svn commit: r279264 - in releng: 10.0 10.0/crypto/openssl 10.0/crypto/openssl/apps 10.0/crypto/openssl/crypto 10.0/crypto/openssl/crypto/aes/asm 10.0/crypto/openssl/crypto/asn1 10.0/crypto/openssl/...
Xin LI
delphij at FreeBSD.org
Wed Feb 25 05:56:21 UTC 2015
Author: delphij
Date: Wed Feb 25 05:56:16 2015
New Revision: 279264
URL: https://svnweb.freebsd.org/changeset/base/279264
Log:
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so
Added:
releng/10.0/crypto/openssl/crypto/constant_time_locl.h (contents, props changed)
releng/10.0/crypto/openssl/crypto/constant_time_test.c (contents, props changed)
releng/10.0/crypto/openssl/doc/apps/c_rehash.pod
releng/10.0/crypto/openssl/doc/crypto/CMS_add1_signer.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
releng/10.0/crypto/openssl/ssl/heartbeat_test.c (contents, props changed)
releng/10.0/crypto/openssl/ssl/ssl_utst.c (contents, props changed)
releng/10.0/crypto/openssl/util/mkbuildinf.pl (contents, props changed)
releng/10.0/secure/lib/libcrypto/man/CMS_add1_signer.3 (contents, props changed)
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed)
releng/10.0/secure/usr.bin/openssl/man/c_rehash.1 (contents, props changed)
releng/10.1/crypto/openssl/util/mkbuildinf.pl (contents, props changed)
Deleted:
releng/10.0/crypto/openssl/crypto/bn/asm/mips3.s
releng/10.0/crypto/openssl/crypto/pkcs7/bio_ber.c
releng/10.0/crypto/openssl/crypto/pkcs7/dec.c
releng/10.0/crypto/openssl/crypto/pkcs7/des.pem
releng/10.0/crypto/openssl/crypto/pkcs7/doc
releng/10.0/crypto/openssl/crypto/pkcs7/enc.c
releng/10.0/crypto/openssl/crypto/pkcs7/es1.pem
releng/10.0/crypto/openssl/crypto/pkcs7/example.c
releng/10.0/crypto/openssl/crypto/pkcs7/example.h
releng/10.0/crypto/openssl/crypto/pkcs7/info.pem
releng/10.0/crypto/openssl/crypto/pkcs7/infokey.pem
releng/10.0/crypto/openssl/crypto/pkcs7/p7/
releng/10.0/crypto/openssl/crypto/pkcs7/server.pem
releng/10.0/crypto/openssl/crypto/pkcs7/sign.c
releng/10.0/crypto/openssl/crypto/pkcs7/t/
releng/10.0/crypto/openssl/crypto/pkcs7/verify.c
releng/10.0/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod
releng/10.1/crypto/openssl/crypto/bn/asm/mips3.s
Modified:
releng/10.0/UPDATING
releng/10.0/crypto/openssl/ACKNOWLEDGMENTS
releng/10.0/crypto/openssl/CHANGES
releng/10.0/crypto/openssl/Configure
releng/10.0/crypto/openssl/FAQ
releng/10.0/crypto/openssl/Makefile
releng/10.0/crypto/openssl/Makefile.org
releng/10.0/crypto/openssl/NEWS
releng/10.0/crypto/openssl/README
releng/10.0/crypto/openssl/apps/Makefile
releng/10.0/crypto/openssl/apps/apps.c
releng/10.0/crypto/openssl/apps/apps.h
releng/10.0/crypto/openssl/apps/ca.c
releng/10.0/crypto/openssl/apps/ciphers.c
releng/10.0/crypto/openssl/apps/crl.c
releng/10.0/crypto/openssl/apps/crl2p7.c
releng/10.0/crypto/openssl/apps/dgst.c
releng/10.0/crypto/openssl/apps/ecparam.c
releng/10.0/crypto/openssl/apps/enc.c
releng/10.0/crypto/openssl/apps/ocsp.c
releng/10.0/crypto/openssl/apps/openssl.c
releng/10.0/crypto/openssl/apps/pkcs12.c
releng/10.0/crypto/openssl/apps/progs.h
releng/10.0/crypto/openssl/apps/progs.pl
releng/10.0/crypto/openssl/apps/req.c
releng/10.0/crypto/openssl/apps/s_cb.c
releng/10.0/crypto/openssl/apps/s_client.c
releng/10.0/crypto/openssl/apps/s_server.c
releng/10.0/crypto/openssl/apps/s_socket.c
releng/10.0/crypto/openssl/apps/s_time.c
releng/10.0/crypto/openssl/apps/smime.c
releng/10.0/crypto/openssl/apps/speed.c
releng/10.0/crypto/openssl/config
releng/10.0/crypto/openssl/crypto/Makefile
releng/10.0/crypto/openssl/crypto/aes/asm/aes-mips.pl
releng/10.0/crypto/openssl/crypto/aes/asm/aes-parisc.pl
releng/10.0/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
releng/10.0/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
releng/10.0/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
releng/10.0/crypto/openssl/crypto/armcap.c
releng/10.0/crypto/openssl/crypto/asn1/a_int.c
releng/10.0/crypto/openssl/crypto/asn1/a_strex.c
releng/10.0/crypto/openssl/crypto/asn1/a_strnid.c
releng/10.0/crypto/openssl/crypto/asn1/a_utctm.c
releng/10.0/crypto/openssl/crypto/asn1/ameth_lib.c
releng/10.0/crypto/openssl/crypto/asn1/asn1.h
releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c
releng/10.0/crypto/openssl/crypto/asn1/asn1_lib.c
releng/10.0/crypto/openssl/crypto/asn1/asn_mime.c
releng/10.0/crypto/openssl/crypto/asn1/asn_pack.c
releng/10.0/crypto/openssl/crypto/asn1/bio_asn1.c
releng/10.0/crypto/openssl/crypto/asn1/charmap.pl
releng/10.0/crypto/openssl/crypto/asn1/evp_asn1.c
releng/10.0/crypto/openssl/crypto/asn1/t_x509.c
releng/10.0/crypto/openssl/crypto/asn1/tasn_dec.c
releng/10.0/crypto/openssl/crypto/asn1/tasn_enc.c
releng/10.0/crypto/openssl/crypto/asn1/x_crl.c
releng/10.0/crypto/openssl/crypto/asn1/x_name.c
releng/10.0/crypto/openssl/crypto/bio/bio.h
releng/10.0/crypto/openssl/crypto/bio/bio_lib.c
releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c
releng/10.0/crypto/openssl/crypto/bio/bss_log.c
releng/10.0/crypto/openssl/crypto/bn/Makefile
releng/10.0/crypto/openssl/crypto/bn/asm/mips-mont.pl
releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl
releng/10.0/crypto/openssl/crypto/bn/asm/parisc-mont.pl
releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
releng/10.0/crypto/openssl/crypto/bn/bn.h
releng/10.0/crypto/openssl/crypto/bn/bn_ctx.c
releng/10.0/crypto/openssl/crypto/bn/bn_div.c
releng/10.0/crypto/openssl/crypto/bn/bn_exp.c
releng/10.0/crypto/openssl/crypto/bn/bn_lib.c
releng/10.0/crypto/openssl/crypto/bn/bn_mont.c
releng/10.0/crypto/openssl/crypto/bn/bn_nist.c
releng/10.0/crypto/openssl/crypto/bn/bn_sqr.c
releng/10.0/crypto/openssl/crypto/bn/bntest.c
releng/10.0/crypto/openssl/crypto/bn/exptest.c
releng/10.0/crypto/openssl/crypto/buffer/buffer.c
releng/10.0/crypto/openssl/crypto/buffer/buffer.h
releng/10.0/crypto/openssl/crypto/cms/cms_env.c
releng/10.0/crypto/openssl/crypto/cms/cms_lib.c
releng/10.0/crypto/openssl/crypto/cms/cms_pwri.c
releng/10.0/crypto/openssl/crypto/cms/cms_sd.c
releng/10.0/crypto/openssl/crypto/cms/cms_smime.c
releng/10.0/crypto/openssl/crypto/conf/conf_def.c
releng/10.0/crypto/openssl/crypto/cryptlib.c
releng/10.0/crypto/openssl/crypto/cversion.c
releng/10.0/crypto/openssl/crypto/dsa/dsa_ameth.c
releng/10.0/crypto/openssl/crypto/dso/dso_dlfcn.c
releng/10.0/crypto/openssl/crypto/ebcdic.h
releng/10.0/crypto/openssl/crypto/ec/ec.h
releng/10.0/crypto/openssl/crypto/ec/ec2_smpl.c
releng/10.0/crypto/openssl/crypto/ec/ec_ameth.c
releng/10.0/crypto/openssl/crypto/ec/ec_asn1.c
releng/10.0/crypto/openssl/crypto/ec/ec_lcl.h
releng/10.0/crypto/openssl/crypto/ec/ec_lib.c
releng/10.0/crypto/openssl/crypto/ec/ec_mult.c
releng/10.0/crypto/openssl/crypto/ec/ec_pmeth.c
releng/10.0/crypto/openssl/crypto/ec/ecp_mont.c
releng/10.0/crypto/openssl/crypto/ec/ecp_nist.c
releng/10.0/crypto/openssl/crypto/ec/ecp_nistp256.c
releng/10.0/crypto/openssl/crypto/ec/ecp_smpl.c
releng/10.0/crypto/openssl/crypto/ec/ectest.c
releng/10.0/crypto/openssl/crypto/ecdsa/ecs_vrf.c
releng/10.0/crypto/openssl/crypto/engine/eng_dyn.c
releng/10.0/crypto/openssl/crypto/engine/eng_list.c
releng/10.0/crypto/openssl/crypto/engine/eng_rdrand.c
releng/10.0/crypto/openssl/crypto/evp/Makefile
releng/10.0/crypto/openssl/crypto/evp/bio_b64.c
releng/10.0/crypto/openssl/crypto/evp/digest.c
releng/10.0/crypto/openssl/crypto/evp/e_aes.c
releng/10.0/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
releng/10.0/crypto/openssl/crypto/evp/e_des3.c
releng/10.0/crypto/openssl/crypto/evp/encode.c
releng/10.0/crypto/openssl/crypto/evp/evp_enc.c
releng/10.0/crypto/openssl/crypto/evp/evp_pbe.c
releng/10.0/crypto/openssl/crypto/evp/p5_crpt2.c
releng/10.0/crypto/openssl/crypto/idea/ideatest.c
releng/10.0/crypto/openssl/crypto/md32_common.h
releng/10.0/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
releng/10.0/crypto/openssl/crypto/mem.c
releng/10.0/crypto/openssl/crypto/modes/Makefile
releng/10.0/crypto/openssl/crypto/modes/asm/ghash-parisc.pl
releng/10.0/crypto/openssl/crypto/modes/cbc128.c
releng/10.0/crypto/openssl/crypto/modes/ccm128.c
releng/10.0/crypto/openssl/crypto/modes/cts128.c
releng/10.0/crypto/openssl/crypto/modes/gcm128.c
releng/10.0/crypto/openssl/crypto/modes/modes.h
releng/10.0/crypto/openssl/crypto/modes/modes_lcl.h
releng/10.0/crypto/openssl/crypto/objects/obj_dat.h
releng/10.0/crypto/openssl/crypto/objects/obj_dat.pl
releng/10.0/crypto/openssl/crypto/objects/obj_xref.h
releng/10.0/crypto/openssl/crypto/objects/objxref.pl
releng/10.0/crypto/openssl/crypto/ocsp/ocsp_ht.c
releng/10.0/crypto/openssl/crypto/ocsp/ocsp_lib.c
releng/10.0/crypto/openssl/crypto/ocsp/ocsp_vfy.c
releng/10.0/crypto/openssl/crypto/opensslconf.h
releng/10.0/crypto/openssl/crypto/opensslv.h
releng/10.0/crypto/openssl/crypto/ossl_typ.h
releng/10.0/crypto/openssl/crypto/pariscid.pl
releng/10.0/crypto/openssl/crypto/pem/pem_info.c
releng/10.0/crypto/openssl/crypto/pem/pvkfmt.c
releng/10.0/crypto/openssl/crypto/pkcs12/p12_crt.c
releng/10.0/crypto/openssl/crypto/pkcs12/p12_kiss.c
releng/10.0/crypto/openssl/crypto/pkcs7/Makefile
releng/10.0/crypto/openssl/crypto/pkcs7/pk7_doit.c
releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7.h
releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7err.c
releng/10.0/crypto/openssl/crypto/pqueue/pqueue.h
releng/10.0/crypto/openssl/crypto/rand/md_rand.c
releng/10.0/crypto/openssl/crypto/rand/rand.h
releng/10.0/crypto/openssl/crypto/rand/rand_err.c
releng/10.0/crypto/openssl/crypto/rand/rand_lcl.h
releng/10.0/crypto/openssl/crypto/rand/rand_lib.c
releng/10.0/crypto/openssl/crypto/rand/randfile.c
releng/10.0/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl
releng/10.0/crypto/openssl/crypto/rsa/Makefile
releng/10.0/crypto/openssl/crypto/rsa/rsa.h
releng/10.0/crypto/openssl/crypto/rsa/rsa_ameth.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_chk.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_eay.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_err.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_oaep.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_pk1.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_pmeth.c
releng/10.0/crypto/openssl/crypto/rsa/rsa_sign.c
releng/10.0/crypto/openssl/crypto/sha/Makefile
releng/10.0/crypto/openssl/crypto/sha/asm/sha1-mips.pl
releng/10.0/crypto/openssl/crypto/sha/asm/sha1-parisc.pl
releng/10.0/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
releng/10.0/crypto/openssl/crypto/sha/asm/sha512-mips.pl
releng/10.0/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
releng/10.0/crypto/openssl/crypto/sha/sha512.c
releng/10.0/crypto/openssl/crypto/srp/srp_grps.h
releng/10.0/crypto/openssl/crypto/srp/srp_lib.c
releng/10.0/crypto/openssl/crypto/srp/srp_vfy.c
releng/10.0/crypto/openssl/crypto/stack/safestack.h
releng/10.0/crypto/openssl/crypto/symhacks.h
releng/10.0/crypto/openssl/crypto/ts/ts_rsp_sign.c
releng/10.0/crypto/openssl/crypto/ts/ts_rsp_verify.c
releng/10.0/crypto/openssl/crypto/ui/ui_lib.c
releng/10.0/crypto/openssl/crypto/x509/by_dir.c
releng/10.0/crypto/openssl/crypto/x509/x509_vfy.c
releng/10.0/crypto/openssl/crypto/x509/x509_vpm.c
releng/10.0/crypto/openssl/crypto/x509/x_all.c
releng/10.0/crypto/openssl/crypto/x509v3/v3_ncons.c
releng/10.0/crypto/openssl/crypto/x509v3/v3_purp.c
releng/10.0/crypto/openssl/crypto/x86cpuid.pl
releng/10.0/crypto/openssl/doc/HOWTO/certificates.txt
releng/10.0/crypto/openssl/doc/HOWTO/proxy_certificates.txt
releng/10.0/crypto/openssl/doc/apps/asn1parse.pod
releng/10.0/crypto/openssl/doc/apps/ca.pod
releng/10.0/crypto/openssl/doc/apps/ciphers.pod
releng/10.0/crypto/openssl/doc/apps/cms.pod
releng/10.0/crypto/openssl/doc/apps/config.pod
releng/10.0/crypto/openssl/doc/apps/crl.pod
releng/10.0/crypto/openssl/doc/apps/dgst.pod
releng/10.0/crypto/openssl/doc/apps/dhparam.pod
releng/10.0/crypto/openssl/doc/apps/dsa.pod
releng/10.0/crypto/openssl/doc/apps/ec.pod
releng/10.0/crypto/openssl/doc/apps/ecparam.pod
releng/10.0/crypto/openssl/doc/apps/enc.pod
releng/10.0/crypto/openssl/doc/apps/gendsa.pod
releng/10.0/crypto/openssl/doc/apps/genrsa.pod
releng/10.0/crypto/openssl/doc/apps/ocsp.pod
releng/10.0/crypto/openssl/doc/apps/pkcs12.pod
releng/10.0/crypto/openssl/doc/apps/req.pod
releng/10.0/crypto/openssl/doc/apps/rsa.pod
releng/10.0/crypto/openssl/doc/apps/s_client.pod
releng/10.0/crypto/openssl/doc/apps/s_server.pod
releng/10.0/crypto/openssl/doc/apps/smime.pod
releng/10.0/crypto/openssl/doc/apps/ts.pod
releng/10.0/crypto/openssl/doc/apps/tsget.pod
releng/10.0/crypto/openssl/doc/apps/verify.pod
releng/10.0/crypto/openssl/doc/apps/version.pod
releng/10.0/crypto/openssl/doc/apps/x509.pod
releng/10.0/crypto/openssl/doc/apps/x509v3_config.pod
releng/10.0/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
releng/10.0/crypto/openssl/doc/crypto/BIO_f_base64.pod
releng/10.0/crypto/openssl/doc/crypto/BIO_push.pod
releng/10.0/crypto/openssl/doc/crypto/BIO_s_accept.pod
releng/10.0/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
releng/10.0/crypto/openssl/doc/crypto/CMS_decrypt.pod
releng/10.0/crypto/openssl/doc/crypto/CONF_modules_free.pod
releng/10.0/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
releng/10.0/crypto/openssl/doc/crypto/ERR_get_error.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_DigestInit.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod
releng/10.0/crypto/openssl/doc/crypto/EVP_SignInit.pod
releng/10.0/crypto/openssl/doc/crypto/OPENSSL_config.pod
releng/10.0/crypto/openssl/doc/crypto/RSA_set_method.pod
releng/10.0/crypto/openssl/doc/crypto/RSA_sign.pod
releng/10.0/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
releng/10.0/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
releng/10.0/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_error.pod
releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
releng/10.0/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
releng/10.0/crypto/openssl/doc/crypto/des.pod
releng/10.0/crypto/openssl/doc/crypto/ecdsa.pod
releng/10.0/crypto/openssl/doc/crypto/err.pod
releng/10.0/crypto/openssl/doc/crypto/pem.pod
releng/10.0/crypto/openssl/doc/crypto/ui.pod
releng/10.0/crypto/openssl/doc/fingerprints.txt
releng/10.0/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_new.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_accept.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_clear.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_connect.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_do_handshake.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_get_version.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_read.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_session_reused.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_set_fd.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_set_session.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_shutdown.pod
releng/10.0/crypto/openssl/doc/ssl/SSL_write.pod
releng/10.0/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
releng/10.0/crypto/openssl/e_os.h
releng/10.0/crypto/openssl/engines/ccgost/gost89.h
releng/10.0/crypto/openssl/engines/ccgost/gost_ameth.c
releng/10.0/crypto/openssl/engines/ccgost/gosthash.c
releng/10.0/crypto/openssl/engines/e_padlock.c
releng/10.0/crypto/openssl/ssl/Makefile
releng/10.0/crypto/openssl/ssl/d1_both.c
releng/10.0/crypto/openssl/ssl/d1_clnt.c
releng/10.0/crypto/openssl/ssl/d1_enc.c
releng/10.0/crypto/openssl/ssl/d1_lib.c
releng/10.0/crypto/openssl/ssl/d1_pkt.c
releng/10.0/crypto/openssl/ssl/d1_srvr.c
releng/10.0/crypto/openssl/ssl/dtls1.h
releng/10.0/crypto/openssl/ssl/kssl.c
releng/10.0/crypto/openssl/ssl/kssl.h
releng/10.0/crypto/openssl/ssl/s23_clnt.c
releng/10.0/crypto/openssl/ssl/s23_lib.c
releng/10.0/crypto/openssl/ssl/s23_srvr.c
releng/10.0/crypto/openssl/ssl/s2_enc.c
releng/10.0/crypto/openssl/ssl/s2_lib.c
releng/10.0/crypto/openssl/ssl/s2_pkt.c
releng/10.0/crypto/openssl/ssl/s2_srvr.c
releng/10.0/crypto/openssl/ssl/s3_both.c
releng/10.0/crypto/openssl/ssl/s3_cbc.c
releng/10.0/crypto/openssl/ssl/s3_clnt.c
releng/10.0/crypto/openssl/ssl/s3_enc.c
releng/10.0/crypto/openssl/ssl/s3_lib.c
releng/10.0/crypto/openssl/ssl/s3_meth.c
releng/10.0/crypto/openssl/ssl/s3_pkt.c
releng/10.0/crypto/openssl/ssl/s3_srvr.c
releng/10.0/crypto/openssl/ssl/srtp.h
releng/10.0/crypto/openssl/ssl/ssl.h
releng/10.0/crypto/openssl/ssl/ssl3.h
releng/10.0/crypto/openssl/ssl/ssl_asn1.c
releng/10.0/crypto/openssl/ssl/ssl_cert.c
releng/10.0/crypto/openssl/ssl/ssl_ciph.c
releng/10.0/crypto/openssl/ssl/ssl_err.c
releng/10.0/crypto/openssl/ssl/ssl_lib.c
releng/10.0/crypto/openssl/ssl/ssl_locl.h
releng/10.0/crypto/openssl/ssl/ssl_sess.c
releng/10.0/crypto/openssl/ssl/ssl_stat.c
releng/10.0/crypto/openssl/ssl/ssltest.c
releng/10.0/crypto/openssl/ssl/t1_enc.c
releng/10.0/crypto/openssl/ssl/t1_lib.c
releng/10.0/crypto/openssl/ssl/tls1.h
releng/10.0/crypto/openssl/util/libeay.num
releng/10.0/crypto/openssl/util/mk1mf.pl
releng/10.0/crypto/openssl/util/mkdef.pl
releng/10.0/crypto/openssl/util/mkerr.pl
releng/10.0/crypto/openssl/util/pl/BC-32.pl
releng/10.0/crypto/openssl/util/pl/VC-32.pl
releng/10.0/crypto/openssl/util/pl/netware.pl
releng/10.0/crypto/openssl/util/shlib_wrap.sh
releng/10.0/crypto/openssl/util/ssleay.num
releng/10.0/secure/lib/libcrypto/Makefile
releng/10.0/secure/lib/libcrypto/Makefile.inc
releng/10.0/secure/lib/libcrypto/Makefile.man
releng/10.0/secure/lib/libcrypto/amd64/bsaes-x86_64.S
releng/10.0/secure/lib/libcrypto/amd64/vpaes-x86_64.S
releng/10.0/secure/lib/libcrypto/i386/x86cpuid.s
releng/10.0/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_length.3
releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_new.3
releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
releng/10.0/secure/lib/libcrypto/man/ASN1_generate_nconf.3
releng/10.0/secure/lib/libcrypto/man/BIO_ctrl.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_base64.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_buffer.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_cipher.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_md.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_null.3
releng/10.0/secure/lib/libcrypto/man/BIO_f_ssl.3
releng/10.0/secure/lib/libcrypto/man/BIO_find_type.3
releng/10.0/secure/lib/libcrypto/man/BIO_new.3
releng/10.0/secure/lib/libcrypto/man/BIO_new_CMS.3
releng/10.0/secure/lib/libcrypto/man/BIO_push.3
releng/10.0/secure/lib/libcrypto/man/BIO_read.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_accept.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_bio.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_connect.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_fd.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_file.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_mem.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_null.3
releng/10.0/secure/lib/libcrypto/man/BIO_s_socket.3
releng/10.0/secure/lib/libcrypto/man/BIO_set_callback.3
releng/10.0/secure/lib/libcrypto/man/BIO_should_retry.3
releng/10.0/secure/lib/libcrypto/man/BN_BLINDING_new.3
releng/10.0/secure/lib/libcrypto/man/BN_CTX_new.3
releng/10.0/secure/lib/libcrypto/man/BN_CTX_start.3
releng/10.0/secure/lib/libcrypto/man/BN_add.3
releng/10.0/secure/lib/libcrypto/man/BN_add_word.3
releng/10.0/secure/lib/libcrypto/man/BN_bn2bin.3
releng/10.0/secure/lib/libcrypto/man/BN_cmp.3
releng/10.0/secure/lib/libcrypto/man/BN_copy.3
releng/10.0/secure/lib/libcrypto/man/BN_generate_prime.3
releng/10.0/secure/lib/libcrypto/man/BN_mod_inverse.3
releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
releng/10.0/secure/lib/libcrypto/man/BN_new.3
releng/10.0/secure/lib/libcrypto/man/BN_num_bytes.3
releng/10.0/secure/lib/libcrypto/man/BN_rand.3
releng/10.0/secure/lib/libcrypto/man/BN_set_bit.3
releng/10.0/secure/lib/libcrypto/man/BN_swap.3
releng/10.0/secure/lib/libcrypto/man/BN_zero.3
releng/10.0/secure/lib/libcrypto/man/CMS_add0_cert.3
releng/10.0/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
releng/10.0/secure/lib/libcrypto/man/CMS_compress.3
releng/10.0/secure/lib/libcrypto/man/CMS_decrypt.3
releng/10.0/secure/lib/libcrypto/man/CMS_encrypt.3
releng/10.0/secure/lib/libcrypto/man/CMS_final.3
releng/10.0/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
releng/10.0/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
releng/10.0/secure/lib/libcrypto/man/CMS_get0_type.3
releng/10.0/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
releng/10.0/secure/lib/libcrypto/man/CMS_sign.3
releng/10.0/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
releng/10.0/secure/lib/libcrypto/man/CMS_sign_receipt.3
releng/10.0/secure/lib/libcrypto/man/CMS_uncompress.3
releng/10.0/secure/lib/libcrypto/man/CMS_verify.3
releng/10.0/secure/lib/libcrypto/man/CMS_verify_receipt.3
releng/10.0/secure/lib/libcrypto/man/CONF_modules_free.3
releng/10.0/secure/lib/libcrypto/man/CONF_modules_load_file.3
releng/10.0/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
releng/10.0/secure/lib/libcrypto/man/DH_generate_key.3
releng/10.0/secure/lib/libcrypto/man/DH_generate_parameters.3
releng/10.0/secure/lib/libcrypto/man/DH_get_ex_new_index.3
releng/10.0/secure/lib/libcrypto/man/DH_new.3
releng/10.0/secure/lib/libcrypto/man/DH_set_method.3
releng/10.0/secure/lib/libcrypto/man/DH_size.3
releng/10.0/secure/lib/libcrypto/man/DSA_SIG_new.3
releng/10.0/secure/lib/libcrypto/man/DSA_do_sign.3
releng/10.0/secure/lib/libcrypto/man/DSA_dup_DH.3
releng/10.0/secure/lib/libcrypto/man/DSA_generate_key.3
releng/10.0/secure/lib/libcrypto/man/DSA_generate_parameters.3
releng/10.0/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
releng/10.0/secure/lib/libcrypto/man/DSA_new.3
releng/10.0/secure/lib/libcrypto/man/DSA_set_method.3
releng/10.0/secure/lib/libcrypto/man/DSA_sign.3
releng/10.0/secure/lib/libcrypto/man/DSA_size.3
releng/10.0/secure/lib/libcrypto/man/ERR_GET_LIB.3
releng/10.0/secure/lib/libcrypto/man/ERR_clear_error.3
releng/10.0/secure/lib/libcrypto/man/ERR_error_string.3
releng/10.0/secure/lib/libcrypto/man/ERR_get_error.3
releng/10.0/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
releng/10.0/secure/lib/libcrypto/man/ERR_load_strings.3
releng/10.0/secure/lib/libcrypto/man/ERR_print_errors.3
releng/10.0/secure/lib/libcrypto/man/ERR_put_error.3
releng/10.0/secure/lib/libcrypto/man/ERR_remove_state.3
releng/10.0/secure/lib/libcrypto/man/ERR_set_mark.3
releng/10.0/secure/lib/libcrypto/man/EVP_BytesToKey.3
releng/10.0/secure/lib/libcrypto/man/EVP_DigestInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_DigestSignInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_EncryptInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_OpenInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_derive.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_new.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_sign.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify.3
releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
releng/10.0/secure/lib/libcrypto/man/EVP_SealInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_SignInit.3
releng/10.0/secure/lib/libcrypto/man/EVP_VerifyInit.3
releng/10.0/secure/lib/libcrypto/man/OBJ_nid2obj.3
releng/10.0/secure/lib/libcrypto/man/OPENSSL_Applink.3
releng/10.0/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
releng/10.0/secure/lib/libcrypto/man/OPENSSL_config.3
releng/10.0/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
releng/10.0/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
releng/10.0/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
releng/10.0/secure/lib/libcrypto/man/PKCS12_create.3
releng/10.0/secure/lib/libcrypto/man/PKCS12_parse.3
releng/10.0/secure/lib/libcrypto/man/PKCS7_decrypt.3
releng/10.0/secure/lib/libcrypto/man/PKCS7_encrypt.3
releng/10.0/secure/lib/libcrypto/man/PKCS7_sign.3
releng/10.0/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
releng/10.0/secure/lib/libcrypto/man/PKCS7_verify.3
releng/10.0/secure/lib/libcrypto/man/RAND_add.3
releng/10.0/secure/lib/libcrypto/man/RAND_bytes.3
releng/10.0/secure/lib/libcrypto/man/RAND_cleanup.3
releng/10.0/secure/lib/libcrypto/man/RAND_egd.3
releng/10.0/secure/lib/libcrypto/man/RAND_load_file.3
releng/10.0/secure/lib/libcrypto/man/RAND_set_rand_method.3
releng/10.0/secure/lib/libcrypto/man/RSA_blinding_on.3
releng/10.0/secure/lib/libcrypto/man/RSA_check_key.3
releng/10.0/secure/lib/libcrypto/man/RSA_generate_key.3
releng/10.0/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
releng/10.0/secure/lib/libcrypto/man/RSA_new.3
releng/10.0/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
releng/10.0/secure/lib/libcrypto/man/RSA_print.3
releng/10.0/secure/lib/libcrypto/man/RSA_private_encrypt.3
releng/10.0/secure/lib/libcrypto/man/RSA_public_encrypt.3
releng/10.0/secure/lib/libcrypto/man/RSA_set_method.3
releng/10.0/secure/lib/libcrypto/man/RSA_sign.3
releng/10.0/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
releng/10.0/secure/lib/libcrypto/man/RSA_size.3
releng/10.0/secure/lib/libcrypto/man/SMIME_read_CMS.3
releng/10.0/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
releng/10.0/secure/lib/libcrypto/man/SMIME_write_CMS.3
releng/10.0/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
releng/10.0/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
releng/10.0/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
releng/10.0/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
releng/10.0/secure/lib/libcrypto/man/X509_NAME_print_ex.3
releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
releng/10.0/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
releng/10.0/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
releng/10.0/secure/lib/libcrypto/man/X509_new.3
releng/10.0/secure/lib/libcrypto/man/X509_verify_cert.3
releng/10.0/secure/lib/libcrypto/man/bio.3
releng/10.0/secure/lib/libcrypto/man/blowfish.3
releng/10.0/secure/lib/libcrypto/man/bn.3
releng/10.0/secure/lib/libcrypto/man/bn_internal.3
releng/10.0/secure/lib/libcrypto/man/buffer.3
releng/10.0/secure/lib/libcrypto/man/crypto.3
releng/10.0/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
releng/10.0/secure/lib/libcrypto/man/d2i_DHparams.3
releng/10.0/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
releng/10.0/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
releng/10.0/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509_CRL.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509_NAME.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509_REQ.3
releng/10.0/secure/lib/libcrypto/man/d2i_X509_SIG.3
releng/10.0/secure/lib/libcrypto/man/des.3
releng/10.0/secure/lib/libcrypto/man/dh.3
releng/10.0/secure/lib/libcrypto/man/dsa.3
releng/10.0/secure/lib/libcrypto/man/ecdsa.3
releng/10.0/secure/lib/libcrypto/man/engine.3
releng/10.0/secure/lib/libcrypto/man/err.3
releng/10.0/secure/lib/libcrypto/man/evp.3
releng/10.0/secure/lib/libcrypto/man/hmac.3
releng/10.0/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
releng/10.0/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
releng/10.0/secure/lib/libcrypto/man/lh_stats.3
releng/10.0/secure/lib/libcrypto/man/lhash.3
releng/10.0/secure/lib/libcrypto/man/md5.3
releng/10.0/secure/lib/libcrypto/man/mdc2.3
releng/10.0/secure/lib/libcrypto/man/pem.3
releng/10.0/secure/lib/libcrypto/man/rand.3
releng/10.0/secure/lib/libcrypto/man/rc4.3
releng/10.0/secure/lib/libcrypto/man/ripemd.3
releng/10.0/secure/lib/libcrypto/man/rsa.3
releng/10.0/secure/lib/libcrypto/man/sha.3
releng/10.0/secure/lib/libcrypto/man/threads.3
releng/10.0/secure/lib/libcrypto/man/ui.3
releng/10.0/secure/lib/libcrypto/man/ui_compat.3
releng/10.0/secure/lib/libcrypto/man/x509.3
releng/10.0/secure/lib/libssl/Makefile.man
releng/10.0/secure/lib/libssl/man/SSL_CIPHER_get_name.3
releng/10.0/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_add_session.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_ctrl.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_free.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_new.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_number.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_sessions.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_mode.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_options.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_timeout.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_set_verify.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_use_certificate.3
releng/10.0/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
releng/10.0/secure/lib/libssl/man/SSL_SESSION_free.3
releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_time.3
releng/10.0/secure/lib/libssl/man/SSL_accept.3
releng/10.0/secure/lib/libssl/man/SSL_alert_type_string.3
releng/10.0/secure/lib/libssl/man/SSL_clear.3
releng/10.0/secure/lib/libssl/man/SSL_connect.3
releng/10.0/secure/lib/libssl/man/SSL_do_handshake.3
releng/10.0/secure/lib/libssl/man/SSL_free.3
releng/10.0/secure/lib/libssl/man/SSL_get_SSL_CTX.3
releng/10.0/secure/lib/libssl/man/SSL_get_ciphers.3
releng/10.0/secure/lib/libssl/man/SSL_get_client_CA_list.3
releng/10.0/secure/lib/libssl/man/SSL_get_current_cipher.3
releng/10.0/secure/lib/libssl/man/SSL_get_default_timeout.3
releng/10.0/secure/lib/libssl/man/SSL_get_error.3
releng/10.0/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
releng/10.0/secure/lib/libssl/man/SSL_get_ex_new_index.3
releng/10.0/secure/lib/libssl/man/SSL_get_fd.3
releng/10.0/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
releng/10.0/secure/lib/libssl/man/SSL_get_peer_certificate.3
releng/10.0/secure/lib/libssl/man/SSL_get_psk_identity.3
releng/10.0/secure/lib/libssl/man/SSL_get_rbio.3
releng/10.0/secure/lib/libssl/man/SSL_get_session.3
releng/10.0/secure/lib/libssl/man/SSL_get_verify_result.3
releng/10.0/secure/lib/libssl/man/SSL_get_version.3
releng/10.0/secure/lib/libssl/man/SSL_library_init.3
releng/10.0/secure/lib/libssl/man/SSL_load_client_CA_file.3
releng/10.0/secure/lib/libssl/man/SSL_new.3
releng/10.0/secure/lib/libssl/man/SSL_pending.3
releng/10.0/secure/lib/libssl/man/SSL_read.3
releng/10.0/secure/lib/libssl/man/SSL_rstate_string.3
releng/10.0/secure/lib/libssl/man/SSL_session_reused.3
releng/10.0/secure/lib/libssl/man/SSL_set_bio.3
releng/10.0/secure/lib/libssl/man/SSL_set_connect_state.3
releng/10.0/secure/lib/libssl/man/SSL_set_fd.3
releng/10.0/secure/lib/libssl/man/SSL_set_session.3
releng/10.0/secure/lib/libssl/man/SSL_set_shutdown.3
releng/10.0/secure/lib/libssl/man/SSL_set_verify_result.3
releng/10.0/secure/lib/libssl/man/SSL_shutdown.3
releng/10.0/secure/lib/libssl/man/SSL_state_string.3
releng/10.0/secure/lib/libssl/man/SSL_want.3
releng/10.0/secure/lib/libssl/man/SSL_write.3
releng/10.0/secure/lib/libssl/man/d2i_SSL_SESSION.3
releng/10.0/secure/lib/libssl/man/ssl.3
releng/10.0/secure/usr.bin/openssl/Makefile.man
releng/10.0/secure/usr.bin/openssl/man/CA.pl.1
releng/10.0/secure/usr.bin/openssl/man/asn1parse.1
releng/10.0/secure/usr.bin/openssl/man/ca.1
releng/10.0/secure/usr.bin/openssl/man/ciphers.1
releng/10.0/secure/usr.bin/openssl/man/cms.1
releng/10.0/secure/usr.bin/openssl/man/crl.1
releng/10.0/secure/usr.bin/openssl/man/crl2pkcs7.1
releng/10.0/secure/usr.bin/openssl/man/dgst.1
releng/10.0/secure/usr.bin/openssl/man/dhparam.1
releng/10.0/secure/usr.bin/openssl/man/dsa.1
releng/10.0/secure/usr.bin/openssl/man/dsaparam.1
releng/10.0/secure/usr.bin/openssl/man/ec.1
releng/10.0/secure/usr.bin/openssl/man/ecparam.1
releng/10.0/secure/usr.bin/openssl/man/enc.1
releng/10.0/secure/usr.bin/openssl/man/errstr.1
releng/10.0/secure/usr.bin/openssl/man/gendsa.1
releng/10.0/secure/usr.bin/openssl/man/genpkey.1
releng/10.0/secure/usr.bin/openssl/man/genrsa.1
releng/10.0/secure/usr.bin/openssl/man/nseq.1
releng/10.0/secure/usr.bin/openssl/man/ocsp.1
releng/10.0/secure/usr.bin/openssl/man/openssl.1
releng/10.0/secure/usr.bin/openssl/man/passwd.1
releng/10.0/secure/usr.bin/openssl/man/pkcs12.1
releng/10.0/secure/usr.bin/openssl/man/pkcs7.1
releng/10.0/secure/usr.bin/openssl/man/pkcs8.1
releng/10.0/secure/usr.bin/openssl/man/pkey.1
releng/10.0/secure/usr.bin/openssl/man/pkeyparam.1
releng/10.0/secure/usr.bin/openssl/man/pkeyutl.1
releng/10.0/secure/usr.bin/openssl/man/rand.1
releng/10.0/secure/usr.bin/openssl/man/req.1
releng/10.0/secure/usr.bin/openssl/man/rsa.1
releng/10.0/secure/usr.bin/openssl/man/rsautl.1
releng/10.0/secure/usr.bin/openssl/man/s_client.1
releng/10.0/secure/usr.bin/openssl/man/s_server.1
releng/10.0/secure/usr.bin/openssl/man/s_time.1
releng/10.0/secure/usr.bin/openssl/man/sess_id.1
releng/10.0/secure/usr.bin/openssl/man/smime.1
releng/10.0/secure/usr.bin/openssl/man/speed.1
releng/10.0/secure/usr.bin/openssl/man/spkac.1
releng/10.0/secure/usr.bin/openssl/man/ts.1
releng/10.0/secure/usr.bin/openssl/man/tsget.1
releng/10.0/secure/usr.bin/openssl/man/verify.1
releng/10.0/secure/usr.bin/openssl/man/version.1
releng/10.0/secure/usr.bin/openssl/man/x509.1
releng/10.0/secure/usr.bin/openssl/man/x509v3_config.1
releng/10.0/sys/conf/newvers.sh
releng/10.0/sys/netinet/igmp.c
releng/10.0/usr.sbin/freebsd-update/freebsd-update.sh
releng/10.1/UPDATING
releng/10.1/crypto/openssl/CHANGES
releng/10.1/crypto/openssl/Configure
releng/10.1/crypto/openssl/Makefile
releng/10.1/crypto/openssl/NEWS
releng/10.1/crypto/openssl/README
releng/10.1/crypto/openssl/apps/ca.c
releng/10.1/crypto/openssl/apps/dgst.c
releng/10.1/crypto/openssl/apps/ocsp.c
releng/10.1/crypto/openssl/apps/openssl.c
releng/10.1/crypto/openssl/apps/s_client.c
releng/10.1/crypto/openssl/apps/s_server.c
releng/10.1/crypto/openssl/apps/s_time.c
releng/10.1/crypto/openssl/apps/speed.c
releng/10.1/crypto/openssl/crypto/Makefile
releng/10.1/crypto/openssl/crypto/aes/asm/aes-mips.pl
releng/10.1/crypto/openssl/crypto/asn1/asn1.h
releng/10.1/crypto/openssl/crypto/asn1/asn1_err.c
releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c
releng/10.1/crypto/openssl/crypto/asn1/x_name.c
releng/10.1/crypto/openssl/crypto/bio/bio.h
releng/10.1/crypto/openssl/crypto/bio/bss_dgram.c
releng/10.1/crypto/openssl/crypto/bn/bn.h
releng/10.1/crypto/openssl/crypto/bn/bn_ctx.c
releng/10.1/crypto/openssl/crypto/bn/bn_div.c
releng/10.1/crypto/openssl/crypto/bn/bntest.c
releng/10.1/crypto/openssl/crypto/constant_time_locl.h
releng/10.1/crypto/openssl/crypto/cversion.c
releng/10.1/crypto/openssl/crypto/dso/dso_dlfcn.c
releng/10.1/crypto/openssl/crypto/ec/ec_lib.c
releng/10.1/crypto/openssl/crypto/ec/ec_mult.c
releng/10.1/crypto/openssl/crypto/ec/ec_pmeth.c
releng/10.1/crypto/openssl/crypto/ec/ecp_nistp256.c
releng/10.1/crypto/openssl/crypto/ec/ectest.c
releng/10.1/crypto/openssl/crypto/ecdsa/ecs_vrf.c
releng/10.1/crypto/openssl/crypto/engine/eng_dyn.c
releng/10.1/crypto/openssl/crypto/evp/Makefile
releng/10.1/crypto/openssl/crypto/evp/e_des3.c
releng/10.1/crypto/openssl/crypto/evp/evp_enc.c
releng/10.1/crypto/openssl/crypto/md32_common.h
releng/10.1/crypto/openssl/crypto/mem.c
releng/10.1/crypto/openssl/crypto/objects/obj_xref.h
releng/10.1/crypto/openssl/crypto/objects/objxref.pl
releng/10.1/crypto/openssl/crypto/opensslv.h
releng/10.1/crypto/openssl/crypto/sha/asm/sha1-mips.pl
releng/10.1/crypto/openssl/crypto/sha/asm/sha512-mips.pl
releng/10.1/crypto/openssl/crypto/ts/ts_rsp_sign.c
releng/10.1/crypto/openssl/crypto/x509/x509_vpm.c
releng/10.1/crypto/openssl/crypto/x509v3/v3_ncons.c
releng/10.1/crypto/openssl/doc/HOWTO/certificates.txt
releng/10.1/crypto/openssl/doc/HOWTO/proxy_certificates.txt
releng/10.1/crypto/openssl/doc/apps/dgst.pod
releng/10.1/crypto/openssl/doc/apps/ocsp.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
releng/10.1/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod
releng/10.1/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
releng/10.1/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
releng/10.1/crypto/openssl/e_os.h
releng/10.1/crypto/openssl/engines/e_padlock.c
releng/10.1/crypto/openssl/ssl/d1_both.c
releng/10.1/crypto/openssl/ssl/d1_clnt.c
releng/10.1/crypto/openssl/ssl/d1_enc.c
releng/10.1/crypto/openssl/ssl/d1_lib.c
releng/10.1/crypto/openssl/ssl/d1_pkt.c
releng/10.1/crypto/openssl/ssl/d1_srvr.c
releng/10.1/crypto/openssl/ssl/dtls1.h
releng/10.1/crypto/openssl/ssl/kssl.c
releng/10.1/crypto/openssl/ssl/s23_srvr.c
releng/10.1/crypto/openssl/ssl/s2_enc.c
releng/10.1/crypto/openssl/ssl/s2_pkt.c
releng/10.1/crypto/openssl/ssl/s2_srvr.c
releng/10.1/crypto/openssl/ssl/s3_both.c
releng/10.1/crypto/openssl/ssl/s3_clnt.c
releng/10.1/crypto/openssl/ssl/s3_enc.c
releng/10.1/crypto/openssl/ssl/s3_lib.c
releng/10.1/crypto/openssl/ssl/s3_meth.c
releng/10.1/crypto/openssl/ssl/s3_pkt.c
releng/10.1/crypto/openssl/ssl/s3_srvr.c
releng/10.1/crypto/openssl/ssl/srtp.h
releng/10.1/crypto/openssl/ssl/ssl.h
releng/10.1/crypto/openssl/ssl/ssl3.h
releng/10.1/crypto/openssl/ssl/ssl_cert.c
releng/10.1/crypto/openssl/ssl/ssl_ciph.c
releng/10.1/crypto/openssl/ssl/ssl_lib.c
releng/10.1/crypto/openssl/ssl/ssl_locl.h
releng/10.1/crypto/openssl/ssl/ssl_sess.c
releng/10.1/crypto/openssl/ssl/ssltest.c
releng/10.1/crypto/openssl/ssl/t1_enc.c
releng/10.1/crypto/openssl/ssl/t1_lib.c
releng/10.1/crypto/openssl/util/mk1mf.pl
releng/10.1/crypto/openssl/util/mkdef.pl
releng/10.1/crypto/openssl/util/pl/netware.pl
releng/10.1/crypto/openssl/util/ssleay.num
releng/10.1/secure/lib/libcrypto/Makefile
releng/10.1/secure/lib/libcrypto/Makefile.inc
releng/10.1/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_length.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_new.3
releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
releng/10.1/secure/lib/libcrypto/man/ASN1_generate_nconf.3
releng/10.1/secure/lib/libcrypto/man/BIO_ctrl.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_base64.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_buffer.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_cipher.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_md.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_null.3
releng/10.1/secure/lib/libcrypto/man/BIO_f_ssl.3
releng/10.1/secure/lib/libcrypto/man/BIO_find_type.3
releng/10.1/secure/lib/libcrypto/man/BIO_new.3
releng/10.1/secure/lib/libcrypto/man/BIO_new_CMS.3
releng/10.1/secure/lib/libcrypto/man/BIO_push.3
releng/10.1/secure/lib/libcrypto/man/BIO_read.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_accept.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_bio.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_connect.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_fd.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_file.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_mem.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_null.3
releng/10.1/secure/lib/libcrypto/man/BIO_s_socket.3
releng/10.1/secure/lib/libcrypto/man/BIO_set_callback.3
releng/10.1/secure/lib/libcrypto/man/BIO_should_retry.3
releng/10.1/secure/lib/libcrypto/man/BN_BLINDING_new.3
releng/10.1/secure/lib/libcrypto/man/BN_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/BN_CTX_start.3
releng/10.1/secure/lib/libcrypto/man/BN_add.3
releng/10.1/secure/lib/libcrypto/man/BN_add_word.3
releng/10.1/secure/lib/libcrypto/man/BN_bn2bin.3
releng/10.1/secure/lib/libcrypto/man/BN_cmp.3
releng/10.1/secure/lib/libcrypto/man/BN_copy.3
releng/10.1/secure/lib/libcrypto/man/BN_generate_prime.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_inverse.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
releng/10.1/secure/lib/libcrypto/man/BN_new.3
releng/10.1/secure/lib/libcrypto/man/BN_num_bytes.3
releng/10.1/secure/lib/libcrypto/man/BN_rand.3
releng/10.1/secure/lib/libcrypto/man/BN_set_bit.3
releng/10.1/secure/lib/libcrypto/man/BN_swap.3
releng/10.1/secure/lib/libcrypto/man/BN_zero.3
releng/10.1/secure/lib/libcrypto/man/CMS_add0_cert.3
releng/10.1/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
releng/10.1/secure/lib/libcrypto/man/CMS_add1_signer.3
releng/10.1/secure/lib/libcrypto/man/CMS_compress.3
releng/10.1/secure/lib/libcrypto/man/CMS_decrypt.3
releng/10.1/secure/lib/libcrypto/man/CMS_encrypt.3
releng/10.1/secure/lib/libcrypto/man/CMS_final.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
releng/10.1/secure/lib/libcrypto/man/CMS_get0_type.3
releng/10.1/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
releng/10.1/secure/lib/libcrypto/man/CMS_sign.3
releng/10.1/secure/lib/libcrypto/man/CMS_sign_receipt.3
releng/10.1/secure/lib/libcrypto/man/CMS_uncompress.3
releng/10.1/secure/lib/libcrypto/man/CMS_verify.3
releng/10.1/secure/lib/libcrypto/man/CMS_verify_receipt.3
releng/10.1/secure/lib/libcrypto/man/CONF_modules_free.3
releng/10.1/secure/lib/libcrypto/man/CONF_modules_load_file.3
releng/10.1/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
releng/10.1/secure/lib/libcrypto/man/DH_generate_key.3
releng/10.1/secure/lib/libcrypto/man/DH_generate_parameters.3
releng/10.1/secure/lib/libcrypto/man/DH_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/DH_new.3
releng/10.1/secure/lib/libcrypto/man/DH_set_method.3
releng/10.1/secure/lib/libcrypto/man/DH_size.3
releng/10.1/secure/lib/libcrypto/man/DSA_SIG_new.3
releng/10.1/secure/lib/libcrypto/man/DSA_do_sign.3
releng/10.1/secure/lib/libcrypto/man/DSA_dup_DH.3
releng/10.1/secure/lib/libcrypto/man/DSA_generate_key.3
releng/10.1/secure/lib/libcrypto/man/DSA_generate_parameters.3
releng/10.1/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/DSA_new.3
releng/10.1/secure/lib/libcrypto/man/DSA_set_method.3
releng/10.1/secure/lib/libcrypto/man/DSA_sign.3
releng/10.1/secure/lib/libcrypto/man/DSA_size.3
releng/10.1/secure/lib/libcrypto/man/ERR_GET_LIB.3
releng/10.1/secure/lib/libcrypto/man/ERR_clear_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_error_string.3
releng/10.1/secure/lib/libcrypto/man/ERR_get_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
releng/10.1/secure/lib/libcrypto/man/ERR_load_strings.3
releng/10.1/secure/lib/libcrypto/man/ERR_print_errors.3
releng/10.1/secure/lib/libcrypto/man/ERR_put_error.3
releng/10.1/secure/lib/libcrypto/man/ERR_remove_state.3
releng/10.1/secure/lib/libcrypto/man/ERR_set_mark.3
releng/10.1/secure/lib/libcrypto/man/EVP_BytesToKey.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestSignInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_EncryptInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_OpenInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_derive.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_new.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_sign.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify.3
releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
releng/10.1/secure/lib/libcrypto/man/EVP_SealInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_SignInit.3
releng/10.1/secure/lib/libcrypto/man/EVP_VerifyInit.3
releng/10.1/secure/lib/libcrypto/man/OBJ_nid2obj.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_Applink.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_config.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
releng/10.1/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
releng/10.1/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
releng/10.1/secure/lib/libcrypto/man/PKCS12_create.3
releng/10.1/secure/lib/libcrypto/man/PKCS12_parse.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_decrypt.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_encrypt.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_sign.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
releng/10.1/secure/lib/libcrypto/man/PKCS7_verify.3
releng/10.1/secure/lib/libcrypto/man/RAND_add.3
releng/10.1/secure/lib/libcrypto/man/RAND_bytes.3
releng/10.1/secure/lib/libcrypto/man/RAND_cleanup.3
releng/10.1/secure/lib/libcrypto/man/RAND_egd.3
releng/10.1/secure/lib/libcrypto/man/RAND_load_file.3
releng/10.1/secure/lib/libcrypto/man/RAND_set_rand_method.3
releng/10.1/secure/lib/libcrypto/man/RSA_blinding_on.3
releng/10.1/secure/lib/libcrypto/man/RSA_check_key.3
releng/10.1/secure/lib/libcrypto/man/RSA_generate_key.3
releng/10.1/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/RSA_new.3
releng/10.1/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
releng/10.1/secure/lib/libcrypto/man/RSA_print.3
releng/10.1/secure/lib/libcrypto/man/RSA_private_encrypt.3
releng/10.1/secure/lib/libcrypto/man/RSA_public_encrypt.3
releng/10.1/secure/lib/libcrypto/man/RSA_set_method.3
releng/10.1/secure/lib/libcrypto/man/RSA_sign.3
releng/10.1/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
releng/10.1/secure/lib/libcrypto/man/RSA_size.3
releng/10.1/secure/lib/libcrypto/man/SMIME_read_CMS.3
releng/10.1/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
releng/10.1/secure/lib/libcrypto/man/SMIME_write_CMS.3
releng/10.1/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
releng/10.1/secure/lib/libcrypto/man/X509_NAME_print_ex.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
releng/10.1/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
releng/10.1/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
releng/10.1/secure/lib/libcrypto/man/X509_new.3
releng/10.1/secure/lib/libcrypto/man/X509_verify_cert.3
releng/10.1/secure/lib/libcrypto/man/bio.3
releng/10.1/secure/lib/libcrypto/man/blowfish.3
releng/10.1/secure/lib/libcrypto/man/bn.3
releng/10.1/secure/lib/libcrypto/man/bn_internal.3
releng/10.1/secure/lib/libcrypto/man/buffer.3
releng/10.1/secure/lib/libcrypto/man/crypto.3
releng/10.1/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
releng/10.1/secure/lib/libcrypto/man/d2i_DHparams.3
releng/10.1/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_CRL.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_NAME.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_REQ.3
releng/10.1/secure/lib/libcrypto/man/d2i_X509_SIG.3
releng/10.1/secure/lib/libcrypto/man/des.3
releng/10.1/secure/lib/libcrypto/man/dh.3
releng/10.1/secure/lib/libcrypto/man/dsa.3
releng/10.1/secure/lib/libcrypto/man/ecdsa.3
releng/10.1/secure/lib/libcrypto/man/engine.3
releng/10.1/secure/lib/libcrypto/man/err.3
releng/10.1/secure/lib/libcrypto/man/evp.3
releng/10.1/secure/lib/libcrypto/man/hmac.3
releng/10.1/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
releng/10.1/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
releng/10.1/secure/lib/libcrypto/man/lh_stats.3
releng/10.1/secure/lib/libcrypto/man/lhash.3
releng/10.1/secure/lib/libcrypto/man/md5.3
releng/10.1/secure/lib/libcrypto/man/mdc2.3
releng/10.1/secure/lib/libcrypto/man/pem.3
releng/10.1/secure/lib/libcrypto/man/rand.3
releng/10.1/secure/lib/libcrypto/man/rc4.3
releng/10.1/secure/lib/libcrypto/man/ripemd.3
releng/10.1/secure/lib/libcrypto/man/rsa.3
releng/10.1/secure/lib/libcrypto/man/sha.3
releng/10.1/secure/lib/libcrypto/man/threads.3
releng/10.1/secure/lib/libcrypto/man/ui.3
releng/10.1/secure/lib/libcrypto/man/ui_compat.3
releng/10.1/secure/lib/libcrypto/man/x509.3
releng/10.1/secure/lib/libssl/man/SSL_CIPHER_get_name.3
releng/10.1/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_add_session.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_ctrl.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_free.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_new.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_number.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_sessions.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_options.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_timeout.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_set_verify.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_use_certificate.3
releng/10.1/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_free.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_time.3
releng/10.1/secure/lib/libssl/man/SSL_accept.3
releng/10.1/secure/lib/libssl/man/SSL_alert_type_string.3
releng/10.1/secure/lib/libssl/man/SSL_clear.3
releng/10.1/secure/lib/libssl/man/SSL_connect.3
releng/10.1/secure/lib/libssl/man/SSL_do_handshake.3
releng/10.1/secure/lib/libssl/man/SSL_free.3
releng/10.1/secure/lib/libssl/man/SSL_get_SSL_CTX.3
releng/10.1/secure/lib/libssl/man/SSL_get_ciphers.3
releng/10.1/secure/lib/libssl/man/SSL_get_client_CA_list.3
releng/10.1/secure/lib/libssl/man/SSL_get_current_cipher.3
releng/10.1/secure/lib/libssl/man/SSL_get_default_timeout.3
releng/10.1/secure/lib/libssl/man/SSL_get_error.3
releng/10.1/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
releng/10.1/secure/lib/libssl/man/SSL_get_ex_new_index.3
releng/10.1/secure/lib/libssl/man/SSL_get_fd.3
releng/10.1/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
releng/10.1/secure/lib/libssl/man/SSL_get_peer_certificate.3
releng/10.1/secure/lib/libssl/man/SSL_get_psk_identity.3
releng/10.1/secure/lib/libssl/man/SSL_get_rbio.3
releng/10.1/secure/lib/libssl/man/SSL_get_session.3
releng/10.1/secure/lib/libssl/man/SSL_get_verify_result.3
releng/10.1/secure/lib/libssl/man/SSL_get_version.3
releng/10.1/secure/lib/libssl/man/SSL_library_init.3
releng/10.1/secure/lib/libssl/man/SSL_load_client_CA_file.3
releng/10.1/secure/lib/libssl/man/SSL_new.3
releng/10.1/secure/lib/libssl/man/SSL_pending.3
releng/10.1/secure/lib/libssl/man/SSL_read.3
releng/10.1/secure/lib/libssl/man/SSL_rstate_string.3
releng/10.1/secure/lib/libssl/man/SSL_session_reused.3
releng/10.1/secure/lib/libssl/man/SSL_set_bio.3
releng/10.1/secure/lib/libssl/man/SSL_set_connect_state.3
releng/10.1/secure/lib/libssl/man/SSL_set_fd.3
releng/10.1/secure/lib/libssl/man/SSL_set_session.3
releng/10.1/secure/lib/libssl/man/SSL_set_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_set_verify_result.3
releng/10.1/secure/lib/libssl/man/SSL_shutdown.3
releng/10.1/secure/lib/libssl/man/SSL_state_string.3
releng/10.1/secure/lib/libssl/man/SSL_want.3
releng/10.1/secure/lib/libssl/man/SSL_write.3
releng/10.1/secure/lib/libssl/man/d2i_SSL_SESSION.3
releng/10.1/secure/lib/libssl/man/ssl.3
releng/10.1/secure/usr.bin/openssl/man/CA.pl.1
releng/10.1/secure/usr.bin/openssl/man/asn1parse.1
releng/10.1/secure/usr.bin/openssl/man/c_rehash.1
releng/10.1/secure/usr.bin/openssl/man/ca.1
releng/10.1/secure/usr.bin/openssl/man/ciphers.1
releng/10.1/secure/usr.bin/openssl/man/cms.1
releng/10.1/secure/usr.bin/openssl/man/crl.1
releng/10.1/secure/usr.bin/openssl/man/crl2pkcs7.1
releng/10.1/secure/usr.bin/openssl/man/dgst.1
releng/10.1/secure/usr.bin/openssl/man/dhparam.1
releng/10.1/secure/usr.bin/openssl/man/dsa.1
releng/10.1/secure/usr.bin/openssl/man/dsaparam.1
releng/10.1/secure/usr.bin/openssl/man/ec.1
releng/10.1/secure/usr.bin/openssl/man/ecparam.1
releng/10.1/secure/usr.bin/openssl/man/enc.1
releng/10.1/secure/usr.bin/openssl/man/errstr.1
releng/10.1/secure/usr.bin/openssl/man/gendsa.1
releng/10.1/secure/usr.bin/openssl/man/genpkey.1
releng/10.1/secure/usr.bin/openssl/man/genrsa.1
releng/10.1/secure/usr.bin/openssl/man/nseq.1
releng/10.1/secure/usr.bin/openssl/man/ocsp.1
releng/10.1/secure/usr.bin/openssl/man/openssl.1
releng/10.1/secure/usr.bin/openssl/man/passwd.1
releng/10.1/secure/usr.bin/openssl/man/pkcs12.1
releng/10.1/secure/usr.bin/openssl/man/pkcs7.1
releng/10.1/secure/usr.bin/openssl/man/pkcs8.1
releng/10.1/secure/usr.bin/openssl/man/pkey.1
releng/10.1/secure/usr.bin/openssl/man/pkeyparam.1
releng/10.1/secure/usr.bin/openssl/man/pkeyutl.1
releng/10.1/secure/usr.bin/openssl/man/rand.1
releng/10.1/secure/usr.bin/openssl/man/req.1
releng/10.1/secure/usr.bin/openssl/man/rsa.1
releng/10.1/secure/usr.bin/openssl/man/rsautl.1
releng/10.1/secure/usr.bin/openssl/man/s_client.1
releng/10.1/secure/usr.bin/openssl/man/s_server.1
releng/10.1/secure/usr.bin/openssl/man/s_time.1
releng/10.1/secure/usr.bin/openssl/man/sess_id.1
releng/10.1/secure/usr.bin/openssl/man/smime.1
releng/10.1/secure/usr.bin/openssl/man/speed.1
releng/10.1/secure/usr.bin/openssl/man/spkac.1
releng/10.1/secure/usr.bin/openssl/man/ts.1
releng/10.1/secure/usr.bin/openssl/man/tsget.1
releng/10.1/secure/usr.bin/openssl/man/verify.1
releng/10.1/secure/usr.bin/openssl/man/version.1
releng/10.1/secure/usr.bin/openssl/man/x509.1
releng/10.1/secure/usr.bin/openssl/man/x509v3_config.1
releng/10.1/sys/conf/newvers.sh
releng/10.1/sys/dev/vt/vt_core.c
releng/10.1/sys/netinet/igmp.c
releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh
Modified: releng/10.0/UPDATING
==============================================================================
--- releng/10.0/UPDATING Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/UPDATING Wed Feb 25 05:56:16 2015 (r279264)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20150225: p18 FreeBSD-SA-15:04.igmp
+ FreeBSD-EN-15:01.vt
+ FreeBSD-EN-15:02.openssl
+ FreeBSD-EN-15:03.freebsd-update
+
+ Fix integer overflow in IGMP protocol. [SA-15:04]
+
+ Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
+
+ Updated base system OpenSSL to 1.0.1l. [EN-15:02]
+
+ Fix freebsd-update libraries update ordering issue. [EN-15:03]
+
20150127: p17 FreeBSD-SA-15:02.kmem
FreeBSD-SA-15:03.sctp
Modified: releng/10.0/crypto/openssl/ACKNOWLEDGMENTS
==============================================================================
--- releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:56:16 2015 (r279264)
@@ -10,13 +10,18 @@ OpenSSL project.
We would like to identify and thank the following such sponsors for their past
or current significant support of the OpenSSL project:
+Major support:
+
+ Qualys http://www.qualys.com/
+
Very significant support:
- OpenGear: www.opengear.com
+ OpenGear: http://www.opengear.com/
Significant support:
- PSW Group: www.psw.net
+ PSW Group: http://www.psw.net/
+ Acano Ltd. http://acano.com/
Please note that we ask permission to identify sponsors and that some sponsors
we consider eligible for inclusion here have requested to remain anonymous.
Modified: releng/10.0/crypto/openssl/CHANGES
==============================================================================
--- releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:56:16 2015 (r279264)
@@ -2,9 +2,376 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+ [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+ dtls1_buffer_record function under certain conditions. In particular this
+ could occur if an attacker sent repeated DTLS records with the same
+ sequence number but for the next epoch. The memory leak could be exploited
+ by an attacker in a Denial of Service attack through memory exhaustion.
+ Thanks to Chris Mueller for reporting this issue.
+ (CVE-2015-0206)
+ [Matt Caswell]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
+ *) Remove non-export ephemeral RSA code on client and server. This code
+ violated the TLS standard by allowing the use of temporary RSA keys in
+ non-export ciphersuites and could be used by a server to effectively
+ downgrade the RSA key length used to a value smaller than the server
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
+ (CVE-2015-0204)
+ [Steve Henson]
+
+ *) Fixed issue where DH client certificates are accepted without verification.
+ An OpenSSL server will accept a DH certificate for client authentication
+ without the certificate verify message. This effectively allows a client to
+ authenticate without the use of a private key. This only affects servers
+ which trust a client certificate authority which issues certificates
+ containing DH keys: these are extremely rare and hardly ever encountered.
+ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+ this issue.
+ (CVE-2015-0205)
+ [Steve Henson]
+
+ *) Ensure that the session ID context of an SSL is updated when its
+ SSL_CTX is updated via SSL_set_SSL_CTX.
+
+ The session ID context is typically set from the parent SSL_CTX,
+ and can vary with the CTX.
+ [Adam Langley]
+
+ *) Fix various certificate fingerprint issues.
+
+ By using non-DER or invalid encodings outside the signed portion of a
+ certificate the fingerprint can be changed without breaking the signature.
+ Although no details of the signed portion of the certificate can be changed
+ this can cause problems with some applications: e.g. those using the
+ certificate fingerprint for blacklists.
+
+ 1. Reject signatures with non zero unused bits.
+
+ If the BIT STRING containing the signature has non zero unused bits reject
+ the signature. All current signature algorithms require zero unused bits.
+
+ 2. Check certificate algorithm consistency.
+
+ Check the AlgorithmIdentifier inside TBS matches the one in the
+ certificate signature. NB: this will result in signature failure
+ errors for some broken certificates.
+
+ Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+ 3. Check DSA/ECDSA signatures use DER.
+
+ Reencode DSA/ECDSA signatures and compare with the original received
+ signature. Return an error if there is a mismatch.
+
+ This will reject various cases including garbage after signature
+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+ (negative or with leading zeroes).
+
+ Further analysis was conducted and fixes were developed by Stephen Henson
+ of the OpenSSL core team.
+
+ (CVE-2014-8275)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
+ *) Do not resume sessions on the server if the negotiated protocol
+ version does not match the session's version. Resuming with a different
+ version, while not strictly forbidden by the RFC, is of questionable
+ sanity and breaks all known clients.
+ [David Benjamin, Emilia Käsper]
+
+ *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+ early CCS messages during renegotiation. (Note that because
+ renegotiation is encrypted, this early CCS was not exploitable.)
+ [Emilia Käsper]
+
+ *) Tighten client-side session ticket handling during renegotiation:
+ ensure that the client only accepts a session ticket if the server sends
+ the extension anew in the ServerHello. Previously, a TLS client would
+ reuse the old extension state and thus accept a session ticket if one was
+ announced in the initial ServerHello.
+
+ Similarly, ensure that the client requires a session ticket if one
+ was advertised in the ServerHello. Previously, a TLS client would
+ ignore a missing NewSessionTicket message.
+ [Emilia Käsper]
+
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+ *) SRTP Memory Leak.
+
+ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+ sends a carefully crafted handshake message, to cause OpenSSL to fail
+ to free up to 64k of memory causing a memory leak. This could be
+ exploited in a Denial Of Service attack. This issue affects OpenSSL
+ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+ whether SRTP is used or configured. Implementations of OpenSSL that
+ have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+ The fix was developed by the OpenSSL team.
+ (CVE-2014-3513)
+ [OpenSSL team]
+
+ *) Session Ticket Memory Leak.
+
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+
+ *) Build option no-ssl3 is incomplete.
+
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+
+ *) Add additional DigestInfo checks.
+
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+
+ Note: this is a precautionary measure and no attacks are currently known.
+
+ [Steve Henson]
+
+ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
+
+ *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
+ SRP code can be overrun an internal buffer. Add sanity check that
+ g, A, B < N to SRP code.
+
+ Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
+ Group for discovering this issue.
+ (CVE-2014-3512)
+ [Steve Henson]
+
+ *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
+ TLS 1.0 instead of higher protocol versions when the ClientHello message
+ is badly fragmented. This allows a man-in-the-middle attacker to force a
+ downgrade to TLS 1.0 even if both the server and the client support a
+ higher protocol version, by modifying the client's TLS records.
+
+ Thanks to David Benjamin and Adam Langley (Google) for discovering and
+ researching this issue.
+ (CVE-2014-3511)
+ [David Benjamin]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gröbert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia Käsper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) If a multithreaded client connects to a malicious server using a resumed
+ session and the server sends an ec point format extension it could write
+ up to 255 bytes to freed memory.
+
+ Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
+ issue.
+ (CVE-2014-3509)
+ [Gabor Tyukasz]
+
+ *) A malicious server can crash an OpenSSL client with a null pointer
+ dereference (read) by specifying an SRP ciphersuite even though it was not
+ properly negotiated with the client. This can be exploited through a
+ Denial of Service attack.
+
+ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+ discovering and researching this issue.
+ (CVE-2014-5139)
+ [Steve Henson]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia Käsper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+ handshake can force the use of weak keying material in OpenSSL
+ SSL/TLS clients and servers.
+
+ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+ researching this issue. (CVE-2014-0224)
+ [KIKUCHI Masashi, Steve Henson]
+
+ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+ OpenSSL DTLS client the code can be made to recurse eventually crashing
+ in a DoS attack.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+ (CVE-2014-0221)
+ [Imre Rad, Steve Henson]
+
+ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+ client or server. This is potentially exploitable to run arbitrary
+ code on a vulnerable client or server.
+
+ Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+ [Jüri Aedla, Steve Henson]
+
+ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+ are subject to a denial of service attack.
+
+ Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+ this issue. (CVE-2014-3470)
+ [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+ *) Harmonize version and its documentation. -f flag is used to display
+ compilation flags.
+ [mancha <mancha1 at zoho.com>]
+
+ *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+ in i2d_ECPrivateKey.
+ [mancha <mancha1 at zoho.com>]
+
+ *) Fix some double frees. These are not thought to be exploitable.
+ [mancha <mancha1 at zoho.com>]
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) TLS pad extension: draft-agl-tls-padding-03
+
+ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+ TLS client Hello record length value would otherwise be > 255 and
+ less that 512 pad with a dummy extension containing zeroes so it
+ is at least 512 bytes long.
+
+ [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+ *) Fix for TLS record tampering bug. A carefully crafted invalid
+ handshake could crash OpenSSL with a NULL pointer exception.
+ Thanks to Anton Johansson for reporting this issues.
+ (CVE-2013-4353)
+
+ *) Keep original DTLS digest and encryption contexts in retransmission
+ structures so we can use the previous session parameters if they need
+ to be resent. (CVE-2013-6450)
+ [Steve Henson]
+
+ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
+ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
+ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+ [Rob Stradling, Adam Langley]
+
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
- *)
+ *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+ supporting platforms or when small records were transferred.
+ [Andy Polyakov, Steve Henson]
Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
@@ -404,6 +771,63 @@
Add command line options to s_client/s_server.
[Steve Henson]
+ Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia Käsper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 1.0.0i and 1.0.0j [10 May 2012]
+
+ [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
+ OpenSSL 1.0.1.]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -1394,6 +1818,86 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia Käsper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+ *) The fix for CVE-2012-2110 did not take into account that the
+ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+ rejecting negative len parameter. (CVE-2012-2131)
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+ in CMS and PKCS7 code. When RSA decryption fails use a random key for
+ content decryption and always return the same error. Note: this attack
+ needs on average 2^20 messages so it only affects automated senders. The
+ old behaviour can be reenabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+ an MMA defence is not necessary.
+ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+ this issue. (CVE-2012-0884)
+ [Steve Henson]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
@@ -1401,7 +1905,7 @@
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
-
+
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
Modified: releng/10.0/crypto/openssl/Configure
==============================================================================
--- releng/10.0/crypto/openssl/Configure Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/Configure Wed Feb 25 05:56:16 2015 (r279264)
@@ -178,7 +178,7 @@ my %table=(
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -526,7 +526,7 @@ my %table=(
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
@@ -720,6 +720,7 @@ my %disabled = ( # "what" => "co
"sctp" => "default",
"shared" => "default",
"store" => "experimental",
+ "unit-test" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
@@ -727,7 +728,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -803,6 +804,11 @@ PROCESS_ARGS:
{
$disabled{"tls1"} = "option(tls)"
}
+ elsif ($1 eq "ssl3-method")
+ {
+ $disabled{"ssl3-method"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
+ }
else
{
$disabled{$1} = "option";
@@ -1766,6 +1772,9 @@ open(OUT,'>crypto/opensslconf.h.new') ||
print OUT "/* opensslconf.h */\n";
print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+print OUT "#ifdef __cplusplus\n";
+print OUT "extern \"C\" {\n";
+print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
@@ -1870,6 +1879,9 @@ while (<IN>)
{ print OUT $_; }
}
close(IN);
+print OUT "#ifdef __cplusplus\n";
+print OUT "}\n";
+print OUT "#endif\n";
close(OUT);
rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
Modified: releng/10.0/crypto/openssl/FAQ
==============================================================================
--- releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:56:16 2015 (r279264)
@@ -113,11 +113,6 @@ that came with the version of OpenSSL yo
documentation is included in each OpenSSL distribution under the docs
directory.
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
-of this still applies to OpenSSL.
-
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
@@ -768,6 +763,9 @@ openssl-security at openssl.org if you don'
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve).
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Modified: releng/10.0/crypto/openssl/Makefile
==============================================================================
--- releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:56:16 2015 (r279264)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1e
+VERSION=1.0.1l
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -13,7 +13,7 @@ SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=
PLATFORM=dist
-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine
+OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE
+DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
PEX_LIBS=
EX_LIBS=
EXE_EXT=
@@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: releng/10.0/crypto/openssl/Makefile.org
==============================================================================
--- releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:56:16 2015 (r279264)
@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: releng/10.0/crypto/openssl/NEWS
==============================================================================
--- releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:43:02 2015 (r279263)
+++ releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:56:16 2015 (r279264)
@@ -5,11 +5,67 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
+ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+
+ Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2015-0206
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2015-0205
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
+ Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
+ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+ o Fix for CVE-2014-3512
+ o Fix for CVE-2014-3511
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3509
+ o Fix for CVE-2014-5139
+ o Fix for CVE-2014-3508
+
+ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+ o Fix for CVE-2014-0224
+ o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0198
+ o Fix for CVE-2014-0195
+ o Fix for CVE-2014-3470
+ o Fix for CVE-2010-5298
+
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
+
+ Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+ o Don't include gmt_unix_time in TLS server and client random values
+ o Fix for TLS record tampering bug CVE-2013-4353
+ o Fix for TLS version checking bug CVE-2013-6449
+ o Fix for DTLS retransmission bug CVE-2013-6450
+
+ Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
o Corrected fix for CVE-2013-0169
- Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
+ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
o Include the fips configuration module.
@@ -17,24 +73,24 @@
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix for TLS AESNI record handling flaw CVE-2012-2686
- Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
o Fix TLS/DTLS record length checking bug CVE-2012-2333
o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
- Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
+ Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
o Fix compilation error on non-x86 platforms.
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
- Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
+ Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
o Workarounds for some servers that hang on long client hellos.
o Fix SEGV in AES code.
- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
+ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
o TLS/DTLS heartbeat support.
o SCTP support.
@@ -47,17 +103,30 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
- Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+ Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
- Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
+ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
o Fix for DTLS DoS issue CVE-2012-0050
- Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
+ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
@@ -65,7 +134,7 @@
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
o Check for malformed RFC3779 data CVE-2011-4577
- Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+ Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
o Fix for CRL vulnerability issue CVE-2011-3207
o Fix for ECDH crashes CVE-2011-3210
@@ -73,11 +142,11 @@
o Support ECDH ciphersuites for certificates using SHA2 algorithms.
o Various DTLS fixes.
- Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
+ Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
@@ -85,18 +154,18 @@
o Fix various platform compilation issues.
o Corrected fix for security issue CVE-2010-3864.
- Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
+ Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
o Fix for CVE-2010-2939
o Fix WIN32 build system for GOST ENGINE.
- Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
+ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
o Fix for security issue CVE-2010-1633.
o GOST MAC and CFB fixes.
- Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
@@ -119,20 +188,55 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Fix policy check double free error CVE-2011-4109
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes.
@@ -140,12 +244,12 @@
o Fix for no-rc4 compilation.
o Chil ENGINE unload workaround.
- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
o CFB cipher definition fixes.
o Fix security issues CVE-2010-0740 and CVE-2010-0433.
- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
o Cipher definition fixes.
o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -157,33 +261,33 @@
o Ticket and SNI coexistence fixes.
o Many fixes to DTLS handling.
- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
o Temporary work around for CVE-2009-3555: disable renegotiation.
- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
o Fix various build issues.
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-releng
mailing list