/crypto/aes/aes_wrap.c
releng/9.3/crypto/openssl/crypto/asn1/a_bitstr.c
releng/9.3/crypto/openssl/crypto/asn1/a_bool.c
releng/9.3/crypto/openssl/crypto/asn1/a_bytes.c
releng/9.3/crypto/openssl/crypto/asn1/a_d2i_fp.c
releng/9.3/crypto/openssl/crypto/asn1/a_digest.c
releng/9.3/crypto/openssl/crypto/asn1/a_dup.c
releng/9.3/crypto/openssl/crypto/asn1/a_enum.c
releng/9.3/crypto/openssl/crypto/asn1/a_gentm.c
releng/9.3/crypto/openssl/crypto/asn1/a_hdr.c
releng/9.3/crypto/openssl/crypto/asn1/a_i2d_fp.c
releng/9.3/crypto/openssl/crypto/asn1/a_int.c
releng/9.3/crypto/openssl/crypto/asn1/a_mbstr.c
releng/9.3/crypto/openssl/crypto/asn1/a_meth.c
releng/9.3/crypto/openssl/crypto/asn1/a_object.c
releng/9.3/crypto/openssl/crypto/asn1/a_octet.c
releng/9.3/crypto/openssl/crypto/asn1/a_print.c
releng/9.3/crypto/openssl/crypto/asn1/a_set.c
releng/9.3/crypto/openssl/crypto/asn1/a_sign.c
releng/9.3/crypto/openssl/crypto/asn1/a_strex.c
releng/9.3/crypto/openssl/crypto/asn1/a_strnid.c
releng/9.3/crypto/openssl/crypto/asn1/a_time.c
releng/9.3/crypto/openssl/crypto/asn1/a_type.c
releng/9.3/crypto/openssl/crypto/asn1/a_utctm.c
releng/9.3/crypto/openssl/crypto/asn1/a_utf8.c
releng/9.3/crypto/openssl/crypto/asn1/a_verify.c
releng/9.3/crypto/openssl/crypto/asn1/asn1.h
releng/9.3/crypto/openssl/crypto/asn1/asn1_err.c
releng/9.3/crypto/openssl/crypto/asn1/asn1_gen.c
releng/9.3/crypto/openssl/crypto/asn1/asn1_lib.c
releng/9.3/crypto/openssl/crypto/asn1/asn1_mac.h
releng/9.3/crypto/openssl/crypto/asn1/asn1_par.c
releng/9.3/crypto/openssl/crypto/asn1/asn1t.h
releng/9.3/crypto/openssl/crypto/asn1/asn_mime.c
releng/9.3/crypto/openssl/crypto/asn1/asn_moid.c
releng/9.3/crypto/openssl/crypto/asn1/asn_pack.c
releng/9.3/crypto/openssl/crypto/asn1/charmap.h
releng/9.3/crypto/openssl/crypto/asn1/d2i_pr.c
releng/9.3/crypto/openssl/crypto/asn1/d2i_pu.c
releng/9.3/crypto/openssl/crypto/asn1/evp_asn1.c
releng/9.3/crypto/openssl/crypto/asn1/f_enum.c
releng/9.3/crypto/openssl/crypto/asn1/f_int.c
releng/9.3/crypto/openssl/crypto/asn1/f_string.c
releng/9.3/crypto/openssl/crypto/asn1/i2d_pr.c
releng/9.3/crypto/openssl/crypto/asn1/i2d_pu.c
releng/9.3/crypto/openssl/crypto/asn1/n_pkey.c
releng/9.3/crypto/openssl/crypto/asn1/nsseq.c
releng/9.3/crypto/openssl/crypto/asn1/p5_pbe.c
releng/9.3/crypto/openssl/crypto/asn1/p5_pbev2.c
releng/9.3/crypto/openssl/crypto/asn1/p8_key.c
releng/9.3/crypto/openssl/crypto/asn1/p8_pkey.c
releng/9.3/crypto/openssl/crypto/asn1/t_bitst.c
releng/9.3/crypto/openssl/crypto/asn1/t_crl.c
releng/9.3/crypto/openssl/crypto/asn1/t_pkey.c
releng/9.3/crypto/openssl/crypto/asn1/t_req.c
releng/9.3/crypto/openssl/crypto/asn1/t_spki.c
releng/9.3/crypto/openssl/crypto/asn1/t_x509.c
releng/9.3/crypto/openssl/crypto/asn1/t_x509a.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_enc.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_fre.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_new.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_prn.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_typ.c
releng/9.3/crypto/openssl/crypto/asn1/tasn_utl.c
releng/9.3/crypto/openssl/crypto/asn1/x_algor.c
releng/9.3/crypto/openssl/crypto/asn1/x_attrib.c
releng/9.3/crypto/openssl/crypto/asn1/x_bignum.c
releng/9.3/crypto/openssl/crypto/asn1/x_crl.c
releng/9.3/crypto/openssl/crypto/asn1/x_exten.c
releng/9.3/crypto/openssl/crypto/asn1/x_info.c
releng/9.3/crypto/openssl/crypto/asn1/x_long.c
releng/9.3/crypto/openssl/crypto/asn1/x_name.c
releng/9.3/crypto/openssl/crypto/asn1/x_pkey.c
releng/9.3/crypto/openssl/crypto/asn1/x_pubkey.c
releng/9.3/crypto/openssl/crypto/asn1/x_req.c
releng/9.3/crypto/openssl/crypto/asn1/x_sig.c
releng/9.3/crypto/openssl/crypto/asn1/x_spki.c
releng/9.3/crypto/openssl/crypto/asn1/x_val.c
releng/9.3/crypto/openssl/crypto/asn1/x_x509.c
releng/9.3/crypto/openssl/crypto/asn1/x_x509a.c
releng/9.3/crypto/openssl/crypto/bf/bf_cbc.c
releng/9.3/crypto/openssl/crypto/bf/bf_cfb64.c
releng/9.3/crypto/openssl/crypto/bf/bf_ecb.c
releng/9.3/crypto/openssl/crypto/bf/bf_enc.c
releng/9.3/crypto/openssl/crypto/bf/bf_locl.h
releng/9.3/crypto/openssl/crypto/bf/bf_ofb64.c
releng/9.3/crypto/openssl/crypto/bf/bf_opts.c
releng/9.3/crypto/openssl/crypto/bf/bf_pi.h
releng/9.3/crypto/openssl/crypto/bf/bf_skey.c
releng/9.3/crypto/openssl/crypto/bf/bfspeed.c
releng/9.3/crypto/openssl/crypto/bf/bftest.c
releng/9.3/crypto/openssl/crypto/bf/blowfish.h
releng/9.3/crypto/openssl/crypto/bio/b_dump.c
releng/9.3/crypto/openssl/crypto/bio/b_print.c
releng/9.3/crypto/openssl/crypto/bio/b_sock.c
releng/9.3/crypto/openssl/crypto/bio/bf_buff.c
releng/9.3/crypto/openssl/crypto/bio/bf_lbuf.c
releng/9.3/crypto/openssl/crypto/bio/bf_nbio.c
releng/9.3/crypto/openssl/crypto/bio/bf_null.c
releng/9.3/crypto/openssl/crypto/bio/bio.h
releng/9.3/crypto/openssl/crypto/bio/bio_cb.c
releng/9.3/crypto/openssl/crypto/bio/bio_err.c
releng/9.3/crypto/openssl/crypto/bio/bio_lcl.h
releng/9.3/crypto/openssl/crypto/bio/bio_lib.c
releng/9.3/crypto/openssl/crypto/bio/bss_acpt.c
releng/9.3/crypto/openssl/crypto/bio/bss_bio.c
releng/9.3/crypto/openssl/crypto/bio/bss_conn.c
releng/9.3/crypto/openssl/crypto/bio/bss_dgram.c
releng/9.3/crypto/openssl/crypto/bio/bss_fd.c
releng/9.3/crypto/openssl/crypto/bio/bss_file.c
releng/9.3/crypto/openssl/crypto/bio/bss_log.c
releng/9.3/crypto/openssl/crypto/bio/bss_mem.c
releng/9.3/crypto/openssl/crypto/bio/bss_null.c
releng/9.3/crypto/openssl/crypto/bio/bss_rtcp.c
releng/9.3/crypto/openssl/crypto/bio/bss_sock.c
releng/9.3/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
releng/9.3/crypto/openssl/crypto/bn/bn.h
releng/9.3/crypto/openssl/crypto/bn/bn_add.c
releng/9.3/crypto/openssl/crypto/bn/bn_asm.c
releng/9.3/crypto/openssl/crypto/bn/bn_blind.c
releng/9.3/crypto/openssl/crypto/bn/bn_const.c
releng/9.3/crypto/openssl/crypto/bn/bn_ctx.c
releng/9.3/crypto/openssl/crypto/bn/bn_depr.c
releng/9.3/crypto/openssl/crypto/bn/bn_div.c
releng/9.3/crypto/openssl/crypto/bn/bn_err.c
releng/9.3/crypto/openssl/crypto/bn/bn_exp.c
releng/9.3/crypto/openssl/crypto/bn/bn_exp2.c
releng/9.3/crypto/openssl/crypto/bn/bn_gcd.c
releng/9.3/crypto/openssl/crypto/bn/bn_gf2m.c
releng/9.3/crypto/openssl/crypto/bn/bn_kron.c
releng/9.3/crypto/openssl/crypto/bn/bn_lcl.h
releng/9.3/crypto/openssl/crypto/bn/bn_lib.c
releng/9.3/crypto/openssl/crypto/bn/bn_mod.c
releng/9.3/crypto/openssl/crypto/bn/bn_mont.c
releng/9.3/crypto/openssl/crypto/bn/bn_mpi.c
releng/9.3/crypto/openssl/crypto/bn/bn_mul.c
releng/9.3/crypto/openssl/crypto/bn/bn_nist.c
releng/9.3/crypto/openssl/crypto/bn/bn_opt.c
releng/9.3/crypto/openssl/crypto/bn/bn_prime.c
releng/9.3/crypto/openssl/crypto/bn/bn_prime.h
releng/9.3/crypto/openssl/crypto/bn/bn_print.c
releng/9.3/crypto/openssl/crypto/bn/bn_rand.c
releng/9.3/crypto/openssl/crypto/bn/bn_recp.c
releng/9.3/crypto/openssl/crypto/bn/bn_shift.c
releng/9.3/crypto/openssl/crypto/bn/bn_sqr.c
releng/9.3/crypto/openssl/crypto/bn/bn_sqrt.c
releng/9.3/crypto/openssl/crypto/bn/bn_word.c
releng/9.3/crypto/openssl/crypto/bn/bn_x931p.c
releng/9.3/crypto/openssl/crypto/bn/bnspeed.c
releng/9.3/crypto/openssl/crypto/bn/bntest.c
releng/9.3/crypto/openssl/crypto/bn/divtest.c
releng/9.3/crypto/openssl/crypto/bn/exp.c
releng/9.3/crypto/openssl/crypto/bn/expspeed.c
releng/9.3/crypto/openssl/crypto/bn/exptest.c
releng/9.3/crypto/openssl/crypto/buffer/buf_err.c
releng/9.3/crypto/openssl/crypto/buffer/buf_str.c
releng/9.3/crypto/openssl/crypto/buffer/buffer.c
releng/9.3/crypto/openssl/crypto/buffer/buffer.h
releng/9.3/crypto/openssl/crypto/camellia/camellia.c
releng/9.3/crypto/openssl/crypto/camellia/camellia.h
releng/9.3/crypto/openssl/crypto/camellia/cmll_cbc.c
releng/9.3/crypto/openssl/crypto/camellia/cmll_cfb.c
releng/9.3/crypto/openssl/crypto/camellia/cmll_ctr.c
releng/9.3/crypto/openssl/crypto/camellia/cmll_ecb.c
releng/9.3/crypto/openssl/crypto/camellia/cmll_locl.h
releng/9.3/crypto/openssl/crypto/camellia/cmll_misc.c
releng/9.3/crypto/openssl/crypto/camellia/cmll_ofb.c
releng/9.3/crypto/openssl/crypto/cast/c_cfb64.c
releng/9.3/crypto/openssl/crypto/cast/c_ecb.c
releng/9.3/crypto/openssl/crypto/cast/c_enc.c
releng/9.3/crypto/openssl/crypto/cast/c_ofb64.c
releng/9.3/crypto/openssl/crypto/cast/c_skey.c
releng/9.3/crypto/openssl/crypto/cast/cast.h
releng/9.3/crypto/openssl/crypto/cast/cast_lcl.h
releng/9.3/crypto/openssl/crypto/cast/cast_s.h
releng/9.3/crypto/openssl/crypto/cast/cast_spd.c
releng/9.3/crypto/openssl/crypto/cast/castopts.c
releng/9.3/crypto/openssl/crypto/cast/casttest.c
releng/9.3/crypto/openssl/crypto/cms/cms.h
releng/9.3/crypto/openssl/crypto/cms/cms_asn1.c
releng/9.3/crypto/openssl/crypto/cms/cms_att.c
releng/9.3/crypto/openssl/crypto/cms/cms_cd.c
releng/9.3/crypto/openssl/crypto/cms/cms_dd.c
releng/9.3/crypto/openssl/crypto/cms/cms_enc.c
releng/9.3/crypto/openssl/crypto/cms/cms_env.c
releng/9.3/crypto/openssl/crypto/cms/cms_err.c
releng/9.3/crypto/openssl/crypto/cms/cms_ess.c
releng/9.3/crypto/openssl/crypto/cms/cms_io.c
releng/9.3/crypto/openssl/crypto/cms/cms_lcl.h
releng/9.3/crypto/openssl/crypto/cms/cms_lib.c
releng/9.3/crypto/openssl/crypto/cms/cms_sd.c
releng/9.3/crypto/openssl/crypto/cms/cms_smime.c
releng/9.3/crypto/openssl/crypto/comp/c_rle.c
releng/9.3/crypto/openssl/crypto/comp/c_zlib.c
releng/9.3/crypto/openssl/crypto/comp/comp.h
releng/9.3/crypto/openssl/crypto/comp/comp_err.c
releng/9.3/crypto/openssl/crypto/comp/comp_lib.c
releng/9.3/crypto/openssl/crypto/conf/cnf_save.c
releng/9.3/crypto/openssl/crypto/conf/conf.h
releng/9.3/crypto/openssl/crypto/conf/conf_api.c
releng/9.3/crypto/openssl/crypto/conf/conf_api.h
releng/9.3/crypto/openssl/crypto/conf/conf_def.c
releng/9.3/crypto/openssl/crypto/conf/conf_def.h
releng/9.3/crypto/openssl/crypto/conf/conf_err.c
releng/9.3/crypto/openssl/crypto/conf/conf_lib.c
releng/9.3/crypto/openssl/crypto/conf/conf_mall.c
releng/9.3/crypto/openssl/crypto/conf/conf_mod.c
releng/9.3/crypto/openssl/crypto/conf/conf_sap.c
releng/9.3/crypto/openssl/crypto/conf/test.c
releng/9.3/crypto/openssl/crypto/constant_time_locl.h
releng/9.3/crypto/openssl/crypto/constant_time_test.c
releng/9.3/crypto/openssl/crypto/cpt_err.c
releng/9.3/crypto/openssl/crypto/cryptlib.c
releng/9.3/crypto/openssl/crypto/cryptlib.h
releng/9.3/crypto/openssl/crypto/crypto.h
releng/9.3/crypto/openssl/crypto/cversion.c
releng/9.3/crypto/openssl/crypto/des/cbc3_enc.c
releng/9.3/crypto/openssl/crypto/des/cbc_cksm.c
releng/9.3/crypto/openssl/crypto/des/cbc_enc.c
releng/9.3/crypto/openssl/crypto/des/cfb64ede.c
releng/9.3/crypto/openssl/crypto/des/cfb64enc.c
releng/9.3/crypto/openssl/crypto/des/cfb_enc.c
releng/9.3/crypto/openssl/crypto/des/des.c
releng/9.3/crypto/openssl/crypto/des/des.h
releng/9.3/crypto/openssl/crypto/des/des_enc.c
releng/9.3/crypto/openssl/crypto/des/des_lib.c
releng/9.3/crypto/openssl/crypto/des/des_locl.h
releng/9.3/crypto/openssl/crypto/des/des_old.c
releng/9.3/crypto/openssl/crypto/des/des_old.h
releng/9.3/crypto/openssl/crypto/des/des_old2.c
releng/9.3/crypto/openssl/crypto/des/des_opts.c
releng/9.3/crypto/openssl/crypto/des/des_ver.h
releng/9.3/crypto/openssl/crypto/des/destest.c
releng/9.3/crypto/openssl/crypto/des/ecb3_enc.c
releng/9.3/crypto/openssl/crypto/des/ecb_enc.c
releng/9.3/crypto/openssl/crypto/des/ede_cbcm_enc.c
releng/9.3/crypto/openssl/crypto/des/enc_read.c
releng/9.3/crypto/openssl/crypto/des/enc_writ.c
releng/9.3/crypto/openssl/crypto/des/fcrypt.c
releng/9.3/crypto/openssl/crypto/des/fcrypt_b.c
releng/9.3/crypto/openssl/crypto/des/ncbc_enc.c
releng/9.3/crypto/openssl/crypto/des/ofb64ede.c
releng/9.3/crypto/openssl/crypto/des/ofb64enc.c
releng/9.3/crypto/openssl/crypto/des/ofb_enc.c
releng/9.3/crypto/openssl/crypto/des/pcbc_enc.c
releng/9.3/crypto/openssl/crypto/des/qud_cksm.c
releng/9.3/crypto/openssl/crypto/des/rand_key.c
releng/9.3/crypto/openssl/crypto/des/read2pwd.c
releng/9.3/crypto/openssl/crypto/des/read_pwd.c
releng/9.3/crypto/openssl/crypto/des/rpc_des.h
releng/9.3/crypto/openssl/crypto/des/rpc_enc.c
releng/9.3/crypto/openssl/crypto/des/rpw.c
releng/9.3/crypto/openssl/crypto/des/set_key.c
releng/9.3/crypto/openssl/crypto/des/speed.c
releng/9.3/crypto/openssl/crypto/des/spr.h
releng/9.3/crypto/openssl/crypto/des/str2key.c
releng/9.3/crypto/openssl/crypto/des/xcbc_enc.c
releng/9.3/crypto/openssl/crypto/dh/dh.h
releng/9.3/crypto/openssl/crypto/dh/dh_asn1.c
releng/9.3/crypto/openssl/crypto/dh/dh_check.c
releng/9.3/crypto/openssl/crypto/dh/dh_depr.c
releng/9.3/crypto/openssl/crypto/dh/dh_err.c
releng/9.3/crypto/openssl/crypto/dh/dh_gen.c
releng/9.3/crypto/openssl/crypto/dh/dh_key.c
releng/9.3/crypto/openssl/crypto/dh/dh_lib.c
releng/9.3/crypto/openssl/crypto/dh/dhtest.c
releng/9.3/crypto/openssl/crypto/dh/p1024.c
releng/9.3/crypto/openssl/crypto/dh/p192.c
releng/9.3/crypto/openssl/crypto/dh/p512.c
releng/9.3/crypto/openssl/crypto/dsa/dsa.h
releng/9.3/crypto/openssl/crypto/dsa/dsa_asn1.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_depr.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_err.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_gen.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_key.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_lib.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_ossl.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_sign.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_utl.c
releng/9.3/crypto/openssl/crypto/dsa/dsa_vrf.c
releng/9.3/crypto/openssl/crypto/dsa/dsagen.c
releng/9.3/crypto/openssl/crypto/dsa/dsatest.c
releng/9.3/crypto/openssl/crypto/dso/dso.h
releng/9.3/crypto/openssl/crypto/dso/dso_dl.c
releng/9.3/crypto/openssl/crypto/dso/dso_dlfcn.c
releng/9.3/crypto/openssl/crypto/dso/dso_err.c
releng/9.3/crypto/openssl/crypto/dso/dso_lib.c
releng/9.3/crypto/openssl/crypto/dso/dso_null.c
releng/9.3/crypto/openssl/crypto/dso/dso_openssl.c
releng/9.3/crypto/openssl/crypto/dyn_lck.c
releng/9.3/crypto/openssl/crypto/ebcdic.c
releng/9.3/crypto/openssl/crypto/ebcdic.h
releng/9.3/crypto/openssl/crypto/ec/ec.h
releng/9.3/crypto/openssl/crypto/ec/ec2_mult.c
releng/9.3/crypto/openssl/crypto/ec/ec2_smpl.c
releng/9.3/crypto/openssl/crypto/ec/ec2_smpt.c
releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c
releng/9.3/crypto/openssl/crypto/ec/ec_check.c
releng/9.3/crypto/openssl/crypto/ec/ec_curve.c
releng/9.3/crypto/openssl/crypto/ec/ec_cvt.c
releng/9.3/crypto/openssl/crypto/ec/ec_err.c
releng/9.3/crypto/openssl/crypto/ec/ec_key.c
releng/9.3/crypto/openssl/crypto/ec/ec_lcl.h
releng/9.3/crypto/openssl/crypto/ec/ec_lib.c
releng/9.3/crypto/openssl/crypto/ec/ec_mult.c
releng/9.3/crypto/openssl/crypto/ec/ec_print.c
releng/9.3/crypto/openssl/crypto/ec/ecp_mont.c
releng/9.3/crypto/openssl/crypto/ec/ecp_nist.c
releng/9.3/crypto/openssl/crypto/ec/ecp_smpl.c
releng/9.3/crypto/openssl/crypto/ec/ectest.c
releng/9.3/crypto/openssl/crypto/ecdh/ecdh.h
releng/9.3/crypto/openssl/crypto/ecdh/ecdhtest.c
releng/9.3/crypto/openssl/crypto/ecdh/ech_err.c
releng/9.3/crypto/openssl/crypto/ecdh/ech_key.c
releng/9.3/crypto/openssl/crypto/ecdh/ech_lib.c
releng/9.3/crypto/openssl/crypto/ecdh/ech_locl.h
releng/9.3/crypto/openssl/crypto/ecdh/ech_ossl.c
releng/9.3/crypto/openssl/crypto/ecdsa/Makefile
releng/9.3/crypto/openssl/crypto/ecdsa/ecdsa.h
releng/9.3/crypto/openssl/crypto/ecdsa/ecdsatest.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_asn1.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_err.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_lib.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_locl.h
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_ossl.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_sign.c
releng/9.3/crypto/openssl/crypto/ecdsa/ecs_vrf.c
releng/9.3/crypto/openssl/crypto/engine/eng_all.c
releng/9.3/crypto/openssl/crypto/engine/eng_cnf.c
releng/9.3/crypto/openssl/crypto/engine/eng_cryptodev.c
releng/9.3/crypto/openssl/crypto/engine/eng_ctrl.c
releng/9.3/crypto/openssl/crypto/engine/eng_dyn.c
releng/9.3/crypto/openssl/crypto/engine/eng_err.c
releng/9.3/crypto/openssl/crypto/engine/eng_fat.c
releng/9.3/crypto/openssl/crypto/engine/eng_init.c
releng/9.3/crypto/openssl/crypto/engine/eng_int.h
releng/9.3/crypto/openssl/crypto/engine/eng_lib.c
releng/9.3/crypto/openssl/crypto/engine/eng_list.c
releng/9.3/crypto/openssl/crypto/engine/eng_openssl.c
releng/9.3/crypto/openssl/crypto/engine/eng_padlock.c
releng/9.3/crypto/openssl/crypto/engine/eng_pkey.c
releng/9.3/crypto/openssl/crypto/engine/eng_table.c
releng/9.3/crypto/openssl/crypto/engine/engine.h
releng/9.3/crypto/openssl/crypto/engine/enginetest.c
releng/9.3/crypto/openssl/crypto/engine/tb_cipher.c
releng/9.3/crypto/openssl/crypto/engine/tb_dh.c
releng/9.3/crypto/openssl/crypto/engine/tb_digest.c
releng/9.3/crypto/openssl/crypto/engine/tb_dsa.c
releng/9.3/crypto/openssl/crypto/engine/tb_ecdh.c
releng/9.3/crypto/openssl/crypto/engine/tb_ecdsa.c
releng/9.3/crypto/openssl/crypto/engine/tb_rand.c
releng/9.3/crypto/openssl/crypto/engine/tb_rsa.c
releng/9.3/crypto/openssl/crypto/engine/tb_store.c
releng/9.3/crypto/openssl/crypto/err/err.c
releng/9.3/crypto/openssl/crypto/err/err.h
releng/9.3/crypto/openssl/crypto/err/err_all.c
releng/9.3/crypto/openssl/crypto/err/err_bio.c
releng/9.3/crypto/openssl/crypto/err/err_def.c
releng/9.3/crypto/openssl/crypto/err/err_prn.c
releng/9.3/crypto/openssl/crypto/err/err_str.c
releng/9.3/crypto/openssl/crypto/evp/bio_b64.c
releng/9.3/crypto/openssl/crypto/evp/bio_enc.c
releng/9.3/crypto/openssl/crypto/evp/bio_md.c
releng/9.3/crypto/openssl/crypto/evp/bio_ok.c
releng/9.3/crypto/openssl/crypto/evp/c_all.c
releng/9.3/crypto/openssl/crypto/evp/c_allc.c
releng/9.3/crypto/openssl/crypto/evp/c_alld.c
releng/9.3/crypto/openssl/crypto/evp/dig_eng.c
releng/9.3/crypto/openssl/crypto/evp/digest.c
releng/9.3/crypto/openssl/crypto/evp/e_aes.c
releng/9.3/crypto/openssl/crypto/evp/e_bf.c
releng/9.3/crypto/openssl/crypto/evp/e_camellia.c
releng/9.3/crypto/openssl/crypto/evp/e_cast.c
releng/9.3/crypto/openssl/crypto/evp/e_des.c
releng/9.3/crypto/openssl/crypto/evp/e_des3.c
releng/9.3/crypto/openssl/crypto/evp/e_dsa.c
releng/9.3/crypto/openssl/crypto/evp/e_idea.c
releng/9.3/crypto/openssl/crypto/evp/e_null.c
releng/9.3/crypto/openssl/crypto/evp/e_old.c
releng/9.3/crypto/openssl/crypto/evp/e_rc2.c
releng/9.3/crypto/openssl/crypto/evp/e_rc4.c
releng/9.3/crypto/openssl/crypto/evp/e_rc5.c
releng/9.3/crypto/openssl/crypto/evp/e_seed.c
releng/9.3/crypto/openssl/crypto/evp/e_xcbc_d.c
releng/9.3/crypto/openssl/crypto/evp/enc_min.c
releng/9.3/crypto/openssl/crypto/evp/encode.c
releng/9.3/crypto/openssl/crypto/evp/evp.h
releng/9.3/crypto/openssl/crypto/evp/evp_acnf.c
releng/9.3/crypto/openssl/crypto/evp/evp_cnf.c
releng/9.3/crypto/openssl/crypto/evp/evp_enc.c
releng/9.3/crypto/openssl/crypto/evp/evp_err.c
releng/9.3/crypto/openssl/crypto/evp/evp_key.c
releng/9.3/crypto/openssl/crypto/evp/evp_lib.c
releng/9.3/crypto/openssl/crypto/evp/evp_locl.h
releng/9.3/crypto/openssl/crypto/evp/evp_pbe.c
releng/9.3/crypto/openssl/crypto/evp/evp_pkey.c
releng/9.3/crypto/openssl/crypto/evp/evp_test.c
releng/9.3/crypto/openssl/crypto/evp/m_dss.c
releng/9.3/crypto/openssl/crypto/evp/m_dss1.c
releng/9.3/crypto/openssl/crypto/evp/m_ecdsa.c
releng/9.3/crypto/openssl/crypto/evp/m_md2.c
releng/9.3/crypto/openssl/crypto/evp/m_md4.c
releng/9.3/crypto/openssl/crypto/evp/m_md5.c
releng/9.3/crypto/openssl/crypto/evp/m_mdc2.c
releng/9.3/crypto/openssl/crypto/evp/m_null.c
releng/9.3/crypto/openssl/crypto/evp/m_ripemd.c
releng/9.3/crypto/openssl/crypto/evp/m_sha.c
releng/9.3/crypto/openssl/crypto/evp/m_sha1.c
releng/9.3/crypto/openssl/crypto/evp/names.c
releng/9.3/crypto/openssl/crypto/evp/openbsd_hw.c
releng/9.3/crypto/openssl/crypto/evp/p5_crpt.c
releng/9.3/crypto/openssl/crypto/evp/p5_crpt2.c
releng/9.3/crypto/openssl/crypto/evp/p_dec.c
releng/9.3/crypto/openssl/crypto/evp/p_enc.c
releng/9.3/crypto/openssl/crypto/evp/p_lib.c
releng/9.3/crypto/openssl/crypto/evp/p_open.c
releng/9.3/crypto/openssl/crypto/evp/p_seal.c
releng/9.3/crypto/openssl/crypto/evp/p_sign.c
releng/9.3/crypto/openssl/crypto/evp/p_verify.c
releng/9.3/crypto/openssl/crypto/ex_data.c
releng/9.3/crypto/openssl/crypto/fips_err.c
releng/9.3/crypto/openssl/crypto/fips_err.h
releng/9.3/crypto/openssl/crypto/hmac/hmac.c
releng/9.3/crypto/openssl/crypto/hmac/hmac.h
releng/9.3/crypto/openssl/crypto/hmac/hmactest.c
releng/9.3/crypto/openssl/crypto/idea/i_cbc.c
releng/9.3/crypto/openssl/crypto/idea/i_cfb64.c
releng/9.3/crypto/openssl/crypto/idea/i_ecb.c
releng/9.3/crypto/openssl/crypto/idea/i_ofb64.c
releng/9.3/crypto/openssl/crypto/idea/i_skey.c
releng/9.3/crypto/openssl/crypto/idea/idea.h
releng/9.3/crypto/openssl/crypto/idea/idea_lcl.h
releng/9.3/crypto/openssl/crypto/idea/idea_spd.c
releng/9.3/crypto/openssl/crypto/idea/ideatest.c
releng/9.3/crypto/openssl/crypto/jpake/jpake.c
releng/9.3/crypto/openssl/crypto/jpake/jpake.h
releng/9.3/crypto/openssl/crypto/jpake/jpake_err.c
releng/9.3/crypto/openssl/crypto/jpake/jpaketest.c
releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.c
releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.h
releng/9.3/crypto/openssl/crypto/lhash/lh_stats.c
releng/9.3/crypto/openssl/crypto/lhash/lh_test.c
releng/9.3/crypto/openssl/crypto/lhash/lhash.c
releng/9.3/crypto/openssl/crypto/lhash/lhash.h
releng/9.3/crypto/openssl/crypto/md2/md2.c
releng/9.3/crypto/openssl/crypto/md2/md2.h
releng/9.3/crypto/openssl/crypto/md2/md2_dgst.c
releng/9.3/crypto/openssl/crypto/md2/md2_one.c
releng/9.3/crypto/openssl/crypto/md2/md2test.c
releng/9.3/crypto/openssl/crypto/md32_common.h
releng/9.3/crypto/openssl/crypto/md4/md4.c
releng/9.3/crypto/openssl/crypto/md4/md4.h
releng/9.3/crypto/openssl/crypto/md4/md4_dgst.c
releng/9.3/crypto/openssl/crypto/md4/md4_locl.h
releng/9.3/crypto/openssl/crypto/md4/md4_one.c
releng/9.3/crypto/openssl/crypto/md4/md4test.c
releng/9.3/crypto/openssl/crypto/md5/md5.c
releng/9.3/crypto/openssl/crypto/md5/md5.h
releng/9.3/crypto/openssl/crypto/md5/md5_dgst.c
releng/9.3/crypto/openssl/crypto/md5/md5_locl.h
releng/9.3/crypto/openssl/crypto/md5/md5_one.c
releng/9.3/crypto/openssl/crypto/md5/md5test.c
releng/9.3/crypto/openssl/crypto/mdc2/mdc2.h
releng/9.3/crypto/openssl/crypto/mdc2/mdc2_one.c
releng/9.3/crypto/openssl/crypto/mdc2/mdc2dgst.c
releng/9.3/crypto/openssl/crypto/mdc2/mdc2test.c
releng/9.3/crypto/openssl/crypto/mem.c
releng/9.3/crypto/openssl/crypto/mem_clr.c
releng/9.3/crypto/openssl/crypto/mem_dbg.c
releng/9.3/crypto/openssl/crypto/o_dir.c
releng/9.3/crypto/openssl/crypto/o_dir.h
releng/9.3/crypto/openssl/crypto/o_dir_test.c
releng/9.3/crypto/openssl/crypto/o_init.c
releng/9.3/crypto/openssl/crypto/o_str.c
releng/9.3/crypto/openssl/crypto/o_str.h
releng/9.3/crypto/openssl/crypto/o_time.c
releng/9.3/crypto/openssl/crypto/o_time.h
releng/9.3/crypto/openssl/crypto/objects/o_names.c
releng/9.3/crypto/openssl/crypto/objects/obj_dat.c
releng/9.3/crypto/openssl/crypto/objects/obj_err.c
releng/9.3/crypto/openssl/crypto/objects/obj_lib.c
releng/9.3/crypto/openssl/crypto/objects/obj_mac.h
releng/9.3/crypto/openssl/crypto/objects/objects.h
releng/9.3/crypto/openssl/crypto/objects/objects.pl
releng/9.3/crypto/openssl/crypto/ocsp/ocsp.h
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_asn.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_cl.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_err.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ext.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ht.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_lib.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_prn.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_srv.c
releng/9.3/crypto/openssl/crypto/ocsp/ocsp_vfy.c
releng/9.3/crypto/openssl/crypto/opensslv.h
releng/9.3/crypto/openssl/crypto/ossl_typ.h
releng/9.3/crypto/openssl/crypto/pem/pem.h
releng/9.3/crypto/openssl/crypto/pem/pem2.h
releng/9.3/crypto/openssl/crypto/pem/pem_all.c
releng/9.3/crypto/openssl/crypto/pem/pem_err.c
releng/9.3/crypto/openssl/crypto/pem/pem_info.c
releng/9.3/crypto/openssl/crypto/pem/pem_lib.c
releng/9.3/crypto/openssl/crypto/pem/pem_oth.c
releng/9.3/crypto/openssl/crypto/pem/pem_pk8.c
releng/9.3/crypto/openssl/crypto/pem/pem_pkey.c
releng/9.3/crypto/openssl/crypto/pem/pem_seal.c
releng/9.3/crypto/openssl/crypto/pem/pem_sign.c
releng/9.3/crypto/openssl/crypto/pem/pem_x509.c
releng/9.3/crypto/openssl/crypto/pem/pem_xaux.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_add.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_asn.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_attr.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_crpt.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_crt.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_decr.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_init.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_key.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_kiss.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_mutl.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_npas.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8d.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8e.c
releng/9.3/crypto/openssl/crypto/pkcs12/p12_utl.c
releng/9.3/crypto/openssl/crypto/pkcs12/pk12err.c
releng/9.3/crypto/openssl/crypto/pkcs12/pkcs12.h
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_asn1.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_attr.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_dgst.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_enc.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_mime.c
releng/9.3/crypto/openssl/crypto/pkcs7/pk7_smime.c
releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7.h
releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7err.c
releng/9.3/crypto/openssl/crypto/pqueue/pq_compat.h
releng/9.3/crypto/openssl/crypto/pqueue/pq_test.c
releng/9.3/crypto/openssl/crypto/pqueue/pqueue.c
releng/9.3/crypto/openssl/crypto/pqueue/pqueue.h
releng/9.3/crypto/openssl/crypto/rand/md_rand.c
releng/9.3/crypto/openssl/crypto/rand/rand.h
releng/9.3/crypto/openssl/crypto/rand/rand_egd.c
releng/9.3/crypto/openssl/crypto/rand/rand_eng.c
releng/9.3/crypto/openssl/crypto/rand/rand_err.c
releng/9.3/crypto/openssl/crypto/rand/rand_lcl.h
releng/9.3/crypto/openssl/crypto/rand/rand_lib.c
releng/9.3/crypto/openssl/crypto/rand/rand_nw.c
releng/9.3/crypto/openssl/crypto/rand/rand_os2.c
releng/9.3/crypto/openssl/crypto/rand/rand_unix.c
releng/9.3/crypto/openssl/crypto/rand/rand_vms.c
releng/9.3/crypto/openssl/crypto/rand/rand_win.c
releng/9.3/crypto/openssl/crypto/rand/randfile.c
releng/9.3/crypto/openssl/crypto/rand/randtest.c
releng/9.3/crypto/openssl/crypto/rc2/rc2.h
releng/9.3/crypto/openssl/crypto/rc2/rc2_cbc.c
releng/9.3/crypto/openssl/crypto/rc2/rc2_ecb.c
releng/9.3/crypto/openssl/crypto/rc2/rc2_locl.h
releng/9.3/crypto/openssl/crypto/rc2/rc2_skey.c
releng/9.3/crypto/openssl/crypto/rc2/rc2cfb64.c
releng/9.3/crypto/openssl/crypto/rc2/rc2ofb64.c
releng/9.3/crypto/openssl/crypto/rc2/rc2speed.c
releng/9.3/crypto/openssl/crypto/rc2/rc2test.c
releng/9.3/crypto/openssl/crypto/rc2/tab.c
releng/9.3/crypto/openssl/crypto/rc4/rc4.c
releng/9.3/crypto/openssl/crypto/rc4/rc4.h
releng/9.3/crypto/openssl/crypto/rc4/rc4_enc.c
releng/9.3/crypto/openssl/crypto/rc4/rc4_fblk.c
releng/9.3/crypto/openssl/crypto/rc4/rc4_locl.h
releng/9.3/crypto/openssl/crypto/rc4/rc4_skey.c
releng/9.3/crypto/openssl/crypto/rc4/rc4speed.c
releng/9.3/crypto/openssl/crypto/rc4/rc4test.c
releng/9.3/crypto/openssl/crypto/rc5/rc5.h
releng/9.3/crypto/openssl/crypto/rc5/rc5_ecb.c
releng/9.3/crypto/openssl/crypto/rc5/rc5_enc.c
releng/9.3/crypto/openssl/crypto/rc5/rc5_locl.h
releng/9.3/crypto/openssl/crypto/rc5/rc5_skey.c
releng/9.3/crypto/openssl/crypto/rc5/rc5cfb64.c
releng/9.3/crypto/openssl/crypto/rc5/rc5ofb64.c
releng/9.3/crypto/openssl/crypto/rc5/rc5speed.c
releng/9.3/crypto/openssl/crypto/rc5/rc5test.c
releng/9.3/crypto/openssl/crypto/ripemd/ripemd.h
releng/9.3/crypto/openssl/crypto/ripemd/rmd160.c
releng/9.3/crypto/openssl/crypto/ripemd/rmd_dgst.c
releng/9.3/crypto/openssl/crypto/ripemd/rmd_locl.h
releng/9.3/crypto/openssl/crypto/ripemd/rmd_one.c
releng/9.3/crypto/openssl/crypto/ripemd/rmdconst.h
releng/9.3/crypto/openssl/crypto/ripemd/rmdtest.c
releng/9.3/crypto/openssl/crypto/rsa/rsa.h
releng/9.3/crypto/openssl/crypto/rsa/rsa_asn1.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_chk.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_depr.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_eay.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_eng.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_err.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_gen.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_lib.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_none.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_null.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_oaep.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_pk1.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_pss.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_saos.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_sign.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_ssl.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_test.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_x931.c
releng/9.3/crypto/openssl/crypto/rsa/rsa_x931g.c
releng/9.3/crypto/openssl/crypto/seed/seed.c
releng/9.3/crypto/openssl/crypto/seed/seed.h
releng/9.3/crypto/openssl/crypto/seed/seed_cbc.c
releng/9.3/crypto/openssl/crypto/seed/seed_cfb.c
releng/9.3/crypto/openssl/crypto/seed/seed_ecb.c
releng/9.3/crypto/openssl/crypto/seed/seed_locl.h
releng/9.3/crypto/openssl/crypto/seed/seed_ofb.c
releng/9.3/crypto/openssl/crypto/sha/sha.c
releng/9.3/crypto/openssl/crypto/sha/sha.h
releng/9.3/crypto/openssl/crypto/sha/sha1.c
releng/9.3/crypto/openssl/crypto/sha/sha1_one.c
releng/9.3/crypto/openssl/crypto/sha/sha1dgst.c
releng/9.3/crypto/openssl/crypto/sha/sha1test.c
releng/9.3/crypto/openssl/crypto/sha/sha256.c
releng/9.3/crypto/openssl/crypto/sha/sha256t.c
releng/9.3/crypto/openssl/crypto/sha/sha512.c
releng/9.3/crypto/openssl/crypto/sha/sha512t.c
releng/9.3/crypto/openssl/crypto/sha/sha_dgst.c
releng/9.3/crypto/openssl/crypto/sha/sha_locl.h
releng/9.3/crypto/openssl/crypto/sha/sha_one.c
releng/9.3/crypto/openssl/crypto/sha/shatest.c
releng/9.3/crypto/openssl/crypto/stack/safestack.h
releng/9.3/crypto/openssl/crypto/stack/stack.c
releng/9.3/crypto/openssl/crypto/stack/stack.h
releng/9.3/crypto/openssl/crypto/store/store.h
releng/9.3/crypto/openssl/crypto/store/str_err.c
releng/9.3/crypto/openssl/crypto/store/str_lib.c
releng/9.3/crypto/openssl/crypto/store/str_locl.h
releng/9.3/crypto/openssl/crypto/store/str_mem.c
releng/9.3/crypto/openssl/crypto/store/str_meth.c
releng/9.3/crypto/openssl/crypto/symhacks.h
releng/9.3/crypto/openssl/crypto/threads/mttest.c
releng/9.3/crypto/openssl/crypto/threads/th-lock.c
releng/9.3/crypto/openssl/crypto/tmdiff.c
releng/9.3/crypto/openssl/crypto/tmdiff.h
releng/9.3/crypto/openssl/crypto/txt_db/txt_db.c
releng/9.3/crypto/openssl/crypto/txt_db/txt_db.h
releng/9.3/crypto/openssl/crypto/ui/ui.h
releng/9.3/crypto/openssl/crypto/ui/ui_compat.c
releng/9.3/crypto/openssl/crypto/ui/ui_compat.h
releng/9.3/crypto/openssl/crypto/ui/ui_err.c
releng/9.3/crypto/openssl/crypto/ui/ui_lib.c
releng/9.3/crypto/openssl/crypto/ui/ui_locl.h
releng/9.3/crypto/openssl/crypto/ui/ui_openssl.c
releng/9.3/crypto/openssl/crypto/ui/ui_util.c
releng/9.3/crypto/openssl/crypto/uid.c
releng/9.3/crypto/openssl/crypto/x509/by_dir.c
releng/9.3/crypto/openssl/crypto/x509/by_file.c
releng/9.3/crypto/openssl/crypto/x509/x509.h
releng/9.3/crypto/openssl/crypto/x509/x509_att.c
releng/9.3/crypto/openssl/crypto/x509/x509_cmp.c
releng/9.3/crypto/openssl/crypto/x509/x509_d2.c
releng/9.3/crypto/openssl/crypto/x509/x509_def.c
releng/9.3/crypto/openssl/crypto/x509/x509_err.c
releng/9.3/crypto/openssl/crypto/x509/x509_ext.c
releng/9.3/crypto/openssl/crypto/x509/x509_lu.c
releng/9.3/crypto/openssl/crypto/x509/x509_obj.c
releng/9.3/crypto/openssl/crypto/x509/x509_r2x.c
releng/9.3/crypto/openssl/crypto/x509/x509_req.c
releng/9.3/crypto/openssl/crypto/x509/x509_set.c
releng/9.3/crypto/openssl/crypto/x509/x509_trs.c
releng/9.3/crypto/openssl/crypto/x509/x509_txt.c
releng/9.3/crypto/openssl/crypto/x509/x509_v3.c
releng/9.3/crypto/openssl/crypto/x509/x509_vfy.c
releng/9.3/crypto/openssl/crypto/x509/x509_vfy.h
releng/9.3/crypto/openssl/crypto/x509/x509_vpm.c
releng/9.3/crypto/openssl/crypto/x509/x509cset.c
releng/9.3/crypto/openssl/crypto/x509/x509name.c
releng/9.3/crypto/openssl/crypto/x509/x509rset.c
releng/9.3/crypto/openssl/crypto/x509/x509spki.c
releng/9.3/crypto/openssl/crypto/x509/x509type.c
releng/9.3/crypto/openssl/crypto/x509/x_all.c
releng/9.3/crypto/openssl/crypto/x509v3/ext_dat.h
releng/9.3/crypto/openssl/crypto/x509v3/pcy_cache.c
releng/9.3/crypto/openssl/crypto/x509v3/pcy_data.c
releng/9.3/crypto/openssl/crypto/x509v3/pcy_int.h
releng/9.3/crypto/openssl/crypto/x509v3/pcy_lib.c
releng/9.3/crypto/openssl/crypto/x509v3/pcy_map.c
releng/9.3/crypto/openssl/crypto/x509v3/pcy_node.c
releng/9.3/crypto/openssl/crypto/x509v3/pcy_tree.c
releng/9.3/crypto/openssl/crypto/x509v3/tabtest.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_addr.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_akey.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_akeya.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_alt.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_asid.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_bcons.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_bitst.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_conf.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_cpols.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_crld.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_enum.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_extku.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_genn.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_ia5.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_info.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_int.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_lib.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_ncons.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_ocsp.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_pci.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_pcia.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_pcons.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_pku.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_pmaps.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_prn.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_purp.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_skey.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_sxnet.c
releng/9.3/crypto/openssl/crypto/x509v3/v3_utl.c
releng/9.3/crypto/openssl/crypto/x509v3/v3conf.c
releng/9.3/crypto/openssl/crypto/x509v3/v3err.c
releng/9.3/crypto/openssl/crypto/x509v3/v3prin.c
releng/9.3/crypto/openssl/crypto/x509v3/x509v3.h
releng/9.3/crypto/openssl/demos/asn1/ocsp.c
releng/9.3/crypto/openssl/demos/b64.c
releng/9.3/crypto/openssl/demos/bio/saccept.c
releng/9.3/crypto/openssl/demos/bio/sconnect.c
releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.c
releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.h
releng/9.3/crypto/openssl/demos/easy_tls/test.c
releng/9.3/crypto/openssl/demos/easy_tls/test.h
releng/9.3/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
releng/9.3/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.c
releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.h
releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
releng/9.3/crypto/openssl/demos/jpake/jpakedemo.c
releng/9.3/crypto/openssl/demos/pkcs12/pkread.c
releng/9.3/crypto/openssl/demos/pkcs12/pkwrite.c
releng/9.3/crypto/openssl/demos/prime/prime.c
releng/9.3/crypto/openssl/demos/selfsign.c
releng/9.3/crypto/openssl/demos/sign/sign.c
releng/9.3/crypto/openssl/demos/spkigen.c
releng/9.3/crypto/openssl/demos/state_machine/state_machine.c
releng/9.3/crypto/openssl/demos/tunala/breakage.c
releng/9.3/crypto/openssl/demos/tunala/buffer.c
releng/9.3/crypto/openssl/demos/tunala/cb.c
releng/9.3/crypto/openssl/demos/tunala/ip.c
releng/9.3/crypto/openssl/demos/tunala/sm.c
releng/9.3/crypto/openssl/demos/tunala/tunala.c
releng/9.3/crypto/openssl/demos/tunala/tunala.h
releng/9.3/crypto/openssl/demos/x509/mkcert.c
releng/9.3/crypto/openssl/demos/x509/mkreq.c
releng/9.3/crypto/openssl/doc/apps/ciphers.pod
releng/9.3/crypto/openssl/doc/crypto/BN_rand.pod
releng/9.3/crypto/openssl/doc/crypto/BN_set_bit.pod
releng/9.3/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
releng/9.3/crypto/openssl/doc/crypto/d2i_X509.pod
releng/9.3/crypto/openssl/doc/crypto/pem.pod
releng/9.3/crypto/openssl/e_os.h
releng/9.3/crypto/openssl/e_os2.h
releng/9.3/crypto/openssl/engines/e_4758cca.c
releng/9.3/crypto/openssl/engines/e_4758cca_err.c
releng/9.3/crypto/openssl/engines/e_4758cca_err.h
releng/9.3/crypto/openssl/engines/e_aep.c
releng/9.3/crypto/openssl/engines/e_aep_err.c
releng/9.3/crypto/openssl/engines/e_aep_err.h
releng/9.3/crypto/openssl/engines/e_atalla.c
releng/9.3/crypto/openssl/engines/e_atalla_err.c
releng/9.3/crypto/openssl/engines/e_atalla_err.h
releng/9.3/crypto/openssl/engines/e_capi.c
releng/9.3/crypto/openssl/engines/e_capi_err.c
releng/9.3/crypto/openssl/engines/e_capi_err.h
releng/9.3/crypto/openssl/engines/e_chil.c
releng/9.3/crypto/openssl/engines/e_chil_err.c
releng/9.3/crypto/openssl/engines/e_chil_err.h
releng/9.3/crypto/openssl/engines/e_cswift.c
releng/9.3/crypto/openssl/engines/e_cswift_err.c
releng/9.3/crypto/openssl/engines/e_cswift_err.h
releng/9.3/crypto/openssl/engines/e_gmp.c
releng/9.3/crypto/openssl/engines/e_gmp_err.c
releng/9.3/crypto/openssl/engines/e_gmp_err.h
releng/9.3/crypto/openssl/engines/e_nuron.c
releng/9.3/crypto/openssl/engines/e_nuron_err.c
releng/9.3/crypto/openssl/engines/e_nuron_err.h
releng/9.3/crypto/openssl/engines/e_sureware.c
releng/9.3/crypto/openssl/engines/e_sureware_err.c
releng/9.3/crypto/openssl/engines/e_sureware_err.h
releng/9.3/crypto/openssl/engines/e_ubsec.c
releng/9.3/crypto/openssl/engines/e_ubsec_err.c
releng/9.3/crypto/openssl/engines/e_ubsec_err.h
releng/9.3/crypto/openssl/engines/vendor_defns/aep.h
releng/9.3/crypto/openssl/engines/vendor_defns/atalla.h
releng/9.3/crypto/openssl/engines/vendor_defns/cswift.h
releng/9.3/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
releng/9.3/crypto/openssl/engines/vendor_defns/hw_ubsec.h
releng/9.3/crypto/openssl/engines/vendor_defns/hwcryptohook.h
releng/9.3/crypto/openssl/engines/vendor_defns/sureware.h
releng/9.3/crypto/openssl/fips/aes/fips_aes_selftest.c
releng/9.3/crypto/openssl/fips/aes/fips_aesavs.c
releng/9.3/crypto/openssl/fips/des/fips_des_selftest.c
releng/9.3/crypto/openssl/fips/des/fips_desmovs.c
releng/9.3/crypto/openssl/fips/dh/dh_gen.c
releng/9.3/crypto/openssl/fips/dh/fips_dh_check.c
releng/9.3/crypto/openssl/fips/dh/fips_dh_gen.c
releng/9.3/crypto/openssl/fips/dh/fips_dh_key.c
releng/9.3/crypto/openssl/fips/dh/fips_dh_lib.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_gen.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_key.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_lib.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_ossl.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_selftest.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsa_sign.c
releng/9.3/crypto/openssl/fips/dsa/fips_dsatest.c
releng/9.3/crypto/openssl/fips/dsa/fips_dssvs.c
releng/9.3/crypto/openssl/fips/fips.c
releng/9.3/crypto/openssl/fips/fips.h
releng/9.3/crypto/openssl/fips/fips_canister.c
releng/9.3/crypto/openssl/fips/fips_locl.h
releng/9.3/crypto/openssl/fips/fips_premain.c
releng/9.3/crypto/openssl/fips/fips_test_suite.c
releng/9.3/crypto/openssl/fips/fips_utl.h
releng/9.3/crypto/openssl/fips/hmac/fips_hmac.c
releng/9.3/crypto/openssl/fips/hmac/fips_hmac_selftest.c
releng/9.3/crypto/openssl/fips/hmac/fips_hmactest.c
releng/9.3/crypto/openssl/fips/rand/fips_rand.c
releng/9.3/crypto/openssl/fips/rand/fips_rand.h
releng/9.3/crypto/openssl/fips/rand/fips_rand_selftest.c
releng/9.3/crypto/openssl/fips/rand/fips_randtest.c
releng/9.3/crypto/openssl/fips/rand/fips_rngvs.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_eay.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_gen.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_lib.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_selftest.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_sign.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsa_x931g.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsagtest.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsastest.c
releng/9.3/crypto/openssl/fips/rsa/fips_rsavtest.c
releng/9.3/crypto/openssl/fips/sha/fips_sha1_selftest.c
releng/9.3/crypto/openssl/fips/sha/fips_shatest.c
releng/9.3/crypto/openssl/fips/sha/fips_standalone_sha1.c
releng/9.3/crypto/openssl/openssl.spec
releng/9.3/crypto/openssl/ssl/bio_ssl.c
releng/9.3/crypto/openssl/ssl/d1_both.c
releng/9.3/crypto/openssl/ssl/d1_clnt.c
releng/9.3/crypto/openssl/ssl/d1_enc.c
releng/9.3/crypto/openssl/ssl/d1_lib.c
releng/9.3/crypto/openssl/ssl/d1_meth.c
releng/9.3/crypto/openssl/ssl/d1_pkt.c
releng/9.3/crypto/openssl/ssl/d1_srvr.c
releng/9.3/crypto/openssl/ssl/dtls1.h
releng/9.3/crypto/openssl/ssl/kssl.c
releng/9.3/crypto/openssl/ssl/kssl.h
releng/9.3/crypto/openssl/ssl/kssl_lcl.h
releng/9.3/crypto/openssl/ssl/s23_clnt.c
releng/9.3/crypto/openssl/ssl/s23_lib.c
releng/9.3/crypto/openssl/ssl/s23_meth.c
releng/9.3/crypto/openssl/ssl/s23_pkt.c
releng/9.3/crypto/openssl/ssl/s23_srvr.c
releng/9.3/crypto/openssl/ssl/s2_clnt.c
releng/9.3/crypto/openssl/ssl/s2_enc.c
releng/9.3/crypto/openssl/ssl/s2_lib.c
releng/9.3/crypto/openssl/ssl/s2_meth.c
releng/9.3/crypto/openssl/ssl/s2_pkt.c
releng/9.3/crypto/openssl/ssl/s2_srvr.c
releng/9.3/crypto/openssl/ssl/s3_both.c
releng/9.3/crypto/openssl/ssl/s3_cbc.c
releng/9.3/crypto/openssl/ssl/s3_clnt.c
releng/9.3/crypto/openssl/ssl/s3_enc.c
releng/9.3/crypto/openssl/ssl/s3_lib.c
releng/9.3/crypto/openssl/ssl/s3_meth.c
releng/9.3/crypto/openssl/ssl/s3_pkt.c
releng/9.3/crypto/openssl/ssl/s3_srvr.c
releng/9.3/crypto/openssl/ssl/ssl.h
releng/9.3/crypto/openssl/ssl/ssl2.h
releng/9.3/crypto/openssl/ssl/ssl23.h
releng/9.3/crypto/openssl/ssl/ssl3.h
releng/9.3/crypto/openssl/ssl/ssl_algs.c
releng/9.3/crypto/openssl/ssl/ssl_asn1.c
releng/9.3/crypto/openssl/ssl/ssl_cert.c
releng/9.3/crypto/openssl/ssl/ssl_ciph.c
releng/9.3/crypto/openssl/ssl/ssl_err.c
releng/9.3/crypto/openssl/ssl/ssl_err2.c
releng/9.3/crypto/openssl/ssl/ssl_lib.c
releng/9.3/crypto/openssl/ssl/ssl_locl.h
releng/9.3/crypto/openssl/ssl/ssl_rsa.c
releng/9.3/crypto/openssl/ssl/ssl_sess.c
releng/9.3/crypto/openssl/ssl/ssl_stat.c
releng/9.3/crypto/openssl/ssl/ssl_task.c
releng/9.3/crypto/openssl/ssl/ssl_txt.c
releng/9.3/crypto/openssl/ssl/ssltest.c
releng/9.3/crypto/openssl/ssl/t1_clnt.c
releng/9.3/crypto/openssl/ssl/t1_enc.c
releng/9.3/crypto/openssl/ssl/t1_lib.c
releng/9.3/crypto/openssl/ssl/t1_meth.c
releng/9.3/crypto/openssl/ssl/t1_reneg.c
releng/9.3/crypto/openssl/ssl/t1_srvr.c
releng/9.3/crypto/openssl/ssl/tls1.h
releng/9.3/crypto/openssl/test/dummytest.c
releng/9.3/crypto/openssl/test/igetest.c
releng/9.3/crypto/openssl/test/methtest.c
releng/9.3/crypto/openssl/test/r160test.c
releng/9.3/crypto/openssl/util/ck_errf.pl
releng/9.3/crypto/openssl/util/mkerr.pl
releng/9.3/secure/lib/libcrypto/Makefile
releng/9.3/secure/lib/libcrypto/Makefile.inc
releng/9.3/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_length.3
releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_new.3
releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
releng/9.3/secure/lib/libcrypto/man/ASN1_generate_nconf.3
releng/9.3/secure/lib/libcrypto/man/BIO_ctrl.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_base64.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_buffer.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_cipher.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_md.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_null.3
releng/9.3/secure/lib/libcrypto/man/BIO_f_ssl.3
releng/9.3/secure/lib/libcrypto/man/BIO_find_type.3
releng/9.3/secure/lib/libcrypto/man/BIO_new.3
releng/9.3/secure/lib/libcrypto/man/BIO_push.3
releng/9.3/secure/lib/libcrypto/man/BIO_read.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_accept.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_bio.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_connect.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_fd.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_file.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_mem.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_null.3
releng/9.3/secure/lib/libcrypto/man/BIO_s_socket.3
releng/9.3/secure/lib/libcrypto/man/BIO_set_callback.3
releng/9.3/secure/lib/libcrypto/man/BIO_should_retry.3
releng/9.3/secure/lib/libcrypto/man/BN_BLINDING_new.3
releng/9.3/secure/lib/libcrypto/man/BN_CTX_new.3
releng/9.3/secure/lib/libcrypto/man/BN_CTX_start.3
releng/9.3/secure/lib/libcrypto/man/BN_add.3
releng/9.3/secure/lib/libcrypto/man/BN_add_word.3
releng/9.3/secure/lib/libcrypto/man/BN_bn2bin.3
releng/9.3/secure/lib/libcrypto/man/BN_cmp.3
releng/9.3/secure/lib/libcrypto/man/BN_copy.3
releng/9.3/secure/lib/libcrypto/man/BN_generate_prime.3
releng/9.3/secure/lib/libcrypto/man/BN_mod_inverse.3
releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
releng/9.3/secure/lib/libcrypto/man/BN_new.3
releng/9.3/secure/lib/libcrypto/man/BN_num_bytes.3
releng/9.3/secure/lib/libcrypto/man/BN_rand.3
releng/9.3/secure/lib/libcrypto/man/BN_set_bit.3
releng/9.3/secure/lib/libcrypto/man/BN_swap.3
releng/9.3/secure/lib/libcrypto/man/BN_zero.3
releng/9.3/secure/lib/libcrypto/man/CONF_modules_free.3
releng/9.3/secure/lib/libcrypto/man/CONF_modules_load_file.3
releng/9.3/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
releng/9.3/secure/lib/libcrypto/man/DH_generate_key.3
releng/9.3/secure/lib/libcrypto/man/DH_generate_parameters.3
releng/9.3/secure/lib/libcrypto/man/DH_get_ex_new_index.3
releng/9.3/secure/lib/libcrypto/man/DH_new.3
releng/9.3/secure/lib/libcrypto/man/DH_set_method.3
releng/9.3/secure/lib/libcrypto/man/DH_size.3
releng/9.3/secure/lib/libcrypto/man/DSA_SIG_new.3
releng/9.3/secure/lib/libcrypto/man/DSA_do_sign.3
releng/9.3/secure/lib/libcrypto/man/DSA_dup_DH.3
releng/9.3/secure/lib/libcrypto/man/DSA_generate_key.3
releng/9.3/secure/lib/libcrypto/man/DSA_generate_parameters.3
releng/9.3/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
releng/9.3/secure/lib/libcrypto/man/DSA_new.3
releng/9.3/secure/lib/libcrypto/man/DSA_set_method.3
releng/9.3/secure/lib/libcrypto/man/DSA_sign.3
releng/9.3/secure/lib/libcrypto/man/DSA_size.3
releng/9.3/secure/lib/libcrypto/man/ERR_GET_LIB.3
releng/9.3/secure/lib/libcrypto/man/ERR_clear_error.3
releng/9.3/secure/lib/libcrypto/man/ERR_error_string.3
releng/9.3/secure/lib/libcrypto/man/ERR_get_error.3
releng/9.3/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
releng/9.3/secure/lib/libcrypto/man/ERR_load_strings.3
releng/9.3/secure/lib/libcrypto/man/ERR_print_errors.3
releng/9.3/secure/lib/libcrypto/man/ERR_put_error.3
releng/9.3/secure/lib/libcrypto/man/ERR_remove_state.3
releng/9.3/secure/lib/libcrypto/man/ERR_set_mark.3
releng/9.3/secure/lib/libcrypto/man/EVP_BytesToKey.3
releng/9.3/secure/lib/libcrypto/man/EVP_DigestInit.3
releng/9.3/secure/lib/libcrypto/man/EVP_EncryptInit.3
releng/9.3/secure/lib/libcrypto/man/EVP_OpenInit.3
releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_new.3
releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
releng/9.3/secure/lib/libcrypto/man/EVP_SealInit.3
releng/9.3/secure/lib/libcrypto/man/EVP_SignInit.3
releng/9.3/secure/lib/libcrypto/man/EVP_VerifyInit.3
releng/9.3/secure/lib/libcrypto/man/OBJ_nid2obj.3
releng/9.3/secure/lib/libcrypto/man/OPENSSL_Applink.3
releng/9.3/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
releng/9.3/secure/lib/libcrypto/man/OPENSSL_config.3
releng/9.3/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
releng/9.3/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
releng/9.3/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
releng/9.3/secure/lib/libcrypto/man/PKCS12_create.3
releng/9.3/secure/lib/libcrypto/man/PKCS12_parse.3
releng/9.3/secure/lib/libcrypto/man/PKCS7_decrypt.3
releng/9.3/secure/lib/libcrypto/man/PKCS7_encrypt.3
releng/9.3/secure/lib/libcrypto/man/PKCS7_sign.3
releng/9.3/secure/lib/libcrypto/man/PKCS7_verify.3
releng/9.3/secure/lib/libcrypto/man/RAND_add.3
releng/9.3/secure/lib/libcrypto/man/RAND_bytes.3
releng/9.3/secure/lib/libcrypto/man/RAND_cleanup.3
releng/9.3/secure/lib/libcrypto/man/RAND_egd.3
releng/9.3/secure/lib/libcrypto/man/RAND_load_file.3
releng/9.3/secure/lib/libcrypto/man/RAND_set_rand_method.3
releng/9.3/secure/lib/libcrypto/man/RSA_blinding_on.3
releng/9.3/secure/lib/libcrypto/man/RSA_check_key.3
releng/9.3/secure/lib/libcrypto/man/RSA_generate_key.3
releng/9.3/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
releng/9.3/secure/lib/libcrypto/man/RSA_new.3
releng/9.3/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
releng/9.3/secure/lib/libcrypto/man/RSA_print.3
releng/9.3/secure/lib/libcrypto/man/RSA_private_encrypt.3
releng/9.3/secure/lib/libcrypto/man/RSA_public_encrypt.3
releng/9.3/secure/lib/libcrypto/man/RSA_set_method.3
releng/9.3/secure/lib/libcrypto/man/RSA_sign.3
releng/9.3/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
releng/9.3/secure/lib/libcrypto/man/RSA_size.3
releng/9.3/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
releng/9.3/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
releng/9.3/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
releng/9.3/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
releng/9.3/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
releng/9.3/secure/lib/libcrypto/man/X509_NAME_print_ex.3
releng/9.3/secure/lib/libcrypto/man/X509_new.3
releng/9.3/secure/lib/libcrypto/man/bio.3
releng/9.3/secure/lib/libcrypto/man/blowfish.3
releng/9.3/secure/lib/libcrypto/man/bn.3
releng/9.3/secure/lib/libcrypto/man/bn_internal.3
releng/9.3/secure/lib/libcrypto/man/buffer.3
releng/9.3/secure/lib/libcrypto/man/crypto.3
releng/9.3/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
releng/9.3/secure/lib/libcrypto/man/d2i_DHparams.3
releng/9.3/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
releng/9.3/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
releng/9.3/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509_CRL.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509_NAME.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509_REQ.3
releng/9.3/secure/lib/libcrypto/man/d2i_X509_SIG.3
releng/9.3/secure/lib/libcrypto/man/des.3
releng/9.3/secure/lib/libcrypto/man/dh.3
releng/9.3/secure/lib/libcrypto/man/dsa.3
releng/9.3/secure/lib/libcrypto/man/ecdsa.3
releng/9.3/secure/lib/libcrypto/man/engine.3
releng/9.3/secure/lib/libcrypto/man/err.3
releng/9.3/secure/lib/libcrypto/man/evp.3
releng/9.3/secure/lib/libcrypto/man/hmac.3
releng/9.3/secure/lib/libcrypto/man/lh_stats.3
releng/9.3/secure/lib/libcrypto/man/lhash.3
releng/9.3/secure/lib/libcrypto/man/md5.3
releng/9.3/secure/lib/libcrypto/man/mdc2.3
releng/9.3/secure/lib/libcrypto/man/pem.3
releng/9.3/secure/lib/libcrypto/man/rand.3
releng/9.3/secure/lib/libcrypto/man/rc4.3
releng/9.3/secure/lib/libcrypto/man/ripemd.3
releng/9.3/secure/lib/libcrypto/man/rsa.3
releng/9.3/secure/lib/libcrypto/man/sha.3
releng/9.3/secure/lib/libcrypto/man/threads.3
releng/9.3/secure/lib/libcrypto/man/ui.3
releng/9.3/secure/lib/libcrypto/man/ui_compat.3
releng/9.3/secure/lib/libcrypto/man/x509.3
releng/9.3/secure/lib/libssl/man/SSL_CIPHER_get_name.3
releng/9.3/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_add_session.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_ctrl.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_free.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_new.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_number.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_sessions.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_mode.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_options.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_timeout.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_set_verify.3
releng/9.3/secure/lib/libssl/man/SSL_CTX_use_certificate.3
releng/9.3/secure/lib/libssl/man/SSL_SESSION_free.3
releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_time.3
releng/9.3/secure/lib/libssl/man/SSL_accept.3
releng/9.3/secure/lib/libssl/man/SSL_alert_type_string.3
releng/9.3/secure/lib/libssl/man/SSL_clear.3
releng/9.3/secure/lib/libssl/man/SSL_connect.3
releng/9.3/secure/lib/libssl/man/SSL_do_handshake.3
releng/9.3/secure/lib/libssl/man/SSL_free.3
releng/9.3/secure/lib/libssl/man/SSL_get_SSL_CTX.3
releng/9.3/secure/lib/libssl/man/SSL_get_ciphers.3
releng/9.3/secure/lib/libssl/man/SSL_get_client_CA_list.3
releng/9.3/secure/lib/libssl/man/SSL_get_current_cipher.3
releng/9.3/secure/lib/libssl/man/SSL_get_default_timeout.3
releng/9.3/secure/lib/libssl/man/SSL_get_error.3
releng/9.3/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
releng/9.3/secure/lib/libssl/man/SSL_get_ex_new_index.3
releng/9.3/secure/lib/libssl/man/SSL_get_fd.3
releng/9.3/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
releng/9.3/secure/lib/libssl/man/SSL_get_peer_certificate.3
releng/9.3/secure/lib/libssl/man/SSL_get_rbio.3
releng/9.3/secure/lib/libssl/man/SSL_get_session.3
releng/9.3/secure/lib/libssl/man/SSL_get_verify_result.3
releng/9.3/secure/lib/libssl/man/SSL_get_version.3
releng/9.3/secure/lib/libssl/man/SSL_library_init.3
releng/9.3/secure/lib/libssl/man/SSL_load_client_CA_file.3
releng/9.3/secure/lib/libssl/man/SSL_new.3
releng/9.3/secure/lib/libssl/man/SSL_pending.3
releng/9.3/secure/lib/libssl/man/SSL_read.3
releng/9.3/secure/lib/libssl/man/SSL_rstate_string.3
releng/9.3/secure/lib/libssl/man/SSL_session_reused.3
releng/9.3/secure/lib/libssl/man/SSL_set_bio.3
releng/9.3/secure/lib/libssl/man/SSL_set_connect_state.3
releng/9.3/secure/lib/libssl/man/SSL_set_fd.3
releng/9.3/secure/lib/libssl/man/SSL_set_session.3
releng/9.3/secure/lib/libssl/man/SSL_set_shutdown.3
releng/9.3/secure/lib/libssl/man/SSL_set_verify_result.3
releng/9.3/secure/lib/libssl/man/SSL_shutdown.3
releng/9.3/secure/lib/libssl/man/SSL_state_string.3
releng/9.3/secure/lib/libssl/man/SSL_want.3
releng/9.3/secure/lib/libssl/man/SSL_write.3
releng/9.3/secure/lib/libssl/man/d2i_SSL_SESSION.3
releng/9.3/secure/lib/libssl/man/ssl.3
releng/9.3/secure/usr.bin/openssl/man/CA.pl.1
releng/9.3/secure/usr.bin/openssl/man/asn1parse.1
releng/9.3/secure/usr.bin/openssl/man/ca.1
releng/9.3/secure/usr.bin/openssl/man/ciphers.1
releng/9.3/secure/usr.bin/openssl/man/crl.1
releng/9.3/secure/usr.bin/openssl/man/crl2pkcs7.1
releng/9.3/secure/usr.bin/openssl/man/dgst.1
releng/9.3/secure/usr.bin/openssl/man/dhparam.1
releng/9.3/secure/usr.bin/openssl/man/dsa.1
releng/9.3/secure/usr.bin/openssl/man/dsaparam.1
releng/9.3/secure/usr.bin/openssl/man/ec.1
releng/9.3/secure/usr.bin/openssl/man/ecparam.1
releng/9.3/secure/usr.bin/openssl/man/enc.1
releng/9.3/secure/usr.bin/openssl/man/errstr.1
releng/9.3/secure/usr.bin/openssl/man/gendsa.1
releng/9.3/secure/usr.bin/openssl/man/genrsa.1
releng/9.3/secure/usr.bin/openssl/man/nseq.1
releng/9.3/secure/usr.bin/openssl/man/ocsp.1
releng/9.3/secure/usr.bin/openssl/man/openssl.1
releng/9.3/secure/usr.bin/openssl/man/passwd.1
releng/9.3/secure/usr.bin/openssl/man/pkcs12.1
releng/9.3/secure/usr.bin/openssl/man/pkcs7.1
releng/9.3/secure/usr.bin/openssl/man/pkcs8.1
releng/9.3/secure/usr.bin/openssl/man/rand.1
releng/9.3/secure/usr.bin/openssl/man/req.1
releng/9.3/secure/usr.bin/openssl/man/rsa.1
releng/9.3/secure/usr.bin/openssl/man/rsautl.1
releng/9.3/secure/usr.bin/openssl/man/s_client.1
releng/9.3/secure/usr.bin/openssl/man/s_server.1
releng/9.3/secure/usr.bin/openssl/man/s_time.1
releng/9.3/secure/usr.bin/openssl/man/sess_id.1
releng/9.3/secure/usr.bin/openssl/man/smime.1
releng/9.3/secure/usr.bin/openssl/man/speed.1
releng/9.3/secure/usr.bin/openssl/man/spkac.1
releng/9.3/secure/usr.bin/openssl/man/verify.1
releng/9.3/secure/usr.bin/openssl/man/version.1
releng/9.3/secure/usr.bin/openssl/man/x509.1
releng/9.3/secure/usr.bin/openssl/man/x509v3_config.1
releng/9.3/sys/conf/newvers.sh
Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING Mon Mar 7 16:20:01 2016 (r296464)
+++ releng/9.3/UPDATING Mon Mar 7 16:22:11 2016 (r296465)
@@ -11,6 +11,10 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20160303 p37 FreeBSD-SA-16:12.openssl
+
+ Fix multiple vulnerabilities of OpenSSL.
+
20160130 p36 FreeBSD-SA-16:11.openssl
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability. [SA-16:11]
Modified: releng/9.3/crypto/openssl/CHANGES
==============================================================================
--- releng/9.3/crypto/openssl/CHANGES Mon Mar 7 16:20:01 2016 (r296464)
+++ releng/9.3/crypto/openssl/CHANGES Mon Mar 7 16:22:11 2016 (r296465)
@@ -2,6 +2,170 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015]
+
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
+
+ Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
+
+ *) Malformed ECParameters causes infinite loop
+
+ When processing an ECParameters structure OpenSSL enters an infinite loop
+ if the curve specified is over a specially malformed binary polynomial
+ field.
+
+ This can be used to perform denial of service against any
+ system which processes public keys, certificate requests or
+ certificates. This includes TLS clients and TLS servers with
+ client authentication enabled.
+
+ This issue was reported to OpenSSL by Joseph Barr-Pixton.
+ (CVE-2015-1788)
+ [Andy Polyakov]
+
+ *) Exploitable out-of-bounds read in X509_cmp_time
+
+ X509_cmp_time does not properly check the length of the ASN1_TIME
+ string and can read a few bytes out of bounds. In addition,
+ X509_cmp_time accepts an arbitrary number of fractional seconds in the
+ time string.
+
+ An attacker can use this to craft malformed certificates and CRLs of
+ various sizes and potentially cause a segmentation fault, resulting in
+ a DoS on applications that verify certificates or CRLs. TLS clients
+ that verify CRLs are affected. TLS clients and servers with client
+ authentication enabled may be affected if they use custom verification
+ callbacks.
+
+ This issue was reported to OpenSSL by Robert Swiecki (Google), and
+ independently by Hanno Böck.
+ (CVE-2015-1789)
+ [Emilia Käsper]
+
+ *) PKCS7 crash with missing EnvelopedContent
+
+ The PKCS#7 parsing code does not handle missing inner EncryptedContent
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+ with missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+ structures from untrusted sources are affected. OpenSSL clients and
+ servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-1790)
+ [Emilia Käsper]
+
+ *) CMS verify infinite loop with unknown hash function
+
+ When verifying a signedData message the CMS code can enter an infinite loop
+ if presented with an unknown hash function OID. This can be used to perform
+ denial of service against any system which verifies signedData messages using
+ the CMS code.
+ This issue was reported to OpenSSL by Johannes Bauer.
+ (CVE-2015-1792)
+ [Stephen Henson]
+
+ *) Race condition handling NewSessionTicket
+
+ If a NewSessionTicket is received by a multi-threaded client when attempting to
+ reuse a previous ticket then a race condition can occur potentially leading to
+ a double free of the ticket data.
+ (CVE-2015-1791)
+ [Matt Caswell]
+
+ Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
+
+ *) Segmentation fault in ASN1_TYPE_cmp fix
+
+ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+ certificate signature algorithm consistency this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+ (CVE-2015-0286)
+ [Stephen Henson]
+
+ *) ASN.1 structure reuse memory corruption fix
+
+ Reusing a structure in ASN.1 parsing may allow an attacker to cause
+ memory corruption via an invalid write. Such reuse is and has been
+ strongly discouraged and is believed to be rare.
+
+ Applications that parse structures containing CHOICE or ANY DEFINED BY
+ components may be affected. Certificate parsing (d2i_X509 and related
+ functions) are however not affected. OpenSSL clients and servers are
+ not affected.
+ (CVE-2015-0287)
+ [Stephen Henson]
+
+ *) PKCS7 NULL pointer dereferences fix
+
+ The PKCS#7 parsing code does not handle missing outer ContentInfo
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+ missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+ otherwise parse PKCS#7 structures from untrusted sources are
+ affected. OpenSSL clients and servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-0289)
+ [Emilia Käsper]
+
+ *) DoS via reachable assert in SSLv2 servers fix
+
+ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+ servers that both support SSLv2 and enable export cipher suites by sending
+ a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+ This issue was discovered by Sean Burford (Google) and Emilia Käsper
+ (OpenSSL development team).
+ (CVE-2015-0293)
+ [Emilia Käsper]
+
+ *) Use After Free following d2i_ECPrivatekey error fix
+
+ A malformed EC private key file consumed via the d2i_ECPrivateKey function
+ could cause a use after free condition. This, in turn, could cause a double
+ free in several private key parsing functions (such as d2i_PrivateKey
+ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+ for applications that receive EC private keys from untrusted
+ sources. This scenario is considered rare.
+
+ This issue was discovered by the BoringSSL project and fixed in their
+ commit 517073cd4b.
+ (CVE-2015-0209)
+ [Matt Caswell]
+
+ *) X509_to_X509_REQ NULL pointer deref fix
+
+ The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+ the certificate key is invalid. This function is rarely used in practice.
+
+ This issue was discovered by Brian Carpenter.
+ (CVE-2015-0288)
+ [Stephen Henson]
+
+ *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+ [Kurt Roeckx]
+
+ Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+ [Matt Caswell and Richard Levitte]
+
Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015]
*) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
Modified: releng/9.3/crypto/openssl/FAQ
==============================================================================
--- releng/9.3/crypto/openssl/FAQ Mon Mar 7 16:20:01 2016 (r296464)
+++ releng/9.3/crypto/openssl/FAQ Mon Mar 7 16:22:11 2016 (r296465)
@@ -1,1039 +1,2 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-* How does the versioning scheme work?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-* Why does OpenSSL set the authority key identifier extension incorrectly?
-* How can I set up a bundle of commercial root CA certificates?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-* I think I've found a bug, what should I do?
-* I'm SURE I've found a bug, how do I report it?
-* I've found a security issue, how do I report it?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-* Why does Valgrind complain about the use of uninitialized data?
-* Why doesn't a memory BIO work when a file does?
-* Where are the declarations and implementations of d2i_X509() etc?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1d was released on Feb 5th, 2013.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. Many
-manual pages are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>. Note that the online documents refer
-to the very latest development versions of OpenSSL and may include features
-not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using. The pod format
-documentation is included in each OpenSSL distribution under the docs
-directory.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-<URL: http://www.openssl.org/related/binaries.html> .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
- pgp TARBALL.asc
-
-* How does the versioning scheme work?
-
-After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter
-releases (e.g. 1.0.1a) can only contain bug and security fixes and no
-new features. Minor releases change the last number (e.g. 1.0.2) and
-can contain new features that retain binary compatibility. Changes to
-the middle number are considered major releases and neither source nor
-binary compatibility is guaranteed.
-
-Therefore the answer to the common question "when will feature X be
-backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
-in the next minor release.
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL. For information on intellectual
-property rights, please consult a lawyer. The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (in ca(1), req(1), x509v3_config(5) )
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation of the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
-
-It doesn't: this extension is often the cause of confusion.
-
-Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
-certificate C contains AKID.
-
-The purpose of this extension is to identify the authority certificate B. This
-can be done either by including the subject key identifier of B or its issuer
-name and serial number.
-
-In this latter case because it is identifying certifcate B it must contain the
-issuer name and serial number of B.
-
-It is often wrongly assumed that it should contain the subject name of B. If it
-did this would be redundant information because it would duplicate the issuer
-name of C.
-
-
-* How can I set up a bundle of commercial root CA certificates?
-
-The OpenSSL software is shipped without any root CA certificate as the
-OpenSSL project does not have any policy on including or excluding
-any specific CA and does not intend to set up such a policy. Deciding
-about which CAs to support is up to application developers or
-administrators.
-
-Other projects do have other policies so you can for example extract the CA
-bundle used by Mozilla and/or modssl as described in this article:
-
- <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA: 5,214,703 25/05/2010
-RC5: 5,724,428 03/03/2015
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<openssl-dev at openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-* I think I've found a bug, what should I do?
-
-If you are a new user then it is quite likely you haven't found a bug and
-something is happening you aren't familiar with. Check this FAQ, the associated
-documentation and the mailing lists for similar queries. If you are still
-unsure whether it is a bug or not submit a query to the openssl-users mailing
-list.
-
-
-* I'm SURE I've found a bug, how do I report it?
-
-Bug reports with no security implications should be sent to the request
-tracker. This can be done by mailing the report to <rt at openssl.org> (or its
-alias <openssl-bugs at openssl.org>), please note that messages sent to the
-request tracker also appear in the public openssl-dev mailing list.
-
-The report should be in plain text. Any patches should be sent as
-plain text attachments because some mailers corrupt patches sent inline.
-If your issue affects multiple versions of OpenSSL check any patches apply
-cleanly and, if possible include patches to each affected version.
-
-The report should be given a meaningful subject line briefly summarising the
-issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
-
-By sending reports to the request tracker the bug can then be given a priority
-and assigned to the appropriate maintainer. The history of discussions can be
-accessed and if the issue has been addressed or a reason why not. If patches
-are only sent to openssl-dev they can be mislaid if a team member has to
-wade through months of old messages to review the discussion.
-
-See also <URL: http://www.openssl.org/support/rt.html>
-
-
-* I've found a security issue, how do I report it?
-
-If you think your bug has security implications then please send it to
-openssl-security at openssl.org if you don't get a prompt reply at least
-acknowledging receipt then resend or mail it directly to one of the
-more active team members (e.g. Steve).
-
-Note that bugs only present in the openssl utility are not in general
-considered to be security issues.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads). On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries. If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
-including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
-and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
-and friends. This is described in the threads(3) manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list