Author: simon Date: Fri Nov 26 22:50:58 2010 New Revision: 215912 URL: http://svn.freebsd.org/changeset/base/215912
Log: Merge OpenSSL 0.9.8p into stable/8. This merges up to and including head/crypto/openssl/ r215697; and head/secure/lib/libcrypto/, head/secure/lib/libssl/, head/secure/usr.bin/openssl/ r215698. To make the merge simpler, a hack was added to set MACHINE_CPUARCH. Security: CVE-2010-2939, CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt Security: FreeBSD-SA-10:10.openssl Approved by: re (implicitly - they did not object of the general idea of OpenSSL update) Modified: stable/8/crypto/openssl/CHANGES stable/8/crypto/openssl/Configure stable/8/crypto/openssl/FAQ stable/8/crypto/openssl/Makefile stable/8/crypto/openssl/NEWS stable/8/crypto/openssl/PROBLEMS stable/8/crypto/openssl/README stable/8/crypto/openssl/apps/apps.c stable/8/crypto/openssl/apps/dh.c stable/8/crypto/openssl/apps/dhparam.c stable/8/crypto/openssl/apps/dsaparam.c stable/8/crypto/openssl/apps/ec.c stable/8/crypto/openssl/apps/ecparam.c stable/8/crypto/openssl/apps/enc.c stable/8/crypto/openssl/apps/gendh.c stable/8/crypto/openssl/apps/gendsa.c stable/8/crypto/openssl/apps/genrsa.c stable/8/crypto/openssl/apps/pkcs7.c stable/8/crypto/openssl/apps/rand.c stable/8/crypto/openssl/apps/s_server.c stable/8/crypto/openssl/apps/s_socket.c stable/8/crypto/openssl/apps/speed.c stable/8/crypto/openssl/apps/x509.c stable/8/crypto/openssl/crypto/aes/aes_wrap.c stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl stable/8/crypto/openssl/crypto/asn1/a_int.c stable/8/crypto/openssl/crypto/asn1/n_pkey.c stable/8/crypto/openssl/crypto/asn1/t_crl.c stable/8/crypto/openssl/crypto/asn1/tasn_dec.c stable/8/crypto/openssl/crypto/asn1/x_x509.c stable/8/crypto/openssl/crypto/bio/b_sock.c stable/8/crypto/openssl/crypto/bio/bf_nbio.c stable/8/crypto/openssl/crypto/bio/bio_lib.c stable/8/crypto/openssl/crypto/bio/bss_acpt.c stable/8/crypto/openssl/crypto/bio/bss_sock.c stable/8/crypto/openssl/crypto/bn/bn_exp2.c stable/8/crypto/openssl/crypto/bn/bn_mul.c stable/8/crypto/openssl/crypto/cms/cms_asn1.c stable/8/crypto/openssl/crypto/conf/conf_def.c stable/8/crypto/openssl/crypto/des/rpc_des.h stable/8/crypto/openssl/crypto/dsa/dsa_gen.c stable/8/crypto/openssl/crypto/dsa/dsa_ossl.c stable/8/crypto/openssl/crypto/ec/ec2_mult.c stable/8/crypto/openssl/crypto/ec/ec_mult.c stable/8/crypto/openssl/crypto/ecdh/ech_lib.c stable/8/crypto/openssl/crypto/ecdsa/ecs_lib.c stable/8/crypto/openssl/crypto/engine/eng_list.c stable/8/crypto/openssl/crypto/err/err_prn.c stable/8/crypto/openssl/crypto/evp/bio_b64.c stable/8/crypto/openssl/crypto/evp/enc_min.c stable/8/crypto/openssl/crypto/evp/encode.c stable/8/crypto/openssl/crypto/evp/evp_pbe.c stable/8/crypto/openssl/crypto/hmac/hmac.c stable/8/crypto/openssl/crypto/md32_common.h stable/8/crypto/openssl/crypto/o_init.c stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c stable/8/crypto/openssl/crypto/ocsp/ocsp_prn.c stable/8/crypto/openssl/crypto/opensslv.h stable/8/crypto/openssl/crypto/pem/pem_lib.c stable/8/crypto/openssl/crypto/pkcs12/p12_key.c stable/8/crypto/openssl/crypto/pkcs12/p12_npas.c stable/8/crypto/openssl/crypto/pkcs7/pk7_doit.c stable/8/crypto/openssl/crypto/pkcs7/pk7_lib.c stable/8/crypto/openssl/crypto/pkcs7/pk7_mime.c stable/8/crypto/openssl/crypto/pqueue/pqueue.c stable/8/crypto/openssl/crypto/rand/rand_nw.c stable/8/crypto/openssl/crypto/rand/randfile.c stable/8/crypto/openssl/crypto/rc5/rc5_locl.h stable/8/crypto/openssl/crypto/rsa/rsa_eay.c stable/8/crypto/openssl/crypto/x509/x509.h stable/8/crypto/openssl/crypto/x509/x509_vfy.c stable/8/crypto/openssl/crypto/x509/x_all.c stable/8/crypto/openssl/crypto/x509v3/v3_ncons.c stable/8/crypto/openssl/crypto/x509v3/v3_pci.c stable/8/crypto/openssl/doc/apps/smime.pod stable/8/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod stable/8/crypto/openssl/doc/crypto/ASN1_STRING_length.pod stable/8/crypto/openssl/doc/crypto/ASN1_STRING_new.pod stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/8/crypto/openssl/doc/crypto/BIO_f_buffer.pod stable/8/crypto/openssl/doc/crypto/BIO_should_retry.pod stable/8/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod stable/8/crypto/openssl/doc/crypto/OBJ_nid2obj.pod stable/8/crypto/openssl/doc/crypto/PKCS7_decrypt.pod stable/8/crypto/openssl/doc/crypto/PKCS7_encrypt.pod stable/8/crypto/openssl/doc/crypto/PKCS7_sign.pod stable/8/crypto/openssl/doc/crypto/PKCS7_verify.pod stable/8/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod stable/8/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod stable/8/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod stable/8/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod stable/8/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod stable/8/crypto/openssl/doc/crypto/X509_new.pod stable/8/crypto/openssl/doc/crypto/bn_internal.pod stable/8/crypto/openssl/doc/crypto/ui_compat.pod stable/8/crypto/openssl/doc/ssl/SSL_library_init.pod stable/8/crypto/openssl/e_os.h stable/8/crypto/openssl/engines/e_chil.c stable/8/crypto/openssl/engines/e_cswift.c stable/8/crypto/openssl/engines/e_ubsec.c stable/8/crypto/openssl/fips/mkfipsscr.pl stable/8/crypto/openssl/openssl.spec stable/8/crypto/openssl/ssl/d1_both.c stable/8/crypto/openssl/ssl/d1_clnt.c stable/8/crypto/openssl/ssl/d1_enc.c stable/8/crypto/openssl/ssl/d1_lib.c stable/8/crypto/openssl/ssl/d1_pkt.c stable/8/crypto/openssl/ssl/dtls1.h stable/8/crypto/openssl/ssl/s23_clnt.c stable/8/crypto/openssl/ssl/s23_lib.c stable/8/crypto/openssl/ssl/s2_srvr.c stable/8/crypto/openssl/ssl/s3_both.c stable/8/crypto/openssl/ssl/s3_clnt.c stable/8/crypto/openssl/ssl/s3_enc.c stable/8/crypto/openssl/ssl/ssl_algs.c stable/8/crypto/openssl/ssl/ssl_asn1.c stable/8/crypto/openssl/ssl/ssl_cert.c stable/8/crypto/openssl/ssl/ssl_ciph.c stable/8/crypto/openssl/ssl/ssl_lib.c stable/8/crypto/openssl/ssl/ssltest.c stable/8/crypto/openssl/ssl/t1_enc.c stable/8/crypto/openssl/ssl/t1_lib.c stable/8/crypto/openssl/test/cms-test.pl stable/8/crypto/openssl/tools/c_rehash stable/8/crypto/openssl/tools/c_rehash.in stable/8/crypto/openssl/util/libeay.num stable/8/crypto/openssl/util/mkdef.pl stable/8/crypto/openssl/util/pl/VC-32.pl stable/8/secure/lib/libcrypto/Makefile stable/8/secure/lib/libcrypto/Makefile.inc stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/8/secure/lib/libcrypto/man/BIO_ctrl.3 stable/8/secure/lib/libcrypto/man/BIO_f_base64.3 stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/8/secure/lib/libcrypto/man/BIO_f_md.3 stable/8/secure/lib/libcrypto/man/BIO_f_null.3 stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/8/secure/lib/libcrypto/man/BIO_find_type.3 stable/8/secure/lib/libcrypto/man/BIO_new.3 stable/8/secure/lib/libcrypto/man/BIO_push.3 stable/8/secure/lib/libcrypto/man/BIO_read.3 stable/8/secure/lib/libcrypto/man/BIO_s_accept.3 stable/8/secure/lib/libcrypto/man/BIO_s_bio.3 stable/8/secure/lib/libcrypto/man/BIO_s_connect.3 stable/8/secure/lib/libcrypto/man/BIO_s_fd.3 stable/8/secure/lib/libcrypto/man/BIO_s_file.3 stable/8/secure/lib/libcrypto/man/BIO_s_mem.3 stable/8/secure/lib/libcrypto/man/BIO_s_null.3 stable/8/secure/lib/libcrypto/man/BIO_s_socket.3 stable/8/secure/lib/libcrypto/man/BIO_set_callback.3 stable/8/secure/lib/libcrypto/man/BIO_should_retry.3 stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_start.3 stable/8/secure/lib/libcrypto/man/BN_add.3 stable/8/secure/lib/libcrypto/man/BN_add_word.3 stable/8/secure/lib/libcrypto/man/BN_bn2bin.3 stable/8/secure/lib/libcrypto/man/BN_cmp.3 stable/8/secure/lib/libcrypto/man/BN_copy.3 stable/8/secure/lib/libcrypto/man/BN_generate_prime.3 stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/8/secure/lib/libcrypto/man/BN_new.3 stable/8/secure/lib/libcrypto/man/BN_num_bytes.3 stable/8/secure/lib/libcrypto/man/BN_rand.3 stable/8/secure/lib/libcrypto/man/BN_set_bit.3 stable/8/secure/lib/libcrypto/man/BN_swap.3 stable/8/secure/lib/libcrypto/man/BN_zero.3 stable/8/secure/lib/libcrypto/man/CONF_modules_free.3 stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/8/secure/lib/libcrypto/man/DH_generate_key.3 stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DH_new.3 stable/8/secure/lib/libcrypto/man/DH_set_method.3 stable/8/secure/lib/libcrypto/man/DH_size.3 stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/8/secure/lib/libcrypto/man/DSA_do_sign.3 stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/8/secure/lib/libcrypto/man/DSA_generate_key.3 stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DSA_new.3 stable/8/secure/lib/libcrypto/man/DSA_set_method.3 stable/8/secure/lib/libcrypto/man/DSA_sign.3 stable/8/secure/lib/libcrypto/man/DSA_size.3 stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/8/secure/lib/libcrypto/man/ERR_clear_error.3 stable/8/secure/lib/libcrypto/man/ERR_error_string.3 stable/8/secure/lib/libcrypto/man/ERR_get_error.3 stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/8/secure/lib/libcrypto/man/ERR_load_strings.3 stable/8/secure/lib/libcrypto/man/ERR_print_errors.3 stable/8/secure/lib/libcrypto/man/ERR_put_error.3 stable/8/secure/lib/libcrypto/man/ERR_remove_state.3 stable/8/secure/lib/libcrypto/man/ERR_set_mark.3 stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/8/secure/lib/libcrypto/man/EVP_SealInit.3 stable/8/secure/lib/libcrypto/man/EVP_SignInit.3 stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/8/secure/lib/libcrypto/man/OPENSSL_config.3 stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/8/secure/lib/libcrypto/man/PKCS12_create.3 stable/8/secure/lib/libcrypto/man/PKCS12_parse.3 stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_sign.3 stable/8/secure/lib/libcrypto/man/PKCS7_verify.3 stable/8/secure/lib/libcrypto/man/RAND_add.3 stable/8/secure/lib/libcrypto/man/RAND_bytes.3 stable/8/secure/lib/libcrypto/man/RAND_cleanup.3 stable/8/secure/lib/libcrypto/man/RAND_egd.3 stable/8/secure/lib/libcrypto/man/RAND_load_file.3 stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/8/secure/lib/libcrypto/man/RSA_check_key.3 stable/8/secure/lib/libcrypto/man/RSA_generate_key.3 stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/RSA_new.3 stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/8/secure/lib/libcrypto/man/RSA_print.3 stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_set_method.3 stable/8/secure/lib/libcrypto/man/RSA_sign.3 stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/8/secure/lib/libcrypto/man/RSA_size.3 stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/8/secure/lib/libcrypto/man/X509_new.3 stable/8/secure/lib/libcrypto/man/bio.3 stable/8/secure/lib/libcrypto/man/blowfish.3 stable/8/secure/lib/libcrypto/man/bn.3 stable/8/secure/lib/libcrypto/man/bn_internal.3 stable/8/secure/lib/libcrypto/man/buffer.3 stable/8/secure/lib/libcrypto/man/crypto.3 stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/8/secure/lib/libcrypto/man/d2i_DHparams.3 stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_X509.3 stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/8/secure/lib/libcrypto/man/des.3 stable/8/secure/lib/libcrypto/man/dh.3 stable/8/secure/lib/libcrypto/man/dsa.3 stable/8/secure/lib/libcrypto/man/ecdsa.3 stable/8/secure/lib/libcrypto/man/engine.3 stable/8/secure/lib/libcrypto/man/err.3 stable/8/secure/lib/libcrypto/man/evp.3 stable/8/secure/lib/libcrypto/man/hmac.3 stable/8/secure/lib/libcrypto/man/lh_stats.3 stable/8/secure/lib/libcrypto/man/lhash.3 stable/8/secure/lib/libcrypto/man/md5.3 stable/8/secure/lib/libcrypto/man/mdc2.3 stable/8/secure/lib/libcrypto/man/pem.3 stable/8/secure/lib/libcrypto/man/rand.3 stable/8/secure/lib/libcrypto/man/rc4.3 stable/8/secure/lib/libcrypto/man/ripemd.3 stable/8/secure/lib/libcrypto/man/rsa.3 stable/8/secure/lib/libcrypto/man/sha.3 stable/8/secure/lib/libcrypto/man/threads.3 stable/8/secure/lib/libcrypto/man/ui.3 stable/8/secure/lib/libcrypto/man/ui_compat.3 stable/8/secure/lib/libcrypto/man/x509.3 stable/8/secure/lib/libcrypto/opensslconf-mips.h stable/8/secure/lib/libcrypto/opensslconf-powerpc.h stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_free.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/8/secure/lib/libssl/man/SSL_CTX_new.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/8/secure/lib/libssl/man/SSL_SESSION_free.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/8/secure/lib/libssl/man/SSL_accept.3 stable/8/secure/lib/libssl/man/SSL_alert_type_string.3 stable/8/secure/lib/libssl/man/SSL_clear.3 stable/8/secure/lib/libssl/man/SSL_connect.3 stable/8/secure/lib/libssl/man/SSL_do_handshake.3 stable/8/secure/lib/libssl/man/SSL_free.3 stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/8/secure/lib/libssl/man/SSL_get_ciphers.3 stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/8/secure/lib/libssl/man/SSL_get_error.3 stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_get_fd.3 stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/8/secure/lib/libssl/man/SSL_get_rbio.3 stable/8/secure/lib/libssl/man/SSL_get_session.3 stable/8/secure/lib/libssl/man/SSL_get_verify_result.3 stable/8/secure/lib/libssl/man/SSL_get_version.3 stable/8/secure/lib/libssl/man/SSL_library_init.3 stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/8/secure/lib/libssl/man/SSL_new.3 stable/8/secure/lib/libssl/man/SSL_pending.3 stable/8/secure/lib/libssl/man/SSL_read.3 stable/8/secure/lib/libssl/man/SSL_rstate_string.3 stable/8/secure/lib/libssl/man/SSL_session_reused.3 stable/8/secure/lib/libssl/man/SSL_set_bio.3 stable/8/secure/lib/libssl/man/SSL_set_connect_state.3 stable/8/secure/lib/libssl/man/SSL_set_fd.3 stable/8/secure/lib/libssl/man/SSL_set_session.3 stable/8/secure/lib/libssl/man/SSL_set_shutdown.3 stable/8/secure/lib/libssl/man/SSL_set_verify_result.3 stable/8/secure/lib/libssl/man/SSL_shutdown.3 stable/8/secure/lib/libssl/man/SSL_state_string.3 stable/8/secure/lib/libssl/man/SSL_want.3 stable/8/secure/lib/libssl/man/SSL_write.3 stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/8/secure/lib/libssl/man/ssl.3 stable/8/secure/usr.bin/openssl/man/CA.pl.1 stable/8/secure/usr.bin/openssl/man/asn1parse.1 stable/8/secure/usr.bin/openssl/man/ca.1 stable/8/secure/usr.bin/openssl/man/ciphers.1 stable/8/secure/usr.bin/openssl/man/crl.1 stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/8/secure/usr.bin/openssl/man/dgst.1 stable/8/secure/usr.bin/openssl/man/dhparam.1 stable/8/secure/usr.bin/openssl/man/dsa.1 stable/8/secure/usr.bin/openssl/man/dsaparam.1 stable/8/secure/usr.bin/openssl/man/ec.1 stable/8/secure/usr.bin/openssl/man/ecparam.1 stable/8/secure/usr.bin/openssl/man/enc.1 stable/8/secure/usr.bin/openssl/man/errstr.1 stable/8/secure/usr.bin/openssl/man/gendsa.1 stable/8/secure/usr.bin/openssl/man/genrsa.1 stable/8/secure/usr.bin/openssl/man/nseq.1 stable/8/secure/usr.bin/openssl/man/ocsp.1 stable/8/secure/usr.bin/openssl/man/openssl.1 stable/8/secure/usr.bin/openssl/man/passwd.1 stable/8/secure/usr.bin/openssl/man/pkcs12.1 stable/8/secure/usr.bin/openssl/man/pkcs7.1 stable/8/secure/usr.bin/openssl/man/pkcs8.1 stable/8/secure/usr.bin/openssl/man/rand.1 stable/8/secure/usr.bin/openssl/man/req.1 stable/8/secure/usr.bin/openssl/man/rsa.1 stable/8/secure/usr.bin/openssl/man/rsautl.1 stable/8/secure/usr.bin/openssl/man/s_client.1 stable/8/secure/usr.bin/openssl/man/s_server.1 stable/8/secure/usr.bin/openssl/man/s_time.1 stable/8/secure/usr.bin/openssl/man/sess_id.1 stable/8/secure/usr.bin/openssl/man/smime.1 stable/8/secure/usr.bin/openssl/man/speed.1 stable/8/secure/usr.bin/openssl/man/spkac.1 stable/8/secure/usr.bin/openssl/man/verify.1 stable/8/secure/usr.bin/openssl/man/version.1 stable/8/secure/usr.bin/openssl/man/x509.1 stable/8/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/8/crypto/openssl/ (props changed) stable/8/secure/lib/libcrypto/ (props changed) stable/8/secure/lib/libssl/ (props changed) stable/8/secure/usr.bin/openssl/ (props changed) Modified: stable/8/crypto/openssl/CHANGES ============================================================================== --- stable/8/crypto/openssl/CHANGES Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/CHANGES Fri Nov 26 22:50:58 2010 (r215912) @@ -2,6 +2,51 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8o and 0.9.8p [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT + is also one of the inputs. + [Emilia K�sper <emilia.kas...@esat.kuleuven.be> (Google)] + + *) Don't repeatedly append PBE algorithms to table if they already exist. + Sort table on each new add. This effectively makes the table read only + after all algorithms are added and subsequent calls to PKCS12_pbe_add + etc are non-op. + [Steve Henson] + + Changes between 0.9.8n and 0.9.8o [01 Jun 2010] + + [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after + OpenSSL 1.0.0.] + + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen <intercom...@gmail.com>] + + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more + common in certificates and some applications which only call + SSL_library_init and not OpenSSL_add_all_algorithms() will fail. + [Steve Henson] + + *) VMS fixes: + Reduce copying into .apps and .test in makevms.com + Don't try to use blank CA certificate in CA.com + Allow use of C files from original directories in maketests.com + [Steven M. Schweda" <s...@antinode.info>] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never Modified: stable/8/crypto/openssl/Configure ============================================================================== --- stable/8/crypto/openssl/Configure Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/Configure Fri Nov 26 22:50:58 2010 (r215912) @@ -1812,11 +1812,11 @@ EOF (system $make_command.$make_targets) == 0 or exit $? if $make_targets ne ""; if ( $perl =~ m...@^/@) { - &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { # No path for Perl known ... - &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { Modified: stable/8/crypto/openssl/FAQ ============================================================================== --- stable/8/crypto/openssl/FAQ Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/FAQ Fri Nov 26 22:50:58 2010 (r215912) @@ -70,6 +70,7 @@ OpenSSL - Frequently Asked Questions * I think I've detected a memory leak, is this a bug? * Why does Valgrind complain about the use of uninitialized data? * Why doesn't a memory BIO work when a file does? +* Where are the declarations and implementations of d2i_X509() etc? =============================================================================== @@ -78,7 +79,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8n was released on Mar 24th, 2010. +OpenSSL 1.0.0b was released on Nov 16th, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -94,14 +95,17 @@ explains how to install this library. OpenSSL includes a command line utility that can be used to perform a variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. A -few manual pages already are available; overviews over libcrypto and +manpage. Documentation for developers is currently being written. Many +manual pages are available; overviews over libcrypto and libssl are given in the crypto(3) and ssl(3) manpages. The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a different directory if you specified one as described in INSTALL). In addition, you can read the most current versions at -<URL: http://www.openssl.org/docs/>. +<URL: http://www.openssl.org/docs/>. Note that the online documents refer +to the very latest development versions of OpenSSL and may include features +not present in released versions. If in doubt refer to the documentation +that came with the version of OpenSSL you are using. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's @@ -717,8 +721,10 @@ file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(). This is described in the threads(3) -manpage. +CRYPTO_set_id_callback(), for all versions of OpenSSL up to and +including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() +and associated APIs are deprecated by CRYPTO_THREADID_set_callback() +and friends. This is described in the threads(3) manpage. * I've compiled a program under Windows and it crashes: why? @@ -962,4 +968,15 @@ is needed. This must be done by calling: See the manual pages for more details. +* Where are the declarations and implementations of d2i_X509() etc? + +These are defined and implemented by macros of the form: + + + DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) + +The implementation passes an ASN1 "template" defining the structure into an +ASN1 interpreter using generalised functions such as ASN1_item_d2i(). + + =============================================================================== Modified: stable/8/crypto/openssl/Makefile ============================================================================== --- stable/8/crypto/openssl/Makefile Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/Makefile Fri Nov 26 22:50:58 2010 (r215912) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8n +VERSION=0.9.8p MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: stable/8/crypto/openssl/NEWS ============================================================================== --- stable/8/crypto/openssl/NEWS Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/NEWS Fri Nov 26 22:50:58 2010 (r215912) @@ -5,6 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + + o Fix for security issue CVE-2010-3864. + + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + + o Fix for security issue CVE-2010-0742. + o Various DTLS fixes. + o Recognise SHA2 certificates if only SSL algorithms added. + o Fix for no-rc4 compilation. + o Chil ENGINE unload workaround. + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: o CFB cipher definition fixes. Modified: stable/8/crypto/openssl/PROBLEMS ============================================================================== --- stable/8/crypto/openssl/PROBLEMS Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/PROBLEMS Fri Nov 26 22:50:58 2010 (r215912) @@ -36,7 +36,9 @@ may differ on your machine. As long as Apple doesn't fix the problem with ld, this problem building -OpenSSL will remain as is. +OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by +passing -Wl,-search_paths_first, but it's unknown if the flag was +supported from the initial MacOS X release. * Parallell make leads to errors Modified: stable/8/crypto/openssl/README ============================================================================== --- stable/8/crypto/openssl/README Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/README Fri Nov 26 22:50:58 2010 (r215912) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8n + OpenSSL 0.9.8p 16 Nov 2010 Copyright (c) 1998-2009 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/8/crypto/openssl/apps/apps.c ============================================================================== --- stable/8/crypto/openssl/apps/apps.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/apps.c Fri Nov 26 22:50:58 2010 (r215912) @@ -351,13 +351,12 @@ void program_name(char *in, char *out, i int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { - int num,len,i; + int num,i; char *p; *argc=0; *argv=NULL; - len=strlen(buf); i=0; if (arg->count == 0) { @@ -866,10 +865,17 @@ EVP_PKEY *load_key(BIO *err, const char if (format == FORMAT_ENGINE) { if (!e) - BIO_printf(bio_err,"no engine specified\n"); + BIO_printf(err,"no engine specified\n"); else + { pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); + if (!pkey) + { + BIO_printf(err,"cannot load %s from engine\n",key_descrip); + ERR_print_errors(err); + } + } goto end; } #endif @@ -919,8 +925,11 @@ EVP_PKEY *load_key(BIO *err, const char } end: if (key != NULL) BIO_free(key); - if (pkey == NULL) + if (pkey == NULL) + { BIO_printf(err,"unable to load %s\n", key_descrip); + ERR_print_errors(err); + } return(pkey); } Modified: stable/8/crypto/openssl/apps/dh.c ============================================================================== --- stable/8/crypto/openssl/apps/dh.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/dh.c Fri Nov 26 22:50:58 2010 (r215912) @@ -88,9 +88,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -189,7 +186,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); Modified: stable/8/crypto/openssl/apps/dhparam.c ============================================================================== --- stable/8/crypto/openssl/apps/dhparam.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/dhparam.c Fri Nov 26 22:50:58 2010 (r215912) @@ -149,9 +149,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -270,7 +267,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (g && !num) Modified: stable/8/crypto/openssl/apps/dsaparam.c ============================================================================== --- stable/8/crypto/openssl/apps/dsaparam.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/dsaparam.c Fri Nov 26 22:50:58 2010 (r215912) @@ -111,9 +111,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -278,7 +275,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (need_rand) @@ -357,12 +354,10 @@ bad: if (C) { unsigned char *data; - int l,len,bits_p,bits_q,bits_g; + int l,len,bits_p; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); - bits_q=BN_num_bits(dsa->q); - bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { Modified: stable/8/crypto/openssl/apps/ec.c ============================================================================== --- stable/8/crypto/openssl/apps/ec.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/ec.c Fri Nov 26 22:50:58 2010 (r215912) @@ -85,9 +85,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret = 1; EC_KEY *eckey = NULL; const EC_GROUP *group; @@ -254,7 +251,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) Modified: stable/8/crypto/openssl/apps/ecparam.c ============================================================================== --- stable/8/crypto/openssl/apps/ecparam.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/ecparam.c Fri Nov 26 22:50:58 2010 (r215912) @@ -129,9 +129,6 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif char *engine = NULL; BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, @@ -340,7 +337,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (list_curves) Modified: stable/8/crypto/openssl/apps/enc.c ============================================================================== --- stable/8/crypto/openssl/apps/enc.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/enc.c Fri Nov 26 22:50:58 2010 (r215912) @@ -100,9 +100,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -311,7 +308,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (md && (dgst=EVP_get_digestbyname(md)) == NULL) Modified: stable/8/crypto/openssl/apps/gendh.c ============================================================================== --- stable/8/crypto/openssl/apps/gendh.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/gendh.c Fri Nov 26 22:50:58 2010 (r215912) @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; @@ -163,7 +160,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif out=BIO_new(BIO_s_file()); Modified: stable/8/crypto/openssl/apps/gendsa.c ============================================================================== --- stable/8/crypto/openssl/apps/gendsa.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/gendsa.c Fri Nov 26 22:50:58 2010 (r215912) @@ -78,9 +78,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -206,7 +203,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { Modified: stable/8/crypto/openssl/apps/genrsa.c ============================================================================== --- stable/8/crypto/openssl/apps/genrsa.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/genrsa.c Fri Nov 26 22:50:58 2010 (r215912) @@ -89,9 +89,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { BN_GENCB cb; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int ret=1; int i,num=DEFBITS; long l; @@ -235,7 +232,7 @@ bad: } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif if (outfile == NULL) Modified: stable/8/crypto/openssl/apps/pkcs7.c ============================================================================== --- stable/8/crypto/openssl/apps/pkcs7.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/pkcs7.c Fri Nov 26 22:50:58 2010 (r215912) @@ -82,9 +82,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -180,7 +177,7 @@ bad: ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); Modified: stable/8/crypto/openssl/apps/rand.c ============================================================================== --- stable/8/crypto/openssl/apps/rand.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/rand.c Fri Nov 26 22:50:58 2010 (r215912) @@ -77,9 +77,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -178,7 +175,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + setup_engine(bio_err, engine, 0); #endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); Modified: stable/8/crypto/openssl/apps/s_server.c ============================================================================== --- stable/8/crypto/openssl/apps/s_server.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/s_server.c Fri Nov 26 22:50:58 2010 (r215912) @@ -2075,12 +2075,14 @@ static int www_body(char *hostname, int { char *buf=NULL; int ret=1; - int i,j,k,blank,dot; + int i,j,k,dot; struct stat st_buf; SSL *con; SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; +#ifdef RENEG long total_bytes; +#endif buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); @@ -2151,7 +2153,6 @@ static int www_body(char *hostname, int SSL_set_msg_callback_arg(con, bio_s_out); } - blank=0; for (;;) { if (hack) @@ -2388,7 +2389,9 @@ static int www_body(char *hostname, int BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); } /* send the file */ +#ifdef RENEG total_bytes=0; +#endif for (;;) { i=BIO_read(file,buf,bufsize); Modified: stable/8/crypto/openssl/apps/s_socket.c ============================================================================== --- stable/8/crypto/openssl/apps/s_socket.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/s_socket.c Fri Nov 26 22:50:58 2010 (r215912) @@ -329,7 +329,7 @@ static int init_server_long(int *sock, i { int ret=0; struct sockaddr_in server; - int s= -1,i; + int s= -1; if (!ssl_sock_init()) return(0); @@ -368,7 +368,6 @@ static int init_server_long(int *sock, i } /* Make it 128 for linux */ if (type==SOCK_STREAM && listen(s,128) == -1) goto err; - i=0; *sock=s; ret=1; err: @@ -386,7 +385,7 @@ static int init_server(int *sock, int po static int do_accept(int acc_sock, int *sock, char **host) { - int ret,i; + int ret; struct hostent *h1,*h2; static struct sockaddr_in from; int len; @@ -409,6 +408,7 @@ redoit: if (ret == INVALID_SOCKET) { #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + int i; i=WSAGetLastError(); BIO_printf(bio_err,"accept error %d\n",i); #else @@ -463,7 +463,6 @@ redoit: BIO_printf(bio_err,"gethostbyname failure\n"); return(0); } - i=0; if (h2->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); Modified: stable/8/crypto/openssl/apps/speed.c ============================================================================== --- stable/8/crypto/openssl/apps/speed.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/speed.c Fri Nov 26 22:50:58 2010 (r215912) @@ -500,9 +500,6 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; -#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -593,7 +590,6 @@ int MAIN(int argc, char **argv) unsigned char DES_iv[8]; unsigned char iv[2*MAX_BLOCK_SIZE/8]; #ifndef OPENSSL_NO_DES - DES_cblock *buf_as_des_cblock = NULL; static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; @@ -806,9 +802,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef OPENSSL_NO_DES - buf_as_des_cblock = (DES_cblock *)buf; -#endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -883,7 +876,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"no engine given\n"); goto end; } - e = setup_engine(bio_err, *argv, 0); + setup_engine(bio_err, *argv, 0); /* j will be increased again further down. We just don't want speed to confuse an engine with an algorithm, especially when none is given (which @@ -1388,7 +1381,8 @@ int MAIN(int argc, char **argv) count*=2; Time_F(START); for (it=count; it; it--) - DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + DES_ecb_encrypt((DES_cblock *)buf, + (DES_cblock *)buf, &sch,DES_ENCRYPT); d=Time_F(STOP); } while (d <3); Modified: stable/8/crypto/openssl/apps/x509.c ============================================================================== --- stable/8/crypto/openssl/apps/x509.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/apps/x509.c Fri Nov 26 22:50:58 2010 (r215912) @@ -539,7 +539,6 @@ bad: if (reqfile) { EVP_PKEY *pkey; - X509_CINF *ci; BIO *in; if (!sign_flag && !CA_flag) @@ -607,7 +606,6 @@ bad: print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; - ci=x->cert_info; if (sno == NULL) { Modified: stable/8/crypto/openssl/crypto/aes/aes_wrap.c ============================================================================== --- stable/8/crypto/openssl/crypto/aes/aes_wrap.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/aes/aes_wrap.c Fri Nov 26 22:50:58 2010 (r215912) @@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const uns A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(R, B + 8, 8); } @@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const u A[7] ^= (unsigned char)(t & 0xff); if (t > 0xff) { - A[6] ^= (unsigned char)((t & 0xff) >> 8); - A[5] ^= (unsigned char)((t & 0xff) >> 16); - A[4] ^= (unsigned char)((t & 0xff) >> 24); + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); } memcpy(B + 8, R, 8); AES_decrypt(B, B, key); Modified: stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl ============================================================================== --- stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Fri Nov 26 22:50:58 2010 (r215912) @@ -751,7 +751,19 @@ $code.=<<___; AES_set_encrypt_key: push %rbx push %rbp + sub \$8,%rsp + call _x86_64_AES_set_encrypt_key + + mov 8(%rsp),%rbp + mov 16(%rsp),%rbx + add \$24,%rsp + ret +.size AES_set_encrypt_key,.-AES_set_encrypt_key + +.type _x86_64_AES_set_encrypt_key,\...@abi-omnipotent +.align 16 +_x86_64_AES_set_encrypt_key: mov %esi,%ecx # %ecx=bits mov %rdi,%rsi # %rsi=userKey mov %rdx,%rdi # %rdi=key @@ -938,10 +950,8 @@ $code.=<<___; .Lbadpointer: mov \$-1,%rax .Lexit: - pop %rbp - pop %rbx - ret -.size AES_set_encrypt_key,.-AES_set_encrypt_key + .byte 0xf3,0xc3 # rep ret +.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key ___ sub deckey() @@ -973,15 +983,14 @@ $code.=<<___; .type AES_set_decrypt_key,\...@function,3 .align 16 AES_set_decrypt_key: - push %rdx - call AES_set_encrypt_key - cmp \$0,%eax - je .Lproceed - lea 24(%rsp),%rsp - ret -.Lproceed: + push %rbx + push %rbp + push %rdx # save key schedule + + call _x86_64_AES_set_encrypt_key mov (%rsp),%r8 # restore key schedule - mov %rbx,(%rsp) + cmp \$0,%eax + jne .Labort mov 240(%r8),%ecx # pull number of rounds xor %rdi,%rdi @@ -1023,7 +1032,10 @@ $code.=<<___; jnz .Lpermute xor %rax,%rax - pop %rbx +.Labort: + mov 8(%rsp),%rbp + mov 16(%rsp),%rbx + add \$24,%rsp ret .size AES_set_decrypt_key,.-AES_set_decrypt_key ___ Modified: stable/8/crypto/openssl/crypto/asn1/a_int.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/a_int.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/asn1/a_int.c Fri Nov 26 22:50:58 2010 (r215912) @@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INT { ASN1_INTEGER *ret=NULL; const unsigned char *p; - unsigned char *to,*s; + unsigned char *s; long len; int inf,tag,xclass; int i; @@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INT i=ERR_R_MALLOC_FAILURE; goto err; } - to=s; ret->type=V_ASN1_INTEGER; if(len) { if ((*p == 0) && (len != 1)) Modified: stable/8/crypto/openssl/crypto/asn1/n_pkey.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/n_pkey.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/asn1/n_pkey.c Fri Nov 26 22:50:58 2010 (r215912) @@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned int sgckey) { RSA *ret=NULL; - const unsigned char *p, *kp; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; @@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) cb=EVP_read_pw_string; if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; Modified: stable/8/crypto/openssl/crypto/asn1/t_crl.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/t_crl.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/asn1/t_crl.c Fri Nov 26 22:50:58 2010 (r215912) @@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); @@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x else BIO_printf(out,"NONE"); BIO_printf(out,"\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); Modified: stable/8/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/tasn_dec.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/asn1/tasn_dec.c Fri Nov 26 22:50:58 2010 (r215912) @@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; + ASN1_VALUE **pchptr, *ptmpval; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) { Modified: stable/8/crypto/openssl/crypto/asn1/x_x509.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/x_x509.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/asn1/x_x509.c Fri Nov 26 22:50:58 2010 (r215912) @@ -63,7 +63,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -ASN1_SEQUENCE(X509_CINF) = { +ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), @@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = { ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) +} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) /* X509 top level structure needs a bit of customisation */ Modified: stable/8/crypto/openssl/crypto/bio/b_sock.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/b_sock.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bio/b_sock.c Fri Nov 26 22:50:58 2010 (r215912) @@ -659,7 +659,14 @@ again: #ifdef SO_REUSEADDR err_num=get_last_socket_error(); if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && +#ifdef OPENSSL_SYS_WINDOWS + /* Some versions of Windows define EADDRINUSE to + * a dummy value. + */ + (err_num == WSAEADDRINUSE)) +#else (err_num == EADDRINUSE)) +#endif { memcpy((char *)&client,(char *)&server,sizeof(server)); if (strcmp(h,"*") == 0) Modified: stable/8/crypto/openssl/crypto/bio/bf_nbio.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bf_nbio.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bio/bf_nbio.c Fri Nov 26 22:50:58 2010 (r215912) @@ -125,7 +125,6 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { - NBIO_TEST *nt; int ret=0; #if 1 int num; @@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, if (out == NULL) return(0); if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); #if 1 Modified: stable/8/crypto/openssl/crypto/bio/bio_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bio_lib.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bio/bio_lib.c Fri Nov 26 22:50:58 2010 (r215912) @@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method int BIO_free(BIO *a) { - int ret=0,i; + int i; if (a == NULL) return(0); @@ -133,7 +133,7 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: stable/8/crypto/openssl/crypto/bio/bss_acpt.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bss_acpt.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bio/bss_acpt.c Fri Nov 26 22:50:58 2010 (r215912) @@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) { - BIO *dbio; int *ip; long ret=1; BIO_ACCEPT *data; @@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, l ret=(long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); Modified: stable/8/crypto/openssl/crypto/bio/bss_sock.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bss_sock.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bio/bss_sock.c Fri Nov 26 22:50:58 2010 (r215912) @@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, l switch (cmd) { - case BIO_CTRL_RESET: - num=0; - case BIO_C_FILE_SEEK: - ret=0; - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret=0; - break; case BIO_C_SET_FD: sock_free(b); b->num= *((int *)ptr); @@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, l case BIO_CTRL_SET_CLOSE: b->shutdown=(int)num; break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret=0; - break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: ret=1; Modified: stable/8/crypto/openssl/crypto/bn/bn_exp2.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_exp2.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bn/bn_exp2.c Fri Nov 26 22:50:58 2010 (r215912) @@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const B r_is_one = 0; } } - BN_from_montgomery(rr,r,mont,ctx); + if (!BN_from_montgomery(rr,r,mont,ctx)) + goto err; ret=1; err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); Modified: stable/8/crypto/openssl/crypto/bn/bn_mul.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_mul.c Fri Nov 26 22:46:32 2010 (r215911) +++ stable/8/crypto/openssl/crypto/bn/bn_mul.c Fri Nov 26 22:50:58 2010 (r215912) @@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - int c1,c2,neg,zero; + int c1,c2,neg; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, /* r=(a[0]-a[1])*(b[1]-b[0]) */ c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; + neg=0; switch (c1*3+c2) { case -4: @@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ @@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, case -1: case 0: case 1: - zero=1; /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ @@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, neg=1; break; case 3: - zero=1; /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]),tna,n-tna); @@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c { if (i >= -1 && i <= 1) { - int sav_j =0; /* Find out the power of two lower or equal to the longest of the two numbers */ if (i >= 0) @@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, c { j = BN_num_bits_word((BN_ULONG)bl); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
