From owner-svn-src-stable-9@FreeBSD.ORG Mon Jun 8 18:59:15 2015 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 265317DA; Mon, 8 Jun 2015 18:59:15 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06FA212DC; Mon, 8 Jun 2015 18:59:15 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t58IxE78080494; Mon, 8 Jun 2015 18:59:14 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t58IxEK1080493; Mon, 8 Jun 2015 18:59:14 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201506081859.t58IxEK1080493@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Mon, 8 Jun 2015 18:59:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284161 - stable/9/bin/ps X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 18:59:15 -0000 Author: jhb Date: Mon Jun 8 18:59:14 2015 New Revision: 284161 URL: https://svnweb.freebsd.org/changeset/base/284161 Log: MFC 233665: (just to ps.1) mandoc complains loudly when s are misused in columnated lists. Fix this syntax violation and while I'm here also convert to Ta and adjust quotation marks in order to prevent this problem in the future. Modified: stable/9/bin/ps/ps.1 Directory Properties: stable/9/bin/ps/ (props changed) Modified: stable/9/bin/ps/ps.1 ============================================================================== --- stable/9/bin/ps/ps.1 Mon Jun 8 18:06:00 2015 (r284160) +++ stable/9/bin/ps/ps.1 Mon Jun 8 18:59:14 2015 (r284161) @@ -307,37 +307,37 @@ The flags associated with the process as the include file .In sys/proc.h : .Bl -column P_SINGLE_BOUNDARY 0x40000000 -.It Dv "P_ADVLOCK" Ta No "0x00001 Process may hold a POSIX advisory lock" -.It Dv "P_CONTROLT" Ta No "0x00002 Has a controlling terminal" -.It Dv "P_KTHREAD" Ta No "0x00004 Kernel thread" -.It Dv "P_FOLLOWFORK" Ta No "0x00008 Attach debugger to new children" -.It Dv "P_PPWAIT" Ta No "0x00010 Parent is waiting for child to exec/exit" -.It Dv "P_PROFIL" Ta No "0x00020 Has started profiling" -.It Dv "P_STOPPROF" Ta No "0x00040 Has thread in requesting to stop prof" -.It Dv "P_HADTHREADS" Ta No "0x00080 Has had threads (no cleanup shortcuts)" -.It Dv "P_SUGID" Ta No "0x00100 Had set id privileges since last exec" -.It Dv "P_SYSTEM" Ta No "0x00200 System proc: no sigs, stats or swapping" -.It Dv "P_SINGLE_EXIT" Ta No "0x00400 Threads suspending should exit, not wait" -.It Dv "P_TRACED" Ta No "0x00800 Debugged process being traced" -.It Dv "P_WAITED" Ta No "0x01000 Someone is waiting for us" -.It Dv "P_WEXIT" Ta No "0x02000 Working on exiting" -.It Dv "P_EXEC" Ta No "0x04000 Process called exec" -.It Dv "P_WKILLED" Ta No "0x08000 Killed, shall go to kernel/user boundary ASAP" -.It Dv "P_CONTINUED" Ta No "0x10000 Proc has continued from a stopped state" -.It Dv "P_STOPPED_SIG" Ta No "0x20000 Stopped due to SIGSTOP/SIGTSTP" -.It Dv "P_STOPPED_TRACE" Ta No "0x40000 Stopped because of tracing" -.It Dv "P_STOPPED_SINGLE" Ta No "0x80000 Only one thread can continue" -.It Dv "P_PROTECTED" Ta No "0x100000 Do not kill on memory overcommit" -.It Dv "P_SIGEVENT" Ta No "0x200000 Process pending signals changed" -.It Dv "P_SINGLE_BOUNDARY" Ta No "0x400000 Threads should suspend at user boundary" -.It Dv "P_HWPMC" Ta No "0x800000 Process is using HWPMCs" -.It Dv "P_JAILED" Ta No "0x1000000 Process is in jail" -.It Dv "P_ORPHAN" Ta No "0x2000000 Orphaned by original parent, reparented to debugger" -.It Dv "P_INEXEC" Ta No "0x4000000 Process is in execve()" -.It Dv "P_STATCHILD" Ta No "0x8000000 Child process stopped or exited" -.It Dv "P_INMEM" Ta No "0x10000000 Loaded into memory" -.It Dv "P_SWAPPINGOUT" Ta No "0x20000000 Process is being swapped out" -.It Dv "P_SWAPPINGIN" Ta No "0x40000000 Process is being swapped in" +.It Dv "P_ADVLOCK" Ta No "0x00001" Ta "Process may hold a POSIX advisory lock" +.It Dv "P_CONTROLT" Ta No "0x00002" Ta "Has a controlling terminal" +.It Dv "P_KTHREAD" Ta No "0x00004" Ta "Kernel thread" +.It Dv "P_FOLLOWFORK" Ta No "0x00008" Ta "Attach debugger to new children" +.It Dv "P_PPWAIT" Ta No "0x00010" Ta "Parent is waiting for child to exec/exit" +.It Dv "P_PROFIL" Ta No "0x00020" Ta "Has started profiling" +.It Dv "P_STOPPROF" Ta No "0x00040" Ta "Has thread in requesting to stop prof" +.It Dv "P_HADTHREADS" Ta No "0x00080" Ta "Has had threads (no cleanup shortcuts)" +.It Dv "P_SUGID" Ta No "0x00100" Ta "Had set id privileges since last exec" +.It Dv "P_SYSTEM" Ta No "0x00200" Ta "System proc: no sigs, stats or swapping" +.It Dv "P_SINGLE_EXIT" Ta No "0x00400" Ta "Threads suspending should exit, not wait" +.It Dv "P_TRACED" Ta No "0x00800" Ta "Debugged process being traced" +.It Dv "P_WAITED" Ta No "0x01000" Ta "Someone is waiting for us" +.It Dv "P_WEXIT" Ta No "0x02000" Ta "Working on exiting" +.It Dv "P_EXEC" Ta No "0x04000" Ta "Process called exec" +.It Dv "P_WKILLED" Ta No "0x08000" Ta "Killed, shall go to kernel/user boundary ASAP" +.It Dv "P_CONTINUED" Ta No "0x10000" Ta "Proc has continued from a stopped state" +.It Dv "P_STOPPED_SIG" Ta No "0x20000" Ta "Stopped due to SIGSTOP/SIGTSTP" +.It Dv "P_STOPPED_TRACE" Ta No "0x40000" Ta "Stopped because of tracing" +.It Dv "P_STOPPED_SINGLE" Ta No "0x80000" Ta "Only one thread can continue" +.It Dv "P_PROTECTED" Ta No "0x100000" Ta "Do not kill on memory overcommit" +.It Dv "P_SIGEVENT" Ta No "0x200000" Ta "Process pending signals changed" +.It Dv "P_SINGLE_BOUNDARY" Ta No "0x400000" Ta "Threads should suspend at user boundary" +.It Dv "P_HWPMC" Ta No "0x800000" Ta "Process is using HWPMCs" +.It Dv "P_JAILED" Ta No "0x1000000" Ta "Process is in jail" +.It Dv "P_ORPHAN" Ta No "0x2000000" Ta "Orphaned by original parent, reparented to debugger" +.It Dv "P_INEXEC" Ta No "0x4000000" Ta "Process is in execve()" +.It Dv "P_STATCHILD" Ta No "0x8000000" Ta "Child process stopped or exited" +.It Dv "P_INMEM" Ta No "0x10000000" Ta "Loaded into memory" +.It Dv "P_SWAPPINGOUT" Ta No "0x20000000" Ta "Process is being swapped out" +.It Dv "P_SWAPPINGIN" Ta No "0x40000000" Ta "Process is being swapped in" .It Dv "P_PPTRACE" Ta No "0x80000000" Ta "Vforked child issued ptrace(PT_TRACEME)" .El .It Cm flags2 From owner-svn-src-stable-9@FreeBSD.ORG Mon Jun 8 19:44:05 2015 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 320AE7F6; Mon, 8 Jun 2015 19:44:05 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F5E61F1B; Mon, 8 Jun 2015 19:44:05 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t58Ji4lJ007702; Mon, 8 Jun 2015 19:44:04 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t58Ji4lZ007701; Mon, 8 Jun 2015 19:44:04 GMT (envelope-from dim@FreeBSD.org) Message-Id: <201506081944.t58Ji4lZ007701@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Mon, 8 Jun 2015 19:44:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284164 - in stable: 10/sys/amd64/amd64 9/sys/amd64/amd64 X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2015 19:44:05 -0000 Author: dim Date: Mon Jun 8 19:44:04 2015 New Revision: 284164 URL: https://svnweb.freebsd.org/changeset/base/284164 Log: MFC r283870: Remove unneeded NULL checks in amd64's trap_fatal(). Since td_name is an array member of struct thread, it can never be NULL, so the check can be removed. In addition, curproc can never be NULL, so remove the if statement, and splice the two printfs() together. While here, remove the u_long cast, and use the correct printf format specifier curproc->p_pid. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D2695 Modified: stable/9/sys/amd64/amd64/trap.c Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Changes in other areas also in this revision: Modified: stable/10/sys/amd64/amd64/trap.c Directory Properties: stable/10/ (props changed) Modified: stable/9/sys/amd64/amd64/trap.c ============================================================================== --- stable/9/sys/amd64/amd64/trap.c Mon Jun 8 19:24:18 2015 (r284163) +++ stable/9/sys/amd64/amd64/trap.c Mon Jun 8 19:44:04 2015 (r284164) @@ -863,14 +863,8 @@ trap_fatal(frame, eva) if (frame->tf_rflags & PSL_RF) printf("resume, "); printf("IOPL = %ld\n", (frame->tf_rflags & PSL_IOPL) >> 12); - printf("current process = "); - if (curproc) { - printf("%lu (%s)\n", - (u_long)curproc->p_pid, curthread->td_name ? - curthread->td_name : ""); - } else { - printf("Idle\n"); - } + printf("current process = %d (%s)\n", + curproc->p_pid, curthread->td_name); #ifdef KDB if (debugger_on_panic || kdb_active) From owner-svn-src-stable-9@FreeBSD.ORG Tue Jun 9 11:41:38 2015 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14BBDB73; Tue, 9 Jun 2015 11:41:38 +0000 (UTC) (envelope-from achim@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 016901390; Tue, 9 Jun 2015 11:41:38 +0000 (UTC) (envelope-from achim@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t59Bfb9w033416; Tue, 9 Jun 2015 11:41:37 GMT (envelope-from achim@FreeBSD.org) Received: (from achim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t59BfbZi033415; Tue, 9 Jun 2015 11:41:37 GMT (envelope-from achim@FreeBSD.org) Message-Id: <201506091141.t59BfbZi033415@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: achim set sender to achim@FreeBSD.org using -f From: Achim Leubner Date: Tue, 9 Jun 2015 11:41:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284177 - stable/9/sys/dev/aic7xxx X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 11:41:38 -0000 Author: achim Date: Tue Jun 9 11:41:37 2015 New Revision: 284177 URL: https://svnweb.freebsd.org/changeset/base/284177 Log: MFC r284022: Avoid ID conflict Modified: stable/9/sys/dev/aic7xxx/aic79xx_pci.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) Modified: stable/9/sys/dev/aic7xxx/aic79xx_pci.c ============================================================================== --- stable/9/sys/dev/aic7xxx/aic79xx_pci.c Tue Jun 9 11:40:30 2015 (r284176) +++ stable/9/sys/dev/aic7xxx/aic79xx_pci.c Tue Jun 9 11:41:37 2015 (r284177) @@ -93,6 +93,11 @@ ahd_compose_id(u_int device, u_int vendo #define ID_AIC7902_PCI_REV_A4 0x3 #define ID_AIC7902_PCI_REV_B0 0x10 #define SUBID_HP 0x0E11 +#define DEVICE8081 0x8081 +#define DEVICE8088 0x8088 +#define DEVICE8089 0x8089 +#define ADAPTECVENDORID 0x9005 +#define SUBVENDOR9005 0x9005 #define DEVID_9005_HOSTRAID(id) ((id) & 0x80) @@ -292,6 +297,15 @@ ahd_find_pci_device(aic_dev_softc_t pci) device = aic_pci_read_config(pci, PCIR_DEVICE, /*bytes*/2); subvendor = aic_pci_read_config(pci, PCIR_SUBVEND_0, /*bytes*/2); subdevice = aic_pci_read_config(pci, PCIR_SUBDEV_0, /*bytes*/2); + + if ((vendor == ADAPTECVENDORID) && (subvendor == SUBVENDOR9005)) { + if ((device == DEVICE8081) || (device == DEVICE8088) || + (device == DEVICE8089)) { + printf("Controller device ID conflict with PMC Adaptec HBA\n"); + return (NULL); + } + } + full_id = ahd_compose_id(device, vendor, subdevice, From owner-svn-src-stable-9@FreeBSD.ORG Thu Jun 11 19:39:50 2015 Return-Path: Delivered-To: svn-src-stable-9@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C7A0DCD4; Thu, 11 Jun 2015 19:39:50 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B19DB1E75; Thu, 11 Jun 2015 19:39:50 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5BJdoXN057406; Thu, 11 Jun 2015 19:39:50 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5BJdeAu057326; Thu, 11 Jun 2015 19:39:40 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201506111939.t5BJdeAu057326@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 11 Jun 2015 19:39:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284286 - in stable: 8/crypto/openssl 8/crypto/openssl/crypto 8/crypto/openssl/crypto/asn1 8/crypto/openssl/crypto/bn 8/crypto/openssl/crypto/cms 8/crypto/openssl/crypto/dsa 8/crypto/op... X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2015 19:39:50 -0000 Author: jkim Date: Thu Jun 11 19:39:27 2015 New Revision: 284286 URL: https://svnweb.freebsd.org/changeset/base/284286 Log: Merge OpenSSL 0.9.8zg. Modified: stable/9/crypto/openssl/CHANGES stable/9/crypto/openssl/Makefile stable/9/crypto/openssl/NEWS stable/9/crypto/openssl/README stable/9/crypto/openssl/crypto/asn1/a_int.c stable/9/crypto/openssl/crypto/asn1/tasn_new.c stable/9/crypto/openssl/crypto/asn1/x_x509.c stable/9/crypto/openssl/crypto/bn/bn.h stable/9/crypto/openssl/crypto/bn/bn_err.c stable/9/crypto/openssl/crypto/bn/bn_print.c stable/9/crypto/openssl/crypto/bn/bn_rand.c stable/9/crypto/openssl/crypto/bn/bn_shift.c stable/9/crypto/openssl/crypto/cms/cms_smime.c stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c stable/9/crypto/openssl/crypto/dso/dso_lib.c stable/9/crypto/openssl/crypto/ec/ec2_smpl.c stable/9/crypto/openssl/crypto/ec/ec_check.c stable/9/crypto/openssl/crypto/ec/ec_key.c stable/9/crypto/openssl/crypto/ec/ec_lib.c stable/9/crypto/openssl/crypto/ec/ecp_smpl.c stable/9/crypto/openssl/crypto/ec/ectest.c stable/9/crypto/openssl/crypto/objects/obj_dat.c stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c stable/9/crypto/openssl/crypto/opensslv.h stable/9/crypto/openssl/crypto/pem/pem_pk8.c stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c stable/9/crypto/openssl/crypto/x509/x509_lu.c stable/9/crypto/openssl/crypto/x509/x509_vfy.c stable/9/crypto/openssl/doc/crypto/BN_rand.pod stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod stable/9/crypto/openssl/doc/crypto/pem.pod stable/9/crypto/openssl/e_os2.h stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c stable/9/crypto/openssl/openssl.spec stable/9/crypto/openssl/ssl/d1_lib.c stable/9/crypto/openssl/ssl/s3_clnt.c stable/9/crypto/openssl/ssl/s3_srvr.c stable/9/crypto/openssl/ssl/ssl.h stable/9/crypto/openssl/ssl/ssl_err.c stable/9/crypto/openssl/ssl/ssl_locl.h stable/9/crypto/openssl/ssl/ssl_sess.c stable/9/crypto/openssl/util/mkerr.pl stable/9/secure/lib/libcrypto/Makefile.inc stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/9/secure/lib/libcrypto/man/BIO_ctrl.3 stable/9/secure/lib/libcrypto/man/BIO_f_base64.3 stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/9/secure/lib/libcrypto/man/BIO_f_md.3 stable/9/secure/lib/libcrypto/man/BIO_f_null.3 stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/9/secure/lib/libcrypto/man/BIO_find_type.3 stable/9/secure/lib/libcrypto/man/BIO_new.3 stable/9/secure/lib/libcrypto/man/BIO_push.3 stable/9/secure/lib/libcrypto/man/BIO_read.3 stable/9/secure/lib/libcrypto/man/BIO_s_accept.3 stable/9/secure/lib/libcrypto/man/BIO_s_bio.3 stable/9/secure/lib/libcrypto/man/BIO_s_connect.3 stable/9/secure/lib/libcrypto/man/BIO_s_fd.3 stable/9/secure/lib/libcrypto/man/BIO_s_file.3 stable/9/secure/lib/libcrypto/man/BIO_s_mem.3 stable/9/secure/lib/libcrypto/man/BIO_s_null.3 stable/9/secure/lib/libcrypto/man/BIO_s_socket.3 stable/9/secure/lib/libcrypto/man/BIO_set_callback.3 stable/9/secure/lib/libcrypto/man/BIO_should_retry.3 stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_start.3 stable/9/secure/lib/libcrypto/man/BN_add.3 stable/9/secure/lib/libcrypto/man/BN_add_word.3 stable/9/secure/lib/libcrypto/man/BN_bn2bin.3 stable/9/secure/lib/libcrypto/man/BN_cmp.3 stable/9/secure/lib/libcrypto/man/BN_copy.3 stable/9/secure/lib/libcrypto/man/BN_generate_prime.3 stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/9/secure/lib/libcrypto/man/BN_new.3 stable/9/secure/lib/libcrypto/man/BN_num_bytes.3 stable/9/secure/lib/libcrypto/man/BN_rand.3 stable/9/secure/lib/libcrypto/man/BN_set_bit.3 stable/9/secure/lib/libcrypto/man/BN_swap.3 stable/9/secure/lib/libcrypto/man/BN_zero.3 stable/9/secure/lib/libcrypto/man/CONF_modules_free.3 stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/9/secure/lib/libcrypto/man/DH_generate_key.3 stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DH_new.3 stable/9/secure/lib/libcrypto/man/DH_set_method.3 stable/9/secure/lib/libcrypto/man/DH_size.3 stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/9/secure/lib/libcrypto/man/DSA_do_sign.3 stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/9/secure/lib/libcrypto/man/DSA_generate_key.3 stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DSA_new.3 stable/9/secure/lib/libcrypto/man/DSA_set_method.3 stable/9/secure/lib/libcrypto/man/DSA_sign.3 stable/9/secure/lib/libcrypto/man/DSA_size.3 stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/9/secure/lib/libcrypto/man/ERR_clear_error.3 stable/9/secure/lib/libcrypto/man/ERR_error_string.3 stable/9/secure/lib/libcrypto/man/ERR_get_error.3 stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/9/secure/lib/libcrypto/man/ERR_load_strings.3 stable/9/secure/lib/libcrypto/man/ERR_print_errors.3 stable/9/secure/lib/libcrypto/man/ERR_put_error.3 stable/9/secure/lib/libcrypto/man/ERR_remove_state.3 stable/9/secure/lib/libcrypto/man/ERR_set_mark.3 stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/9/secure/lib/libcrypto/man/EVP_SealInit.3 stable/9/secure/lib/libcrypto/man/EVP_SignInit.3 stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/9/secure/lib/libcrypto/man/OPENSSL_config.3 stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/9/secure/lib/libcrypto/man/PKCS12_create.3 stable/9/secure/lib/libcrypto/man/PKCS12_parse.3 stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_sign.3 stable/9/secure/lib/libcrypto/man/PKCS7_verify.3 stable/9/secure/lib/libcrypto/man/RAND_add.3 stable/9/secure/lib/libcrypto/man/RAND_bytes.3 stable/9/secure/lib/libcrypto/man/RAND_cleanup.3 stable/9/secure/lib/libcrypto/man/RAND_egd.3 stable/9/secure/lib/libcrypto/man/RAND_load_file.3 stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/9/secure/lib/libcrypto/man/RSA_check_key.3 stable/9/secure/lib/libcrypto/man/RSA_generate_key.3 stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/RSA_new.3 stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/9/secure/lib/libcrypto/man/RSA_print.3 stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_set_method.3 stable/9/secure/lib/libcrypto/man/RSA_sign.3 stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/9/secure/lib/libcrypto/man/RSA_size.3 stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/9/secure/lib/libcrypto/man/X509_new.3 stable/9/secure/lib/libcrypto/man/bio.3 stable/9/secure/lib/libcrypto/man/blowfish.3 stable/9/secure/lib/libcrypto/man/bn.3 stable/9/secure/lib/libcrypto/man/bn_internal.3 stable/9/secure/lib/libcrypto/man/buffer.3 stable/9/secure/lib/libcrypto/man/crypto.3 stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/9/secure/lib/libcrypto/man/d2i_DHparams.3 stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_X509.3 stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/9/secure/lib/libcrypto/man/des.3 stable/9/secure/lib/libcrypto/man/dh.3 stable/9/secure/lib/libcrypto/man/dsa.3 stable/9/secure/lib/libcrypto/man/ecdsa.3 stable/9/secure/lib/libcrypto/man/engine.3 stable/9/secure/lib/libcrypto/man/err.3 stable/9/secure/lib/libcrypto/man/evp.3 stable/9/secure/lib/libcrypto/man/hmac.3 stable/9/secure/lib/libcrypto/man/lh_stats.3 stable/9/secure/lib/libcrypto/man/lhash.3 stable/9/secure/lib/libcrypto/man/md5.3 stable/9/secure/lib/libcrypto/man/mdc2.3 stable/9/secure/lib/libcrypto/man/pem.3 stable/9/secure/lib/libcrypto/man/rand.3 stable/9/secure/lib/libcrypto/man/rc4.3 stable/9/secure/lib/libcrypto/man/ripemd.3 stable/9/secure/lib/libcrypto/man/rsa.3 stable/9/secure/lib/libcrypto/man/sha.3 stable/9/secure/lib/libcrypto/man/threads.3 stable/9/secure/lib/libcrypto/man/ui.3 stable/9/secure/lib/libcrypto/man/ui_compat.3 stable/9/secure/lib/libcrypto/man/x509.3 stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_free.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/9/secure/lib/libssl/man/SSL_CTX_new.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/9/secure/lib/libssl/man/SSL_SESSION_free.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/9/secure/lib/libssl/man/SSL_accept.3 stable/9/secure/lib/libssl/man/SSL_alert_type_string.3 stable/9/secure/lib/libssl/man/SSL_clear.3 stable/9/secure/lib/libssl/man/SSL_connect.3 stable/9/secure/lib/libssl/man/SSL_do_handshake.3 stable/9/secure/lib/libssl/man/SSL_free.3 stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/9/secure/lib/libssl/man/SSL_get_ciphers.3 stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/9/secure/lib/libssl/man/SSL_get_error.3 stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_get_fd.3 stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/9/secure/lib/libssl/man/SSL_get_rbio.3 stable/9/secure/lib/libssl/man/SSL_get_session.3 stable/9/secure/lib/libssl/man/SSL_get_verify_result.3 stable/9/secure/lib/libssl/man/SSL_get_version.3 stable/9/secure/lib/libssl/man/SSL_library_init.3 stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/9/secure/lib/libssl/man/SSL_new.3 stable/9/secure/lib/libssl/man/SSL_pending.3 stable/9/secure/lib/libssl/man/SSL_read.3 stable/9/secure/lib/libssl/man/SSL_rstate_string.3 stable/9/secure/lib/libssl/man/SSL_session_reused.3 stable/9/secure/lib/libssl/man/SSL_set_bio.3 stable/9/secure/lib/libssl/man/SSL_set_connect_state.3 stable/9/secure/lib/libssl/man/SSL_set_fd.3 stable/9/secure/lib/libssl/man/SSL_set_session.3 stable/9/secure/lib/libssl/man/SSL_set_shutdown.3 stable/9/secure/lib/libssl/man/SSL_set_verify_result.3 stable/9/secure/lib/libssl/man/SSL_shutdown.3 stable/9/secure/lib/libssl/man/SSL_state_string.3 stable/9/secure/lib/libssl/man/SSL_want.3 stable/9/secure/lib/libssl/man/SSL_write.3 stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/9/secure/lib/libssl/man/ssl.3 stable/9/secure/usr.bin/openssl/man/CA.pl.1 stable/9/secure/usr.bin/openssl/man/asn1parse.1 stable/9/secure/usr.bin/openssl/man/ca.1 stable/9/secure/usr.bin/openssl/man/ciphers.1 stable/9/secure/usr.bin/openssl/man/crl.1 stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/9/secure/usr.bin/openssl/man/dgst.1 stable/9/secure/usr.bin/openssl/man/dhparam.1 stable/9/secure/usr.bin/openssl/man/dsa.1 stable/9/secure/usr.bin/openssl/man/dsaparam.1 stable/9/secure/usr.bin/openssl/man/ec.1 stable/9/secure/usr.bin/openssl/man/ecparam.1 stable/9/secure/usr.bin/openssl/man/enc.1 stable/9/secure/usr.bin/openssl/man/errstr.1 stable/9/secure/usr.bin/openssl/man/gendsa.1 stable/9/secure/usr.bin/openssl/man/genrsa.1 stable/9/secure/usr.bin/openssl/man/nseq.1 stable/9/secure/usr.bin/openssl/man/ocsp.1 stable/9/secure/usr.bin/openssl/man/openssl.1 stable/9/secure/usr.bin/openssl/man/passwd.1 stable/9/secure/usr.bin/openssl/man/pkcs12.1 stable/9/secure/usr.bin/openssl/man/pkcs7.1 stable/9/secure/usr.bin/openssl/man/pkcs8.1 stable/9/secure/usr.bin/openssl/man/rand.1 stable/9/secure/usr.bin/openssl/man/req.1 stable/9/secure/usr.bin/openssl/man/rsa.1 stable/9/secure/usr.bin/openssl/man/rsautl.1 stable/9/secure/usr.bin/openssl/man/s_client.1 stable/9/secure/usr.bin/openssl/man/s_server.1 stable/9/secure/usr.bin/openssl/man/s_time.1 stable/9/secure/usr.bin/openssl/man/sess_id.1 stable/9/secure/usr.bin/openssl/man/smime.1 stable/9/secure/usr.bin/openssl/man/speed.1 stable/9/secure/usr.bin/openssl/man/spkac.1 stable/9/secure/usr.bin/openssl/man/verify.1 stable/9/secure/usr.bin/openssl/man/version.1 stable/9/secure/usr.bin/openssl/man/x509.1 stable/9/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/9/crypto/openssl/ (props changed) Changes in other areas also in this revision: Modified: stable/8/crypto/openssl/CHANGES stable/8/crypto/openssl/Makefile stable/8/crypto/openssl/NEWS stable/8/crypto/openssl/README stable/8/crypto/openssl/crypto/asn1/a_int.c stable/8/crypto/openssl/crypto/asn1/tasn_new.c stable/8/crypto/openssl/crypto/asn1/x_x509.c stable/8/crypto/openssl/crypto/bn/bn.h stable/8/crypto/openssl/crypto/bn/bn_err.c stable/8/crypto/openssl/crypto/bn/bn_print.c stable/8/crypto/openssl/crypto/bn/bn_rand.c stable/8/crypto/openssl/crypto/bn/bn_shift.c stable/8/crypto/openssl/crypto/cms/cms_smime.c stable/8/crypto/openssl/crypto/dsa/dsa_ossl.c stable/8/crypto/openssl/crypto/dso/dso_lib.c stable/8/crypto/openssl/crypto/ec/ec2_smpl.c stable/8/crypto/openssl/crypto/ec/ec_check.c stable/8/crypto/openssl/crypto/ec/ec_key.c stable/8/crypto/openssl/crypto/ec/ec_lib.c stable/8/crypto/openssl/crypto/ec/ecp_smpl.c stable/8/crypto/openssl/crypto/ec/ectest.c stable/8/crypto/openssl/crypto/objects/obj_dat.c stable/8/crypto/openssl/crypto/ocsp/ocsp_vfy.c stable/8/crypto/openssl/crypto/opensslv.h stable/8/crypto/openssl/crypto/pem/pem_pk8.c stable/8/crypto/openssl/crypto/pkcs7/pk7_doit.c stable/8/crypto/openssl/crypto/x509/x509_lu.c stable/8/crypto/openssl/crypto/x509/x509_vfy.c stable/8/crypto/openssl/doc/crypto/BN_rand.pod stable/8/crypto/openssl/doc/crypto/BN_set_bit.pod stable/8/crypto/openssl/doc/crypto/pem.pod stable/8/crypto/openssl/e_os2.h stable/8/crypto/openssl/fips/rsa/fips_rsa_eay.c stable/8/crypto/openssl/openssl.spec stable/8/crypto/openssl/ssl/d1_lib.c stable/8/crypto/openssl/ssl/s3_clnt.c stable/8/crypto/openssl/ssl/s3_srvr.c stable/8/crypto/openssl/ssl/ssl.h stable/8/crypto/openssl/ssl/ssl_err.c stable/8/crypto/openssl/ssl/ssl_locl.h stable/8/crypto/openssl/ssl/ssl_sess.c stable/8/crypto/openssl/util/mkerr.pl stable/8/secure/lib/libcrypto/Makefile.inc stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/8/secure/lib/libcrypto/man/BIO_ctrl.3 stable/8/secure/lib/libcrypto/man/BIO_f_base64.3 stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/8/secure/lib/libcrypto/man/BIO_f_md.3 stable/8/secure/lib/libcrypto/man/BIO_f_null.3 stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/8/secure/lib/libcrypto/man/BIO_find_type.3 stable/8/secure/lib/libcrypto/man/BIO_new.3 stable/8/secure/lib/libcrypto/man/BIO_push.3 stable/8/secure/lib/libcrypto/man/BIO_read.3 stable/8/secure/lib/libcrypto/man/BIO_s_accept.3 stable/8/secure/lib/libcrypto/man/BIO_s_bio.3 stable/8/secure/lib/libcrypto/man/BIO_s_connect.3 stable/8/secure/lib/libcrypto/man/BIO_s_fd.3 stable/8/secure/lib/libcrypto/man/BIO_s_file.3 stable/8/secure/lib/libcrypto/man/BIO_s_mem.3 stable/8/secure/lib/libcrypto/man/BIO_s_null.3 stable/8/secure/lib/libcrypto/man/BIO_s_socket.3 stable/8/secure/lib/libcrypto/man/BIO_set_callback.3 stable/8/secure/lib/libcrypto/man/BIO_should_retry.3 stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_start.3 stable/8/secure/lib/libcrypto/man/BN_add.3 stable/8/secure/lib/libcrypto/man/BN_add_word.3 stable/8/secure/lib/libcrypto/man/BN_bn2bin.3 stable/8/secure/lib/libcrypto/man/BN_cmp.3 stable/8/secure/lib/libcrypto/man/BN_copy.3 stable/8/secure/lib/libcrypto/man/BN_generate_prime.3 stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/8/secure/lib/libcrypto/man/BN_new.3 stable/8/secure/lib/libcrypto/man/BN_num_bytes.3 stable/8/secure/lib/libcrypto/man/BN_rand.3 stable/8/secure/lib/libcrypto/man/BN_set_bit.3 stable/8/secure/lib/libcrypto/man/BN_swap.3 stable/8/secure/lib/libcrypto/man/BN_zero.3 stable/8/secure/lib/libcrypto/man/CONF_modules_free.3 stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/8/secure/lib/libcrypto/man/DH_generate_key.3 stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DH_new.3 stable/8/secure/lib/libcrypto/man/DH_set_method.3 stable/8/secure/lib/libcrypto/man/DH_size.3 stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/8/secure/lib/libcrypto/man/DSA_do_sign.3 stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/8/secure/lib/libcrypto/man/DSA_generate_key.3 stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DSA_new.3 stable/8/secure/lib/libcrypto/man/DSA_set_method.3 stable/8/secure/lib/libcrypto/man/DSA_sign.3 stable/8/secure/lib/libcrypto/man/DSA_size.3 stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/8/secure/lib/libcrypto/man/ERR_clear_error.3 stable/8/secure/lib/libcrypto/man/ERR_error_string.3 stable/8/secure/lib/libcrypto/man/ERR_get_error.3 stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/8/secure/lib/libcrypto/man/ERR_load_strings.3 stable/8/secure/lib/libcrypto/man/ERR_print_errors.3 stable/8/secure/lib/libcrypto/man/ERR_put_error.3 stable/8/secure/lib/libcrypto/man/ERR_remove_state.3 stable/8/secure/lib/libcrypto/man/ERR_set_mark.3 stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/8/secure/lib/libcrypto/man/EVP_SealInit.3 stable/8/secure/lib/libcrypto/man/EVP_SignInit.3 stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/8/secure/lib/libcrypto/man/OPENSSL_config.3 stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/8/secure/lib/libcrypto/man/PKCS12_create.3 stable/8/secure/lib/libcrypto/man/PKCS12_parse.3 stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_sign.3 stable/8/secure/lib/libcrypto/man/PKCS7_verify.3 stable/8/secure/lib/libcrypto/man/RAND_add.3 stable/8/secure/lib/libcrypto/man/RAND_bytes.3 stable/8/secure/lib/libcrypto/man/RAND_cleanup.3 stable/8/secure/lib/libcrypto/man/RAND_egd.3 stable/8/secure/lib/libcrypto/man/RAND_load_file.3 stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/8/secure/lib/libcrypto/man/RSA_check_key.3 stable/8/secure/lib/libcrypto/man/RSA_generate_key.3 stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/RSA_new.3 stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/8/secure/lib/libcrypto/man/RSA_print.3 stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_set_method.3 stable/8/secure/lib/libcrypto/man/RSA_sign.3 stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/8/secure/lib/libcrypto/man/RSA_size.3 stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/8/secure/lib/libcrypto/man/X509_new.3 stable/8/secure/lib/libcrypto/man/bio.3 stable/8/secure/lib/libcrypto/man/blowfish.3 stable/8/secure/lib/libcrypto/man/bn.3 stable/8/secure/lib/libcrypto/man/bn_internal.3 stable/8/secure/lib/libcrypto/man/buffer.3 stable/8/secure/lib/libcrypto/man/crypto.3 stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/8/secure/lib/libcrypto/man/d2i_DHparams.3 stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_X509.3 stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/8/secure/lib/libcrypto/man/des.3 stable/8/secure/lib/libcrypto/man/dh.3 stable/8/secure/lib/libcrypto/man/dsa.3 stable/8/secure/lib/libcrypto/man/ecdsa.3 stable/8/secure/lib/libcrypto/man/engine.3 stable/8/secure/lib/libcrypto/man/err.3 stable/8/secure/lib/libcrypto/man/evp.3 stable/8/secure/lib/libcrypto/man/hmac.3 stable/8/secure/lib/libcrypto/man/lh_stats.3 stable/8/secure/lib/libcrypto/man/lhash.3 stable/8/secure/lib/libcrypto/man/md5.3 stable/8/secure/lib/libcrypto/man/mdc2.3 stable/8/secure/lib/libcrypto/man/pem.3 stable/8/secure/lib/libcrypto/man/rand.3 stable/8/secure/lib/libcrypto/man/rc4.3 stable/8/secure/lib/libcrypto/man/ripemd.3 stable/8/secure/lib/libcrypto/man/rsa.3 stable/8/secure/lib/libcrypto/man/sha.3 stable/8/secure/lib/libcrypto/man/threads.3 stable/8/secure/lib/libcrypto/man/ui.3 stable/8/secure/lib/libcrypto/man/ui_compat.3 stable/8/secure/lib/libcrypto/man/x509.3 stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_free.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/8/secure/lib/libssl/man/SSL_CTX_new.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/8/secure/lib/libssl/man/SSL_SESSION_free.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/8/secure/lib/libssl/man/SSL_accept.3 stable/8/secure/lib/libssl/man/SSL_alert_type_string.3 stable/8/secure/lib/libssl/man/SSL_clear.3 stable/8/secure/lib/libssl/man/SSL_connect.3 stable/8/secure/lib/libssl/man/SSL_do_handshake.3 stable/8/secure/lib/libssl/man/SSL_free.3 stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/8/secure/lib/libssl/man/SSL_get_ciphers.3 stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/8/secure/lib/libssl/man/SSL_get_error.3 stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_get_fd.3 stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/8/secure/lib/libssl/man/SSL_get_rbio.3 stable/8/secure/lib/libssl/man/SSL_get_session.3 stable/8/secure/lib/libssl/man/SSL_get_verify_result.3 stable/8/secure/lib/libssl/man/SSL_get_version.3 stable/8/secure/lib/libssl/man/SSL_library_init.3 stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/8/secure/lib/libssl/man/SSL_new.3 stable/8/secure/lib/libssl/man/SSL_pending.3 stable/8/secure/lib/libssl/man/SSL_read.3 stable/8/secure/lib/libssl/man/SSL_rstate_string.3 stable/8/secure/lib/libssl/man/SSL_session_reused.3 stable/8/secure/lib/libssl/man/SSL_set_bio.3 stable/8/secure/lib/libssl/man/SSL_set_connect_state.3 stable/8/secure/lib/libssl/man/SSL_set_fd.3 stable/8/secure/lib/libssl/man/SSL_set_session.3 stable/8/secure/lib/libssl/man/SSL_set_shutdown.3 stable/8/secure/lib/libssl/man/SSL_set_verify_result.3 stable/8/secure/lib/libssl/man/SSL_shutdown.3 stable/8/secure/lib/libssl/man/SSL_state_string.3 stable/8/secure/lib/libssl/man/SSL_want.3 stable/8/secure/lib/libssl/man/SSL_write.3 stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/8/secure/lib/libssl/man/ssl.3 stable/8/secure/usr.bin/openssl/man/CA.pl.1 stable/8/secure/usr.bin/openssl/man/asn1parse.1 stable/8/secure/usr.bin/openssl/man/ca.1 stable/8/secure/usr.bin/openssl/man/ciphers.1 stable/8/secure/usr.bin/openssl/man/crl.1 stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/8/secure/usr.bin/openssl/man/dgst.1 stable/8/secure/usr.bin/openssl/man/dhparam.1 stable/8/secure/usr.bin/openssl/man/dsa.1 stable/8/secure/usr.bin/openssl/man/dsaparam.1 stable/8/secure/usr.bin/openssl/man/ec.1 stable/8/secure/usr.bin/openssl/man/ecparam.1 stable/8/secure/usr.bin/openssl/man/enc.1 stable/8/secure/usr.bin/openssl/man/errstr.1 stable/8/secure/usr.bin/openssl/man/gendsa.1 stable/8/secure/usr.bin/openssl/man/genrsa.1 stable/8/secure/usr.bin/openssl/man/nseq.1 stable/8/secure/usr.bin/openssl/man/ocsp.1 stable/8/secure/usr.bin/openssl/man/openssl.1 stable/8/secure/usr.bin/openssl/man/passwd.1 stable/8/secure/usr.bin/openssl/man/pkcs12.1 stable/8/secure/usr.bin/openssl/man/pkcs7.1 stable/8/secure/usr.bin/openssl/man/pkcs8.1 stable/8/secure/usr.bin/openssl/man/rand.1 stable/8/secure/usr.bin/openssl/man/req.1 stable/8/secure/usr.bin/openssl/man/rsa.1 stable/8/secure/usr.bin/openssl/man/rsautl.1 stable/8/secure/usr.bin/openssl/man/s_client.1 stable/8/secure/usr.bin/openssl/man/s_server.1 stable/8/secure/usr.bin/openssl/man/s_time.1 stable/8/secure/usr.bin/openssl/man/sess_id.1 stable/8/secure/usr.bin/openssl/man/smime.1 stable/8/secure/usr.bin/openssl/man/speed.1 stable/8/secure/usr.bin/openssl/man/spkac.1 stable/8/secure/usr.bin/openssl/man/verify.1 stable/8/secure/usr.bin/openssl/man/version.1 stable/8/secure/usr.bin/openssl/man/x509.1 stable/8/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/8/crypto/openssl/ (props changed) Modified: stable/9/crypto/openssl/CHANGES ============================================================================== --- stable/9/crypto/openssl/CHANGES Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/CHANGES Thu Jun 11 19:39:27 2015 (r284286) @@ -2,6 +2,74 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Böck. + (CVE-2015-1789) + [Emilia Käsper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Käsper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix Modified: stable/9/crypto/openssl/Makefile ============================================================================== --- stable/9/crypto/openssl/Makefile Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/Makefile Thu Jun 11 19:39:27 2015 (r284286) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8zf +VERSION=0.9.8zg MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: stable/9/crypto/openssl/NEWS ============================================================================== --- stable/9/crypto/openssl/NEWS Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/NEWS Thu Jun 11 19:39:27 2015 (r284286) @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015] o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) Modified: stable/9/crypto/openssl/README ============================================================================== --- stable/9/crypto/openssl/README Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/README Thu Jun 11 19:39:27 2015 (r284286) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8zf 19 Mar 2015 + OpenSSL 0.9.8zg 11 Jun 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/9/crypto/openssl/crypto/asn1/a_int.c ============================================================================== --- stable/9/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/asn1/a_int.c Thu Jun 11 19:39:27 2015 (r284286) @@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un else { ret = a->length; i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad = 1; pb = 0; @@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while (!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type = V_ASN1_INTEGER; Modified: stable/9/crypto/openssl/crypto/asn1/tasn_new.c ============================================================================== --- stable/9/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/asn1/tasn_new.c Thu Jun 11 19:39:27 2015 (r284286) @@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1 else asn1_cb = 0; - if (!combine) - *pval = NULL; - #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_push_info(it->sname); Modified: stable/9/crypto/openssl/crypto/asn1/x_x509.c ============================================================================== --- stable/9/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/asn1/x_x509.c Thu Jun 11 19:39:27 2015 (r284286) @@ -184,7 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig /* Save start position */ q = *pp; - if(!a || *a == NULL) { + if (!a || *a == NULL) { freeret = 1; } ret = d2i_X509(a, pp, length); @@ -199,7 +199,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsig goto err; return ret; err: - if(freeret) { + if (freeret) { X509_free(ret); if (a) *a = NULL; Modified: stable/9/crypto/openssl/crypto/bn/bn.h ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn.h Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/bn/bn.h Thu Jun 11 19:39:27 2015 (r284286) @@ -871,6 +871,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -886,12 +887,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -899,6 +902,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 Modified: stable/9/crypto/openssl/crypto/bn/bn_err.c ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn_err.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/bn/bn_err.c Thu Jun 11 19:39:27 2015 (r284286) @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, @@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, Modified: stable/9/crypto/openssl/crypto/bn/bn_print.c ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn_print.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/bn/bn_print.c Thu Jun 11 19:39:27 2015 (r284286) @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; Modified: stable/9/crypto/openssl/crypto/bn/bn_rand.c ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn_rand.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/bn/bn_rand.c Thu Jun 11 19:39:27 2015 (r284286) @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; Modified: stable/9/crypto/openssl/crypto/bn/bn_shift.c ============================================================================== --- stable/9/crypto/openssl/crypto/bn/bn_shift.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/bn/bn_shift.c Thu Jun 11 19:39:27 2015 (r284286) @@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; Modified: stable/9/crypto/openssl/crypto/cms/cms_smime.c ============================================================================== --- stable/9/crypto/openssl/crypto/cms/cms_smime.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/cms/cms_smime.c Thu Jun 11 19:39:27 2015 (r284286) @@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *up BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); } Modified: stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c ============================================================================== --- stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/dsa/dsa_ossl.c Thu Jun 11 19:39:27 2015 (r284286) @@ -107,23 +107,23 @@ static DSA_METHOD openssl_dsa_meth = { # define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ do { \ int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ + if ((dsa)->meth->dsa_mod_exp) \ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ (a2), (p2), (m), (ctx), (in_mont)); \ else \ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ (m), (ctx), (in_mont)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) # define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ do { \ int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ + if ((dsa)->meth->bn_mod_exp) \ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ (m), (ctx), (m_ctx)); \ else \ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) const DSA_METHOD *DSA_OpenSSL(void) Modified: stable/9/crypto/openssl/crypto/dso/dso_lib.c ============================================================================== --- stable/9/crypto/openssl/crypto/dso/dso_lib.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/dso/dso_lib.c Thu Jun 11 19:39:27 2015 (r284286) @@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, co * honest. For one thing, I think I have to return a negative value for any * error because possible DSO_ctrl() commands may return values such as * "size"s that can legitimately be zero (making the standard - * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd + * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd * times. I'd prefer "output" values to be passed by reference and the return * value as success/failure like usual ... but we conform when we must... :-) */ Modified: stable/9/crypto/openssl/crypto/ec/ec2_smpl.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ec2_smpl.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ec2_smpl.c Thu Jun 11 19:39:27 2015 (r284286) @@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GR } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: stable/9/crypto/openssl/crypto/ec/ec_check.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ec_check.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ec_check.c Thu Jun 11 19:39:27 2015 (r284286) @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: stable/9/crypto/openssl/crypto/ec/ec_key.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ec_key.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ec_key.c Thu Jun 11 19:39:27 2015 (r284286) @@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: stable/9/crypto/openssl/crypto/ec/ec_lib.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ec_lib.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ec_lib.c Thu Jun 11 19:39:27 2015 (r284286) @@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GRO return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { Modified: stable/9/crypto/openssl/crypto/ec/ecp_smpl.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ecp_smpl.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ecp_smpl.c Thu Jun 11 19:39:27 2015 (r284286) @@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GRO } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } Modified: stable/9/crypto/openssl/crypto/ec/ectest.c ============================================================================== --- stable/9/crypto/openssl/crypto/ec/ectest.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ec/ectest.c Thu Jun 11 19:39:27 2015 (r284286) @@ -303,7 +303,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -436,7 +436,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -501,7 +501,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -572,7 +572,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -649,7 +649,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -723,7 +723,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -800,7 +800,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -862,7 +862,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1004,7 +1004,7 @@ void prime_field_tests() # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1022,7 +1022,7 @@ void prime_field_tests() if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1161,7 +1161,7 @@ void char2_field_tests() if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1382,7 +1382,7 @@ void char2_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ Modified: stable/9/crypto/openssl/crypto/objects/obj_dat.c ============================================================================== --- stable/9/crypto/openssl/crypto/objects/obj_dat.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/objects/obj_dat.c Thu Jun 11 19:39:27 2015 (r284286) @@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ Modified: stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c ============================================================================== --- stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/ocsp/ocsp_vfy.c Thu Jun 11 19:39:27 2015 (r284286) @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } Modified: stable/9/crypto/openssl/crypto/opensslv.h ============================================================================== --- stable/9/crypto/openssl/crypto/opensslv.h Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/opensslv.h Thu Jun 11 19:39:27 2015 (r284286) @@ -26,11 +26,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x009081ffL +# define OPENSSL_VERSION_NUMBER 0x0090820fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-fips 11 Jun 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-freebsd 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-freebsd 11 Jun 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: stable/9/crypto/openssl/crypto/pem/pem_pk8.c ============================================================================== --- stable/9/crypto/openssl/crypto/pem/pem_pk8.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/pem/pem_pk8.c Thu Jun 11 19:39:27 2015 (r284286) @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else Modified: stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c ============================================================================== --- stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Jun 11 19:39:27 2015 (r284286) @@ -359,12 +359,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -377,6 +384,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -390,6 +398,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -557,7 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE etmp = NULL; } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { # if 0 Modified: stable/9/crypto/openssl/crypto/x509/x509_lu.c ============================================================================== --- stable/9/crypto/openssl/crypto/x509/x509_lu.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/x509/x509_lu.c Thu Jun 11 19:39:27 2015 (r284286) @@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { Modified: stable/9/crypto/openssl/crypto/x509/x509_vfy.c ============================================================================== --- stable/9/crypto/openssl/crypto/x509/x509_vfy.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/crypto/x509/x509_vfy.c Thu Jun 11 19:39:27 2015 (r284286) @@ -1007,47 +1007,84 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') @@ -1304,6 +1341,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } Modified: stable/9/crypto/openssl/doc/crypto/BN_rand.pod ============================================================================== --- stable/9/crypto/openssl/doc/crypto/BN_rand.pod Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/doc/crypto/BN_rand.pod Thu Jun 11 19:39:27 2015 (r284286) @@ -24,7 +24,8 @@ most significant bit of the random numbe it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for Modified: stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod ============================================================================== --- stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/doc/crypto/BN_set_bit.pod Thu Jun 11 19:39:27 2015 (r284286) @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. Modified: stable/9/crypto/openssl/doc/crypto/pem.pod ============================================================================== --- stable/9/crypto/openssl/doc/crypto/pem.pod Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/doc/crypto/pem.pod Thu Jun 11 19:39:27 2015 (r284286) @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an er key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter Modified: stable/9/crypto/openssl/e_os2.h ============================================================================== --- stable/9/crypto/openssl/e_os2.h Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/e_os2.h Thu Jun 11 19:39:27 2015 (r284286) @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS Modified: stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c ============================================================================== --- stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/fips/rsa/fips_rsa_eay.c Thu Jun 11 19:39:27 2015 (r284286) @@ -158,7 +158,7 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) * RSA_FLAG_CACHE_PRIVATE, goto err); */ # define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ - if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ + if ((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ CRYPTO_LOCK_RSA, \ (rsa)->m, (ctx))) \ Modified: stable/9/crypto/openssl/openssl.spec ============================================================================== --- stable/9/crypto/openssl/openssl.spec Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/openssl.spec Thu Jun 11 19:39:27 2015 (r284286) @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8zf +Version: 0.9.8zg Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries Modified: stable/9/crypto/openssl/ssl/d1_lib.c ============================================================================== --- stable/9/crypto/openssl/ssl/d1_lib.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/ssl/d1_lib.c Thu Jun 11 19:39:27 2015 (r284286) @@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; Modified: stable/9/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- stable/9/crypto/openssl/ssl/s3_clnt.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/ssl/s3_clnt.c Thu Jun 11 19:39:27 2015 (r284286) @@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ Modified: stable/9/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- stable/9/crypto/openssl/ssl/s3_srvr.c Thu Jun 11 19:07:45 2015 (r284285) +++ stable/9/crypto/openssl/ssl/s3_srvr.c Thu Jun 11 19:39:27 2015 (r284286) @@ -779,6 +779,16 @@ int ssl3_get_client_hello(SSL *s) d = p = (unsigned char *)s->init_msg; /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + /* * use version from inside client hello, not from record header (may * differ: see RFC 2246, Appendix E, second paragraph) */ @@ -808,6 +818,12 @@ int ssl3_get_client_hello(SSL *s) unsigned int session_length, cookie_length; session_length = *(p + SSL3_RANDOM_SIZE); + + if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) @@ -821,6 +837,12 @@ int ssl3_get_client_hello(SSL *s) /* get the session-id */ j = *(p++); + if (p + j > d + n) { *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-9@FreeBSD.ORG Fri Jun 12 11:41:48 2015 Return-Path: Delivered-To: svn-src-stable-9@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BDF9779C; Fri, 12 Jun 2015 11:41:48 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ABEFC1A47; Fri, 12 Jun 2015 11:41:48 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5CBfmGu041666; Fri, 12 Jun 2015 11:41:48 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5CBfmPB041665; Fri, 12 Jun 2015 11:41:48 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201506121141.t5CBfmPB041665@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Fri, 12 Jun 2015 11:41:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284312 - stable/9/sys/boot/userboot/userboot X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2015 11:41:48 -0000 Author: avg Date: Fri Jun 12 11:41:47 2015 New Revision: 284312 URL: https://svnweb.freebsd.org/changeset/base/284312 Log: MFC r283939: userboot: enable bzipfs support Modified: stable/9/sys/boot/userboot/userboot/conf.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/boot/ (props changed) Modified: stable/9/sys/boot/userboot/userboot/conf.c ============================================================================== --- stable/9/sys/boot/userboot/userboot/conf.c Fri Jun 12 11:41:33 2015 (r284311) +++ stable/9/sys/boot/userboot/userboot/conf.c Fri Jun 12 11:41:47 2015 (r284312) @@ -58,6 +58,7 @@ struct fs_ops *file_system[] = { &host_fsops, &ufs_fsops, &gzipfs_fsops, + &bzipfs_fsops, NULL }; From owner-svn-src-stable-9@FreeBSD.ORG Fri Jun 12 11:52:33 2015 Return-Path: Delivered-To: svn-src-stable-9@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9CC19B3E; Fri, 12 Jun 2015 11:52:33 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 89F971D11; Fri, 12 Jun 2015 11:52:33 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5CBqXtR048042; Fri, 12 Jun 2015 11:52:33 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5CBqXX4048041; Fri, 12 Jun 2015 11:52:33 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201506121152.t5CBqXX4048041@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Fri, 12 Jun 2015 11:52:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284314 - stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2015 11:52:33 -0000 Author: avg Date: Fri Jun 12 11:52:32 2015 New Revision: 284314 URL: https://svnweb.freebsd.org/changeset/base/284314 Log: MFC r283525: zfs: fixes for a full stream received into an existing dataset Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_send.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_send.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_send.c Fri Jun 12 11:49:05 2015 (r284313) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_send.c Fri Jun 12 11:52:32 2015 (r284314) @@ -858,10 +858,12 @@ recv_begin_check_existing_impl(dmu_recv_ dsl_dataset_rele(snap, FTAG); } else { - /* if full, most recent snapshot must be $ORIGIN */ - if (ds->ds_phys->ds_prev_snap_txg >= TXG_INITIAL) - return (SET_ERROR(ENODEV)); - drba->drba_snapobj = ds->ds_phys->ds_prev_snap_obj; + /* if full, then must be forced */ + if (!drba->drba_cookie->drc_force) + return (SET_ERROR(EEXIST)); + /* start from $ORIGIN@$ORIGIN, if supported */ + drba->drba_snapobj = dp->dp_origin_snap != NULL ? + dp->dp_origin_snap->ds_object : 0; } return (0); From owner-svn-src-stable-9@FreeBSD.ORG Sat Jun 13 16:15:46 2015 Return-Path: Delivered-To: svn-src-stable-9@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B4EAB9F6; Sat, 13 Jun 2015 16:15:46 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 96254F4A; Sat, 13 Jun 2015 16:15:46 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5DGFkLh038557; Sat, 13 Jun 2015 16:15:46 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5DGFjef038550; Sat, 13 Jun 2015 16:15:45 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201506131615.t5DGFjef038550@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Sat, 13 Jun 2015 16:15:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r284343 - in stable: 10/sys/kern 10/sys/sys 9/sys/kern 9/sys/sys X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jun 2015 16:15:46 -0000 Author: jhb Date: Sat Jun 13 16:15:43 2015 New Revision: 284343 URL: https://svnweb.freebsd.org/changeset/base/284343 Log: MFC 283546: Add KTR tracing for some MI ptrace events. Modified: stable/9/sys/kern/kern_exit.c stable/9/sys/kern/kern_fork.c stable/9/sys/kern/kern_sig.c stable/9/sys/kern/sys_process.c stable/9/sys/sys/ktr.h Directory Properties: stable/9/sys/ (props changed) stable/9/sys/sys/ (props changed) Changes in other areas also in this revision: Modified: stable/10/sys/kern/kern_exit.c stable/10/sys/kern/kern_fork.c stable/10/sys/kern/kern_sig.c stable/10/sys/kern/sys_process.c stable/10/sys/sys/ktr.h Directory Properties: stable/10/ (props changed) Modified: stable/9/sys/kern/kern_exit.c ============================================================================== --- stable/9/sys/kern/kern_exit.c Sat Jun 13 16:13:31 2015 (r284342) +++ stable/9/sys/kern/kern_exit.c Sat Jun 13 16:15:43 2015 (r284343) @@ -457,6 +457,8 @@ exit1(struct thread *td, int rv) */ while ((q = LIST_FIRST(&p->p_orphans)) != NULL) { PROC_LOCK(q); + CTR2(KTR_PTRACE, "exit: pid %d, clearing orphan %d", p->p_pid, + q->p_pid); clear_orphan(q); PROC_UNLOCK(q); } @@ -788,6 +790,9 @@ proc_reap(struct thread *td, struct proc */ if (p->p_oppid && (t = pfind(p->p_oppid)) != NULL) { PROC_LOCK(p); + CTR2(KTR_PTRACE, + "wait: traced child %d moved back to parent %d", p->p_pid, + t->p_pid); proc_reparent(p, t); p->p_oppid = 0; PROC_UNLOCK(p); @@ -1143,6 +1148,10 @@ loop: PROC_UNLOCK(q); } + CTR4(KTR_PTRACE, + "wait: returning trapped pid %d status %#x (xstat %d) xthread %d", + p->p_pid, W_STOPCODE(p->p_xstat), p->p_xstat, + p->p_xthread != NULL ? p->p_xthread->td_tid : -1); PROC_UNLOCK(p); return (0); } Modified: stable/9/sys/kern/kern_fork.c ============================================================================== --- stable/9/sys/kern/kern_fork.c Sat Jun 13 16:13:31 2015 (r284342) +++ stable/9/sys/kern/kern_fork.c Sat Jun 13 16:15:43 2015 (r284343) @@ -1034,6 +1034,9 @@ fork_return(struct thread *td, struct tr dbg = p->p_pptr->p_pptr; p->p_flag |= P_TRACED; p->p_oppid = p->p_pptr->p_pid; + CTR2(KTR_PTRACE, + "fork_return: attaching to new child pid %d: oppid %d", + p->p_pid, p->p_oppid); proc_reparent(p, dbg); sx_xunlock(&proctree_lock); td->td_dbgflags |= TDB_CHILD; Modified: stable/9/sys/kern/kern_sig.c ============================================================================== --- stable/9/sys/kern/kern_sig.c Sat Jun 13 16:13:31 2015 (r284342) +++ stable/9/sys/kern/kern_sig.c Sat Jun 13 16:15:43 2015 (r284343) @@ -2442,6 +2442,8 @@ ptracestop(struct thread *td, int sig) td->td_dbgflags |= TDB_XSIG; td->td_xsig = sig; + CTR4(KTR_PTRACE, "ptracestop: tid %d (pid %d) flags %#x sig %d", + td->td_tid, p->p_pid, td->td_dbgflags, sig); PROC_SLOCK(p); while ((p->p_flag & P_TRACED) && (td->td_dbgflags & TDB_XSIG)) { if (p->p_flag & P_SINGLE_EXIT) { Modified: stable/9/sys/kern/sys_process.c ============================================================================== --- stable/9/sys/kern/sys_process.c Sat Jun 13 16:13:31 2015 (r284342) +++ stable/9/sys/kern/sys_process.c Sat Jun 13 16:15:43 2015 (r284343) @@ -435,6 +435,9 @@ ptrace_vm_entry(struct thread *td, struc free(freepath, M_TEMP); } } + if (error == 0) + CTR3(KTR_PTRACE, "PT_VM_ENTRY: pid %d, entry %d, start %p", + p->p_pid, pve->pve_entry, pve->pve_start); return (error); } @@ -829,6 +832,7 @@ kern_ptrace(struct thread *td, int req, if (p->p_flag & P_PPWAIT) p->p_flag |= P_PPTRACE; p->p_oppid = p->p_pptr->p_pid; + CTR1(KTR_PTRACE, "PT_TRACE_ME: pid %d", p->p_pid); break; case PT_ATTACH: @@ -848,17 +852,25 @@ kern_ptrace(struct thread *td, int req, proc_reparent(p, td->td_proc); } data = SIGSTOP; + CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid, + p->p_oppid); goto sendsig; /* in PT_CONTINUE below */ case PT_CLEARSTEP: + CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid, + p->p_pid); error = ptrace_clear_single_step(td2); break; case PT_SETSTEP: + CTR2(KTR_PTRACE, "PT_SETSTEP: tid %d (pid %d)", td2->td_tid, + p->p_pid); error = ptrace_single_step(td2); break; case PT_SUSPEND: + CTR2(KTR_PTRACE, "PT_SUSPEND: tid %d (pid %d)", td2->td_tid, + p->p_pid); td2->td_dbgflags |= TDB_SUSPEND; thread_lock(td2); td2->td_flags |= TDF_NEEDSUSPCHK; @@ -866,10 +878,15 @@ kern_ptrace(struct thread *td, int req, break; case PT_RESUME: + CTR2(KTR_PTRACE, "PT_RESUME: tid %d (pid %d)", td2->td_tid, + p->p_pid); td2->td_dbgflags &= ~TDB_SUSPEND; break; case PT_FOLLOW_FORK: + CTR3(KTR_PTRACE, "PT_FOLLOW_FORK: pid %d %s -> %s", p->p_pid, + p->p_flag & P_FOLLOWFORK ? "enabled" : "disabled", + data ? "enabled" : "disabled"); if (data) p->p_flag |= P_FOLLOWFORK; else @@ -890,6 +907,8 @@ kern_ptrace(struct thread *td, int req, switch (req) { case PT_STEP: + CTR2(KTR_PTRACE, "PT_STEP: tid %d (pid %d)", + td2->td_tid, p->p_pid); error = ptrace_single_step(td2); if (error) goto out; @@ -907,12 +926,25 @@ kern_ptrace(struct thread *td, int req, switch (req) { case PT_TO_SCE: p->p_stops |= S_PT_SCE; + CTR2(KTR_PTRACE, + "PT_TO_SCE: pid %d, stops = %#x", p->p_pid, + p->p_stops); break; case PT_TO_SCX: p->p_stops |= S_PT_SCX; + CTR2(KTR_PTRACE, + "PT_TO_SCX: pid %d, stops = %#x", p->p_pid, + p->p_stops); break; case PT_SYSCALL: p->p_stops |= S_PT_SCE | S_PT_SCX; + CTR2(KTR_PTRACE, + "PT_SYSCALL: pid %d, stops = %#x", p->p_pid, + p->p_stops); + break; + case PT_CONTINUE: + CTR1(KTR_PTRACE, + "PT_CONTINUE: pid %d", p->p_pid); break; } break; @@ -935,7 +967,11 @@ kern_ptrace(struct thread *td, int req, proc_reparent(p, pp); if (pp == initproc) p->p_sigparent = SIGCHLD; - } + CTR2(KTR_PTRACE, + "PT_DETACH: pid %d reparented to pid %d", + p->p_pid, pp->p_pid); + } else + CTR1(KTR_PTRACE, "PT_DETACH: pid %d", p->p_pid); p->p_oppid = 0; p->p_flag &= ~(P_TRACED | P_WAITED | P_FOLLOWFORK); @@ -1012,6 +1048,14 @@ kern_ptrace(struct thread *td, int req, } if (!write) td->td_retval[0] = tmp; + if (error == 0) { + if (write) + CTR3(KTR_PTRACE, "PT_WRITE: pid %d: %p <= %#x", + p->p_pid, addr, data); + else + CTR3(KTR_PTRACE, "PT_READ: pid %d: %p >= %#x", + p->p_pid, addr, tmp); + } PROC_LOCK(p); break; @@ -1044,10 +1088,14 @@ kern_ptrace(struct thread *td, int req, switch (tmp) { case PIOD_READ_D: case PIOD_READ_I: + CTR3(KTR_PTRACE, "PT_IO: pid %d: READ (%p, %#x)", + p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); uio.uio_rw = UIO_READ; break; case PIOD_WRITE_D: case PIOD_WRITE_I: + CTR3(KTR_PTRACE, "PT_IO: pid %d: WRITE (%p, %#x)", + p->p_pid, (uintptr_t)uio.uio_offset, uio.uio_resid); td2->td_dbgflags |= TDB_USERWR; uio.uio_rw = UIO_WRITE; break; @@ -1067,33 +1115,46 @@ kern_ptrace(struct thread *td, int req, break; case PT_KILL: + CTR1(KTR_PTRACE, "PT_KILL: pid %d", p->p_pid); data = SIGKILL; goto sendsig; /* in PT_CONTINUE above */ case PT_SETREGS: + CTR2(KTR_PTRACE, "PT_SETREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); td2->td_dbgflags |= TDB_USERWR; error = PROC_WRITE(regs, td2, addr); break; case PT_GETREGS: + CTR2(KTR_PTRACE, "PT_GETREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); error = PROC_READ(regs, td2, addr); break; case PT_SETFPREGS: + CTR2(KTR_PTRACE, "PT_SETFPREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); td2->td_dbgflags |= TDB_USERWR; error = PROC_WRITE(fpregs, td2, addr); break; case PT_GETFPREGS: + CTR2(KTR_PTRACE, "PT_GETFPREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); error = PROC_READ(fpregs, td2, addr); break; case PT_SETDBREGS: + CTR2(KTR_PTRACE, "PT_SETDBREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); td2->td_dbgflags |= TDB_USERWR; error = PROC_WRITE(dbregs, td2, addr); break; case PT_GETDBREGS: + CTR2(KTR_PTRACE, "PT_GETDBREGS: tid %d (pid %d)", td2->td_tid, + p->p_pid); error = PROC_READ(dbregs, td2, addr); break; @@ -1156,13 +1217,21 @@ kern_ptrace(struct thread *td, int req, if (wrap32) ptrace_lwpinfo_to32(pl, pl32); #endif + CTR5(KTR_PTRACE, + "PT_LWPINFO: tid %d (pid %d) event %d flags %#x child pid %d", + td2->td_tid, p->p_pid, pl->pl_event, pl->pl_flags, + pl->pl_child_pid); break; case PT_GETNUMLWPS: + CTR2(KTR_PTRACE, "PT_GETNUMLWPS: pid %d: %d threads", p->p_pid, + p->p_numthreads); td->td_retval[0] = p->p_numthreads; break; case PT_GETLWPLIST: + CTR3(KTR_PTRACE, "PT_GETLWPLIST: pid %d: data %d, actual %d", + p->p_pid, data, p->p_numthreads); if (data <= 0) { error = EINVAL; break; @@ -1186,6 +1255,8 @@ kern_ptrace(struct thread *td, int req, break; case PT_VM_TIMESTAMP: + CTR2(KTR_PTRACE, "PT_VM_TIMESTAMP: pid %d: timestamp %d", + p->p_pid, p->p_vmspace->vm_map.timestamp); td->td_retval[0] = p->p_vmspace->vm_map.timestamp; break; @@ -1236,6 +1307,8 @@ stopevent(struct proc *p, unsigned int e PROC_LOCK_ASSERT(p, MA_OWNED); p->p_step = 1; + CTR3(KTR_PTRACE, "stopevent: pid %d event %u val %u", p->p_pid, event, + val); do { p->p_xstat = val; p->p_xthread = NULL; Modified: stable/9/sys/sys/ktr.h ============================================================================== --- stable/9/sys/sys/ktr.h Sat Jun 13 16:13:31 2015 (r284342) +++ stable/9/sys/sys/ktr.h Sat Jun 13 16:15:43 2015 (r284343) @@ -75,7 +75,8 @@ #define KTR_INET6 0x10000000 /* IPv6 stack */ #define KTR_SCHED 0x20000000 /* Machine parsed sched info. */ #define KTR_BUF 0x40000000 /* Buffer cache */ -#define KTR_ALL 0x7fffffff +#define KTR_PTRACE 0x80000000 /* Process debugging. */ +#define KTR_ALL 0xffffffff /* Trace classes to compile in */ #ifdef KTR