svn commit: r295009 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/bio crypto/openssl/crypto/bn cr...
Jung-uk Kim
jkim at FreeBSD.org
Thu Jan 28 20:15:28 UTC 2016
Author: jkim
Date: Thu Jan 28 20:15:22 2016
New Revision: 295009
URL: https://svnweb.freebsd.org/changeset/base/295009
Log:
Merge OpenSSL 1.0.2f.
Relnotes: yes
Added:
head/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
- copied unchanged from r295001, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
head/crypto/openssl/util/pod2mantest
- copied unchanged from r295001, vendor-crypto/openssl/dist/util/pod2mantest
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 (contents, props changed)
Modified:
head/crypto/openssl/ACKNOWLEDGMENTS
head/crypto/openssl/CHANGES
head/crypto/openssl/Configure
head/crypto/openssl/INSTALL
head/crypto/openssl/LICENSE
head/crypto/openssl/Makefile
head/crypto/openssl/Makefile.org
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/engine.c
head/crypto/openssl/apps/ocsp.c
head/crypto/openssl/apps/pkcs12.c
head/crypto/openssl/apps/pkeyutl.c
head/crypto/openssl/apps/s_client.c
head/crypto/openssl/apps/s_server.c
head/crypto/openssl/apps/speed.c
head/crypto/openssl/apps/x509.c
head/crypto/openssl/crypto/aes/aes.h
head/crypto/openssl/crypto/aes/aes_cbc.c
head/crypto/openssl/crypto/aes/aes_cfb.c
head/crypto/openssl/crypto/aes/aes_core.c
head/crypto/openssl/crypto/aes/aes_ctr.c
head/crypto/openssl/crypto/aes/aes_ecb.c
head/crypto/openssl/crypto/aes/aes_ige.c
head/crypto/openssl/crypto/aes/aes_locl.h
head/crypto/openssl/crypto/aes/aes_misc.c
head/crypto/openssl/crypto/aes/aes_ofb.c
head/crypto/openssl/crypto/aes/aes_x86core.c
head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
head/crypto/openssl/crypto/bio/bio.h
head/crypto/openssl/crypto/bio/bss_bio.c
head/crypto/openssl/crypto/bio/bss_conn.c
head/crypto/openssl/crypto/bio/bss_dgram.c
head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
head/crypto/openssl/crypto/bn/bn_exp.c
head/crypto/openssl/crypto/bn/exptest.c
head/crypto/openssl/crypto/camellia/camellia.c
head/crypto/openssl/crypto/camellia/camellia.h
head/crypto/openssl/crypto/camellia/cmll_cbc.c
head/crypto/openssl/crypto/camellia/cmll_cfb.c
head/crypto/openssl/crypto/camellia/cmll_ctr.c
head/crypto/openssl/crypto/camellia/cmll_ecb.c
head/crypto/openssl/crypto/camellia/cmll_locl.h
head/crypto/openssl/crypto/camellia/cmll_misc.c
head/crypto/openssl/crypto/camellia/cmll_ofb.c
head/crypto/openssl/crypto/camellia/cmll_utl.c
head/crypto/openssl/crypto/des/des_old.c
head/crypto/openssl/crypto/des/des_old.h
head/crypto/openssl/crypto/des/des_old2.c
head/crypto/openssl/crypto/dh/dh.h
head/crypto/openssl/crypto/dh/dh_check.c
head/crypto/openssl/crypto/dh/dhtest.c
head/crypto/openssl/crypto/dsa/dsa_ossl.c
head/crypto/openssl/crypto/dso/dso.h
head/crypto/openssl/crypto/dso/dso_dl.c
head/crypto/openssl/crypto/dso/dso_dlfcn.c
head/crypto/openssl/crypto/dso/dso_lib.c
head/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
head/crypto/openssl/crypto/ec/ec2_smpl.c
head/crypto/openssl/crypto/ec/ec_key.c
head/crypto/openssl/crypto/ec/ecp_nistz256_table.c
head/crypto/openssl/crypto/ec/ectest.c
head/crypto/openssl/crypto/engine/eng_all.c
head/crypto/openssl/crypto/evp/e_camellia.c
head/crypto/openssl/crypto/evp/e_old.c
head/crypto/openssl/crypto/evp/e_seed.c
head/crypto/openssl/crypto/mem_clr.c
head/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
head/crypto/openssl/crypto/o_dir.c
head/crypto/openssl/crypto/o_dir.h
head/crypto/openssl/crypto/o_dir_test.c
head/crypto/openssl/crypto/o_str.c
head/crypto/openssl/crypto/o_str.h
head/crypto/openssl/crypto/o_time.c
head/crypto/openssl/crypto/o_time.h
head/crypto/openssl/crypto/opensslv.h
head/crypto/openssl/crypto/rc4/rc4_utl.c
head/crypto/openssl/crypto/rsa/rsa_chk.c
head/crypto/openssl/crypto/rsa/rsa_sign.c
head/crypto/openssl/crypto/seed/seed_cbc.c
head/crypto/openssl/crypto/seed/seed_cfb.c
head/crypto/openssl/crypto/seed/seed_ecb.c
head/crypto/openssl/crypto/seed/seed_ofb.c
head/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
head/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
head/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
head/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
head/crypto/openssl/crypto/sha/sha1test.c
head/crypto/openssl/crypto/store/store.h
head/crypto/openssl/crypto/store/str_lib.c
head/crypto/openssl/crypto/store/str_locl.h
head/crypto/openssl/crypto/store/str_mem.c
head/crypto/openssl/crypto/store/str_meth.c
head/crypto/openssl/crypto/ts/ts_rsp_verify.c
head/crypto/openssl/crypto/ui/ui.h
head/crypto/openssl/crypto/ui/ui_compat.c
head/crypto/openssl/crypto/ui/ui_compat.h
head/crypto/openssl/crypto/ui/ui_lib.c
head/crypto/openssl/crypto/ui/ui_locl.h
head/crypto/openssl/crypto/ui/ui_openssl.c
head/crypto/openssl/crypto/ui/ui_util.c
head/crypto/openssl/crypto/x509/x509_vfy.c
head/crypto/openssl/crypto/x509/x509_vfy.h
head/crypto/openssl/crypto/x509/x509_vpm.c
head/crypto/openssl/crypto/x509v3/v3_pci.c
head/crypto/openssl/crypto/x509v3/v3_pcia.c
head/crypto/openssl/crypto/x509v3/v3_utl.c
head/crypto/openssl/crypto/x509v3/v3nametest.c
head/crypto/openssl/doc/apps/s_time.pod
head/crypto/openssl/doc/crypto/BIO_s_connect.pod
head/crypto/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
head/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
head/crypto/openssl/engines/e_chil.c
head/crypto/openssl/ssl/d1_both.c
head/crypto/openssl/ssl/kssl.c
head/crypto/openssl/ssl/kssl.h
head/crypto/openssl/ssl/kssl_lcl.h
head/crypto/openssl/ssl/s2_srvr.c
head/crypto/openssl/ssl/s3_clnt.c
head/crypto/openssl/ssl/s3_lib.c
head/crypto/openssl/ssl/s3_srvr.c
head/crypto/openssl/ssl/ssl.h
head/crypto/openssl/ssl/ssl_err.c
head/crypto/openssl/ssl/ssl_lib.c
head/crypto/openssl/ssl/ssl_sess.c
head/crypto/openssl/ssl/t1_enc.c
head/crypto/openssl/ssl/t1_lib.c
head/crypto/openssl/util/domd
head/crypto/openssl/util/pl/VC-32.pl
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/ASN1_TIME_set.3
head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/BIO_ctrl.3
head/secure/lib/libcrypto/man/BIO_f_base64.3
head/secure/lib/libcrypto/man/BIO_f_buffer.3
head/secure/lib/libcrypto/man/BIO_f_cipher.3
head/secure/lib/libcrypto/man/BIO_f_md.3
head/secure/lib/libcrypto/man/BIO_f_null.3
head/secure/lib/libcrypto/man/BIO_f_ssl.3
head/secure/lib/libcrypto/man/BIO_find_type.3
head/secure/lib/libcrypto/man/BIO_new.3
head/secure/lib/libcrypto/man/BIO_new_CMS.3
head/secure/lib/libcrypto/man/BIO_push.3
head/secure/lib/libcrypto/man/BIO_read.3
head/secure/lib/libcrypto/man/BIO_s_accept.3
head/secure/lib/libcrypto/man/BIO_s_bio.3
head/secure/lib/libcrypto/man/BIO_s_connect.3
head/secure/lib/libcrypto/man/BIO_s_fd.3
head/secure/lib/libcrypto/man/BIO_s_file.3
head/secure/lib/libcrypto/man/BIO_s_mem.3
head/secure/lib/libcrypto/man/BIO_s_null.3
head/secure/lib/libcrypto/man/BIO_s_socket.3
head/secure/lib/libcrypto/man/BIO_set_callback.3
head/secure/lib/libcrypto/man/BIO_should_retry.3
head/secure/lib/libcrypto/man/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/BN_CTX_new.3
head/secure/lib/libcrypto/man/BN_CTX_start.3
head/secure/lib/libcrypto/man/BN_add.3
head/secure/lib/libcrypto/man/BN_add_word.3
head/secure/lib/libcrypto/man/BN_bn2bin.3
head/secure/lib/libcrypto/man/BN_cmp.3
head/secure/lib/libcrypto/man/BN_copy.3
head/secure/lib/libcrypto/man/BN_generate_prime.3
head/secure/lib/libcrypto/man/BN_mod_inverse.3
head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/BN_new.3
head/secure/lib/libcrypto/man/BN_num_bytes.3
head/secure/lib/libcrypto/man/BN_rand.3
head/secure/lib/libcrypto/man/BN_set_bit.3
head/secure/lib/libcrypto/man/BN_swap.3
head/secure/lib/libcrypto/man/BN_zero.3
head/secure/lib/libcrypto/man/CMS_add0_cert.3
head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/CMS_add1_signer.3
head/secure/lib/libcrypto/man/CMS_compress.3
head/secure/lib/libcrypto/man/CMS_decrypt.3
head/secure/lib/libcrypto/man/CMS_encrypt.3
head/secure/lib/libcrypto/man/CMS_final.3
head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/CMS_get0_type.3
head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/CMS_sign.3
head/secure/lib/libcrypto/man/CMS_sign_receipt.3
head/secure/lib/libcrypto/man/CMS_uncompress.3
head/secure/lib/libcrypto/man/CMS_verify.3
head/secure/lib/libcrypto/man/CMS_verify_receipt.3
head/secure/lib/libcrypto/man/CONF_modules_free.3
head/secure/lib/libcrypto/man/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
head/secure/lib/libcrypto/man/DH_generate_key.3
head/secure/lib/libcrypto/man/DH_generate_parameters.3
head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
head/secure/lib/libcrypto/man/DH_new.3
head/secure/lib/libcrypto/man/DH_set_method.3
head/secure/lib/libcrypto/man/DH_size.3
head/secure/lib/libcrypto/man/DSA_SIG_new.3
head/secure/lib/libcrypto/man/DSA_do_sign.3
head/secure/lib/libcrypto/man/DSA_dup_DH.3
head/secure/lib/libcrypto/man/DSA_generate_key.3
head/secure/lib/libcrypto/man/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/DSA_new.3
head/secure/lib/libcrypto/man/DSA_set_method.3
head/secure/lib/libcrypto/man/DSA_sign.3
head/secure/lib/libcrypto/man/DSA_size.3
head/secure/lib/libcrypto/man/EC_GFp_simple_method.3
head/secure/lib/libcrypto/man/EC_GROUP_copy.3
head/secure/lib/libcrypto/man/EC_GROUP_new.3
head/secure/lib/libcrypto/man/EC_KEY_new.3
head/secure/lib/libcrypto/man/EC_POINT_add.3
head/secure/lib/libcrypto/man/EC_POINT_new.3
head/secure/lib/libcrypto/man/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/ERR_clear_error.3
head/secure/lib/libcrypto/man/ERR_error_string.3
head/secure/lib/libcrypto/man/ERR_get_error.3
head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/ERR_load_strings.3
head/secure/lib/libcrypto/man/ERR_print_errors.3
head/secure/lib/libcrypto/man/ERR_put_error.3
head/secure/lib/libcrypto/man/ERR_remove_state.3
head/secure/lib/libcrypto/man/ERR_set_mark.3
head/secure/lib/libcrypto/man/EVP_BytesToKey.3
head/secure/lib/libcrypto/man/EVP_DigestInit.3
head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/EVP_OpenInit.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/EVP_SealInit.3
head/secure/lib/libcrypto/man/EVP_SignInit.3
head/secure/lib/libcrypto/man/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/OPENSSL_Applink.3
head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/OPENSSL_config.3
head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
head/secure/lib/libcrypto/man/PKCS12_create.3
head/secure/lib/libcrypto/man/PKCS12_parse.3
head/secure/lib/libcrypto/man/PKCS7_decrypt.3
head/secure/lib/libcrypto/man/PKCS7_encrypt.3
head/secure/lib/libcrypto/man/PKCS7_sign.3
head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
head/secure/lib/libcrypto/man/PKCS7_verify.3
head/secure/lib/libcrypto/man/RAND_add.3
head/secure/lib/libcrypto/man/RAND_bytes.3
head/secure/lib/libcrypto/man/RAND_cleanup.3
head/secure/lib/libcrypto/man/RAND_egd.3
head/secure/lib/libcrypto/man/RAND_load_file.3
head/secure/lib/libcrypto/man/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/RSA_blinding_on.3
head/secure/lib/libcrypto/man/RSA_check_key.3
head/secure/lib/libcrypto/man/RSA_generate_key.3
head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
head/secure/lib/libcrypto/man/RSA_new.3
head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/RSA_print.3
head/secure/lib/libcrypto/man/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/RSA_set_method.3
head/secure/lib/libcrypto/man/RSA_sign.3
head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/RSA_size.3
head/secure/lib/libcrypto/man/SMIME_read_CMS.3
head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
head/secure/lib/libcrypto/man/SMIME_write_CMS.3
head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/X509_check_host.3
head/secure/lib/libcrypto/man/X509_new.3
head/secure/lib/libcrypto/man/X509_verify_cert.3
head/secure/lib/libcrypto/man/bio.3
head/secure/lib/libcrypto/man/blowfish.3
head/secure/lib/libcrypto/man/bn.3
head/secure/lib/libcrypto/man/bn_internal.3
head/secure/lib/libcrypto/man/buffer.3
head/secure/lib/libcrypto/man/crypto.3
head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
head/secure/lib/libcrypto/man/d2i_DHparams.3
head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_ECPKParameters.3
head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
head/secure/lib/libcrypto/man/d2i_X509.3
head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
head/secure/lib/libcrypto/man/d2i_X509_CRL.3
head/secure/lib/libcrypto/man/d2i_X509_NAME.3
head/secure/lib/libcrypto/man/d2i_X509_REQ.3
head/secure/lib/libcrypto/man/d2i_X509_SIG.3
head/secure/lib/libcrypto/man/des.3
head/secure/lib/libcrypto/man/dh.3
head/secure/lib/libcrypto/man/dsa.3
head/secure/lib/libcrypto/man/ec.3
head/secure/lib/libcrypto/man/ecdsa.3
head/secure/lib/libcrypto/man/engine.3
head/secure/lib/libcrypto/man/err.3
head/secure/lib/libcrypto/man/evp.3
head/secure/lib/libcrypto/man/hmac.3
head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
head/secure/lib/libcrypto/man/lh_stats.3
head/secure/lib/libcrypto/man/lhash.3
head/secure/lib/libcrypto/man/md5.3
head/secure/lib/libcrypto/man/mdc2.3
head/secure/lib/libcrypto/man/pem.3
head/secure/lib/libcrypto/man/rand.3
head/secure/lib/libcrypto/man/rc4.3
head/secure/lib/libcrypto/man/ripemd.3
head/secure/lib/libcrypto/man/rsa.3
head/secure/lib/libcrypto/man/sha.3
head/secure/lib/libcrypto/man/threads.3
head/secure/lib/libcrypto/man/ui.3
head/secure/lib/libcrypto/man/ui_compat.3
head/secure/lib/libcrypto/man/x509.3
head/secure/lib/libssl/Makefile.man
head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
head/secure/lib/libssl/man/SSL_CONF_CTX_new.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
head/secure/lib/libssl/man/SSL_CONF_cmd.3
head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libssl/man/SSL_CTX_add_session.3
head/secure/lib/libssl/man/SSL_CTX_ctrl.3
head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
head/secure/lib/libssl/man/SSL_CTX_free.3
head/secure/lib/libssl/man/SSL_CTX_get0_param.3
head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
head/secure/lib/libssl/man/SSL_CTX_new.3
head/secure/lib/libssl/man/SSL_CTX_sess_number.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libssl/man/SSL_CTX_sessions.3
head/secure/lib/libssl/man/SSL_CTX_set1_curves.3
head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
head/secure/lib/libssl/man/SSL_CTX_set_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_options.3
head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
head/secure/lib/libssl/man/SSL_CTX_set_verify.3
head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
head/secure/lib/libssl/man/SSL_SESSION_free.3
head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_SESSION_get_time.3
head/secure/lib/libssl/man/SSL_accept.3
head/secure/lib/libssl/man/SSL_alert_type_string.3
head/secure/lib/libssl/man/SSL_check_chain.3
head/secure/lib/libssl/man/SSL_clear.3
head/secure/lib/libssl/man/SSL_connect.3
head/secure/lib/libssl/man/SSL_do_handshake.3
head/secure/lib/libssl/man/SSL_free.3
head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
head/secure/lib/libssl/man/SSL_get_ciphers.3
head/secure/lib/libssl/man/SSL_get_client_CA_list.3
head/secure/lib/libssl/man/SSL_get_current_cipher.3
head/secure/lib/libssl/man/SSL_get_default_timeout.3
head/secure/lib/libssl/man/SSL_get_error.3
head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
head/secure/lib/libssl/man/SSL_get_ex_new_index.3
head/secure/lib/libssl/man/SSL_get_fd.3
head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
head/secure/lib/libssl/man/SSL_get_peer_certificate.3
head/secure/lib/libssl/man/SSL_get_psk_identity.3
head/secure/lib/libssl/man/SSL_get_rbio.3
head/secure/lib/libssl/man/SSL_get_session.3
head/secure/lib/libssl/man/SSL_get_verify_result.3
head/secure/lib/libssl/man/SSL_get_version.3
head/secure/lib/libssl/man/SSL_library_init.3
head/secure/lib/libssl/man/SSL_load_client_CA_file.3
head/secure/lib/libssl/man/SSL_new.3
head/secure/lib/libssl/man/SSL_pending.3
head/secure/lib/libssl/man/SSL_read.3
head/secure/lib/libssl/man/SSL_rstate_string.3
head/secure/lib/libssl/man/SSL_session_reused.3
head/secure/lib/libssl/man/SSL_set_bio.3
head/secure/lib/libssl/man/SSL_set_connect_state.3
head/secure/lib/libssl/man/SSL_set_fd.3
head/secure/lib/libssl/man/SSL_set_session.3
head/secure/lib/libssl/man/SSL_set_shutdown.3
head/secure/lib/libssl/man/SSL_set_verify_result.3
head/secure/lib/libssl/man/SSL_shutdown.3
head/secure/lib/libssl/man/SSL_state_string.3
head/secure/lib/libssl/man/SSL_want.3
head/secure/lib/libssl/man/SSL_write.3
head/secure/lib/libssl/man/d2i_SSL_SESSION.3
head/secure/lib/libssl/man/ssl.3
head/secure/usr.bin/openssl/man/CA.pl.1
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/c_rehash.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/openssl.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/ACKNOWLEDGMENTS
==============================================================================
--- head/crypto/openssl/ACKNOWLEDGMENTS Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/ACKNOWLEDGMENTS Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,30 +1,2 @@
-The OpenSSL project depends on volunteer efforts and financial support from
-the end user community. That support comes in the form of donations and paid
-sponsorships, software support contracts, paid consulting services
-and commissioned software development.
-
-Since all these activities support the continued development and improvement
-of OpenSSL we consider all these clients and customers as sponsors of the
-OpenSSL project.
-
-We would like to identify and thank the following such sponsors for their past
-or current significant support of the OpenSSL project:
-
-Major support:
-
- Qualys http://www.qualys.com/
-
-Very significant support:
-
- OpenGear: http://www.opengear.com/
-
-Significant support:
-
- PSW Group: http://www.psw.net/
- Acano Ltd. http://acano.com/
-
-Please note that we ask permission to identify sponsors and that some sponsors
-we consider eligible for inclusion here have requested to remain anonymous.
-
-Additional sponsorship or financial support is always welcome: for more
-information please contact the OpenSSL Software Foundation.
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/CHANGES Thu Jan 28 20:15:22 2016 (r295009)
@@ -2,6 +2,54 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+
+ *) DH small subgroups
+
+ Historically OpenSSL only ever generated DH parameters based on "safe"
+ primes. More recently (in version 1.0.2) support was provided for
+ generating X9.42 style parameter files such as those required for RFC 5114
+ support. The primes used in such files may not be "safe". Where an
+ application is using DH configured with parameters based on primes that are
+ not "safe" then an attacker could use this fact to find a peer's private
+ DH exponent. This attack requires that the attacker complete multiple
+ handshakes in which the peer uses the same private DH exponent. For example
+ this could be used to discover a TLS server's private DH exponent if it's
+ reusing the private DH exponent or it's using a static DH ciphersuite.
+
+ OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+ TLS. It is not on by default. If the option is not set then the server
+ reuses the same private DH exponent for the life of the server process and
+ would be vulnerable to this attack. It is believed that many popular
+ applications do set this option and would therefore not be at risk.
+
+ The fix for this issue adds an additional check where a "q" parameter is
+ available (as is the case in X9.42 based parameters). This detects the
+ only known attack, and is the only possible defense for static DH
+ ciphersuites. This could have some performance impact.
+
+ Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
+ default and cannot be disabled. This could have some performance impact.
+
+ This issue was reported to OpenSSL by Antonio Sanso (Adobe).
+ (CVE-2016-0701)
+ [Matt Caswell]
+
+ *) SSLv2 doesn't block disabled ciphers
+
+ A malicious client can negotiate SSLv2 ciphers that have been disabled on
+ the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+ been disabled, provided that the SSLv2 protocol was not also disabled via
+ SSL_OP_NO_SSLv2.
+
+ This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+ and Sebastian Schinzel.
+ (CVE-2015-3197)
+ [Viktor Dukhovni]
+
+ *) Reject DH handshakes with parameters shorter than 1024 bits.
+ [Kurt Roeckx]
+
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64
Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/Configure Thu Jan 28 20:15:22 2016 (r295009)
@@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unus
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/) # Intel C compi
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
- $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@@ -2028,14 +2031,8 @@ EOF
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
+ $warn_make_depend++;
+ }
}
# create the ms/version32.rc file if needed
@@ -2114,12 +2111,18 @@ EOF
print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'. If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+ make depend
EOF
exit(0);
Modified: head/crypto/openssl/INSTALL
==============================================================================
--- head/crypto/openssl/INSTALL Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/INSTALL Thu Jan 28 20:15:22 2016 (r295009)
@@ -164,10 +164,10 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs at openssl.org> (note that your
message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/support/rt.html and will be forwarded to a
- public mailing list). Include the output of "make report" in your message.
- Please check out the request tracker. Maybe the bug was already
- reported or has already been fixed.
+ at https://www.openssl.org/community/index.html#bugs and will be
+ forwarded to a public mailing list). Include the output of "make
+ report" in your message. Please check out the request tracker. Maybe
+ the bug was already reported or has already been fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
Modified: head/crypto/openssl/LICENSE
==============================================================================
--- head/crypto/openssl/LICENSE Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/LICENSE Thu Jan 28 20:15:22 2016 (r295009)
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/Makefile Thu Jan 28 20:15:22 2016 (r295009)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2e
+VERSION=1.0.2f
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -182,8 +182,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
+TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@@ -501,38 +500,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl:0 --group openssl:0 \
- --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+ --owner 0 --group 0 \
+ --transform 's|^|$(NAME)/|' \
-cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \! -name '*test' \! -name '.#*' \! -name '*~' \
- | sort > ../$(TARFILE).list
+ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+ \! -name '.#*' \! -name '*~' \! -type l \
+ | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
- $(TAR_COMMAND) > ../$(TARFILE)
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE)
+ $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+ $(TAR_COMMAND) > $(TARFILE)
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE)
dist:
$(PERL) Configure dist
- @$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
Modified: head/crypto/openssl/Makefile.org
==============================================================================
--- head/crypto/openssl/Makefile.org Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/Makefile.org Thu Jan 28 20:15:22 2016 (r295009)
@@ -180,8 +180,7 @@ SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
+TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
@@ -499,38 +498,35 @@ TABLE: Configure
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
- --owner openssl:0 --group openssl:0 \
- --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+ --owner 0 --group 0 \
+ --transform 's|^|$(NAME)/|' \
-cvf -
-../$(TARFILE).list:
+$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \! -name '*test' \! -name '.#*' \! -name '*~' \
- | sort > ../$(TARFILE).list
+ \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+ \! -name '.#*' \! -name '*~' \! -type l \
+ | sort > $(TARFILE).list
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
- $(TAR_COMMAND) > ../$(TARFILE)
- rm -f ../$(TARFILE).list
- ls -l ../$(TARFILE)
+ $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+ $(TAR_COMMAND) > $(TARFILE)
+ rm -f $(TARFILE).list
+ ls -l $(TARFILE)
dist:
$(PERL) Configure dist
- @$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/NEWS Thu Jan 28 20:15:22 2016 (r295009)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+ o DH small subgroups (CVE-2016-0701)
+ o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/README Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2e 3 Dec 2015
+ OpenSSL 1.0.2f 28 Jan 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -90,11 +90,12 @@
In order to avoid spam, this is a moderated mailing list, and it might
take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
- this address is recorded in the public RT (request tracker) database (see
- https://www.openssl.org/support/rt.html for details) and also forwarded
- the public openssl-dev mailing list. Confidential mail may be sent to
- openssl-security at openssl.org (PGP key available from the key servers).
+ that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list. Confidential mail
+ may be sent to openssl-security at openssl.org (PGP key available from the
+ key servers).
Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
Modified: head/crypto/openssl/apps/engine.c
==============================================================================
--- head/crypto/openssl/apps/engine.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/engine.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
/*
* Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
* 2000.
Modified: head/crypto/openssl/apps/ocsp.c
==============================================================================
--- head/crypto/openssl/apps/ocsp.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/ocsp.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPO
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+ nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
Modified: head/crypto/openssl/apps/pkcs12.c
==============================================================================
--- head/crypto/openssl/apps/pkcs12.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/pkcs12.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
# define CLCERTS 0x8
# define CACERTS 0x10
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
- if (!vret) {
+ if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
- if (vret >= 0)
+ if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
@@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
/* Given a single certificate return a verified chain or NULL if error */
-/* Hope this is OK .... */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
+ STACK_OF(X509) *chn = NULL;
int i = 0;
- /*
- * FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this function
- * is less obvious.
- */
- X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
- if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error(&store_ctx);
- if (i == 0)
- /*
- * avoid returning 0 if X509_verify_cert() did not set an
- * appropriate error value in the context
- */
- i = -1;
- chn = NULL;
- goto err;
- } else
+ if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+ *chain = NULL;
+ return X509_V_ERR_UNSPECIFIED;
+ }
+
+ if (X509_verify_cert(&store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+ else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+ i = X509_V_ERR_UNSPECIFIED;
+
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
-
return i;
}
Modified: head/crypto/openssl/apps/pkeyutl.c
==============================================================================
--- head/crypto/openssl/apps/pkeyutl.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/pkeyutl.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -74,10 +74,11 @@ static void usage(void);
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e);
+ char *passargin, int pkey_op, ENGINE *e,
+ int impl);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file);
+ const char *file, ENGINE* e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
+ int engine_impl = 0;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
@@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
- passargin, pkey_op, e);
+ passargin, pkey_op, e, engine_impl);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
@@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+ else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
badarg = 1;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
@@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
+ } else if (!strcmp(*argv, "-engine_impl")) {
+ engine_impl = 1;
}
#endif
else if (!strcmp(*argv, "-pubin"))
@@ -368,7 +372,8 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
- "-engine e use engine e, possibly a hardware device.\n");
+ "-engine e use engine e, maybe a hardware device, for loading keys.\n");
+ BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
@@ -376,10 +381,12 @@ static void usage()
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e)
+ char *passargin, int pkey_op, ENGINE *e,
+ int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
+ ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
@@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys
if (!pkey)
goto end;
-
- ctx = EVP_PKEY_CTX_new(pkey, e);
-
+
+#ifndef OPENSSL_NO_ENGINE
+ if (engine_impl)
+ impl = e;
+#endif
+
+ ctx = EVP_PKEY_CTX_new(pkey, impl);
+
EVP_PKEY_free(pkey);
if (!ctx)
@@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeys
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file)
+ const char *file, ENGINE* e)
{
EVP_PKEY *peer = NULL;
+ ENGINE* engine = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
- peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+ if (peerform == FORMAT_ENGINE)
+ engine = e;
+
+ peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
Modified: head/crypto/openssl/apps/s_client.c
==============================================================================
--- head/crypto/openssl/apps/s_client.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/s_client.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -308,7 +308,7 @@ static void sc_usage(void)
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
Modified: head/crypto/openssl/apps/s_server.c
==============================================================================
--- head/crypto/openssl/apps/s_server.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/s_server.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -498,7 +498,7 @@ static void sv_usage(void)
BIO_printf(bio_err,
" -accept arg - port to accept on (default is %d)\n", PORT);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
Modified: head/crypto/openssl/apps/speed.c
==============================================================================
--- head/crypto/openssl/apps/speed.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/speed.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
*
Modified: head/crypto/openssl/apps/x509.c
==============================================================================
--- head/crypto/openssl/apps/x509.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/apps/x509.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
- NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))
Modified: head/crypto/openssl/crypto/aes/aes.h
==============================================================================
--- head/crypto/openssl/crypto/aes/aes.h Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes.h Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_cbc.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_cbc.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_cbc.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_cfb.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_cfb.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_cfb.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_core.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_core.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_core.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*
Modified: head/crypto/openssl/crypto/aes/aes_ctr.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_ctr.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_ctr.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_ecb.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_ecb.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_ecb.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_ige.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_ige.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_ige.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_locl.h
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_locl.h Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_locl.h Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_misc.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_misc.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_misc.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_ofb.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_ofb.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_ofb.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
/* ====================================================================
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/aes/aes_x86core.c
==============================================================================
--- head/crypto/openssl/crypto/aes/aes_x86core.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/aes_x86core.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
/**
* rijndael-alg-fst.c
*
Modified: head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
$avx = ($1>=10) + ($1>=11);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
-$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
$shaext=1; ### set to zero if compiling for 1.0.1
Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
$avx = ($1>=10) + ($1>=12);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: head/crypto/openssl/crypto/bio/bio.h
==============================================================================
--- head/crypto/openssl/crypto/bio/bio.h Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bio/bio.h Thu Jan 28 20:15:22 2016 (r295009)
@@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+/* BIO_s_accept() and BIO_s_connect() */
# define BIO_do_connect(b) BIO_do_handshake(b)
# define BIO_do_accept(b) BIO_do_handshake(b)
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+/* BIO_s_file() */
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+/* BIO_s_fd() and BIO_s_file() */
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
Modified: head/crypto/openssl/crypto/bio/bss_bio.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_bio.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bio/bss_bio.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
Modified: head/crypto/openssl/crypto/bio/bss_conn.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_conn.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bio/bss_conn.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, l
{
BIO *dbio;
int *ip;
- const char **pptr;
+ const char **pptr = NULL;
long ret = 1;
BIO_CONNECT *data;
@@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, l
case BIO_C_GET_CONNECT:
if (ptr != NULL) {
pptr = (const char **)ptr;
- if (num == 0) {
- *pptr = data->param_hostname;
+ }
- } else if (num == 1) {
- *pptr = data->param_port;
- } else if (num == 2) {
- *pptr = (char *)&(data->ip[0]);
- } else if (num == 3) {
- *((int *)ptr) = data->port;
+ if (b->init) {
+ if (pptr != NULL) {
+ ret = 1;
+ if (num == 0) {
+ *pptr = data->param_hostname;
+ } else if (num == 1) {
+ *pptr = data->param_port;
+ } else if (num == 2) {
+ *pptr = (char *)&(data->ip[0]);
+ } else {
+ ret = 0;
+ }
+ }
+ if (num == 3) {
+ ret = data->port;
}
- if ((!b->init) || (ptr == NULL))
+ } else {
+ if (pptr != NULL)
*pptr = "not initialized";
- ret = 1;
+ ret = 0;
}
break;
case BIO_C_SET_CONNECT:
Modified: head/crypto/openssl/crypto/bio/bss_dgram.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_dgram.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bio/bss_dgram.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd,
switch (cmd) {
case BIO_CTRL_RESET:
num = 0;
- case BIO_C_FILE_SEEK:
ret = 0;
break;
- case BIO_C_FILE_TELL:
case BIO_CTRL_INFO:
ret = 0;
break;
Modified: head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
==============================================================================
--- head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bn/asm/x86_64-mont.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
==============================================================================
--- head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Thu Jan 28 20:15:22 2016 (r295009)
@@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /ma
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: head/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- head/crypto/openssl/crypto/bn/bn_exp.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bn/bn_exp.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
}
bits = BN_num_bits(p);
-
if (bits == 0) {
- ret = BN_one(r);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
@@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
}
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
* precomputation memory layout to limit data-dependency to a minimum to
* protect secret exponents (cf. the hyper-threading timing attacks pointed
* out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
@@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
bits = BN_num_bits(p);
if (bits == 0) {
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else {
+ ret = BN_one(rr);
+ }
return ret;
}
@@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
if (BN_is_one(m)) {
ret = 1;
BN_zero(rr);
- } else
+ } else {
ret = BN_one(rr);
+ }
return ret;
}
if (a == 0) {
@@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B
}
bits = BN_num_bits(p);
-
- if (bits == 0) {
- ret = BN_one(r);
+ if (bits == 0) {
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(r);
+ } else {
+ ret = BN_one(r);
+ }
return ret;
}
Modified: head/crypto/openssl/crypto/bn/exptest.c
==============================================================================
--- head/crypto/openssl/crypto/bn/exptest.c Thu Jan 28 19:21:01 2016 (r295008)
+++ head/crypto/openssl/crypto/bn/exptest.c Thu Jan 28 20:15:22 2016 (r295009)
@@ -73,14 +73,34 @@ static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
/*
+ * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
+ * returns zero and prints debug output otherwise.
+ */
+static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
+ const BIGNUM *a) {
+ if (!BN_is_zero(r)) {
+ fprintf(stderr, "%s failed:\n", method);
+ fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
+ fprintf(stderr, "a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, "\nr = ");
+ BN_print_fp(stderr, r);
+ fprintf(stderr, "\n");
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list