svn commit: r264331 - in stable/10: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto...
Jung-uk Kim
jkim at FreeBSD.org
Thu Apr 10 22:39:27 UTC 2014
Author: jkim
Date: Thu Apr 10 22:39:22 2014
New Revision: 264331
URL: http://svnweb.freebsd.org/changeset/base/264331
Log:
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
Modified:
stable/10/crypto/openssl/CHANGES
stable/10/crypto/openssl/Configure
stable/10/crypto/openssl/FAQ
stable/10/crypto/openssl/Makefile
stable/10/crypto/openssl/Makefile.org
stable/10/crypto/openssl/NEWS
stable/10/crypto/openssl/README
stable/10/crypto/openssl/apps/Makefile
stable/10/crypto/openssl/apps/apps.c
stable/10/crypto/openssl/apps/apps.h
stable/10/crypto/openssl/apps/crl.c
stable/10/crypto/openssl/apps/dgst.c
stable/10/crypto/openssl/apps/ecparam.c
stable/10/crypto/openssl/apps/openssl.c
stable/10/crypto/openssl/apps/pkcs12.c
stable/10/crypto/openssl/apps/req.c
stable/10/crypto/openssl/config
stable/10/crypto/openssl/crypto/Makefile
stable/10/crypto/openssl/crypto/aes/asm/aes-parisc.pl
stable/10/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
stable/10/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
stable/10/crypto/openssl/crypto/armcap.c
stable/10/crypto/openssl/crypto/asn1/a_int.c
stable/10/crypto/openssl/crypto/asn1/asn1_err.c
stable/10/crypto/openssl/crypto/bio/bss_dgram.c
stable/10/crypto/openssl/crypto/bio/bss_log.c
stable/10/crypto/openssl/crypto/bn/Makefile
stable/10/crypto/openssl/crypto/bn/asm/mips-mont.pl
stable/10/crypto/openssl/crypto/bn/asm/mips.pl
stable/10/crypto/openssl/crypto/bn/asm/parisc-mont.pl
stable/10/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
stable/10/crypto/openssl/crypto/bn/bn_nist.c
stable/10/crypto/openssl/crypto/buffer/buffer.c
stable/10/crypto/openssl/crypto/buffer/buffer.h
stable/10/crypto/openssl/crypto/cms/cms_lib.c
stable/10/crypto/openssl/crypto/cryptlib.c
stable/10/crypto/openssl/crypto/ec/ec_ameth.c
stable/10/crypto/openssl/crypto/ec/ec_asn1.c
stable/10/crypto/openssl/crypto/ec/ec_lib.c
stable/10/crypto/openssl/crypto/engine/eng_list.c
stable/10/crypto/openssl/crypto/engine/eng_rdrand.c
stable/10/crypto/openssl/crypto/evp/Makefile
stable/10/crypto/openssl/crypto/evp/bio_b64.c
stable/10/crypto/openssl/crypto/evp/digest.c
stable/10/crypto/openssl/crypto/evp/e_aes.c
stable/10/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
stable/10/crypto/openssl/crypto/evp/e_des3.c
stable/10/crypto/openssl/crypto/evp/p5_crpt2.c
stable/10/crypto/openssl/crypto/modes/Makefile
stable/10/crypto/openssl/crypto/modes/asm/ghash-parisc.pl
stable/10/crypto/openssl/crypto/modes/cbc128.c
stable/10/crypto/openssl/crypto/modes/ccm128.c
stable/10/crypto/openssl/crypto/modes/cts128.c
stable/10/crypto/openssl/crypto/modes/gcm128.c
stable/10/crypto/openssl/crypto/modes/modes_lcl.h
stable/10/crypto/openssl/crypto/opensslv.h
stable/10/crypto/openssl/crypto/pariscid.pl
stable/10/crypto/openssl/crypto/pem/pem_info.c
stable/10/crypto/openssl/crypto/pkcs12/p12_crt.c
stable/10/crypto/openssl/crypto/rand/md_rand.c
stable/10/crypto/openssl/crypto/rand/rand.h
stable/10/crypto/openssl/crypto/rand/rand_err.c
stable/10/crypto/openssl/crypto/rand/rand_lib.c
stable/10/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl
stable/10/crypto/openssl/crypto/rsa/rsa_ameth.c
stable/10/crypto/openssl/crypto/rsa/rsa_chk.c
stable/10/crypto/openssl/crypto/rsa/rsa_pmeth.c
stable/10/crypto/openssl/crypto/sha/Makefile
stable/10/crypto/openssl/crypto/sha/asm/sha1-parisc.pl
stable/10/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
stable/10/crypto/openssl/crypto/sha/asm/sha512-mips.pl
stable/10/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
stable/10/crypto/openssl/crypto/sha/sha512.c
stable/10/crypto/openssl/crypto/srp/srp_grps.h
stable/10/crypto/openssl/crypto/srp/srp_lib.c
stable/10/crypto/openssl/crypto/symhacks.h
stable/10/crypto/openssl/crypto/x509/by_dir.c
stable/10/crypto/openssl/crypto/x509/x509_vfy.c
stable/10/crypto/openssl/crypto/x509/x_all.c
stable/10/crypto/openssl/crypto/x86cpuid.pl
stable/10/crypto/openssl/doc/apps/cms.pod
stable/10/crypto/openssl/doc/apps/config.pod
stable/10/crypto/openssl/doc/apps/crl.pod
stable/10/crypto/openssl/doc/apps/ec.pod
stable/10/crypto/openssl/doc/apps/pkcs12.pod
stable/10/crypto/openssl/doc/apps/req.pod
stable/10/crypto/openssl/doc/apps/rsa.pod
stable/10/crypto/openssl/doc/apps/s_client.pod
stable/10/crypto/openssl/doc/apps/s_server.pod
stable/10/crypto/openssl/doc/apps/smime.pod
stable/10/crypto/openssl/doc/apps/ts.pod
stable/10/crypto/openssl/doc/apps/tsget.pod
stable/10/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
stable/10/crypto/openssl/doc/crypto/ERR_get_error.pod
stable/10/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
stable/10/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
stable/10/crypto/openssl/doc/crypto/X509_STORE_CTX_get_error.pod
stable/10/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
stable/10/crypto/openssl/doc/crypto/ecdsa.pod
stable/10/crypto/openssl/doc/crypto/pem.pod
stable/10/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
stable/10/crypto/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
stable/10/crypto/openssl/doc/ssl/SSL_accept.pod
stable/10/crypto/openssl/doc/ssl/SSL_clear.pod
stable/10/crypto/openssl/doc/ssl/SSL_connect.pod
stable/10/crypto/openssl/doc/ssl/SSL_do_handshake.pod
stable/10/crypto/openssl/doc/ssl/SSL_read.pod
stable/10/crypto/openssl/doc/ssl/SSL_session_reused.pod
stable/10/crypto/openssl/doc/ssl/SSL_set_fd.pod
stable/10/crypto/openssl/doc/ssl/SSL_set_session.pod
stable/10/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
stable/10/crypto/openssl/doc/ssl/SSL_shutdown.pod
stable/10/crypto/openssl/doc/ssl/SSL_write.pod
stable/10/crypto/openssl/e_os.h
stable/10/crypto/openssl/engines/ccgost/gost89.h
stable/10/crypto/openssl/engines/ccgost/gosthash.c
stable/10/crypto/openssl/ssl/d1_both.c
stable/10/crypto/openssl/ssl/d1_clnt.c
stable/10/crypto/openssl/ssl/d1_lib.c
stable/10/crypto/openssl/ssl/d1_pkt.c
stable/10/crypto/openssl/ssl/d1_srvr.c
stable/10/crypto/openssl/ssl/kssl.h
stable/10/crypto/openssl/ssl/s23_clnt.c
stable/10/crypto/openssl/ssl/s3_both.c
stable/10/crypto/openssl/ssl/s3_clnt.c
stable/10/crypto/openssl/ssl/s3_lib.c
stable/10/crypto/openssl/ssl/s3_pkt.c
stable/10/crypto/openssl/ssl/s3_srvr.c
stable/10/crypto/openssl/ssl/ssl.h
stable/10/crypto/openssl/ssl/ssl3.h
stable/10/crypto/openssl/ssl/ssl_lib.c
stable/10/crypto/openssl/ssl/ssl_locl.h
stable/10/crypto/openssl/ssl/ssltest.c
stable/10/crypto/openssl/ssl/t1_enc.c
stable/10/crypto/openssl/ssl/t1_lib.c
stable/10/crypto/openssl/ssl/tls1.h
stable/10/crypto/openssl/util/libeay.num
stable/10/crypto/openssl/util/pl/BC-32.pl
stable/10/crypto/openssl/util/pl/VC-32.pl
stable/10/crypto/openssl/util/shlib_wrap.sh
stable/10/secure/lib/libcrypto/Makefile.inc
stable/10/secure/lib/libcrypto/amd64/bsaes-x86_64.S
stable/10/secure/lib/libcrypto/amd64/vpaes-x86_64.S
stable/10/secure/lib/libcrypto/i386/x86cpuid.s
stable/10/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/10/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/10/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/10/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/10/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/10/secure/lib/libcrypto/man/BIO_ctrl.3
stable/10/secure/lib/libcrypto/man/BIO_f_base64.3
stable/10/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/10/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/10/secure/lib/libcrypto/man/BIO_f_md.3
stable/10/secure/lib/libcrypto/man/BIO_f_null.3
stable/10/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/10/secure/lib/libcrypto/man/BIO_find_type.3
stable/10/secure/lib/libcrypto/man/BIO_new.3
stable/10/secure/lib/libcrypto/man/BIO_new_CMS.3
stable/10/secure/lib/libcrypto/man/BIO_push.3
stable/10/secure/lib/libcrypto/man/BIO_read.3
stable/10/secure/lib/libcrypto/man/BIO_s_accept.3
stable/10/secure/lib/libcrypto/man/BIO_s_bio.3
stable/10/secure/lib/libcrypto/man/BIO_s_connect.3
stable/10/secure/lib/libcrypto/man/BIO_s_fd.3
stable/10/secure/lib/libcrypto/man/BIO_s_file.3
stable/10/secure/lib/libcrypto/man/BIO_s_mem.3
stable/10/secure/lib/libcrypto/man/BIO_s_null.3
stable/10/secure/lib/libcrypto/man/BIO_s_socket.3
stable/10/secure/lib/libcrypto/man/BIO_set_callback.3
stable/10/secure/lib/libcrypto/man/BIO_should_retry.3
stable/10/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/10/secure/lib/libcrypto/man/BN_CTX_new.3
stable/10/secure/lib/libcrypto/man/BN_CTX_start.3
stable/10/secure/lib/libcrypto/man/BN_add.3
stable/10/secure/lib/libcrypto/man/BN_add_word.3
stable/10/secure/lib/libcrypto/man/BN_bn2bin.3
stable/10/secure/lib/libcrypto/man/BN_cmp.3
stable/10/secure/lib/libcrypto/man/BN_copy.3
stable/10/secure/lib/libcrypto/man/BN_generate_prime.3
stable/10/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/10/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/10/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/10/secure/lib/libcrypto/man/BN_new.3
stable/10/secure/lib/libcrypto/man/BN_num_bytes.3
stable/10/secure/lib/libcrypto/man/BN_rand.3
stable/10/secure/lib/libcrypto/man/BN_set_bit.3
stable/10/secure/lib/libcrypto/man/BN_swap.3
stable/10/secure/lib/libcrypto/man/BN_zero.3
stable/10/secure/lib/libcrypto/man/CMS_add0_cert.3
stable/10/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
stable/10/secure/lib/libcrypto/man/CMS_compress.3
stable/10/secure/lib/libcrypto/man/CMS_decrypt.3
stable/10/secure/lib/libcrypto/man/CMS_encrypt.3
stable/10/secure/lib/libcrypto/man/CMS_final.3
stable/10/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
stable/10/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
stable/10/secure/lib/libcrypto/man/CMS_get0_type.3
stable/10/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
stable/10/secure/lib/libcrypto/man/CMS_sign.3
stable/10/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
stable/10/secure/lib/libcrypto/man/CMS_sign_receipt.3
stable/10/secure/lib/libcrypto/man/CMS_uncompress.3
stable/10/secure/lib/libcrypto/man/CMS_verify.3
stable/10/secure/lib/libcrypto/man/CMS_verify_receipt.3
stable/10/secure/lib/libcrypto/man/CONF_modules_free.3
stable/10/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/10/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
stable/10/secure/lib/libcrypto/man/DH_generate_key.3
stable/10/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/10/secure/lib/libcrypto/man/DH_get_ex_new_index.3
stable/10/secure/lib/libcrypto/man/DH_new.3
stable/10/secure/lib/libcrypto/man/DH_set_method.3
stable/10/secure/lib/libcrypto/man/DH_size.3
stable/10/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/10/secure/lib/libcrypto/man/DSA_do_sign.3
stable/10/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/10/secure/lib/libcrypto/man/DSA_generate_key.3
stable/10/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/10/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
stable/10/secure/lib/libcrypto/man/DSA_new.3
stable/10/secure/lib/libcrypto/man/DSA_set_method.3
stable/10/secure/lib/libcrypto/man/DSA_sign.3
stable/10/secure/lib/libcrypto/man/DSA_size.3
stable/10/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/10/secure/lib/libcrypto/man/ERR_clear_error.3
stable/10/secure/lib/libcrypto/man/ERR_error_string.3
stable/10/secure/lib/libcrypto/man/ERR_get_error.3
stable/10/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/10/secure/lib/libcrypto/man/ERR_load_strings.3
stable/10/secure/lib/libcrypto/man/ERR_print_errors.3
stable/10/secure/lib/libcrypto/man/ERR_put_error.3
stable/10/secure/lib/libcrypto/man/ERR_remove_state.3
stable/10/secure/lib/libcrypto/man/ERR_set_mark.3
stable/10/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/10/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/10/secure/lib/libcrypto/man/EVP_DigestSignInit.3
stable/10/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
stable/10/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/10/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_derive.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_sign.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify.3
stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
stable/10/secure/lib/libcrypto/man/EVP_SealInit.3
stable/10/secure/lib/libcrypto/man/EVP_SignInit.3
stable/10/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/10/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/10/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/10/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/10/secure/lib/libcrypto/man/OPENSSL_config.3
stable/10/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/10/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/10/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/10/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
stable/10/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
stable/10/secure/lib/libcrypto/man/PKCS12_create.3
stable/10/secure/lib/libcrypto/man/PKCS12_parse.3
stable/10/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/10/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/10/secure/lib/libcrypto/man/PKCS7_sign.3
stable/10/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
stable/10/secure/lib/libcrypto/man/PKCS7_verify.3
stable/10/secure/lib/libcrypto/man/RAND_add.3
stable/10/secure/lib/libcrypto/man/RAND_bytes.3
stable/10/secure/lib/libcrypto/man/RAND_cleanup.3
stable/10/secure/lib/libcrypto/man/RAND_egd.3
stable/10/secure/lib/libcrypto/man/RAND_load_file.3
stable/10/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/10/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/10/secure/lib/libcrypto/man/RSA_check_key.3
stable/10/secure/lib/libcrypto/man/RSA_generate_key.3
stable/10/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
stable/10/secure/lib/libcrypto/man/RSA_new.3
stable/10/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/10/secure/lib/libcrypto/man/RSA_print.3
stable/10/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/10/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/10/secure/lib/libcrypto/man/RSA_set_method.3
stable/10/secure/lib/libcrypto/man/RSA_sign.3
stable/10/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/10/secure/lib/libcrypto/man/RSA_size.3
stable/10/secure/lib/libcrypto/man/SMIME_read_CMS.3
stable/10/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/10/secure/lib/libcrypto/man/SMIME_write_CMS.3
stable/10/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/10/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/10/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/10/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/10/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
stable/10/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
stable/10/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
stable/10/secure/lib/libcrypto/man/X509_new.3
stable/10/secure/lib/libcrypto/man/X509_verify_cert.3
stable/10/secure/lib/libcrypto/man/bio.3
stable/10/secure/lib/libcrypto/man/blowfish.3
stable/10/secure/lib/libcrypto/man/bn.3
stable/10/secure/lib/libcrypto/man/bn_internal.3
stable/10/secure/lib/libcrypto/man/buffer.3
stable/10/secure/lib/libcrypto/man/crypto.3
stable/10/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
stable/10/secure/lib/libcrypto/man/d2i_DHparams.3
stable/10/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
stable/10/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
stable/10/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
stable/10/secure/lib/libcrypto/man/d2i_X509.3
stable/10/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
stable/10/secure/lib/libcrypto/man/d2i_X509_CRL.3
stable/10/secure/lib/libcrypto/man/d2i_X509_NAME.3
stable/10/secure/lib/libcrypto/man/d2i_X509_REQ.3
stable/10/secure/lib/libcrypto/man/d2i_X509_SIG.3
stable/10/secure/lib/libcrypto/man/des.3
stable/10/secure/lib/libcrypto/man/dh.3
stable/10/secure/lib/libcrypto/man/dsa.3
stable/10/secure/lib/libcrypto/man/ecdsa.3
stable/10/secure/lib/libcrypto/man/engine.3
stable/10/secure/lib/libcrypto/man/err.3
stable/10/secure/lib/libcrypto/man/evp.3
stable/10/secure/lib/libcrypto/man/hmac.3
stable/10/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
stable/10/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
stable/10/secure/lib/libcrypto/man/lh_stats.3
stable/10/secure/lib/libcrypto/man/lhash.3
stable/10/secure/lib/libcrypto/man/md5.3
stable/10/secure/lib/libcrypto/man/mdc2.3
stable/10/secure/lib/libcrypto/man/pem.3
stable/10/secure/lib/libcrypto/man/rand.3
stable/10/secure/lib/libcrypto/man/rc4.3
stable/10/secure/lib/libcrypto/man/ripemd.3
stable/10/secure/lib/libcrypto/man/rsa.3
stable/10/secure/lib/libcrypto/man/sha.3
stable/10/secure/lib/libcrypto/man/threads.3
stable/10/secure/lib/libcrypto/man/ui.3
stable/10/secure/lib/libcrypto/man/ui_compat.3
stable/10/secure/lib/libcrypto/man/x509.3
stable/10/secure/lib/libssl/man/SSL_CIPHER_get_name.3
stable/10/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
stable/10/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
stable/10/secure/lib/libssl/man/SSL_CTX_add_session.3
stable/10/secure/lib/libssl/man/SSL_CTX_ctrl.3
stable/10/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
stable/10/secure/lib/libssl/man/SSL_CTX_free.3
stable/10/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
stable/10/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
stable/10/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
stable/10/secure/lib/libssl/man/SSL_CTX_new.3
stable/10/secure/lib/libssl/man/SSL_CTX_sess_number.3
stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
stable/10/secure/lib/libssl/man/SSL_CTX_sessions.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_mode.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_options.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_timeout.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
stable/10/secure/lib/libssl/man/SSL_CTX_set_verify.3
stable/10/secure/lib/libssl/man/SSL_CTX_use_certificate.3
stable/10/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
stable/10/secure/lib/libssl/man/SSL_SESSION_free.3
stable/10/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
stable/10/secure/lib/libssl/man/SSL_SESSION_get_time.3
stable/10/secure/lib/libssl/man/SSL_accept.3
stable/10/secure/lib/libssl/man/SSL_alert_type_string.3
stable/10/secure/lib/libssl/man/SSL_clear.3
stable/10/secure/lib/libssl/man/SSL_connect.3
stable/10/secure/lib/libssl/man/SSL_do_handshake.3
stable/10/secure/lib/libssl/man/SSL_free.3
stable/10/secure/lib/libssl/man/SSL_get_SSL_CTX.3
stable/10/secure/lib/libssl/man/SSL_get_ciphers.3
stable/10/secure/lib/libssl/man/SSL_get_client_CA_list.3
stable/10/secure/lib/libssl/man/SSL_get_current_cipher.3
stable/10/secure/lib/libssl/man/SSL_get_default_timeout.3
stable/10/secure/lib/libssl/man/SSL_get_error.3
stable/10/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
stable/10/secure/lib/libssl/man/SSL_get_ex_new_index.3
stable/10/secure/lib/libssl/man/SSL_get_fd.3
stable/10/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
stable/10/secure/lib/libssl/man/SSL_get_peer_certificate.3
stable/10/secure/lib/libssl/man/SSL_get_psk_identity.3
stable/10/secure/lib/libssl/man/SSL_get_rbio.3
stable/10/secure/lib/libssl/man/SSL_get_session.3
stable/10/secure/lib/libssl/man/SSL_get_verify_result.3
stable/10/secure/lib/libssl/man/SSL_get_version.3
stable/10/secure/lib/libssl/man/SSL_library_init.3
stable/10/secure/lib/libssl/man/SSL_load_client_CA_file.3
stable/10/secure/lib/libssl/man/SSL_new.3
stable/10/secure/lib/libssl/man/SSL_pending.3
stable/10/secure/lib/libssl/man/SSL_read.3
stable/10/secure/lib/libssl/man/SSL_rstate_string.3
stable/10/secure/lib/libssl/man/SSL_session_reused.3
stable/10/secure/lib/libssl/man/SSL_set_bio.3
stable/10/secure/lib/libssl/man/SSL_set_connect_state.3
stable/10/secure/lib/libssl/man/SSL_set_fd.3
stable/10/secure/lib/libssl/man/SSL_set_session.3
stable/10/secure/lib/libssl/man/SSL_set_shutdown.3
stable/10/secure/lib/libssl/man/SSL_set_verify_result.3
stable/10/secure/lib/libssl/man/SSL_shutdown.3
stable/10/secure/lib/libssl/man/SSL_state_string.3
stable/10/secure/lib/libssl/man/SSL_want.3
stable/10/secure/lib/libssl/man/SSL_write.3
stable/10/secure/lib/libssl/man/d2i_SSL_SESSION.3
stable/10/secure/lib/libssl/man/ssl.3
stable/10/secure/usr.bin/openssl/man/CA.pl.1
stable/10/secure/usr.bin/openssl/man/asn1parse.1
stable/10/secure/usr.bin/openssl/man/ca.1
stable/10/secure/usr.bin/openssl/man/ciphers.1
stable/10/secure/usr.bin/openssl/man/cms.1
stable/10/secure/usr.bin/openssl/man/crl.1
stable/10/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/10/secure/usr.bin/openssl/man/dgst.1
stable/10/secure/usr.bin/openssl/man/dhparam.1
stable/10/secure/usr.bin/openssl/man/dsa.1
stable/10/secure/usr.bin/openssl/man/dsaparam.1
stable/10/secure/usr.bin/openssl/man/ec.1
stable/10/secure/usr.bin/openssl/man/ecparam.1
stable/10/secure/usr.bin/openssl/man/enc.1
stable/10/secure/usr.bin/openssl/man/errstr.1
stable/10/secure/usr.bin/openssl/man/gendsa.1
stable/10/secure/usr.bin/openssl/man/genpkey.1
stable/10/secure/usr.bin/openssl/man/genrsa.1
stable/10/secure/usr.bin/openssl/man/nseq.1
stable/10/secure/usr.bin/openssl/man/ocsp.1
stable/10/secure/usr.bin/openssl/man/openssl.1
stable/10/secure/usr.bin/openssl/man/passwd.1
stable/10/secure/usr.bin/openssl/man/pkcs12.1
stable/10/secure/usr.bin/openssl/man/pkcs7.1
stable/10/secure/usr.bin/openssl/man/pkcs8.1
stable/10/secure/usr.bin/openssl/man/pkey.1
stable/10/secure/usr.bin/openssl/man/pkeyparam.1
stable/10/secure/usr.bin/openssl/man/pkeyutl.1
stable/10/secure/usr.bin/openssl/man/rand.1
stable/10/secure/usr.bin/openssl/man/req.1
stable/10/secure/usr.bin/openssl/man/rsa.1
stable/10/secure/usr.bin/openssl/man/rsautl.1
stable/10/secure/usr.bin/openssl/man/s_client.1
stable/10/secure/usr.bin/openssl/man/s_server.1
stable/10/secure/usr.bin/openssl/man/s_time.1
stable/10/secure/usr.bin/openssl/man/sess_id.1
stable/10/secure/usr.bin/openssl/man/smime.1
stable/10/secure/usr.bin/openssl/man/speed.1
stable/10/secure/usr.bin/openssl/man/spkac.1
stable/10/secure/usr.bin/openssl/man/ts.1
stable/10/secure/usr.bin/openssl/man/tsget.1
stable/10/secure/usr.bin/openssl/man/verify.1
stable/10/secure/usr.bin/openssl/man/version.1
stable/10/secure/usr.bin/openssl/man/x509.1
stable/10/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/crypto/openssl/CHANGES
==============================================================================
--- stable/10/crypto/openssl/CHANGES Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/CHANGES Thu Apr 10 22:39:22 2014 (r264331)
@@ -2,9 +2,60 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ *) TLS pad extension: draft-agl-tls-padding-03
+
+ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+ TLS client Hello record length value would otherwise be > 255 and
+ less that 512 pad with a dummy extension containing zeroes so it
+ is at least 512 bytes long.
+
+ [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+ *) Fix for TLS record tampering bug. A carefully crafted invalid
+ handshake could crash OpenSSL with a NULL pointer exception.
+ Thanks to Anton Johansson for reporting this issues.
+ (CVE-2013-4353)
+
+ *) Keep original DTLS digest and encryption contexts in retransmission
+ structures so we can use the previous session parameters if they need
+ to be resent. (CVE-2013-6450)
+ [Steve Henson]
+
+ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
+ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
+ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+ [Rob Stradling, Adam Langley]
+
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
- *)
+ *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+ supporting platforms or when small records were transferred.
+ [Andy Polyakov, Steve Henson]
Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
@@ -404,6 +455,63 @@
Add command line options to s_client/s_server.
[Steve Henson]
+ Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia Käsper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 1.0.0i and 1.0.0j [10 May 2012]
+
+ [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
+ OpenSSL 1.0.1.]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -1394,6 +1502,86 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia Käsper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+ *) The fix for CVE-2012-2110 did not take into account that the
+ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+ rejecting negative len parameter. (CVE-2012-2131)
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+ in CMS and PKCS7 code. When RSA decryption fails use a random key for
+ content decryption and always return the same error. Note: this attack
+ needs on average 2^20 messages so it only affects automated senders. The
+ old behaviour can be reenabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+ an MMA defence is not necessary.
+ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+ this issue. (CVE-2012-0884)
+ [Steve Henson]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
@@ -1401,7 +1589,7 @@
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
-
+
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
Modified: stable/10/crypto/openssl/Configure
==============================================================================
--- stable/10/crypto/openssl/Configure Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/Configure Thu Apr 10 22:39:22 2014 (r264331)
@@ -178,7 +178,7 @@ my %table=(
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -526,7 +526,7 @@ my %table=(
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
# Borland C++ 4.5
Modified: stable/10/crypto/openssl/FAQ
==============================================================================
--- stable/10/crypto/openssl/FAQ Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/FAQ Thu Apr 10 22:39:22 2014 (r264331)
@@ -768,6 +768,9 @@ openssl-security at openssl.org if you don'
acknowledging receipt then resend or mail it directly to one of the
more active team members (e.g. Steve).
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues.
+
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Modified: stable/10/crypto/openssl/Makefile
==============================================================================
--- stable/10/crypto/openssl/Makefile Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/Makefile Thu Apr 10 22:39:22 2014 (r264331)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1e
+VERSION=1.0.1g
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
@@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: stable/10/crypto/openssl/Makefile.org
==============================================================================
--- stable/10/crypto/openssl/Makefile.org Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/Makefile.org Thu Apr 10 22:39:22 2014 (r264331)
@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
+ (touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
Modified: stable/10/crypto/openssl/NEWS
==============================================================================
--- stable/10/crypto/openssl/NEWS Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/NEWS Thu Apr 10 22:39:22 2014 (r264331)
@@ -5,11 +5,24 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
+
+ Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+ o Don't include gmt_unix_time in TLS server and client random values
+ o Fix for TLS record tampering bug CVE-2013-4353
+ o Fix for TLS version checking bug CVE-2013-6449
+ o Fix for DTLS retransmission bug CVE-2013-6450
+
+ Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
o Corrected fix for CVE-2013-0169
- Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
+ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
o Include the fips configuration module.
@@ -17,24 +30,24 @@
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix for TLS AESNI record handling flaw CVE-2012-2686
- Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
o Fix TLS/DTLS record length checking bug CVE-2012-2333
o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
- Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
+ Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
o Fix compilation error on non-x86 platforms.
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
- Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
+ Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
o Fix for ASN1 overflow bug CVE-2012-2110
o Workarounds for some servers that hang on long client hellos.
o Fix SEGV in AES code.
- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
+ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
o TLS/DTLS heartbeat support.
o SCTP support.
@@ -47,17 +60,30 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
- Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+ Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
- Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
+ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
o Fix for DTLS DoS issue CVE-2012-0050
- Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
+ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
@@ -65,7 +91,7 @@
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
o Check for malformed RFC3779 data CVE-2011-4577
- Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+ Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
o Fix for CRL vulnerability issue CVE-2011-3207
o Fix for ECDH crashes CVE-2011-3210
@@ -73,11 +99,11 @@
o Support ECDH ciphersuites for certificates using SHA2 algorithms.
o Various DTLS fixes.
- Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
+ Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
@@ -85,18 +111,18 @@
o Fix various platform compilation issues.
o Corrected fix for security issue CVE-2010-3864.
- Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
+ Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
o Fix for CVE-2010-2939
o Fix WIN32 build system for GOST ENGINE.
- Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
+ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
o Fix for security issue CVE-2010-1633.
o GOST MAC and CFB fixes.
- Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
o RFC3280 path validation: sufficient to process PKITS tests.
o Integrated support for PVK files and keyblobs.
@@ -119,20 +145,55 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Fix policy check double free error CVE-2011-4109
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
o Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
o Fix for security issue CVE-2010-4180
o Fix for CVE-2010-4252
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
o Fix for security issue CVE-2010-3864.
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes.
@@ -140,12 +201,12 @@
o Fix for no-rc4 compilation.
o Chil ENGINE unload workaround.
- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
o CFB cipher definition fixes.
o Fix security issues CVE-2010-0740 and CVE-2010-0433.
- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
o Cipher definition fixes.
o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -157,33 +218,33 @@
o Ticket and SNI coexistence fixes.
o Many fixes to DTLS handling.
- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
o Temporary work around for CVE-2009-3555: disable renegotiation.
- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
o Fix various build issues.
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
+ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
o Fix security issue (CVE-2008-5077)
o Merge FIPS 140-2 branch code.
- Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
o CryptoAPI ENGINE support.
o Various precautionary measures.
o Fix for bugs affecting certificate request creation.
o Support for local machine keyset attribute in PKCS#12 files.
- Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
o Backport of CMS functionality to 0.9.8.
o Fixes for bugs introduced with 0.9.8f.
- Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
o Add gcc 4.2 support.
o Add support for AES and SSE2 assembly lanugauge optimization
@@ -194,23 +255,23 @@
o RFC4507bis support.
o TLS Extensions support.
- Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
+ Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
o Various ciphersuite selection fixes.
o RFC3779 support.
- Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
- Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+ Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
o New cipher Camellia
- Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
o Cipher string fixes.
o Fixes for VC++ 2005.
@@ -220,12 +281,12 @@
o Built in dynamic engine compilation support on Win32.
o Fixes auto dynamic engine loading in Win32.
- Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
o Fix potential SSL 2.0 rollback, CVE-2005-2969
o Extended Windows CE support
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
@@ -299,36 +360,36 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
- Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
+ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
o FIPS 1.1.1 module linking.
o Various ciphersuite selection fixes.
- Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
- Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+ Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
- Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
o Visual C++ 2005 fixes.
o Update Windows build system for FIPS.
- Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
o Fix SSL 2.0 Rollback, CVE-2005-2969
o Allow use of fixed-length exponent on DSA signing
o Default fixed-window RSA, DSA, DH private-key operations
- Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
o More compilation issues fixed.
o Adaptation to more modern Kerberos API.
@@ -337,7 +398,7 @@
o More constification.
o Added processing of proxy certificates (RFC 3820).
- Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
o Several compilation issues fixed.
o Many memory allocation failure checks added.
@@ -345,12 +406,12 @@
o Mandatory basic checks on certificates.
o Performance improvements.
- Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
+ Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
o Fix race condition in CRL checking code.
o Fixes to PKCS#7 (S/MIME) code.
- Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
o Security: Fix null-pointer assignment in do_change_cipher_spec()
@@ -358,14 +419,14 @@
o Multiple X509 verification fixes
o Speed up HMAC and other operations
- Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
- Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
+ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
@@ -376,7 +437,7 @@
o ASN.1: treat domainComponent correctly.
o Documentation: fixes and additions.
- Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
o Security: Important security related bugfixes.
o Enhanced compatibility with MIT Kerberos.
@@ -387,7 +448,7 @@
o SSL/TLS: now handles manual certificate chain building.
o SSL/TLS: certain session ID malfunctions corrected.
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
o New library section OCSP.
o Complete rewrite of ASN1 code.
@@ -433,23 +494,23 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
- Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
- Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
o Security: make RSA blinding default.
o Build: shared library support fixes.
- Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
o Important security related bugfixes.
- Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
o New configuration targets for Tandem OSS and A/UX.
o New OIDs for Microsoft attributes.
@@ -463,25 +524,25 @@
o Fixes for smaller building problems.
o Updates of manuals, FAQ and other instructive documents.
- Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+ Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
o Important building fixes on Unix.
- Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
o Various important bugfixes.
- Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
o Important security related bugfixes.
o Various SSL/TLS library bugfixes.
- Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
o Various SSL/TLS library bugfixes.
o Fix DH parameter generation for 'non-standard' generators.
- Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
o Various SSL/TLS library bugfixes.
o BIGNUM library fixes.
@@ -494,7 +555,7 @@
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
- Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
o Security fix: PRNG improvements.
o Security fix: RSA OAEP check.
@@ -511,7 +572,7 @@
o Increase default size for BIO buffering filter.
o Compatibility fixes in some scripts.
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
o Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
@@ -536,7 +597,7 @@
o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
- Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+ Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
o Some documentation for BIO and SSL libraries.
o Enhanced chain verification using key identifiers.
@@ -551,7 +612,7 @@
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
- Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
o Shared library support for HPUX and Solaris-gcc
@@ -560,7 +621,7 @@
o New 'rand' application
o New way to check for existence of algorithms from scripts
- Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
o S/MIME support in new 'smime' command
o Documentation for the OpenSSL command line application
@@ -596,7 +657,7 @@
o Enhanced support for Alpha Linux
o Experimental MacOS support
- Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
o Transparent support for PKCS#8 format private keys: these are used
by several software packages and are more secure than the standard
@@ -607,7 +668,7 @@
o New pipe-like BIO that allows using the SSL library when actual I/O
must be handled by the application (BIO pair)
- Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
o Lots of enhancements and cleanups to the Configuration mechanism
o RSA OEAP related fixes
o Added `openssl ca -revoke' option for revoking a certificate
@@ -621,7 +682,7 @@
o Sparc assembler bignum implementation, optimized hash functions
o Option to disable selected ciphers
- Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
o Fixed a security hole related to session resumption
o Fixed RSA encryption routines for the p < q case
o "ALL" in cipher lists now means "everything except NULL ciphers"
@@ -643,7 +704,7 @@
o Lots of memory leak fixes.
o Lots of bug fixes.
- Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
o Integration of the popular NO_RSA/NO_DSA patches
o Initial support for compression inside the SSL record layer
o Added BIO proxy and filtering functionality
Modified: stable/10/crypto/openssl/README
==============================================================================
--- stable/10/crypto/openssl/README Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/README Thu Apr 10 22:39:22 2014 (r264331)
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1e 11 Feb 2013
+ OpenSSL 1.0.1g 7 Apr 2014
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: stable/10/crypto/openssl/apps/Makefile
==============================================================================
--- stable/10/crypto/openssl/apps/Makefile Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/Makefile Thu Apr 10 22:39:22 2014 (r264331)
@@ -577,14 +577,15 @@ openssl.o: ../include/openssl/objects.h
openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+openssl.o: openssl.c progs.h s_apps.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
Modified: stable/10/crypto/openssl/apps/apps.c
==============================================================================
--- stable/10/crypto/openssl/apps/apps.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/apps.c Thu Apr 10 22:39:22 2014 (r264331)
@@ -586,12 +586,12 @@ int password_callback(char *buf, int buf
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
+ PW_MIN_LENGTH,bufsiz-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
+ PW_MIN_LENGTH,bufsiz-1, buf);
}
if (ok >= 0)
do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert
if (proc==NULL)
{
- if (GetVersion() < 0x80000000)
+ if (check_winnt())
proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
GetCurrentProcessId());
if (proc==NULL) proc = (HANDLE)-1;
Modified: stable/10/crypto/openssl/apps/apps.h
==============================================================================
--- stable/10/crypto/openssl/apps/apps.h Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/apps.h Thu Apr 10 22:39:22 2014 (r264331)
@@ -188,6 +188,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+ RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup();} while(0)
# else
# define apps_startup() \
@@ -198,6 +199,7 @@ extern BIO *bio_err;
do { CONF_modules_unload(1); destroy_ui_method(); \
OBJ_cleanup(); EVP_cleanup(); \
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+ RAND_cleanup(); \
ERR_free_strings(); zlib_cleanup(); } while(0)
# endif
#endif
Modified: stable/10/crypto/openssl/apps/crl.c
==============================================================================
--- stable/10/crypto/openssl/apps/crl.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/crl.c Thu Apr 10 22:39:22 2014 (r264331)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old - print old-style (MD5) hash value\n",
+#endif
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+ int hash_old=0;
+#endif
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
hash= ++num;
+#ifndef OPENSSL_NO_MD5
+ else if (strcmp(*argv,"-hash_old") == 0)
+ hash_old= ++num;
+#endif
else if (strcmp(*argv,"-nameopt") == 0)
{
if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
BIO_printf(bio_out,"%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
+#ifndef OPENSSL_NO_MD5
+ if (hash_old == i)
+ {
+ BIO_printf(bio_out,"%08lx\n",
+ X509_NAME_hash_old(
+ X509_CRL_get_issuer(x)));
+ }
+#endif
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
Modified: stable/10/crypto/openssl/apps/dgst.c
==============================================================================
--- stable/10/crypto/openssl/apps/dgst.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/dgst.c Thu Apr 10 22:39:22 2014 (r264331)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
goto end;
}
if (do_verify)
- r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
else
- r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+ r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
if (!r)
{
BIO_printf(bio_err, "Error setting context\n");
Modified: stable/10/crypto/openssl/apps/ecparam.c
==============================================================================
--- stable/10/crypto/openssl/apps/ecparam.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/ecparam.c Thu Apr 10 22:39:22 2014 (r264331)
@@ -105,7 +105,7 @@
* in the asn1 der encoding
* possible values: named_curve (default)
* explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed - if 'explicit' parameters are chosen do not use the seed
* -genkey - generate ec key
* -rand file - files to use for random number input
* -engine e - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
BIO_printf(bio_err, " "
" explicit\n");
BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
+ " parameters are chosen do not"
" use the seed\n");
BIO_printf(bio_err, " -genkey generate ec"
" key\n");
Modified: stable/10/crypto/openssl/apps/openssl.c
==============================================================================
--- stable/10/crypto/openssl/apps/openssl.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/openssl.c Thu Apr 10 22:39:22 2014 (r264331)
@@ -117,6 +117,7 @@
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/crypto.h>
+#include <openssl/rand.h>
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
Modified: stable/10/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/10/crypto/openssl/apps/pkcs12.c Thu Apr 10 22:10:29 2014 (r264330)
+++ stable/10/crypto/openssl/apps/pkcs12.c Thu Apr 10 22:39:22 2014 (r264331)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list