From owner-svn-src-stable-8@FreeBSD.ORG Tue Aug 5 16:44:28 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57002917 for ; Tue, 5 Aug 2014 16:44:28 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3977F268E for ; Tue, 5 Aug 2014 16:44:28 +0000 (UTC) Received: from marius (uid 1018) (envelope-from marius@FreeBSD.org) id 504d by svn.freebsd.org (DragonFly Mail Agent v0.9+); Tue, 05 Aug 2014 16:44:28 +0000 From: Marius Strobl Date: Tue, 5 Aug 2014 16:44:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269595 - stable/8/sys/x86/x86 X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e109ec.504d.48cb877a@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2014 16:44:28 -0000 Author: marius Date: Tue Aug 5 16:44:27 2014 New Revision: 269595 URL: http://svnweb.freebsd.org/changeset/base/269595 Log: MFC: r260457 The changes in r233781 (MFCed to stable/8 in r235517) attempted to make logging during a machine check exception more readable. In practice they prevented all logging during a machine check exception on at least some systems. Specifically, when an uncorrected ECC error is detected in a DIMM on a Nehalem/Westmere class machine, all CPUs receive a machine check exception, but only CPUs on the same package as the memory controller for the erroring DIMM log an error. The CPUs on the other package would complete the scan of their machine check banks and panic before the first set of CPUs could log an error. The end result was a clearer display during the panic (no interleaved messages), but a crashdump without any useful info about the error that occurred. To handle this case, make all CPUs spin in the machine check handler once they have completed their scan of their machine check banks until at least one machine check error is logged. I tried using a DELAY() instead so that the CPUs would not potentially hang forever, but that was not reliable in testing. While here, don't clear MCIP from MSR_MCG_STATUS before invoking panic. Only clear it if the machine check handler does not panic and returns to the interrupted thread. MFC: r263113 Correct type for malloc(). Submitted by: "Conrad Meyer" MFC: r269052, r269239, r269242 Intel desktop Haswell CPUs may report benign corrected parity errors (see HSD131 erratum in [1]) at a considerable rate. So filter these (default), unless logging is enabled. Unfortunately, there really is no better way to reasonably implement suppressing these errors than to just skipping them in mca_log(). Given that they are reported for bank 0, they'd need to be masked in MSR_MC0_CTL. However, P6 family processors require that register to be set to either all 0s or all 1s, disabling way more than the one error in question when using all 0s there. Alternatively, it could be masked for the corresponding CMCI, but that still wouldn't keep the periodic scanner from detecting these spurious errors. Apart from that, register contents of MSR_MC0_CTL{,2} don't seem to be publicly documented, neither in the Intel Architectures Developer's Manual nor in the Haswell datasheets. Note that while HSD131 actually is only about C0-stepping as of revision 014 of the Intel desktop 4th generation processor family specification update, these corrected errors also have been observed with D0-stepping aka "Haswell Refresh". 1: http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-desktop-specification-update.pdf Reviewed by: jhb Sponsored by: Bally Wulff Games & Entertainment GmbH Modified: stable/8/sys/x86/x86/mca.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/x86/ (props changed) Modified: stable/8/sys/x86/x86/mca.c ============================================================================== --- stable/8/sys/x86/x86/mca.c Tue Aug 5 16:31:03 2014 (r269594) +++ stable/8/sys/x86/x86/mca.c Tue Aug 5 16:44:27 2014 (r269595) @@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -84,7 +85,7 @@ struct mca_internal { static MALLOC_DEFINE(M_MCA, "MCA", "Machine Check Architecture"); -static int mca_count; /* Number of records stored. */ +static volatile int mca_count; /* Number of records stored. */ static int mca_banks; /* Number of per-CPU register banks. */ SYSCTL_NODE(_hw, OID_AUTO, mca, CTLFLAG_RD, NULL, "Machine Check Architecture"); @@ -99,6 +100,11 @@ TUNABLE_INT("hw.mca.amd10h_L1TP", &amd10 SYSCTL_INT(_hw_mca, OID_AUTO, amd10h_L1TP, CTLFLAG_RDTUN, &amd10h_L1TP, 0, "Administrative toggle for logging of level one TLB parity (L1TP) errors"); +static int intel6h_HSD131; +TUNABLE_INT("hw.mca.intel6h_hsd131", &intel6h_HSD131); +SYSCTL_INT(_hw_mca, OID_AUTO, intel6h_HSD131, CTLFLAG_RDTUN, &intel6h_HSD131, 0, + "Administrative toggle for logging of spurious corrected errors"); + int workaround_erratum383; SYSCTL_INT(_hw_mca, OID_AUTO, erratum383, CTLFLAG_RD, &workaround_erratum383, 0, "Is the workaround for Erratum 383 on AMD Family 10h processors enabled?"); @@ -242,12 +248,34 @@ mca_error_mmtype(uint16_t mca_error) return ("???"); } +static int __nonnull(1) +mca_mute(const struct mca_record *rec) +{ + + /* + * Skip spurious corrected parity errors generated by desktop Haswell + * (see HSD131 erratum) unless reporting is enabled. + * Note that these errors also have been observed with D0-stepping, + * while the revision 014 desktop Haswell specification update only + * talks about C0-stepping. + */ + if (rec->mr_cpu_vendor_id == CPU_VENDOR_INTEL && + rec->mr_cpu_id == 0x306c3 && rec->mr_bank == 0 && + rec->mr_status == 0x90000040000f0005 && !intel6h_HSD131) + return (1); + + return (0); +} + /* Dump details about a single machine check. */ static void __nonnull(1) mca_log(const struct mca_record *rec) { uint16_t mca_error; + if (mca_mute(rec)) + return; + printf("MCA: Bank %d, Status 0x%016llx\n", rec->mr_bank, (long long)rec->mr_status); printf("MCA: Global Cap 0x%016llx, Status 0x%016llx\n", @@ -698,8 +726,8 @@ cmci_setup(void) { int i; - cmc_state = malloc((mp_maxid + 1) * sizeof(struct cmc_state **), - M_MCA, M_WAITOK); + cmc_state = malloc((mp_maxid + 1) * sizeof(struct cmc_state *), M_MCA, + M_WAITOK); for (i = 0; i <= mp_maxid; i++) cmc_state[i] = malloc(sizeof(struct cmc_state) * mca_banks, M_MCA, M_WAITOK | M_ZERO); @@ -732,7 +760,8 @@ mca_setup(uint64_t mcg_cap) TASK_INIT(&mca_refill_task, 0, mca_refill, NULL); mca_fill_freelist(); SYSCTL_ADD_INT(NULL, SYSCTL_STATIC_CHILDREN(_hw_mca), OID_AUTO, - "count", CTLFLAG_RD, &mca_count, 0, "Record count"); + "count", CTLFLAG_RD, (int *)(uintptr_t)&mca_count, 0, + "Record count"); SYSCTL_ADD_PROC(NULL, SYSCTL_STATIC_CHILDREN(_hw_mca), OID_AUTO, "interval", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, &mca_ticks, 0, sysctl_positive_int, "I", @@ -938,7 +967,7 @@ void mca_intr(void) { uint64_t mcg_status; - int recoverable; + int old_count, recoverable; if (!(cpu_feature & CPUID_MCA)) { /* @@ -952,15 +981,27 @@ mca_intr(void) } /* Scan the banks and check for any non-recoverable errors. */ + old_count = mca_count; recoverable = mca_scan(MCE); mcg_status = rdmsr(MSR_MCG_STATUS); if (!(mcg_status & MCG_STATUS_RIPV)) recoverable = 0; + if (!recoverable) { + /* + * Wait for at least one error to be logged before + * panic'ing. Some errors will assert a machine check + * on all CPUs, but only certain CPUs will find a valid + * bank to log. + */ + while (mca_count == old_count) + cpu_spinwait(); + + panic("Unrecoverable machine check exception"); + } + /* Clear MCIP. */ wrmsr(MSR_MCG_STATUS, mcg_status & ~MCG_STATUS_MCIP); - if (!recoverable) - panic("Unrecoverable machine check exception"); } #ifdef DEV_APIC From owner-svn-src-stable-8@FreeBSD.ORG Thu Aug 7 20:01:01 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 17EEE1B0 for ; Thu, 7 Aug 2014 20:01:01 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFE2F2E96 for ; Thu, 7 Aug 2014 20:01:00 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2eac by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 20:01:00 +0000 From: Peter Wemm Date: Thu, 7 Aug 2014 20:01:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269683 - stable/8/lib/libc/stdlib X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3dafc.2eac.4b24d731@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 20:01:01 -0000 Author: peter Date: Thu Aug 7 20:01:00 2014 New Revision: 269683 URL: http://svnweb.freebsd.org/changeset/base/269683 Log: Like on stable/9 and later, don't redefine MALLOC_PRODUCTION Modified: stable/8/lib/libc/stdlib/malloc.c Modified: stable/8/lib/libc/stdlib/malloc.c ============================================================================== --- stable/8/lib/libc/stdlib/malloc.c Thu Aug 7 18:56:10 2014 (r269682) +++ stable/8/lib/libc/stdlib/malloc.c Thu Aug 7 20:01:00 2014 (r269683) @@ -114,7 +114,9 @@ * defaults the A and J runtime options to off. These settings are appropriate * for production systems. */ +#ifndef MALLOC_PRODUCTION #define MALLOC_PRODUCTION +#define #ifndef MALLOC_PRODUCTION /* From owner-svn-src-stable-8@FreeBSD.ORG Thu Aug 7 20:05:50 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A11B832B for ; Thu, 7 Aug 2014 20:05:50 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76802200F for ; Thu, 7 Aug 2014 20:05:50 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2ec0 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 20:05:50 +0000 From: Peter Wemm Date: Thu, 7 Aug 2014 20:05:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269684 - stable/8/lib/libc/stdlib X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3dc1e.2ec0.2b0c4672@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 20:05:50 -0000 Author: peter Date: Thu Aug 7 20:05:50 2014 New Revision: 269684 URL: http://svnweb.freebsd.org/changeset/base/269684 Log: Fix cut/paste brain-o. Spell #endif correctly. Modified: stable/8/lib/libc/stdlib/malloc.c Modified: stable/8/lib/libc/stdlib/malloc.c ============================================================================== --- stable/8/lib/libc/stdlib/malloc.c Thu Aug 7 20:01:00 2014 (r269683) +++ stable/8/lib/libc/stdlib/malloc.c Thu Aug 7 20:05:50 2014 (r269684) @@ -116,7 +116,7 @@ */ #ifndef MALLOC_PRODUCTION #define MALLOC_PRODUCTION -#define +#endif #ifndef MALLOC_PRODUCTION /* From owner-svn-src-stable-8@FreeBSD.ORG Thu Aug 7 21:06:42 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D46C721 for ; Thu, 7 Aug 2014 21:06:42 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3FAA0271A for ; Thu, 7 Aug 2014 21:06:42 +0000 (UTC) Received: from jkim (uid 1068) (envelope-from jkim@FreeBSD.org) id 20d5 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Thu, 07 Aug 2014 21:06:35 +0000 From: Jung-uk Kim Date: Thu, 7 Aug 2014 21:06:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269687 - in stable: 8/crypto/openssl 8/crypto/openssl/apps 8/crypto/openssl/crypto 8/crypto/openssl/crypto/asn1 8/crypto/openssl/crypto/bio 8/crypto/openssl/crypto/bn 8/crypto/openssl/... X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e3ea5b.20d5.4df5807d@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2014 21:06:42 -0000 Author: jkim Date: Thu Aug 7 21:06:34 2014 New Revision: 269687 URL: http://svnweb.freebsd.org/changeset/base/269687 Log: Merge OpenSSL 0.9.8zb. Added: stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) Deleted: stable/8/crypto/openssl/crypto/pkcs7/bio_ber.c stable/8/crypto/openssl/crypto/pkcs7/dec.c stable/8/crypto/openssl/crypto/pkcs7/des.pem stable/8/crypto/openssl/crypto/pkcs7/doc stable/8/crypto/openssl/crypto/pkcs7/enc.c stable/8/crypto/openssl/crypto/pkcs7/es1.pem stable/8/crypto/openssl/crypto/pkcs7/example.c stable/8/crypto/openssl/crypto/pkcs7/example.h stable/8/crypto/openssl/crypto/pkcs7/info.pem stable/8/crypto/openssl/crypto/pkcs7/infokey.pem stable/8/crypto/openssl/crypto/pkcs7/p7/ stable/8/crypto/openssl/crypto/pkcs7/server.pem stable/8/crypto/openssl/crypto/pkcs7/sign.c stable/8/crypto/openssl/crypto/pkcs7/t/ stable/8/crypto/openssl/crypto/pkcs7/verify.c stable/8/crypto/openssl/demos/eay/ stable/8/crypto/openssl/demos/maurice/ Modified: stable/8/crypto/openssl/CHANGES stable/8/crypto/openssl/FAQ stable/8/crypto/openssl/Makefile stable/8/crypto/openssl/NEWS stable/8/crypto/openssl/README stable/8/crypto/openssl/apps/apps.c stable/8/crypto/openssl/apps/ca.c stable/8/crypto/openssl/apps/crl2p7.c stable/8/crypto/openssl/apps/ocsp.c stable/8/crypto/openssl/apps/s_server.c stable/8/crypto/openssl/apps/speed.c stable/8/crypto/openssl/crypto/asn1/a_object.c stable/8/crypto/openssl/crypto/asn1/asn1_lib.c stable/8/crypto/openssl/crypto/asn1/asn_mime.c stable/8/crypto/openssl/crypto/asn1/asn_pack.c stable/8/crypto/openssl/crypto/asn1/evp_asn1.c stable/8/crypto/openssl/crypto/asn1/t_x509.c stable/8/crypto/openssl/crypto/asn1/tasn_enc.c stable/8/crypto/openssl/crypto/bio/bio_lib.c stable/8/crypto/openssl/crypto/bn/bn_gf2m.c stable/8/crypto/openssl/crypto/bn/bn_lib.c stable/8/crypto/openssl/crypto/bn/bn_sqr.c stable/8/crypto/openssl/crypto/conf/conf_api.c stable/8/crypto/openssl/crypto/conf/conf_def.c stable/8/crypto/openssl/crypto/ec/ec_lib.c stable/8/crypto/openssl/crypto/ec/ecp_smpl.c stable/8/crypto/openssl/crypto/idea/ideatest.c stable/8/crypto/openssl/crypto/objects/obj_dat.c stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c stable/8/crypto/openssl/crypto/opensslv.h stable/8/crypto/openssl/crypto/pkcs7/Makefile stable/8/crypto/openssl/crypto/rsa/rsa_eay.c stable/8/crypto/openssl/crypto/ui/ui_lib.c stable/8/crypto/openssl/doc/apps/asn1parse.pod stable/8/crypto/openssl/doc/apps/ca.pod stable/8/crypto/openssl/doc/apps/crl.pod stable/8/crypto/openssl/doc/apps/dhparam.pod stable/8/crypto/openssl/doc/apps/dsa.pod stable/8/crypto/openssl/doc/apps/ecparam.pod stable/8/crypto/openssl/doc/apps/gendsa.pod stable/8/crypto/openssl/doc/apps/genrsa.pod stable/8/crypto/openssl/doc/apps/rsa.pod stable/8/crypto/openssl/doc/apps/s_client.pod stable/8/crypto/openssl/doc/apps/s_server.pod stable/8/crypto/openssl/doc/apps/verify.pod stable/8/crypto/openssl/doc/apps/x509.pod stable/8/crypto/openssl/doc/apps/x509v3_config.pod stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/8/crypto/openssl/doc/crypto/BIO_f_base64.pod stable/8/crypto/openssl/doc/crypto/BIO_push.pod stable/8/crypto/openssl/doc/crypto/ERR_get_error.pod stable/8/crypto/openssl/doc/crypto/RSA_set_method.pod stable/8/crypto/openssl/doc/crypto/RSA_sign.pod stable/8/crypto/openssl/doc/crypto/des.pod stable/8/crypto/openssl/doc/crypto/err.pod stable/8/crypto/openssl/doc/crypto/pem.pod stable/8/crypto/openssl/doc/crypto/ui.pod stable/8/crypto/openssl/doc/fingerprints.txt stable/8/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod stable/8/crypto/openssl/doc/ssl/SSL_get_version.pod stable/8/crypto/openssl/doc/ssl/SSL_shutdown.pod stable/8/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod stable/8/crypto/openssl/openssl.spec stable/8/crypto/openssl/ssl/d1_both.c stable/8/crypto/openssl/ssl/d1_clnt.c stable/8/crypto/openssl/ssl/d1_srvr.c stable/8/crypto/openssl/ssl/s23_lib.c stable/8/crypto/openssl/ssl/s23_srvr.c stable/8/crypto/openssl/ssl/s3_clnt.c stable/8/crypto/openssl/ssl/s3_pkt.c stable/8/crypto/openssl/ssl/s3_srvr.c stable/8/crypto/openssl/ssl/ssl_ciph.c stable/8/crypto/openssl/ssl/ssl_stat.c stable/8/crypto/openssl/ssl/t1_lib.c stable/8/crypto/openssl/util/mkerr.pl stable/8/secure/lib/libcrypto/Makefile stable/8/secure/lib/libcrypto/Makefile.inc stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/8/secure/lib/libcrypto/man/BIO_ctrl.3 stable/8/secure/lib/libcrypto/man/BIO_f_base64.3 stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/8/secure/lib/libcrypto/man/BIO_f_md.3 stable/8/secure/lib/libcrypto/man/BIO_f_null.3 stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/8/secure/lib/libcrypto/man/BIO_find_type.3 stable/8/secure/lib/libcrypto/man/BIO_new.3 stable/8/secure/lib/libcrypto/man/BIO_push.3 stable/8/secure/lib/libcrypto/man/BIO_read.3 stable/8/secure/lib/libcrypto/man/BIO_s_accept.3 stable/8/secure/lib/libcrypto/man/BIO_s_bio.3 stable/8/secure/lib/libcrypto/man/BIO_s_connect.3 stable/8/secure/lib/libcrypto/man/BIO_s_fd.3 stable/8/secure/lib/libcrypto/man/BIO_s_file.3 stable/8/secure/lib/libcrypto/man/BIO_s_mem.3 stable/8/secure/lib/libcrypto/man/BIO_s_null.3 stable/8/secure/lib/libcrypto/man/BIO_s_socket.3 stable/8/secure/lib/libcrypto/man/BIO_set_callback.3 stable/8/secure/lib/libcrypto/man/BIO_should_retry.3 stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_start.3 stable/8/secure/lib/libcrypto/man/BN_add.3 stable/8/secure/lib/libcrypto/man/BN_add_word.3 stable/8/secure/lib/libcrypto/man/BN_bn2bin.3 stable/8/secure/lib/libcrypto/man/BN_cmp.3 stable/8/secure/lib/libcrypto/man/BN_copy.3 stable/8/secure/lib/libcrypto/man/BN_generate_prime.3 stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/8/secure/lib/libcrypto/man/BN_new.3 stable/8/secure/lib/libcrypto/man/BN_num_bytes.3 stable/8/secure/lib/libcrypto/man/BN_rand.3 stable/8/secure/lib/libcrypto/man/BN_set_bit.3 stable/8/secure/lib/libcrypto/man/BN_swap.3 stable/8/secure/lib/libcrypto/man/BN_zero.3 stable/8/secure/lib/libcrypto/man/CONF_modules_free.3 stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/8/secure/lib/libcrypto/man/DH_generate_key.3 stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DH_new.3 stable/8/secure/lib/libcrypto/man/DH_set_method.3 stable/8/secure/lib/libcrypto/man/DH_size.3 stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/8/secure/lib/libcrypto/man/DSA_do_sign.3 stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/8/secure/lib/libcrypto/man/DSA_generate_key.3 stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DSA_new.3 stable/8/secure/lib/libcrypto/man/DSA_set_method.3 stable/8/secure/lib/libcrypto/man/DSA_sign.3 stable/8/secure/lib/libcrypto/man/DSA_size.3 stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/8/secure/lib/libcrypto/man/ERR_clear_error.3 stable/8/secure/lib/libcrypto/man/ERR_error_string.3 stable/8/secure/lib/libcrypto/man/ERR_get_error.3 stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/8/secure/lib/libcrypto/man/ERR_load_strings.3 stable/8/secure/lib/libcrypto/man/ERR_print_errors.3 stable/8/secure/lib/libcrypto/man/ERR_put_error.3 stable/8/secure/lib/libcrypto/man/ERR_remove_state.3 stable/8/secure/lib/libcrypto/man/ERR_set_mark.3 stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/8/secure/lib/libcrypto/man/EVP_SealInit.3 stable/8/secure/lib/libcrypto/man/EVP_SignInit.3 stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/8/secure/lib/libcrypto/man/OPENSSL_config.3 stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/8/secure/lib/libcrypto/man/PKCS12_create.3 stable/8/secure/lib/libcrypto/man/PKCS12_parse.3 stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_sign.3 stable/8/secure/lib/libcrypto/man/PKCS7_verify.3 stable/8/secure/lib/libcrypto/man/RAND_add.3 stable/8/secure/lib/libcrypto/man/RAND_bytes.3 stable/8/secure/lib/libcrypto/man/RAND_cleanup.3 stable/8/secure/lib/libcrypto/man/RAND_egd.3 stable/8/secure/lib/libcrypto/man/RAND_load_file.3 stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/8/secure/lib/libcrypto/man/RSA_check_key.3 stable/8/secure/lib/libcrypto/man/RSA_generate_key.3 stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/RSA_new.3 stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/8/secure/lib/libcrypto/man/RSA_print.3 stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_set_method.3 stable/8/secure/lib/libcrypto/man/RSA_sign.3 stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/8/secure/lib/libcrypto/man/RSA_size.3 stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/8/secure/lib/libcrypto/man/X509_new.3 stable/8/secure/lib/libcrypto/man/bio.3 stable/8/secure/lib/libcrypto/man/blowfish.3 stable/8/secure/lib/libcrypto/man/bn.3 stable/8/secure/lib/libcrypto/man/bn_internal.3 stable/8/secure/lib/libcrypto/man/buffer.3 stable/8/secure/lib/libcrypto/man/crypto.3 stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/8/secure/lib/libcrypto/man/d2i_DHparams.3 stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_X509.3 stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/8/secure/lib/libcrypto/man/des.3 stable/8/secure/lib/libcrypto/man/dh.3 stable/8/secure/lib/libcrypto/man/dsa.3 stable/8/secure/lib/libcrypto/man/ecdsa.3 stable/8/secure/lib/libcrypto/man/engine.3 stable/8/secure/lib/libcrypto/man/err.3 stable/8/secure/lib/libcrypto/man/evp.3 stable/8/secure/lib/libcrypto/man/hmac.3 stable/8/secure/lib/libcrypto/man/lh_stats.3 stable/8/secure/lib/libcrypto/man/lhash.3 stable/8/secure/lib/libcrypto/man/md5.3 stable/8/secure/lib/libcrypto/man/mdc2.3 stable/8/secure/lib/libcrypto/man/pem.3 stable/8/secure/lib/libcrypto/man/rand.3 stable/8/secure/lib/libcrypto/man/rc4.3 stable/8/secure/lib/libcrypto/man/ripemd.3 stable/8/secure/lib/libcrypto/man/rsa.3 stable/8/secure/lib/libcrypto/man/sha.3 stable/8/secure/lib/libcrypto/man/threads.3 stable/8/secure/lib/libcrypto/man/ui.3 stable/8/secure/lib/libcrypto/man/ui_compat.3 stable/8/secure/lib/libcrypto/man/x509.3 stable/8/secure/lib/libssl/Makefile.man stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_free.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/8/secure/lib/libssl/man/SSL_CTX_new.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/8/secure/lib/libssl/man/SSL_SESSION_free.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/8/secure/lib/libssl/man/SSL_accept.3 stable/8/secure/lib/libssl/man/SSL_alert_type_string.3 stable/8/secure/lib/libssl/man/SSL_clear.3 stable/8/secure/lib/libssl/man/SSL_connect.3 stable/8/secure/lib/libssl/man/SSL_do_handshake.3 stable/8/secure/lib/libssl/man/SSL_free.3 stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/8/secure/lib/libssl/man/SSL_get_ciphers.3 stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/8/secure/lib/libssl/man/SSL_get_error.3 stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_get_fd.3 stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/8/secure/lib/libssl/man/SSL_get_rbio.3 stable/8/secure/lib/libssl/man/SSL_get_session.3 stable/8/secure/lib/libssl/man/SSL_get_verify_result.3 stable/8/secure/lib/libssl/man/SSL_get_version.3 stable/8/secure/lib/libssl/man/SSL_library_init.3 stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/8/secure/lib/libssl/man/SSL_new.3 stable/8/secure/lib/libssl/man/SSL_pending.3 stable/8/secure/lib/libssl/man/SSL_read.3 stable/8/secure/lib/libssl/man/SSL_rstate_string.3 stable/8/secure/lib/libssl/man/SSL_session_reused.3 stable/8/secure/lib/libssl/man/SSL_set_bio.3 stable/8/secure/lib/libssl/man/SSL_set_connect_state.3 stable/8/secure/lib/libssl/man/SSL_set_fd.3 stable/8/secure/lib/libssl/man/SSL_set_session.3 stable/8/secure/lib/libssl/man/SSL_set_shutdown.3 stable/8/secure/lib/libssl/man/SSL_set_verify_result.3 stable/8/secure/lib/libssl/man/SSL_shutdown.3 stable/8/secure/lib/libssl/man/SSL_state_string.3 stable/8/secure/lib/libssl/man/SSL_want.3 stable/8/secure/lib/libssl/man/SSL_write.3 stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/8/secure/lib/libssl/man/ssl.3 stable/8/secure/usr.bin/openssl/man/CA.pl.1 stable/8/secure/usr.bin/openssl/man/asn1parse.1 stable/8/secure/usr.bin/openssl/man/ca.1 stable/8/secure/usr.bin/openssl/man/ciphers.1 stable/8/secure/usr.bin/openssl/man/crl.1 stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/8/secure/usr.bin/openssl/man/dgst.1 stable/8/secure/usr.bin/openssl/man/dhparam.1 stable/8/secure/usr.bin/openssl/man/dsa.1 stable/8/secure/usr.bin/openssl/man/dsaparam.1 stable/8/secure/usr.bin/openssl/man/ec.1 stable/8/secure/usr.bin/openssl/man/ecparam.1 stable/8/secure/usr.bin/openssl/man/enc.1 stable/8/secure/usr.bin/openssl/man/errstr.1 stable/8/secure/usr.bin/openssl/man/gendsa.1 stable/8/secure/usr.bin/openssl/man/genrsa.1 stable/8/secure/usr.bin/openssl/man/nseq.1 stable/8/secure/usr.bin/openssl/man/ocsp.1 stable/8/secure/usr.bin/openssl/man/openssl.1 stable/8/secure/usr.bin/openssl/man/passwd.1 stable/8/secure/usr.bin/openssl/man/pkcs12.1 stable/8/secure/usr.bin/openssl/man/pkcs7.1 stable/8/secure/usr.bin/openssl/man/pkcs8.1 stable/8/secure/usr.bin/openssl/man/rand.1 stable/8/secure/usr.bin/openssl/man/req.1 stable/8/secure/usr.bin/openssl/man/rsa.1 stable/8/secure/usr.bin/openssl/man/rsautl.1 stable/8/secure/usr.bin/openssl/man/s_client.1 stable/8/secure/usr.bin/openssl/man/s_server.1 stable/8/secure/usr.bin/openssl/man/s_time.1 stable/8/secure/usr.bin/openssl/man/sess_id.1 stable/8/secure/usr.bin/openssl/man/smime.1 stable/8/secure/usr.bin/openssl/man/speed.1 stable/8/secure/usr.bin/openssl/man/spkac.1 stable/8/secure/usr.bin/openssl/man/verify.1 stable/8/secure/usr.bin/openssl/man/version.1 stable/8/secure/usr.bin/openssl/man/x509.1 stable/8/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/8/crypto/openssl/ (props changed) Changes in other areas also in this revision: Added: stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) Deleted: stable/9/crypto/openssl/crypto/pkcs7/bio_ber.c stable/9/crypto/openssl/crypto/pkcs7/dec.c stable/9/crypto/openssl/crypto/pkcs7/des.pem stable/9/crypto/openssl/crypto/pkcs7/doc stable/9/crypto/openssl/crypto/pkcs7/enc.c stable/9/crypto/openssl/crypto/pkcs7/es1.pem stable/9/crypto/openssl/crypto/pkcs7/example.c stable/9/crypto/openssl/crypto/pkcs7/example.h stable/9/crypto/openssl/crypto/pkcs7/info.pem stable/9/crypto/openssl/crypto/pkcs7/infokey.pem stable/9/crypto/openssl/crypto/pkcs7/p7/ stable/9/crypto/openssl/crypto/pkcs7/server.pem stable/9/crypto/openssl/crypto/pkcs7/sign.c stable/9/crypto/openssl/crypto/pkcs7/t/ stable/9/crypto/openssl/crypto/pkcs7/verify.c stable/9/crypto/openssl/demos/eay/ stable/9/crypto/openssl/demos/maurice/ Modified: stable/9/crypto/openssl/CHANGES stable/9/crypto/openssl/FAQ stable/9/crypto/openssl/Makefile stable/9/crypto/openssl/NEWS stable/9/crypto/openssl/README stable/9/crypto/openssl/apps/apps.c stable/9/crypto/openssl/apps/ca.c stable/9/crypto/openssl/apps/crl2p7.c stable/9/crypto/openssl/apps/ocsp.c stable/9/crypto/openssl/apps/s_server.c stable/9/crypto/openssl/apps/speed.c stable/9/crypto/openssl/crypto/asn1/a_object.c stable/9/crypto/openssl/crypto/asn1/asn1_lib.c stable/9/crypto/openssl/crypto/asn1/asn_mime.c stable/9/crypto/openssl/crypto/asn1/asn_pack.c stable/9/crypto/openssl/crypto/asn1/evp_asn1.c stable/9/crypto/openssl/crypto/asn1/t_x509.c stable/9/crypto/openssl/crypto/asn1/tasn_enc.c stable/9/crypto/openssl/crypto/bio/bio_lib.c stable/9/crypto/openssl/crypto/bn/bn_gf2m.c stable/9/crypto/openssl/crypto/bn/bn_lib.c stable/9/crypto/openssl/crypto/bn/bn_sqr.c stable/9/crypto/openssl/crypto/conf/conf_api.c stable/9/crypto/openssl/crypto/conf/conf_def.c stable/9/crypto/openssl/crypto/ec/ec_lib.c stable/9/crypto/openssl/crypto/ec/ecp_smpl.c stable/9/crypto/openssl/crypto/idea/ideatest.c stable/9/crypto/openssl/crypto/objects/obj_dat.c stable/9/crypto/openssl/crypto/ocsp/ocsp_ht.c stable/9/crypto/openssl/crypto/ocsp/ocsp_lib.c stable/9/crypto/openssl/crypto/opensslv.h stable/9/crypto/openssl/crypto/pkcs7/Makefile stable/9/crypto/openssl/crypto/rsa/rsa_eay.c stable/9/crypto/openssl/crypto/ui/ui_lib.c stable/9/crypto/openssl/doc/apps/asn1parse.pod stable/9/crypto/openssl/doc/apps/ca.pod stable/9/crypto/openssl/doc/apps/crl.pod stable/9/crypto/openssl/doc/apps/dhparam.pod stable/9/crypto/openssl/doc/apps/dsa.pod stable/9/crypto/openssl/doc/apps/ecparam.pod stable/9/crypto/openssl/doc/apps/gendsa.pod stable/9/crypto/openssl/doc/apps/genrsa.pod stable/9/crypto/openssl/doc/apps/rsa.pod stable/9/crypto/openssl/doc/apps/s_client.pod stable/9/crypto/openssl/doc/apps/s_server.pod stable/9/crypto/openssl/doc/apps/verify.pod stable/9/crypto/openssl/doc/apps/x509.pod stable/9/crypto/openssl/doc/apps/x509v3_config.pod stable/9/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/9/crypto/openssl/doc/crypto/BIO_f_base64.pod stable/9/crypto/openssl/doc/crypto/BIO_push.pod stable/9/crypto/openssl/doc/crypto/ERR_get_error.pod stable/9/crypto/openssl/doc/crypto/RSA_set_method.pod stable/9/crypto/openssl/doc/crypto/RSA_sign.pod stable/9/crypto/openssl/doc/crypto/des.pod stable/9/crypto/openssl/doc/crypto/err.pod stable/9/crypto/openssl/doc/crypto/pem.pod stable/9/crypto/openssl/doc/crypto/ui.pod stable/9/crypto/openssl/doc/fingerprints.txt stable/9/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod stable/9/crypto/openssl/doc/ssl/SSL_get_version.pod stable/9/crypto/openssl/doc/ssl/SSL_shutdown.pod stable/9/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod stable/9/crypto/openssl/openssl.spec stable/9/crypto/openssl/ssl/d1_both.c stable/9/crypto/openssl/ssl/d1_clnt.c stable/9/crypto/openssl/ssl/d1_srvr.c stable/9/crypto/openssl/ssl/s23_lib.c stable/9/crypto/openssl/ssl/s23_srvr.c stable/9/crypto/openssl/ssl/s3_clnt.c stable/9/crypto/openssl/ssl/s3_pkt.c stable/9/crypto/openssl/ssl/s3_srvr.c stable/9/crypto/openssl/ssl/ssl_ciph.c stable/9/crypto/openssl/ssl/ssl_stat.c stable/9/crypto/openssl/ssl/t1_lib.c stable/9/crypto/openssl/util/mkerr.pl stable/9/secure/lib/libcrypto/Makefile stable/9/secure/lib/libcrypto/Makefile.inc stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/9/secure/lib/libcrypto/man/BIO_ctrl.3 stable/9/secure/lib/libcrypto/man/BIO_f_base64.3 stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/9/secure/lib/libcrypto/man/BIO_f_md.3 stable/9/secure/lib/libcrypto/man/BIO_f_null.3 stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/9/secure/lib/libcrypto/man/BIO_find_type.3 stable/9/secure/lib/libcrypto/man/BIO_new.3 stable/9/secure/lib/libcrypto/man/BIO_push.3 stable/9/secure/lib/libcrypto/man/BIO_read.3 stable/9/secure/lib/libcrypto/man/BIO_s_accept.3 stable/9/secure/lib/libcrypto/man/BIO_s_bio.3 stable/9/secure/lib/libcrypto/man/BIO_s_connect.3 stable/9/secure/lib/libcrypto/man/BIO_s_fd.3 stable/9/secure/lib/libcrypto/man/BIO_s_file.3 stable/9/secure/lib/libcrypto/man/BIO_s_mem.3 stable/9/secure/lib/libcrypto/man/BIO_s_null.3 stable/9/secure/lib/libcrypto/man/BIO_s_socket.3 stable/9/secure/lib/libcrypto/man/BIO_set_callback.3 stable/9/secure/lib/libcrypto/man/BIO_should_retry.3 stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_new.3 stable/9/secure/lib/libcrypto/man/BN_CTX_start.3 stable/9/secure/lib/libcrypto/man/BN_add.3 stable/9/secure/lib/libcrypto/man/BN_add_word.3 stable/9/secure/lib/libcrypto/man/BN_bn2bin.3 stable/9/secure/lib/libcrypto/man/BN_cmp.3 stable/9/secure/lib/libcrypto/man/BN_copy.3 stable/9/secure/lib/libcrypto/man/BN_generate_prime.3 stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/9/secure/lib/libcrypto/man/BN_new.3 stable/9/secure/lib/libcrypto/man/BN_num_bytes.3 stable/9/secure/lib/libcrypto/man/BN_rand.3 stable/9/secure/lib/libcrypto/man/BN_set_bit.3 stable/9/secure/lib/libcrypto/man/BN_swap.3 stable/9/secure/lib/libcrypto/man/BN_zero.3 stable/9/secure/lib/libcrypto/man/CONF_modules_free.3 stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/9/secure/lib/libcrypto/man/DH_generate_key.3 stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DH_new.3 stable/9/secure/lib/libcrypto/man/DH_set_method.3 stable/9/secure/lib/libcrypto/man/DH_size.3 stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/9/secure/lib/libcrypto/man/DSA_do_sign.3 stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/9/secure/lib/libcrypto/man/DSA_generate_key.3 stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/DSA_new.3 stable/9/secure/lib/libcrypto/man/DSA_set_method.3 stable/9/secure/lib/libcrypto/man/DSA_sign.3 stable/9/secure/lib/libcrypto/man/DSA_size.3 stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/9/secure/lib/libcrypto/man/ERR_clear_error.3 stable/9/secure/lib/libcrypto/man/ERR_error_string.3 stable/9/secure/lib/libcrypto/man/ERR_get_error.3 stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/9/secure/lib/libcrypto/man/ERR_load_strings.3 stable/9/secure/lib/libcrypto/man/ERR_print_errors.3 stable/9/secure/lib/libcrypto/man/ERR_put_error.3 stable/9/secure/lib/libcrypto/man/ERR_remove_state.3 stable/9/secure/lib/libcrypto/man/ERR_set_mark.3 stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/9/secure/lib/libcrypto/man/EVP_SealInit.3 stable/9/secure/lib/libcrypto/man/EVP_SignInit.3 stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/9/secure/lib/libcrypto/man/OPENSSL_config.3 stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/9/secure/lib/libcrypto/man/PKCS12_create.3 stable/9/secure/lib/libcrypto/man/PKCS12_parse.3 stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/9/secure/lib/libcrypto/man/PKCS7_sign.3 stable/9/secure/lib/libcrypto/man/PKCS7_verify.3 stable/9/secure/lib/libcrypto/man/RAND_add.3 stable/9/secure/lib/libcrypto/man/RAND_bytes.3 stable/9/secure/lib/libcrypto/man/RAND_cleanup.3 stable/9/secure/lib/libcrypto/man/RAND_egd.3 stable/9/secure/lib/libcrypto/man/RAND_load_file.3 stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/9/secure/lib/libcrypto/man/RSA_check_key.3 stable/9/secure/lib/libcrypto/man/RSA_generate_key.3 stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/9/secure/lib/libcrypto/man/RSA_new.3 stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/9/secure/lib/libcrypto/man/RSA_print.3 stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/9/secure/lib/libcrypto/man/RSA_set_method.3 stable/9/secure/lib/libcrypto/man/RSA_sign.3 stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/9/secure/lib/libcrypto/man/RSA_size.3 stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/9/secure/lib/libcrypto/man/X509_new.3 stable/9/secure/lib/libcrypto/man/bio.3 stable/9/secure/lib/libcrypto/man/blowfish.3 stable/9/secure/lib/libcrypto/man/bn.3 stable/9/secure/lib/libcrypto/man/bn_internal.3 stable/9/secure/lib/libcrypto/man/buffer.3 stable/9/secure/lib/libcrypto/man/crypto.3 stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/9/secure/lib/libcrypto/man/d2i_DHparams.3 stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/9/secure/lib/libcrypto/man/d2i_X509.3 stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/9/secure/lib/libcrypto/man/des.3 stable/9/secure/lib/libcrypto/man/dh.3 stable/9/secure/lib/libcrypto/man/dsa.3 stable/9/secure/lib/libcrypto/man/ecdsa.3 stable/9/secure/lib/libcrypto/man/engine.3 stable/9/secure/lib/libcrypto/man/err.3 stable/9/secure/lib/libcrypto/man/evp.3 stable/9/secure/lib/libcrypto/man/hmac.3 stable/9/secure/lib/libcrypto/man/lh_stats.3 stable/9/secure/lib/libcrypto/man/lhash.3 stable/9/secure/lib/libcrypto/man/md5.3 stable/9/secure/lib/libcrypto/man/mdc2.3 stable/9/secure/lib/libcrypto/man/pem.3 stable/9/secure/lib/libcrypto/man/rand.3 stable/9/secure/lib/libcrypto/man/rc4.3 stable/9/secure/lib/libcrypto/man/ripemd.3 stable/9/secure/lib/libcrypto/man/rsa.3 stable/9/secure/lib/libcrypto/man/sha.3 stable/9/secure/lib/libcrypto/man/threads.3 stable/9/secure/lib/libcrypto/man/ui.3 stable/9/secure/lib/libcrypto/man/ui_compat.3 stable/9/secure/lib/libcrypto/man/x509.3 stable/9/secure/lib/libssl/Makefile.man stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_free.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/9/secure/lib/libssl/man/SSL_CTX_new.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/9/secure/lib/libssl/man/SSL_SESSION_free.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/9/secure/lib/libssl/man/SSL_accept.3 stable/9/secure/lib/libssl/man/SSL_alert_type_string.3 stable/9/secure/lib/libssl/man/SSL_clear.3 stable/9/secure/lib/libssl/man/SSL_connect.3 stable/9/secure/lib/libssl/man/SSL_do_handshake.3 stable/9/secure/lib/libssl/man/SSL_free.3 stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/9/secure/lib/libssl/man/SSL_get_ciphers.3 stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/9/secure/lib/libssl/man/SSL_get_error.3 stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/9/secure/lib/libssl/man/SSL_get_fd.3 stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/9/secure/lib/libssl/man/SSL_get_rbio.3 stable/9/secure/lib/libssl/man/SSL_get_session.3 stable/9/secure/lib/libssl/man/SSL_get_verify_result.3 stable/9/secure/lib/libssl/man/SSL_get_version.3 stable/9/secure/lib/libssl/man/SSL_library_init.3 stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/9/secure/lib/libssl/man/SSL_new.3 stable/9/secure/lib/libssl/man/SSL_pending.3 stable/9/secure/lib/libssl/man/SSL_read.3 stable/9/secure/lib/libssl/man/SSL_rstate_string.3 stable/9/secure/lib/libssl/man/SSL_session_reused.3 stable/9/secure/lib/libssl/man/SSL_set_bio.3 stable/9/secure/lib/libssl/man/SSL_set_connect_state.3 stable/9/secure/lib/libssl/man/SSL_set_fd.3 stable/9/secure/lib/libssl/man/SSL_set_session.3 stable/9/secure/lib/libssl/man/SSL_set_shutdown.3 stable/9/secure/lib/libssl/man/SSL_set_verify_result.3 stable/9/secure/lib/libssl/man/SSL_shutdown.3 stable/9/secure/lib/libssl/man/SSL_state_string.3 stable/9/secure/lib/libssl/man/SSL_want.3 stable/9/secure/lib/libssl/man/SSL_write.3 stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/9/secure/lib/libssl/man/ssl.3 stable/9/secure/usr.bin/openssl/man/CA.pl.1 stable/9/secure/usr.bin/openssl/man/asn1parse.1 stable/9/secure/usr.bin/openssl/man/ca.1 stable/9/secure/usr.bin/openssl/man/ciphers.1 stable/9/secure/usr.bin/openssl/man/crl.1 stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/9/secure/usr.bin/openssl/man/dgst.1 stable/9/secure/usr.bin/openssl/man/dhparam.1 stable/9/secure/usr.bin/openssl/man/dsa.1 stable/9/secure/usr.bin/openssl/man/dsaparam.1 stable/9/secure/usr.bin/openssl/man/ec.1 stable/9/secure/usr.bin/openssl/man/ecparam.1 stable/9/secure/usr.bin/openssl/man/enc.1 stable/9/secure/usr.bin/openssl/man/errstr.1 stable/9/secure/usr.bin/openssl/man/gendsa.1 stable/9/secure/usr.bin/openssl/man/genrsa.1 stable/9/secure/usr.bin/openssl/man/nseq.1 stable/9/secure/usr.bin/openssl/man/ocsp.1 stable/9/secure/usr.bin/openssl/man/openssl.1 stable/9/secure/usr.bin/openssl/man/passwd.1 stable/9/secure/usr.bin/openssl/man/pkcs12.1 stable/9/secure/usr.bin/openssl/man/pkcs7.1 stable/9/secure/usr.bin/openssl/man/pkcs8.1 stable/9/secure/usr.bin/openssl/man/rand.1 stable/9/secure/usr.bin/openssl/man/req.1 stable/9/secure/usr.bin/openssl/man/rsa.1 stable/9/secure/usr.bin/openssl/man/rsautl.1 stable/9/secure/usr.bin/openssl/man/s_client.1 stable/9/secure/usr.bin/openssl/man/s_server.1 stable/9/secure/usr.bin/openssl/man/s_time.1 stable/9/secure/usr.bin/openssl/man/sess_id.1 stable/9/secure/usr.bin/openssl/man/smime.1 stable/9/secure/usr.bin/openssl/man/speed.1 stable/9/secure/usr.bin/openssl/man/spkac.1 stable/9/secure/usr.bin/openssl/man/verify.1 stable/9/secure/usr.bin/openssl/man/version.1 stable/9/secure/usr.bin/openssl/man/x509.1 stable/9/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/9/crypto/openssl/ (props changed) Modified: stable/8/crypto/openssl/CHANGES ============================================================================== --- stable/8/crypto/openssl/CHANGES Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/CHANGES Thu Aug 7 21:06:34 2014 (r269687) @@ -2,6 +2,53 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + Changes between 0.9.8y and 0.9.8za [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted Modified: stable/8/crypto/openssl/FAQ ============================================================================== --- stable/8/crypto/openssl/FAQ Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/FAQ Thu Aug 7 21:06:34 2014 (r269687) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt Modified: stable/8/crypto/openssl/Makefile ============================================================================== --- stable/8/crypto/openssl/Makefile Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/Makefile Thu Aug 7 21:06:34 2014 (r269687) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8za +VERSION=0.9.8zb MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: stable/8/crypto/openssl/NEWS ============================================================================== --- stable/8/crypto/openssl/NEWS Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/NEWS Thu Aug 7 21:06:34 2014 (r269687) @@ -5,6 +5,22 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: + + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3508 + + Known issues in OpenSSL 0.9.8za: + + o Compilation failure of s3_pkt.c on some platforms due to missing + include. Fixed in 0.9.8zb-dev. + o FIPS capable link failure with missing symbol BN_consttime_swap. + Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC + algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. + Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 Modified: stable/8/crypto/openssl/README ============================================================================== --- stable/8/crypto/openssl/README Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/README Thu Aug 7 21:06:34 2014 (r269687) @@ -1,5 +1,5 @@ - OpenSSL 0.9.8za 5 Jun 2014 + OpenSSL 0.9.8zb 6 Aug 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/8/crypto/openssl/apps/apps.c ============================================================================== --- stable/8/crypto/openssl/apps/apps.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/apps.c Thu Aug 7 21:06:34 2014 (r269687) @@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, in { arg->count=20; arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); + if (arg->data == NULL) + return 0; } for (i=0; icount; i++) arg->data[i]=NULL; @@ -1429,6 +1431,8 @@ char *make_config_name() len=strlen(t)+strlen(OPENSSL_CONF)+2; p=OPENSSL_malloc(len); + if (p == NULL) + return NULL; BUF_strlcpy(p,t,len); #ifndef OPENSSL_SYS_VMS BUF_strlcat(p,"/",len); Modified: stable/8/crypto/openssl/apps/ca.c ============================================================================== --- stable/8/crypto/openssl/apps/ca.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/ca.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *in { ok=0; BIO_printf(bio_err,"Signature verification problems....\n"); + ERR_print_errors(bio_err); goto err; } if (i == 0) { ok=0; BIO_printf(bio_err,"Signature did not match the certificate request\n"); + ERR_print_errors(bio_err); goto err; } else @@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, revtm = X509_gmtime_adj(NULL, 0); + if (!revtm) + return NULL; + i = revtm->length + 1; if (reason) i += strlen(reason) + 1; Modified: stable/8/crypto/openssl/apps/crl2p7.c ============================================================================== --- stable/8/crypto/openssl/apps/crl2p7.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/crl2p7.c Thu Aug 7 21:06:34 2014 (r269687) @@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) { if (--argc < 1) goto bad; if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if (!certflst) + goto end; + if (!sk_push(certflst,*(++argv))) + { + sk_free(certflst); + goto end; + } } else { Modified: stable/8/crypto/openssl/apps/ocsp.c ============================================================================== --- stable/8/crypto/openssl/apps/ocsp.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/ocsp.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *er } resp = query_responder(err, cbio, path, req, req_timeout); if (!resp) - BIO_printf(bio_err, "Error querying OCSP responsder\n"); + BIO_printf(bio_err, "Error querying OCSP responder\n"); end: if (ctx) SSL_CTX_free(ctx); Modified: stable/8/crypto/openssl/apps/s_server.c ============================================================================== --- stable/8/crypto/openssl/apps/s_server.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/s_server.c Thu Aug 7 21:06:34 2014 (r269687) @@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb if (servername) { - if (strcmp(servername,p->servername)) + if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { @@ -1095,6 +1095,14 @@ bad: sv_usage(); goto end; } +#ifndef OPENSSL_NO_DTLS1 + if (www && socket_type == SOCK_DGRAM) + { + BIO_printf(bio_err, + "Can't use -HTTP, -www or -WWW with DTLS\n"); + goto end; + } +#endif SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -1922,8 +1930,10 @@ again: #ifdef CHARSET_EBCDIC ascii2ebcdic(buf,buf,i); #endif - write(fileno(stdout),buf, - (unsigned int)i); + if (write(fileno(stdout),buf, + (unsigned int)i) != i) + goto err; + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: Modified: stable/8/crypto/openssl/apps/speed.c ============================================================================== --- stable/8/crypto/openssl/apps/speed.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/apps/speed.c Thu Aug 7 21:06:34 2014 (r269687) @@ -2767,7 +2767,11 @@ static int do_multi(int multi) fds=malloc(multi*sizeof *fds); for(n=0 ; n < multi ; ++n) { - pipe(fd); + if (pipe(fd) == -1) + { + fprintf(stderr, "pipe failure\n"); + exit(1); + } fflush(stdout); fflush(stderr); if(fork()) @@ -2779,7 +2783,11 @@ static int do_multi(int multi) { close(fd[0]); close(1); - dup(fd[1]); + if (dup(fd[1]) == -1) + { + fprintf(stderr, "dup failed\n"); + exit(1); + } close(fd[1]); mr=1; usertime=0; Modified: stable/8/crypto/openssl/crypto/asn1/a_object.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/a_object.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/a_object.c Thu Aug 7 21:06:34 2014 (r269687) @@ -285,16 +285,28 @@ err: ASN1_OBJECT_free(ret); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT else ret=(*a); p= *pp; - if ((ret->data == NULL) || (ret->length < len)) + if ((ret->data == NULL) || (ret->length < length)) { if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + ret->data=(unsigned char *)OPENSSL_malloc(length); ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; if (ret->data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } } - memcpy(ret->data,p,(int)len); - ret->length=(int)len; + memcpy(ret->data,p,length); + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Modified: stable/8/crypto/openssl/crypto/asn1/asn1_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn1_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn1_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), Modified: stable/8/crypto/openssl/crypto/asn1/asn_mime.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn_mime.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn_mime.c Thu Aug 7 21:06:34 2014 (r269687) @@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; Modified: stable/8/crypto/openssl/crypto/asn1/asn_pack.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/asn_pack.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/asn_pack.c Thu Aug 7 21:06:34 2014 (r269687) @@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, if (!(octmp->length = i2d(obj, NULL))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + goto err; } if (!(p = OPENSSL_malloc (octmp->length))) { ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } octmp->data = p; i2d (obj, &p); return octmp; + err: + if (!oct || !*oct) + { + ASN1_STRING_free(octmp); + if (oct) + *oct = NULL; + } + return NULL; } #endif Modified: stable/8/crypto/openssl/crypto/asn1/evp_asn1.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/evp_asn1.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/evp_asn1.c Thu Aug 7 21:06:34 2014 (r269687) @@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE ASN1_STRING *os; if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); + if (!M_ASN1_OCTET_STRING_set(os,data,len)) + { + M_ASN1_OCTET_STRING_free(os); + return 0; + } ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } Modified: stable/8/crypto/openssl/crypto/asn1/t_x509.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/t_x509.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/t_x509.c Thu Aug 7 21:06:34 2014 (r269687) @@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME * l=80-2-obase; b=X509_NAME_oneline(name,NULL,0); + if (!b) + return 0; if (!*b) { OPENSSL_free(b); Modified: stable/8/crypto/openssl/crypto/asn1/tasn_enc.c ============================================================================== --- stable/8/crypto/openssl/crypto/asn1/tasn_enc.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/asn1/tasn_enc.c Thu Aug 7 21:06:34 2014 (r269687) @@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); + if (!derlst) + return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!derlst || !tmpdat) + if (!tmpdat) + { + OPENSSL_free(derlst); return 0; + } } } /* If not sorting just output each item */ Modified: stable/8/crypto/openssl/crypto/bio/bio_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/bio/bio_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bio/bio_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -132,8 +132,8 @@ int BIO_free(BIO *a) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - a->method->destroy(a); + if ((a->method != NULL) && (a->method->destroy != NULL)) + a->method->destroy(a); OPENSSL_free(a); return(1); } Modified: stable/8/crypto/openssl/crypto/bn/bn_gf2m.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_gf2m.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_gf2m.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: stable/8/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ @@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} Modified: stable/8/crypto/openssl/crypto/bn/bn_sqr.c ============================================================================== --- stable/8/crypto/openssl/crypto/bn/bn_sqr.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/bn/bn_sqr.c Thu Aug 7 21:06:34 2014 (r269687) @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B if (al <= 0) { r->top=0; + r->neg = 0; return 1; } Modified: stable/8/crypto/openssl/crypto/conf/conf_api.c ============================================================================== --- stable/8/crypto/openssl/crypto/conf/conf_api.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/conf/conf_api.c Thu Aug 7 21:06:34 2014 (r269687) @@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf v->value=(char *)sk; vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); + OPENSSL_assert(vv == NULL); ok=1; err: if (!ok) Modified: stable/8/crypto/openssl/crypto/conf/conf_def.c ============================================================================== --- stable/8/crypto/openssl/crypto/conf/conf_def.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/conf/conf_def.c Thu Aug 7 21:06:34 2014 (r269687) @@ -324,7 +324,7 @@ again: p=eat_ws(conf, end); if (*p != ']') { - if (*p != '\0') + if (*p != '\0' && ss != p) { ss=p; goto again; Modified: stable/8/crypto/openssl/crypto/ec/ec_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ec/ec_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ec/ec_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { - if (group->meth->dbl == 0) + if (group->meth->invert == 0) { ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; Modified: stable/8/crypto/openssl/crypto/ec/ecp_smpl.c ============================================================================== --- stable/8/crypto/openssl/crypto/ec/ecp_smpl.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ec/ecp_smpl.c Thu Aug 7 21:06:34 2014 (r269687) @@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_G int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - BIGNUM *tmp0, *tmp1; - size_t pow2 = 0; - BIGNUM **heap = NULL; + BIGNUM *tmp, *tmp_Z; + BIGNUM **prod_Z = NULL; size_t i; int ret = 0; @@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(con } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; - - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. - */ - - pow2 = 1; - while (num > pow2) - pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ - pow2 <<= 1; - - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). - */ - heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) - heap[i] = NULL; + tmp = BN_CTX_get(ctx); + tmp_Z = BN_CTX_get(ctx); + if (tmp == NULL || tmp_Z == NULL) goto err; + + prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) - heap[i] = NULL; - - /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { - heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) + { + prod_Z[i] = BN_new(); + if (prod_Z[i] == NULL) goto err; + } + + /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, + * skipping any zero-valued inputs (pretend that they're 1). */ + + if (!BN_is_zero(&points[0]->Z)) + { + if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; + } + else + { + if (group->meth->field_set_to_one != 0) { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { - if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } - } + if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; + } + else + { + if (!BN_one(prod_Z[0])) goto err; } } - /* invert heap[1] */ - if (!BN_is_zero(heap[1])) + for (i = 1; i < num; i++) { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) + if (!BN_is_zero(&points[i]->Z)) { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); - goto err; + if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; } + else + { + if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; + } + } + + /* Now use a single explicit inversion to replace every + * non-zero points[i]->Z by its inverse. */ + + if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) + { + ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + goto err; } if (group->meth->field_encode != 0) { - /* in the Montgomery case, we just turned R*H (representing H) + /* In the Montgomery case, we just turned R*H (representing H) * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; + * i.e. we need to multiply by the Montgomery factor twice. */ + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; + if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; } - /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) + for (i = num - 1; i > 0; --i) { - /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else + /* Loop invariant: tmp is the product of the inverses of + * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ + if (!BN_is_zero(&points[i]->Z)) { - if (!BN_copy(heap[i], heap[i/2])) goto err; + /* Set tmp_Z to the inverse of points[i]->Z (as product + * of Z inverses 0 .. i, Z values 0 .. i - 1). */ + if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; + /* Update tmp to satisfy the loop invariant for i - 1. */ + if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; + /* Replace points[i]->Z by its inverse. */ + if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; } } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ + if (!BN_is_zero(&points[0]->Z)) + { + /* Replace points[0]->Z by its inverse. */ + if (!BN_copy(&points[0]->Z, tmp)) goto err; + } + + /* Finally, fix up the X and Y coordinates for all points. */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; + + if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - if (group->meth->field_set_to_one != 0) { if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; @@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(con } ret = 1; - + err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (heap != NULL) + if (prod_Z != NULL) { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) + for (i = 0; i < num; i++) { - if (heap[i] != NULL) - BN_clear_free(heap[i]); + if (prod_Z[i] != NULL) + BN_clear_free(prod_Z[i]); } - OPENSSL_free(heap); + OPENSSL_free(prod_Z); } return ret; } Modified: stable/8/crypto/openssl/crypto/idea/ideatest.c ============================================================================== --- stable/8/crypto/openssl/crypto/idea/ideatest.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/idea/ideatest.c Thu Aug 7 21:06:34 2014 (r269687) @@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb } memcpy(cfb_tmp,cfb_iv,8); n=0; - idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks, + idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks, cfb_tmp,&n,IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)CFB_TEST_SIZE-17,&dks, + idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]), + (long)CFB_TEST_SIZE-13,&eks, cfb_tmp,&n,IDEA_DECRYPT); if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0) { Modified: stable/8/crypto/openssl/crypto/objects/obj_dat.c ============================================================================== --- stable/8/crypto/openssl/crypto/objects/obj_dat.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/objects/obj_dat.c Thu Aug 7 21:06:34 2014 (r269687) @@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); - } + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf && buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) + return(0); if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) { @@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i=(int)(l/40); l-=(long)(i*40); } - if (buf && (buf_len > 0)) + if (buf && (buf_len > 1)) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } n++; @@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, i = strlen(bndec); if (buf) { - if (buf_len > 0) + if (buf_len > 1) { *buf++ = '.'; + *buf = '\0'; buf_len--; } BUF_strlcpy(buf,bndec,buf_len); @@ -786,4 +789,3 @@ err: OPENSSL_free(buf); return(ok); } - Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c ============================================================================== --- stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c Thu Aug 7 21:06:34 2014 (r269687) @@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, ctx = OCSP_sendreq_new(b, path, req, -1); + if (!ctx) + return NULL; + do { rv = OCSP_sendreq_nbio(&resp, ctx); Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **pho if (!*ppath) goto mem_err; + p = host; + if(host[0] == '[') + { + /* ipv6 literal */ + host++; + p = strchr(host, ']'); + if(!p) goto parse_err; + *p = '\0'; + p++; + } + /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) + if ((p = strchr(p, ':'))) { *p = 0; port = p + 1; Modified: stable/8/crypto/openssl/crypto/opensslv.h ============================================================================== --- stable/8/crypto/openssl/crypto/opensslv.h Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/opensslv.h Thu Aug 7 21:06:34 2014 (r269687) @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081afL +#define OPENSSL_VERSION_NUMBER 0x009081bfL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-fips 6 Aug 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-freebsd 5 Jun 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zb-freebsd 6 Aug 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT Modified: stable/8/crypto/openssl/crypto/pkcs7/Makefile ============================================================================== --- stable/8/crypto/openssl/crypto/pkcs7/Makefile Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/pkcs7/Makefile Thu Aug 7 21:06:34 2014 (r269687) @@ -39,20 +39,6 @@ test: all: lib -testapps: enc dec sign verify - -enc: enc.o lib - $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -dec: dec.o lib - $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -sign: sign.o lib - $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -verify: verify.o example.o lib - $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) - lib: $(LIBOBJ) $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. Modified: stable/8/crypto/openssl/crypto/rsa/rsa_eay.c ============================================================================== --- stable/8/crypto/openssl/crypto/rsa/rsa_eay.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/rsa/rsa_eay.c Thu Aug 7 21:06:34 2014 (r269687) @@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int f if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); - if (BN_cmp(ret, f)) + if (BN_cmp(ret, f) > 0) res = f; else res = ret; Modified: stable/8/crypto/openssl/crypto/ui/ui_lib.c ============================================================================== --- stable/8/crypto/openssl/crypto/ui/ui_lib.c Thu Aug 7 21:04:42 2014 (r269686) +++ stable/8/crypto/openssl/crypto/ui/ui_lib.c Thu Aug 7 21:06:34 2014 (r269687) @@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis break; } } + } default: break; } - } return 0; } *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-8@FreeBSD.ORG Fri Aug 8 15:04:02 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ACF20A21 for ; Fri, 8 Aug 2014 15:04:02 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 84AAB2E83 for ; Fri, 8 Aug 2014 15:04:02 +0000 (UTC) Received: from joerg (uid 548) (envelope-from joerg@FreeBSD.org) id 2a2f by svn.freebsd.org (DragonFly Mail Agent v0.9+); Fri, 08 Aug 2014 15:04:02 +0000 From: Joerg Wunsch Date: Fri, 8 Aug 2014 15:04:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r269722 - stable/8/sys/dev/usb/serial X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e4e6e2.2a2f.5ff767c5@svn.freebsd.org> X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2014 15:04:02 -0000 Author: joerg Date: Fri Aug 8 15:04:02 2014 New Revision: 269722 URL: http://svnweb.freebsd.org/changeset/base/269722 Log: MFC r269470: avoid divide-by-zero panic when setting baudrate to 0. Modified: stable/8/sys/dev/usb/serial/umcs.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/dev/ (props changed) stable/8/sys/dev/usb/ (props changed) Modified: stable/8/sys/dev/usb/serial/umcs.c ============================================================================== --- stable/8/sys/dev/usb/serial/umcs.c Fri Aug 8 14:56:04 2014 (r269721) +++ stable/8/sys/dev/usb/serial/umcs.c Fri Aug 8 15:04:02 2014 (r269722) @@ -1059,7 +1059,10 @@ umcs7840_calc_baudrate(uint32_t rate, ui for (i = 0; i < umcs7840_baudrate_divisors_len - 1 && !(rate > umcs7840_baudrate_divisors[i] && rate <= umcs7840_baudrate_divisors[i + 1]); ++i); - *divisor = umcs7840_baudrate_divisors[i + 1] / rate; + if (rate == 0) + *divisor = 1; /* XXX */ + else + *divisor = umcs7840_baudrate_divisors[i + 1] / rate; /* 0x00 .. 0x70 */ *clk = i << MCS7840_DEV_SPx_CLOCK_SHIFT; return (0);