svn commit: r312826 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bn crypto/openssl/crypto/...
Jung-uk Kim
jkim at FreeBSD.org
Thu Jan 26 19:14:19 UTC 2017
Author: jkim
Date: Thu Jan 26 19:14:14 2017
New Revision: 312826
URL: https://svnweb.freebsd.org/changeset/base/312826
Log:
MFC: r312825
Merge OpenSSL 1.0.2k.
Modified:
stable/11/crypto/openssl/CHANGES
stable/11/crypto/openssl/CONTRIBUTING
stable/11/crypto/openssl/Configure
stable/11/crypto/openssl/INSTALL
stable/11/crypto/openssl/Makefile
stable/11/crypto/openssl/Makefile.org
stable/11/crypto/openssl/NEWS
stable/11/crypto/openssl/README
stable/11/crypto/openssl/apps/apps.c
stable/11/crypto/openssl/apps/apps.h
stable/11/crypto/openssl/apps/ca.c
stable/11/crypto/openssl/apps/cms.c
stable/11/crypto/openssl/apps/dgst.c
stable/11/crypto/openssl/apps/dh.c
stable/11/crypto/openssl/apps/dhparam.c
stable/11/crypto/openssl/apps/dsa.c
stable/11/crypto/openssl/apps/dsaparam.c
stable/11/crypto/openssl/apps/ec.c
stable/11/crypto/openssl/apps/ecparam.c
stable/11/crypto/openssl/apps/enc.c
stable/11/crypto/openssl/apps/gendh.c
stable/11/crypto/openssl/apps/gendsa.c
stable/11/crypto/openssl/apps/genpkey.c
stable/11/crypto/openssl/apps/genrsa.c
stable/11/crypto/openssl/apps/pkcs12.c
stable/11/crypto/openssl/apps/pkcs7.c
stable/11/crypto/openssl/apps/pkcs8.c
stable/11/crypto/openssl/apps/pkey.c
stable/11/crypto/openssl/apps/pkeyparam.c
stable/11/crypto/openssl/apps/pkeyutl.c
stable/11/crypto/openssl/apps/prime.c
stable/11/crypto/openssl/apps/rand.c
stable/11/crypto/openssl/apps/req.c
stable/11/crypto/openssl/apps/rsa.c
stable/11/crypto/openssl/apps/rsautl.c
stable/11/crypto/openssl/apps/s_cb.c
stable/11/crypto/openssl/apps/s_client.c
stable/11/crypto/openssl/apps/s_server.c
stable/11/crypto/openssl/apps/smime.c
stable/11/crypto/openssl/apps/speed.c
stable/11/crypto/openssl/apps/spkac.c
stable/11/crypto/openssl/apps/srp.c
stable/11/crypto/openssl/apps/verify.c
stable/11/crypto/openssl/apps/x509.c
stable/11/crypto/openssl/crypto/aes/asm/aes-s390x.pl
stable/11/crypto/openssl/crypto/asn1/p5_pbev2.c
stable/11/crypto/openssl/crypto/asn1/x_crl.c
stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
stable/11/crypto/openssl/crypto/bn/bn_exp.c
stable/11/crypto/openssl/crypto/bn/bn_mul.c
stable/11/crypto/openssl/crypto/bn/bn_prime.c
stable/11/crypto/openssl/crypto/bn/bn_sqr.c
stable/11/crypto/openssl/crypto/cms/cms_kari.c
stable/11/crypto/openssl/crypto/dh/dh_key.c
stable/11/crypto/openssl/crypto/dsa/dsa_pmeth.c
stable/11/crypto/openssl/crypto/ec/ec2_mult.c
stable/11/crypto/openssl/crypto/ecdh/ech_ossl.c
stable/11/crypto/openssl/crypto/err/err.c
stable/11/crypto/openssl/crypto/evp/e_aes.c
stable/11/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
stable/11/crypto/openssl/crypto/evp/evp.h
stable/11/crypto/openssl/crypto/evp/evp_err.c
stable/11/crypto/openssl/crypto/evp/pmeth_fn.c
stable/11/crypto/openssl/crypto/evp/pmeth_lib.c
stable/11/crypto/openssl/crypto/modes/ctr128.c
stable/11/crypto/openssl/crypto/opensslv.h
stable/11/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
stable/11/crypto/openssl/crypto/rsa/rsa_gen.c
stable/11/crypto/openssl/crypto/rsa/rsa_oaep.c
stable/11/crypto/openssl/crypto/rsa/rsa_pmeth.c
stable/11/crypto/openssl/crypto/s390xcap.c
stable/11/crypto/openssl/crypto/ui/ui_lib.c
stable/11/crypto/openssl/crypto/ui/ui_openssl.c
stable/11/crypto/openssl/doc/apps/ocsp.pod
stable/11/crypto/openssl/doc/crypto/EVP_DigestSignInit.pod
stable/11/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
stable/11/crypto/openssl/doc/crypto/RSA_generate_key.pod
stable/11/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
stable/11/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
stable/11/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
stable/11/crypto/openssl/doc/ssl/SSL_get_error.pod
stable/11/crypto/openssl/doc/ssl/SSL_read.pod
stable/11/crypto/openssl/doc/ssl/SSL_write.pod
stable/11/crypto/openssl/engines/ccgost/Makefile
stable/11/crypto/openssl/ssl/bad_dtls_test.c
stable/11/crypto/openssl/ssl/s23_pkt.c
stable/11/crypto/openssl/ssl/s2_lib.c
stable/11/crypto/openssl/ssl/s2_pkt.c
stable/11/crypto/openssl/ssl/s3_clnt.c
stable/11/crypto/openssl/ssl/s3_pkt.c
stable/11/crypto/openssl/ssl/s3_srvr.c
stable/11/crypto/openssl/ssl/ssl_cert.c
stable/11/crypto/openssl/ssl/ssl_err.c
stable/11/crypto/openssl/ssl/ssl_lib.c
stable/11/crypto/openssl/ssl/ssl_locl.h
stable/11/crypto/openssl/ssl/ssl_sess.c
stable/11/crypto/openssl/ssl/t1_lib.c
stable/11/crypto/openssl/util/domd
stable/11/crypto/openssl/util/mklink.pl
stable/11/secure/lib/libcrypto/Makefile.inc
stable/11/secure/lib/libcrypto/amd64/x86_64-mont.S
stable/11/secure/lib/libcrypto/amd64/x86_64-mont5.S
stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3
stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/11/secure/lib/libcrypto/man/BIO_ctrl.3
stable/11/secure/lib/libcrypto/man/BIO_f_base64.3
stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/11/secure/lib/libcrypto/man/BIO_f_md.3
stable/11/secure/lib/libcrypto/man/BIO_f_null.3
stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/11/secure/lib/libcrypto/man/BIO_find_type.3
stable/11/secure/lib/libcrypto/man/BIO_new.3
stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3
stable/11/secure/lib/libcrypto/man/BIO_push.3
stable/11/secure/lib/libcrypto/man/BIO_read.3
stable/11/secure/lib/libcrypto/man/BIO_s_accept.3
stable/11/secure/lib/libcrypto/man/BIO_s_bio.3
stable/11/secure/lib/libcrypto/man/BIO_s_connect.3
stable/11/secure/lib/libcrypto/man/BIO_s_fd.3
stable/11/secure/lib/libcrypto/man/BIO_s_file.3
stable/11/secure/lib/libcrypto/man/BIO_s_mem.3
stable/11/secure/lib/libcrypto/man/BIO_s_null.3
stable/11/secure/lib/libcrypto/man/BIO_s_socket.3
stable/11/secure/lib/libcrypto/man/BIO_set_callback.3
stable/11/secure/lib/libcrypto/man/BIO_should_retry.3
stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/11/secure/lib/libcrypto/man/BN_CTX_new.3
stable/11/secure/lib/libcrypto/man/BN_CTX_start.3
stable/11/secure/lib/libcrypto/man/BN_add.3
stable/11/secure/lib/libcrypto/man/BN_add_word.3
stable/11/secure/lib/libcrypto/man/BN_bn2bin.3
stable/11/secure/lib/libcrypto/man/BN_cmp.3
stable/11/secure/lib/libcrypto/man/BN_copy.3
stable/11/secure/lib/libcrypto/man/BN_generate_prime.3
stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/11/secure/lib/libcrypto/man/BN_new.3
stable/11/secure/lib/libcrypto/man/BN_num_bytes.3
stable/11/secure/lib/libcrypto/man/BN_rand.3
stable/11/secure/lib/libcrypto/man/BN_set_bit.3
stable/11/secure/lib/libcrypto/man/BN_swap.3
stable/11/secure/lib/libcrypto/man/BN_zero.3
stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3
stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3
stable/11/secure/lib/libcrypto/man/CMS_compress.3
stable/11/secure/lib/libcrypto/man/CMS_decrypt.3
stable/11/secure/lib/libcrypto/man/CMS_encrypt.3
stable/11/secure/lib/libcrypto/man/CMS_final.3
stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
stable/11/secure/lib/libcrypto/man/CMS_get0_type.3
stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
stable/11/secure/lib/libcrypto/man/CMS_sign.3
stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3
stable/11/secure/lib/libcrypto/man/CMS_uncompress.3
stable/11/secure/lib/libcrypto/man/CMS_verify.3
stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3
stable/11/secure/lib/libcrypto/man/CONF_modules_free.3
stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
stable/11/secure/lib/libcrypto/man/DH_generate_key.3
stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3
stable/11/secure/lib/libcrypto/man/DH_new.3
stable/11/secure/lib/libcrypto/man/DH_set_method.3
stable/11/secure/lib/libcrypto/man/DH_size.3
stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/11/secure/lib/libcrypto/man/DSA_do_sign.3
stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/11/secure/lib/libcrypto/man/DSA_generate_key.3
stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
stable/11/secure/lib/libcrypto/man/DSA_new.3
stable/11/secure/lib/libcrypto/man/DSA_set_method.3
stable/11/secure/lib/libcrypto/man/DSA_sign.3
stable/11/secure/lib/libcrypto/man/DSA_size.3
stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3
stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3
stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3
stable/11/secure/lib/libcrypto/man/EC_KEY_new.3
stable/11/secure/lib/libcrypto/man/EC_POINT_add.3
stable/11/secure/lib/libcrypto/man/EC_POINT_new.3
stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/11/secure/lib/libcrypto/man/ERR_clear_error.3
stable/11/secure/lib/libcrypto/man/ERR_error_string.3
stable/11/secure/lib/libcrypto/man/ERR_get_error.3
stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/11/secure/lib/libcrypto/man/ERR_load_strings.3
stable/11/secure/lib/libcrypto/man/ERR_print_errors.3
stable/11/secure/lib/libcrypto/man/ERR_put_error.3
stable/11/secure/lib/libcrypto/man/ERR_remove_state.3
stable/11/secure/lib/libcrypto/man/ERR_set_mark.3
stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3
stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3
stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3
stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
stable/11/secure/lib/libcrypto/man/EVP_SealInit.3
stable/11/secure/lib/libcrypto/man/EVP_SignInit.3
stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/11/secure/lib/libcrypto/man/OPENSSL_config.3
stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
stable/11/secure/lib/libcrypto/man/PKCS12_create.3
stable/11/secure/lib/libcrypto/man/PKCS12_parse.3
stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/11/secure/lib/libcrypto/man/PKCS7_sign.3
stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
stable/11/secure/lib/libcrypto/man/PKCS7_verify.3
stable/11/secure/lib/libcrypto/man/RAND_add.3
stable/11/secure/lib/libcrypto/man/RAND_bytes.3
stable/11/secure/lib/libcrypto/man/RAND_cleanup.3
stable/11/secure/lib/libcrypto/man/RAND_egd.3
stable/11/secure/lib/libcrypto/man/RAND_load_file.3
stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/11/secure/lib/libcrypto/man/RSA_check_key.3
stable/11/secure/lib/libcrypto/man/RSA_generate_key.3
stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
stable/11/secure/lib/libcrypto/man/RSA_new.3
stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/11/secure/lib/libcrypto/man/RSA_print.3
stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/11/secure/lib/libcrypto/man/RSA_set_method.3
stable/11/secure/lib/libcrypto/man/RSA_sign.3
stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/11/secure/lib/libcrypto/man/RSA_size.3
stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3
stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3
stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
stable/11/secure/lib/libcrypto/man/X509_check_host.3
stable/11/secure/lib/libcrypto/man/X509_new.3
stable/11/secure/lib/libcrypto/man/X509_verify_cert.3
stable/11/secure/lib/libcrypto/man/bio.3
stable/11/secure/lib/libcrypto/man/blowfish.3
stable/11/secure/lib/libcrypto/man/bn.3
stable/11/secure/lib/libcrypto/man/bn_internal.3
stable/11/secure/lib/libcrypto/man/buffer.3
stable/11/secure/lib/libcrypto/man/crypto.3
stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
stable/11/secure/lib/libcrypto/man/d2i_DHparams.3
stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3
stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3
stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
stable/11/secure/lib/libcrypto/man/d2i_X509.3
stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3
stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3
stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3
stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3
stable/11/secure/lib/libcrypto/man/des.3
stable/11/secure/lib/libcrypto/man/dh.3
stable/11/secure/lib/libcrypto/man/dsa.3
stable/11/secure/lib/libcrypto/man/ec.3
stable/11/secure/lib/libcrypto/man/ecdsa.3
stable/11/secure/lib/libcrypto/man/engine.3
stable/11/secure/lib/libcrypto/man/err.3
stable/11/secure/lib/libcrypto/man/evp.3
stable/11/secure/lib/libcrypto/man/hmac.3
stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
stable/11/secure/lib/libcrypto/man/lh_stats.3
stable/11/secure/lib/libcrypto/man/lhash.3
stable/11/secure/lib/libcrypto/man/md5.3
stable/11/secure/lib/libcrypto/man/mdc2.3
stable/11/secure/lib/libcrypto/man/pem.3
stable/11/secure/lib/libcrypto/man/rand.3
stable/11/secure/lib/libcrypto/man/rc4.3
stable/11/secure/lib/libcrypto/man/ripemd.3
stable/11/secure/lib/libcrypto/man/rsa.3
stable/11/secure/lib/libcrypto/man/sha.3
stable/11/secure/lib/libcrypto/man/threads.3
stable/11/secure/lib/libcrypto/man/ui.3
stable/11/secure/lib/libcrypto/man/ui_compat.3
stable/11/secure/lib/libcrypto/man/x509.3
stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3
stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3
stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3
stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3
stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3
stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
stable/11/secure/lib/libssl/man/SSL_CTX_free.3
stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3
stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
stable/11/secure/lib/libssl/man/SSL_CTX_new.3
stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3
stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3
stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3
stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3
stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3
stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
stable/11/secure/lib/libssl/man/SSL_SESSION_free.3
stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3
stable/11/secure/lib/libssl/man/SSL_accept.3
stable/11/secure/lib/libssl/man/SSL_alert_type_string.3
stable/11/secure/lib/libssl/man/SSL_check_chain.3
stable/11/secure/lib/libssl/man/SSL_clear.3
stable/11/secure/lib/libssl/man/SSL_connect.3
stable/11/secure/lib/libssl/man/SSL_do_handshake.3
stable/11/secure/lib/libssl/man/SSL_free.3
stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3
stable/11/secure/lib/libssl/man/SSL_get_ciphers.3
stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3
stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3
stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3
stable/11/secure/lib/libssl/man/SSL_get_error.3
stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3
stable/11/secure/lib/libssl/man/SSL_get_fd.3
stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3
stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3
stable/11/secure/lib/libssl/man/SSL_get_rbio.3
stable/11/secure/lib/libssl/man/SSL_get_session.3
stable/11/secure/lib/libssl/man/SSL_get_verify_result.3
stable/11/secure/lib/libssl/man/SSL_get_version.3
stable/11/secure/lib/libssl/man/SSL_library_init.3
stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3
stable/11/secure/lib/libssl/man/SSL_new.3
stable/11/secure/lib/libssl/man/SSL_pending.3
stable/11/secure/lib/libssl/man/SSL_read.3
stable/11/secure/lib/libssl/man/SSL_rstate_string.3
stable/11/secure/lib/libssl/man/SSL_session_reused.3
stable/11/secure/lib/libssl/man/SSL_set_bio.3
stable/11/secure/lib/libssl/man/SSL_set_connect_state.3
stable/11/secure/lib/libssl/man/SSL_set_fd.3
stable/11/secure/lib/libssl/man/SSL_set_session.3
stable/11/secure/lib/libssl/man/SSL_set_shutdown.3
stable/11/secure/lib/libssl/man/SSL_set_verify_result.3
stable/11/secure/lib/libssl/man/SSL_shutdown.3
stable/11/secure/lib/libssl/man/SSL_state_string.3
stable/11/secure/lib/libssl/man/SSL_want.3
stable/11/secure/lib/libssl/man/SSL_write.3
stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3
stable/11/secure/lib/libssl/man/ssl.3
stable/11/secure/usr.bin/openssl/man/CA.pl.1
stable/11/secure/usr.bin/openssl/man/asn1parse.1
stable/11/secure/usr.bin/openssl/man/c_rehash.1
stable/11/secure/usr.bin/openssl/man/ca.1
stable/11/secure/usr.bin/openssl/man/ciphers.1
stable/11/secure/usr.bin/openssl/man/cms.1
stable/11/secure/usr.bin/openssl/man/crl.1
stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/11/secure/usr.bin/openssl/man/dgst.1
stable/11/secure/usr.bin/openssl/man/dhparam.1
stable/11/secure/usr.bin/openssl/man/dsa.1
stable/11/secure/usr.bin/openssl/man/dsaparam.1
stable/11/secure/usr.bin/openssl/man/ec.1
stable/11/secure/usr.bin/openssl/man/ecparam.1
stable/11/secure/usr.bin/openssl/man/enc.1
stable/11/secure/usr.bin/openssl/man/errstr.1
stable/11/secure/usr.bin/openssl/man/gendsa.1
stable/11/secure/usr.bin/openssl/man/genpkey.1
stable/11/secure/usr.bin/openssl/man/genrsa.1
stable/11/secure/usr.bin/openssl/man/nseq.1
stable/11/secure/usr.bin/openssl/man/ocsp.1
stable/11/secure/usr.bin/openssl/man/openssl.1
stable/11/secure/usr.bin/openssl/man/passwd.1
stable/11/secure/usr.bin/openssl/man/pkcs12.1
stable/11/secure/usr.bin/openssl/man/pkcs7.1
stable/11/secure/usr.bin/openssl/man/pkcs8.1
stable/11/secure/usr.bin/openssl/man/pkey.1
stable/11/secure/usr.bin/openssl/man/pkeyparam.1
stable/11/secure/usr.bin/openssl/man/pkeyutl.1
stable/11/secure/usr.bin/openssl/man/rand.1
stable/11/secure/usr.bin/openssl/man/req.1
stable/11/secure/usr.bin/openssl/man/rsa.1
stable/11/secure/usr.bin/openssl/man/rsautl.1
stable/11/secure/usr.bin/openssl/man/s_client.1
stable/11/secure/usr.bin/openssl/man/s_server.1
stable/11/secure/usr.bin/openssl/man/s_time.1
stable/11/secure/usr.bin/openssl/man/sess_id.1
stable/11/secure/usr.bin/openssl/man/smime.1
stable/11/secure/usr.bin/openssl/man/speed.1
stable/11/secure/usr.bin/openssl/man/spkac.1
stable/11/secure/usr.bin/openssl/man/ts.1
stable/11/secure/usr.bin/openssl/man/tsget.1
stable/11/secure/usr.bin/openssl/man/verify.1
stable/11/secure/usr.bin/openssl/man/version.1
stable/11/secure/usr.bin/openssl/man/x509.1
stable/11/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/crypto/openssl/CHANGES
==============================================================================
--- stable/11/crypto/openssl/CHANGES Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/CHANGES Thu Jan 26 19:14:14 2017 (r312826)
@@ -2,6 +2,67 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
+
+ *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS path is running on a 32-bit host and a specific
+ cipher is being used, then a truncated packet can cause that host to
+ perform an out-of-bounds read, usually resulting in a crash.
+
+ This issue was reported to OpenSSL by Robert Święcki of Google.
+ (CVE-2017-3731)
+ [Andy Polyakov]
+
+ *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+ similar to CVE-2015-3193 but must be treated as a separate problem.
+
+ This issue was reported to OpenSSL by the OSS-Fuzz project.
+ (CVE-2017-3732)
+ [Andy Polyakov]
+
+ *) Montgomery multiplication may produce incorrect results
+
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+ and DH private keys are impossible. This is because the subroutine in
+ question is not used in operations with the private key itself and an input
+ of the attacker's direct choice. Otherwise the bug can manifest itself as
+ transient authentication and key negotiation failures or reproducible
+ erroneous outcome of public-key operations with specially crafted input.
+ Among EC algorithms only Brainpool P-512 curves are affected and one
+ presumably can attack ECDH key negotiation. Impact was not analyzed in
+ detail, because pre-requisites for attack are considered unlikely. Namely
+ multiple clients have to choose the curve in question and the server has to
+ share the private key among them, neither of which is default behaviour.
+ Even then only clients that chose the curve will be affected.
+
+ This issue was publicly reported as transient failures and was not
+ initially recognized as a security issue. Thanks to Richard Morgan for
+ providing reproducible case.
+ (CVE-2016-7055)
+ [Andy Polyakov]
+
+ *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+ or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+ prevent issues where no progress is being made and the peer continually
+ sends unrecognised record types, using up resources processing them.
+ [Matt Caswell]
+
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
Modified: stable/11/crypto/openssl/CONTRIBUTING
==============================================================================
--- stable/11/crypto/openssl/CONTRIBUTING Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/CONTRIBUTING Thu Jan 26 19:14:14 2017 (r312826)
@@ -1,4 +1,4 @@
-HOW TO CONTRIBUTE TO PATCHES OpenSSL
+HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
@@ -11,34 +11,12 @@ OpenSSL community you might want to disc
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
-The best way to submit a patch is to make a pull request on GitHub.
-(It is not necessary to send mail to rt at openssl.org to open a ticket!)
-If you think the patch could use feedback from the community, please
-start a thread on openssl-dev.
-
-You can also submit patches by sending it as mail to rt at openssl.org.
-Please include the word "PATCH" and an explanation of what the patch
-does in the subject line. If you do this, our preferred format is "git
-format-patch" output. For example to provide a patch file containing the
-last commit in your local git repository use the following command:
-
- % git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
- % cd openssl-work
- ...make your changes...
- % ./Configure dist; make clean
- % cd ..
- % diff -ur openssl-orig openssl-work >mydiffs.patch
-
-Note that pull requests are generally easier for the team, and community, to
-work with. Pull requests benefit from all of the standard GitHub features,
-including code review tools, simpler integration, and CI build support.
+To submit a patch, make a pull request on GitHub. If you think the patch
+could use feedback from the community, please start a thread on openssl-dev
+to discuss it.
-No matter how a patch is submitted, the following items will help make
-the acceptance and review process faster:
+Having addressed the following items before the PR will help make the
+acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
@@ -55,21 +33,22 @@ the acceptance and review process faster
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
- 3. Patches should be as current as possible. When using GitHub, please
- expect to have to rebase and update often. Note that we do not accept merge
- commits. You will be asked to remove them before a patch is considered
- acceptable.
+ 3. Patches should be as current as possible; expect to have to rebase
+ often. We do not accept merge commits; You will be asked to remove
+ them before a patch is considered acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is availble you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
+ Clean builds via Travis and AppVeyor are expected, and done whenever
+ a PR is created or updated.
- 5. When at all possible, patches should include tests. These can either be
- added to an existing test, or completely new. Please see test/README
- for information on the test framework.
-
- 6. New features or changed functionality must include documentation. Please
- look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
- our style.
+ 5. When at all possible, patches should include tests. These can
+ either be added to an existing test, or completely new. Please see
+ test/README for information on the test framework.
+
+ 6. New features or changed functionality must include
+ documentation. Please look at the "pod" files in doc/apps, doc/crypto
+ and doc/ssl for examples of our style.
Modified: stable/11/crypto/openssl/Configure
==============================================================================
--- stable/11/crypto/openssl/Configure Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/Configure Thu Jan 26 19:14:14 2017 (r312826)
@@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
require 5.000;
use strict;
+use File::Compare;
# see INSTALL for instructions.
@@ -57,12 +58,13 @@ my $usage="Usage: Configure [no-<cipher>
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
-# 386 generate 80386 code
# enable-weak-ssl-ciphers
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
# default. Note, weak SSLv2 ciphers are unconditionally
# disabled.
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# 386 generate 80386 code in assembly modules
+# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
+# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
@@ -1792,8 +1794,16 @@ while (<IN>)
}
close(IN);
close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+if ((compare($Makefile, "$Makefile.new"))
+ or file_newer('Configure', $Makefile)
+ or file_newer('config', $Makefile)
+ or file_newer('Makefile.org', $Makefile))
+ {
+ rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+ }
+else
+ { unlink("$Makefile.new"); }
print "CC =$cc\n";
print "CFLAG =$cflags\n";
@@ -1985,9 +1995,13 @@ print OUT "#ifdef __cplusplus\n";
print OUT "}\n";
print OUT "#endif\n";
close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
+if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
+ {
+ rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+ rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+ }
+else
+ { unlink("crypto/opensslconf.h.new"); }
# Fix the date
@@ -2289,3 +2303,9 @@ sub test_sanity
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}
+
+sub file_newer
+ {
+ my ($file1, $file2) = @_;
+ return (stat($file1))[9] > (stat($file2))[9]
+ }
Modified: stable/11/crypto/openssl/INSTALL
==============================================================================
--- stable/11/crypto/openssl/INSTALL Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/INSTALL Thu Jan 26 19:14:14 2017 (r312826)
@@ -74,24 +74,26 @@
no-asm Do not use assembler code.
- 386 Use the 80386 instruction set only (the default x86 code is
- more efficient, but requires at least a 486). Note: Use
- compiler flags for any other CPU specific configuration,
- e.g. "-m32" to build x86 code on an x64 system.
-
- no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
- detected at run-time, but the decision whether or not the
- machine code will be executed is taken solely on CPU
- capability vector. This means that if you happen to run OS
- kernel which does not support SSE2 extension on Intel P4
- processor, then your application might be exposed to
- "illegal instruction" exception. There might be a way
- to enable support in kernel, e.g. FreeBSD kernel can be
- compiled with CPU_ENABLE_SSE, and there is a way to
- disengage SSE2 code pathes upon application start-up,
- but if you aim for wider "audience" running such kernel,
- consider no-sse2. Both 386 and no-asm options above imply
- no-sse2.
+ 386 In 32-bit x86 builds, when generating assembly modules,
+ use the 80386 instruction set only (the default x86 code
+ is more efficient, but requires at least a 486). Note:
+ This doesn't affect code generated by compiler, you're
+ likely to complement configuration command line with
+ suitable compiler-specific option.
+
+ no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules.
+ Normally SSE2 extension is detected at run-time, but the
+ decision whether or not the machine code will be executed
+ is taken solely on CPU capability vector. This means that
+ if you happen to run OS kernel which does not support SSE2
+ extension on Intel P4 processor, then your application
+ might be exposed to "illegal instruction" exception.
+ There might be a way to enable support in kernel, e.g.
+ FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
+ there is a way to disengage SSE2 code paths upon application
+ start-up, but if you aim for wider "audience" running
+ such kernel, consider no-sse2. Both the 386 and
+ no-asm options imply no-sse2.
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
@@ -101,7 +103,12 @@
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
- library directories or other compiler options.
+ library directories or other compiler options. It might be
+ worth noting that some compilers generate code specifically
+ for processor the compiler currently executes on. This is
+ not necessarily what you might have in mind, since it might
+ be unsuitable for execution on other, typically older,
+ processor. Consult your compiler documentation.
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
BSD. Useful if you are running ocf-linux or something
@@ -159,18 +166,18 @@
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
- If "make" fails, look at the output. There may be reasons for
- the failure that aren't problems in OpenSSL itself (like missing
- standard headers). If it is a problem with OpenSSL itself, please
- report the problem to <openssl-bugs at openssl.org> (note that your
- message will be recorded in the request tracker publicly readable
- at https://www.openssl.org/community/index.html#bugs and will be
- forwarded to a public mailing list). Include the output of "make
- report" in your message. Please check out the request tracker. Maybe
- the bug was already reported or has already been fixed.
+ If the build fails, look at the output. There may be reasons
+ for the failure that aren't problems in OpenSSL itself (like
+ missing standard headers). If you are having problems you can
+ get help by sending an email to the openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for details). If
+ it is a bug with OpenSSL itself, please open an issue on GitHub, at
+ https://github.com/openssl/openssl/issues. Please review the existing
+ ones first; maybe the bug was already reported or has already been
+ fixed.
- [If you encounter assembler error messages, try the "no-asm"
- configuration option as an immediate fix.]
+ (If you encounter assembler error messages, try the "no-asm"
+ configuration option as an immediate fix.)
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
Modified: stable/11/crypto/openssl/Makefile
==============================================================================
--- stable/11/crypto/openssl/Makefile Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/Makefile Thu Jan 26 19:14:14 2017 (r312826)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2j
+VERSION=1.0.2k
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -203,7 +203,8 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB}
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
+ $${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
Modified: stable/11/crypto/openssl/Makefile.org
==============================================================================
--- stable/11/crypto/openssl/Makefile.org Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/Makefile.org Thu Jan 26 19:14:14 2017 (r312826)
@@ -201,7 +201,8 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB}
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
+ $${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
Modified: stable/11/crypto/openssl/NEWS
==============================================================================
--- stable/11/crypto/openssl/NEWS Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/NEWS Thu Jan 26 19:14:14 2017 (r312826)
@@ -5,9 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
+
+ o Truncated packet could crash via OOB read (CVE-2017-3731)
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+ o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
- o Fix Use After Free for large message sizes (CVE-2016-6309)
+ o Missing CRL sanity check (CVE-2016-7052)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
Modified: stable/11/crypto/openssl/README
==============================================================================
--- stable/11/crypto/openssl/README Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/README Thu Jan 26 19:14:14 2017 (r312826)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2j 26 Sep 2016
+ OpenSSL 1.0.2k 26 Jan 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -66,13 +66,13 @@
If you have any problems with OpenSSL then please take the following steps
first:
- - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ - Download the latest version from the repository
to see if the problem has already been addressed
- - Remove ASM versions of libraries
+ - Configure with no-asm
- Remove compiler optimisation flags
- If you wish to report a bug then please include the following information in
- any bug report:
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
@@ -84,27 +84,9 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
- Email the report to:
-
- rt at openssl.org
-
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list. Confidential mail
- may be sent to openssl-security at openssl.org (PGP key available from the
- key servers).
-
- Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt at openssl.org with a link to the PR so that we can more easily
- keep track of it.
-
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
@@ -113,7 +95,7 @@
LEGALITIES
----------
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
Modified: stable/11/crypto/openssl/apps/apps.c
==============================================================================
--- stable/11/crypto/openssl/apps/apps.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/apps.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char
if (!e)
BIO_printf(err, "no engine specified\n");
else {
- pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ if (ENGINE_init(e)) {
+ pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ ENGINE_finish(e);
+ }
if (!pkey) {
BIO_printf(err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(err);
@@ -1532,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err,
}
return e;
}
+#endif
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
{
ENGINE *e = NULL;
+#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(err, "enabling auto ENGINE support\n");
@@ -1561,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const cha
}
BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
}
+#endif
return e;
}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+ if (e != NULL)
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
#endif
+}
int load_config(BIO *err, CONF *cnf)
{
Modified: stable/11/crypto/openssl/apps/apps.h
==============================================================================
--- stable/11/crypto/openssl/apps/apps.h Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/apps.h Thu Jan 26 19:14:14 2017 (r312826)
@@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err,
const char *pass, ENGINE *e,
const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-# ifndef OPENSSL_NO_ENGINE
+
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
Modified: stable/11/crypto/openssl/apps/ca.c
==============================================================================
--- stable/11/crypto/openssl/apps/ca.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/ca.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -319,9 +319,7 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *tofree = NULL;
DB_ATTR db_attr;
@@ -595,9 +593,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, conf))
goto err;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
/* Lets get the config section we are using */
if (section == NULL) {
@@ -1485,6 +1481,7 @@ int MAIN(int argc, char **argv)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
@@ -2227,7 +2224,6 @@ static int certify_spkac(X509 **xret, ch
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
goto err;
}
Modified: stable/11/crypto/openssl/apps/cms.c
==============================================================================
--- stable/11/crypto/openssl/apps/cms.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/cms.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -143,9 +143,7 @@ int MAIN(int argc, char **argv)
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
unsigned char *secret_key = NULL, *secret_keyid = NULL;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
size_t secret_keylen = 0, secret_keyidlen = 0;
@@ -665,9 +663,7 @@ int MAIN(int argc, char **argv)
"cert.pem recipient certificate(s) for encryption\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -1170,6 +1166,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_free(key);
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(rcms);
+ release_engine(e);
BIO_free(rctin);
BIO_free(in);
BIO_free(indata);
Modified: stable/11/crypto/openssl/apps/dgst.c
==============================================================================
--- stable/11/crypto/openssl/apps/dgst.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/dgst.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -537,6 +537,7 @@ int MAIN(int argc, char **argv)
OPENSSL_free(sigbuf);
if (bmd != NULL)
BIO_free(bmd);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(err);
}
Modified: stable/11/crypto/openssl/apps/dh.c
==============================================================================
--- stable/11/crypto/openssl/apps/dh.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/dh.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -94,9 +94,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
-# ifndef OPENSSL_NO_ENGINE
char *engine;
-# endif
apps_startup();
@@ -107,9 +105,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
-# ifndef OPENSSL_NO_ENGINE
engine = NULL;
-# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@@ -183,9 +179,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
-# endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
Modified: stable/11/crypto/openssl/apps/dhparam.c
==============================================================================
--- stable/11/crypto/openssl/apps/dhparam.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/dhparam.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -159,9 +159,8 @@ int MAIN(int argc, char **argv)
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog;
char *inrand = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
int num = 0, g = 0;
apps_startup();
@@ -270,9 +269,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (g && !num)
num = DEFBITS;
@@ -512,6 +509,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dh != NULL)
DH_free(dh);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}
Modified: stable/11/crypto/openssl/apps/dsa.c
==============================================================================
--- stable/11/crypto/openssl/apps/dsa.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/dsa.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -106,9 +106,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0;
char *infile, *outfile, *prog;
-# ifndef OPENSSL_NO_ENGINE
char *engine;
-# endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus = 0;
@@ -124,9 +122,7 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
-# ifndef OPENSSL_NO_ENGINE
engine = NULL;
-# endif
infile = NULL;
outfile = NULL;
informat = FORMAT_PEM;
@@ -239,9 +235,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -358,6 +352,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)
Modified: stable/11/crypto/openssl/apps/dsaparam.c
==============================================================================
--- stable/11/crypto/openssl/apps/dsaparam.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/dsaparam.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -121,9 +121,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog, *inrand = NULL;
int numbits = -1, num, genkey = 0;
int need_rand = 0;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
@@ -263,9 +262,7 @@ int MAIN(int argc, char **argv)
}
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
@@ -433,6 +430,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
apps_shutdown();
OPENSSL_EXIT(ret);
}
Modified: stable/11/crypto/openssl/apps/ec.c
==============================================================================
--- stable/11/crypto/openssl/apps/ec.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/ec.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int informat, outformat, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0;
char *infile, *outfile, *prog, *engine;
+ ENGINE *e = NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
@@ -235,9 +236,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
@@ -349,6 +348,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (eckey)
EC_KEY_free(eckey);
+ release_engine(e);
if (passin)
OPENSSL_free(passin);
if (passout)
Modified: stable/11/crypto/openssl/apps/ecparam.c
==============================================================================
--- stable/11/crypto/openssl/apps/ecparam.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/ecparam.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -131,6 +131,7 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
char *engine = NULL;
+ ENGINE *e = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
@@ -311,9 +312,7 @@ int MAIN(int argc, char **argv)
}
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (list_curves) {
EC_builtin_curve *curves = NULL;
@@ -620,12 +619,13 @@ int MAIN(int argc, char **argv)
BN_free(ec_cofactor);
if (buffer)
OPENSSL_free(buffer);
+ if (group != NULL)
+ EC_GROUP_free(group);
+ release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
- if (group != NULL)
- EC_GROUP_free(group);
apps_shutdown();
OPENSSL_EXIT(ret);
}
Modified: stable/11/crypto/openssl/apps/enc.c
==============================================================================
--- stable/11/crypto/openssl/apps/enc.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/enc.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -126,9 +126,8 @@ int MAIN(int argc, char **argv)
NULL, *wbio = NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE + 1];
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
+ ENGINE *e = NULL;
const EVP_MD *dgst = NULL;
int non_fips_allow = 0;
@@ -322,9 +321,7 @@ int MAIN(int argc, char **argv)
argv++;
}
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err,
@@ -674,6 +671,7 @@ int MAIN(int argc, char **argv)
if (bzl != NULL)
BIO_free(bzl);
#endif
+ release_engine(e);
if (pass)
OPENSSL_free(pass);
apps_shutdown();
Modified: stable/11/crypto/openssl/apps/gendh.c
==============================================================================
--- stable/11/crypto/openssl/apps/gendh.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/gendh.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -96,9 +96,7 @@ int MAIN(int argc, char **argv)
int g = 2;
char *outfile = NULL;
char *inrand = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
BIO *out = NULL;
apps_startup();
@@ -162,9 +160,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
-# endif
out = BIO_new(BIO_s_file());
if (out == NULL) {
Modified: stable/11/crypto/openssl/apps/gendsa.c
==============================================================================
--- stable/11/crypto/openssl/apps/gendsa.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/gendsa.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -85,9 +85,8 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out = NULL, *in = NULL;
const EVP_CIPHER *enc = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
+ ENGINE *e = NULL;
apps_startup();
@@ -206,9 +205,7 @@ int MAIN(int argc, char **argv)
" - a DSA parameter file as generated by the dsaparam command\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-# endif
+ e = setup_engine(bio_err, engine, 0);
if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
@@ -273,6 +270,7 @@ int MAIN(int argc, char **argv)
BIO_free_all(out);
if (dsa != NULL)
DSA_free(dsa);
+ release_engine(e);
if (passout)
OPENSSL_free(passout);
apps_shutdown();
Modified: stable/11/crypto/openssl/apps/genpkey.c
==============================================================================
--- stable/11/crypto/openssl/apps/genpkey.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/genpkey.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -275,9 +275,9 @@ int MAIN(int argc, char **argv)
if (out)
BIO_free_all(out);
BIO_free(in);
+ release_engine(e);
if (pass)
OPENSSL_free(pass);
-
return ret;
}
Modified: stable/11/crypto/openssl/apps/genrsa.c
==============================================================================
--- stable/11/crypto/openssl/apps/genrsa.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/genrsa.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -91,9 +91,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
-# ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
-# endif
int ret = 1;
int i, num = DEFBITS;
long l;
@@ -101,9 +99,7 @@ int MAIN(int argc, char **argv)
unsigned long f4 = RSA_F4;
char *outfile = NULL;
char *passargout = NULL, *passout = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
char *inrand = NULL;
BIO *out = NULL;
BIGNUM *bn = BN_new();
@@ -240,9 +236,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Error getting password\n");
goto err;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
@@ -314,6 +308,7 @@ int MAIN(int argc, char **argv)
RSA_free(rsa);
if (out)
BIO_free_all(out);
+ release_engine(e);
if (passout)
OPENSSL_free(passout);
if (ret != 0)
Modified: stable/11/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/11/crypto/openssl/apps/pkcs12.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/pkcs12.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -129,9 +129,7 @@ int MAIN(int argc, char **argv)
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
-# ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-# endif
apps_startup();
@@ -406,9 +404,7 @@ int MAIN(int argc, char **argv)
"-LMK Add local machine keyset attribute to private key\n");
goto end;
}
-# ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-# endif
if (passarg) {
if (export_cert)
@@ -756,6 +752,7 @@ int MAIN(int argc, char **argv)
# ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
# endif
+ release_engine(e);
BIO_free(in);
BIO_free_all(out);
if (canames)
@@ -1110,4 +1107,6 @@ static int set_pbe(BIO *err, int *ppbe,
return 1;
}
+#else
+static void *dummy = &dummy;
#endif
Modified: stable/11/crypto/openssl/apps/pkcs7.c
==============================================================================
--- stable/11/crypto/openssl/apps/pkcs7.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/pkcs7.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -90,9 +90,8 @@ int MAIN(int argc, char **argv)
char *infile, *outfile, *prog;
int print_certs = 0, text = 0, noout = 0, p7_print = 0;
int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
+ ENGINE *e = NULL;
apps_startup();
@@ -175,9 +174,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
+ e = setup_engine(bio_err, engine, 0);
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
@@ -303,6 +300,7 @@ int MAIN(int argc, char **argv)
end:
if (p7 != NULL)
PKCS7_free(p7);
+ release_engine(e);
if (in != NULL)
BIO_free(in);
if (out != NULL)
Modified: stable/11/crypto/openssl/apps/pkcs8.c
==============================================================================
--- stable/11/crypto/openssl/apps/pkcs8.c Thu Jan 26 19:10:29 2017 (r312825)
+++ stable/11/crypto/openssl/apps/pkcs8.c Thu Jan 26 19:14:14 2017 (r312826)
@@ -87,9 +87,7 @@ int MAIN(int argc, char **argv)
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -223,9 +221,7 @@ int MAIN(int argc, char **argv)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list