From owner-svn-src-stable-10@freebsd.org Mon Feb 29 15:45:44 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8E43AB8AD3; Mon, 29 Feb 2016 15:45:44 +0000 (UTC) (envelope-from jimharris@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 95617B6A; Mon, 29 Feb 2016 15:45:44 +0000 (UTC) (envelope-from jimharris@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1TFjh2X097139; Mon, 29 Feb 2016 15:45:43 GMT (envelope-from jimharris@FreeBSD.org) Received: (from jimharris@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1TFjhID097138; Mon, 29 Feb 2016 15:45:43 GMT (envelope-from jimharris@FreeBSD.org) Message-Id: <201602291545.u1TFjhID097138@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jimharris set sender to jimharris@FreeBSD.org using -f From: Jim Harris Date: Mon, 29 Feb 2016 15:45:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296191 - stable/10/sys/dev/nvme X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 15:45:44 -0000 Author: jimharris Date: Mon Feb 29 15:45:43 2016 New Revision: 296191 URL: https://svnweb.freebsd.org/changeset/base/296191 Log: MFC r295944: nvme: fix intx handler to not dereference ioq during initialization This was a regression from r293328, which deferred allocation of the controller's ioq array until after interrupts are enabled during boot. Approved by: re (gjb) Sponsored by: Intel Modified: stable/10/sys/dev/nvme/nvme_ctrlr.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/nvme/nvme_ctrlr.c ============================================================================== --- stable/10/sys/dev/nvme/nvme_ctrlr.c Mon Feb 29 14:46:39 2016 (r296190) +++ stable/10/sys/dev/nvme/nvme_ctrlr.c Mon Feb 29 15:45:43 2016 (r296191) @@ -810,7 +810,7 @@ nvme_ctrlr_intx_handler(void *arg) nvme_qpair_process_completions(&ctrlr->adminq); - if (ctrlr->ioq[0].cpl) + if (ctrlr->ioq && ctrlr->ioq[0].cpl) nvme_qpair_process_completions(&ctrlr->ioq[0]); nvme_mmio_write_4(ctrlr, intmc, 1); From owner-svn-src-stable-10@freebsd.org Tue Mar 1 02:07:16 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03375AA99D2; Tue, 1 Mar 2016 02:07:16 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2A45138A; Tue, 1 Mar 2016 02:07:15 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2127EJB082030; Tue, 1 Mar 2016 02:07:14 GMT (envelope-from sephe@FreeBSD.org) Received: (from sephe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2127E7X082027; Tue, 1 Mar 2016 02:07:14 GMT (envelope-from sephe@FreeBSD.org) Message-Id: <201603010207.u2127E7X082027@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sephe set sender to sephe@FreeBSD.org using -f From: Sepherosa Ziehau Date: Tue, 1 Mar 2016 02:07:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296248 - in stable/10/sys/dev/hyperv: netvsc vmbus X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2016 02:07:16 -0000 Author: sephe Date: Tue Mar 1 02:07:14 2016 New Revision: 296248 URL: https://svnweb.freebsd.org/changeset/base/296248 Log: MFC [Hyper-V]: r296028 hyperv: Wait 5 seconds for hyperv result, instead of 500ms This addresses various devices (network, stoarge) attach failure. Approved by: re (gjb) Reported by: Hongxiong Xian Tested by: Hongxiong Xian Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5435 Modified: stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c stable/10/sys/dev/hyperv/vmbus/hv_channel.c stable/10/sys/dev/hyperv/vmbus/hv_connection.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c ============================================================================== --- stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -358,7 +359,7 @@ hv_rf_send_offload_request(struct hv_dev goto cleanup; } - ret = sema_timedwait(&request->wait_sema, 500); + ret = sema_timedwait(&request->wait_sema, 5 * hz); if (ret != 0) { device_printf(dev, "hv send offload request timeout\n"); goto cleanup; @@ -625,7 +626,7 @@ hv_rf_set_packet_filter(rndis_device *de * us when the response has arrived. In the failure case, * sema_timedwait() returns a non-zero status after waiting 5 seconds. */ - ret = sema_timedwait(&request->wait_sema, 500); + ret = sema_timedwait(&request->wait_sema, 5 * hz); if (ret == 0) { /* Response received, check status */ set_complete = &request->response_msg.msg.set_complete; Modified: stable/10/sys/dev/hyperv/vmbus/hv_channel.c ============================================================================== --- stable/10/sys/dev/hyperv/vmbus/hv_channel.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/vmbus/hv_channel.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -192,7 +193,7 @@ hv_vmbus_channel_open( if (ret != 0) goto cleanup; - ret = sema_timedwait(&open_info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&open_info->wait_sema, 5 * hz); /* KYS 5 seconds */ if (ret) { if(bootverbose) @@ -437,7 +438,7 @@ hv_vmbus_channel_establish_gpadl( } } - ret = sema_timedwait(&msg_info->wait_sema, 500); /* KYS 5 seconds*/ + ret = sema_timedwait(&msg_info->wait_sema, 5 * hz); /* KYS 5 seconds*/ if (ret != 0) goto cleanup; @@ -497,7 +498,7 @@ hv_vmbus_channel_teardown_gpdal( if (ret != 0) goto cleanup; - ret = sema_timedwait(&info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&info->wait_sema, 5 * hz); /* KYS 5 seconds */ cleanup: /* Modified: stable/10/sys/dev/hyperv/vmbus/hv_connection.c ============================================================================== --- stable/10/sys/dev/hyperv/vmbus/hv_connection.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/vmbus/hv_connection.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -126,7 +127,7 @@ hv_vmbus_negotiate_version(hv_vmbus_chan /** * Wait for the connection response */ - ret = sema_timedwait(&msg_info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&msg_info->wait_sema, 5 * hz); /* KYS 5 seconds */ mtx_lock_spin(&hv_vmbus_g_connection.channel_msg_lock); TAILQ_REMOVE( From owner-svn-src-stable-10@freebsd.org Wed Mar 2 01:24:42 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF9B7AC00D3; Wed, 2 Mar 2016 01:24:42 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DC401493; Wed, 2 Mar 2016 01:24:42 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u221OfD2099822; Wed, 2 Mar 2016 01:24:41 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u221OfqO099821; Wed, 2 Mar 2016 01:24:41 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201603020124.u221OfqO099821@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Wed, 2 Mar 2016 01:24:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296288 - stable/10/share/man/man5 X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 01:24:42 -0000 Author: bdrewery Date: Wed Mar 2 01:24:41 2016 New Revision: 296288 URL: https://svnweb.freebsd.org/changeset/base/296288 Log: MFC r295995: BDECFLAGS has not been available since r82604 removed /etc/defaults/make.conf. Approved by: re (gjb) Modified: stable/10/share/man/man5/make.conf.5 Directory Properties: stable/10/ (props changed) Modified: stable/10/share/man/man5/make.conf.5 ============================================================================== --- stable/10/share/man/man5/make.conf.5 Wed Mar 2 00:18:05 2016 (r296287) +++ stable/10/share/man/man5/make.conf.5 Wed Mar 2 01:24:41 2016 (r296288) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 17, 2014 +.Dd February 24, 2016 .Dt MAKE.CONF 5 .Os .Sh NAME @@ -141,16 +141,6 @@ Optimization levels other than and .Fl O2 are not supported. -.Va BDECFLAGS -is provided as a set of -.Xr cc 1 -settings suggested by -.An "Bruce Evans" Aq bde@FreeBSD.org -for developing and testing changes. -They can be used, if set, by: -.Bd -literal -offset indent -CFLAGS+=${BDECFLAGS} -.Ed .It Va CPUTYPE .Pq Vt str Controls which processor should be targeted for generated From owner-svn-src-stable-10@freebsd.org Wed Mar 2 13:38:22 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6E85ABF3E8; Wed, 2 Mar 2016 13:38:22 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 99CF61A5E; Wed, 2 Mar 2016 13:38:22 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u22DcLDf017866; Wed, 2 Mar 2016 13:38:21 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u22DcL9l017864; Wed, 2 Mar 2016 13:38:21 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201603021338.u22DcL9l017864@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Wed, 2 Mar 2016 13:38:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296311 - in stable/10: sbin/ipfw sys/netpfil/ipfw X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 13:38:22 -0000 Author: ae Date: Wed Mar 2 13:38:21 2016 New Revision: 296311 URL: https://svnweb.freebsd.org/changeset/base/296311 Log: MFC r295969: Fix bug in filling and handling ipfw's O_DSCP opcode. Due to integer overflow CS4 token was handled as BE. PR: 207459 Approved by: re (gjb) Modified: stable/10/sbin/ipfw/ipfw2.c stable/10/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/ipfw/ipfw2.c ============================================================================== --- stable/10/sbin/ipfw/ipfw2.c Wed Mar 2 11:18:17 2016 (r296310) +++ stable/10/sbin/ipfw/ipfw2.c Wed Mar 2 13:38:21 2016 (r296311) @@ -779,7 +779,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int errx(EX_DATAERR, "Invalid DSCP value"); } - if (code > 32) + if (code >= 32) *high |= 1 << (code - 32); else *low |= 1 << code; Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 11:18:17 2016 (r296310) +++ stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 13:38:21 2016 (r296311) @@ -1678,7 +1678,7 @@ do { \ break; /* DSCP bitmask is stored as low_u32 high_u32 */ - if (x > 32) + if (x >= 32) match = *(p + 1) & (1 << (x - 32)); else match = *p & (1 << x); From owner-svn-src-stable-10@freebsd.org Wed Mar 2 15:43:04 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED4E8AC04D8; Wed, 2 Mar 2016 15:43:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 978EC19A9; Wed, 2 Mar 2016 15:43:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u22Fh2wg057680; Wed, 2 Mar 2016 15:43:02 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u22Fh1Tk057669; Wed, 2 Mar 2016 15:43:01 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201603021543.u22Fh1Tk057669@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 2 Mar 2016 15:43:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296317 - in stable/10: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm crypto/openssl/crypto/ds... X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 15:43:04 -0000 Author: delphij Date: Wed Mar 2 15:43:01 2016 New Revision: 296317 URL: https://svnweb.freebsd.org/changeset/base/296317 Log: Merge OpenSSL 1.0.1s. This is a security update. Relnotes: yes Approved by: re (so@ implicit) Modified: stable/10/crypto/openssl/CHANGES stable/10/crypto/openssl/Configure stable/10/crypto/openssl/Makefile stable/10/crypto/openssl/NEWS stable/10/crypto/openssl/README stable/10/crypto/openssl/apps/s_server.c stable/10/crypto/openssl/crypto/bio/b_print.c stable/10/crypto/openssl/crypto/bio/bio.h stable/10/crypto/openssl/crypto/bn/Makefile stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl stable/10/crypto/openssl/crypto/bn/bn.h stable/10/crypto/openssl/crypto/bn/bn_exp.c stable/10/crypto/openssl/crypto/bn/bn_print.c stable/10/crypto/openssl/crypto/bn/bn_recp.c stable/10/crypto/openssl/crypto/dsa/dsa_ameth.c stable/10/crypto/openssl/crypto/modes/ctr128.c stable/10/crypto/openssl/crypto/opensslconf.h stable/10/crypto/openssl/crypto/opensslv.h stable/10/crypto/openssl/crypto/perlasm/x86_64-xlate.pl stable/10/crypto/openssl/crypto/rsa/rsa_sign.c stable/10/crypto/openssl/crypto/srp/srp.h stable/10/crypto/openssl/crypto/srp/srp_vfy.c stable/10/crypto/openssl/doc/apps/ciphers.pod stable/10/crypto/openssl/doc/apps/s_client.pod stable/10/crypto/openssl/doc/apps/s_server.pod stable/10/crypto/openssl/doc/ssl/SSL_CTX_new.pod stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/10/crypto/openssl/doc/ssl/ssl.pod stable/10/crypto/openssl/ssl/Makefile stable/10/crypto/openssl/ssl/s2_lib.c stable/10/crypto/openssl/ssl/s3_lib.c stable/10/crypto/openssl/ssl/ssl_lib.c stable/10/crypto/openssl/util/libeay.num stable/10/crypto/openssl/util/mk1mf.pl stable/10/crypto/openssl/util/pl/BC-32.pl stable/10/crypto/openssl/util/pl/Mingw32.pl stable/10/crypto/openssl/util/pl/OS2-EMX.pl stable/10/crypto/openssl/util/pl/VC-32.pl stable/10/crypto/openssl/util/pl/linux.pl stable/10/crypto/openssl/util/pl/netware.pl stable/10/crypto/openssl/util/pl/ultrix.pl stable/10/crypto/openssl/util/pl/unix.pl stable/10/secure/lib/libcrypto/Makefile.inc stable/10/secure/lib/libcrypto/amd64/x86_64-mont5.S stable/10/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/10/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/10/secure/lib/libcrypto/man/BIO_ctrl.3 stable/10/secure/lib/libcrypto/man/BIO_f_base64.3 stable/10/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/10/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/10/secure/lib/libcrypto/man/BIO_f_md.3 stable/10/secure/lib/libcrypto/man/BIO_f_null.3 stable/10/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/10/secure/lib/libcrypto/man/BIO_find_type.3 stable/10/secure/lib/libcrypto/man/BIO_new.3 stable/10/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/10/secure/lib/libcrypto/man/BIO_push.3 stable/10/secure/lib/libcrypto/man/BIO_read.3 stable/10/secure/lib/libcrypto/man/BIO_s_accept.3 stable/10/secure/lib/libcrypto/man/BIO_s_bio.3 stable/10/secure/lib/libcrypto/man/BIO_s_connect.3 stable/10/secure/lib/libcrypto/man/BIO_s_fd.3 stable/10/secure/lib/libcrypto/man/BIO_s_file.3 stable/10/secure/lib/libcrypto/man/BIO_s_mem.3 stable/10/secure/lib/libcrypto/man/BIO_s_null.3 stable/10/secure/lib/libcrypto/man/BIO_s_socket.3 stable/10/secure/lib/libcrypto/man/BIO_set_callback.3 stable/10/secure/lib/libcrypto/man/BIO_should_retry.3 stable/10/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/10/secure/lib/libcrypto/man/BN_CTX_new.3 stable/10/secure/lib/libcrypto/man/BN_CTX_start.3 stable/10/secure/lib/libcrypto/man/BN_add.3 stable/10/secure/lib/libcrypto/man/BN_add_word.3 stable/10/secure/lib/libcrypto/man/BN_bn2bin.3 stable/10/secure/lib/libcrypto/man/BN_cmp.3 stable/10/secure/lib/libcrypto/man/BN_copy.3 stable/10/secure/lib/libcrypto/man/BN_generate_prime.3 stable/10/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/10/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/10/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/10/secure/lib/libcrypto/man/BN_new.3 stable/10/secure/lib/libcrypto/man/BN_num_bytes.3 stable/10/secure/lib/libcrypto/man/BN_rand.3 stable/10/secure/lib/libcrypto/man/BN_set_bit.3 stable/10/secure/lib/libcrypto/man/BN_swap.3 stable/10/secure/lib/libcrypto/man/BN_zero.3 stable/10/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/10/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/10/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/10/secure/lib/libcrypto/man/CMS_compress.3 stable/10/secure/lib/libcrypto/man/CMS_decrypt.3 stable/10/secure/lib/libcrypto/man/CMS_encrypt.3 stable/10/secure/lib/libcrypto/man/CMS_final.3 stable/10/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/10/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/10/secure/lib/libcrypto/man/CMS_get0_type.3 stable/10/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/10/secure/lib/libcrypto/man/CMS_sign.3 stable/10/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/10/secure/lib/libcrypto/man/CMS_uncompress.3 stable/10/secure/lib/libcrypto/man/CMS_verify.3 stable/10/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/10/secure/lib/libcrypto/man/CONF_modules_free.3 stable/10/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/10/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/10/secure/lib/libcrypto/man/DH_generate_key.3 stable/10/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/10/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/DH_new.3 stable/10/secure/lib/libcrypto/man/DH_set_method.3 stable/10/secure/lib/libcrypto/man/DH_size.3 stable/10/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/10/secure/lib/libcrypto/man/DSA_do_sign.3 stable/10/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/10/secure/lib/libcrypto/man/DSA_generate_key.3 stable/10/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/10/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/DSA_new.3 stable/10/secure/lib/libcrypto/man/DSA_set_method.3 stable/10/secure/lib/libcrypto/man/DSA_sign.3 stable/10/secure/lib/libcrypto/man/DSA_size.3 stable/10/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/10/secure/lib/libcrypto/man/ERR_clear_error.3 stable/10/secure/lib/libcrypto/man/ERR_error_string.3 stable/10/secure/lib/libcrypto/man/ERR_get_error.3 stable/10/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/10/secure/lib/libcrypto/man/ERR_load_strings.3 stable/10/secure/lib/libcrypto/man/ERR_print_errors.3 stable/10/secure/lib/libcrypto/man/ERR_put_error.3 stable/10/secure/lib/libcrypto/man/ERR_remove_state.3 stable/10/secure/lib/libcrypto/man/ERR_set_mark.3 stable/10/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/10/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/10/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/10/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/10/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/10/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/10/secure/lib/libcrypto/man/EVP_SealInit.3 stable/10/secure/lib/libcrypto/man/EVP_SignInit.3 stable/10/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/10/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/10/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/10/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/10/secure/lib/libcrypto/man/OPENSSL_config.3 stable/10/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/10/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/10/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/10/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/10/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/10/secure/lib/libcrypto/man/PKCS12_create.3 stable/10/secure/lib/libcrypto/man/PKCS12_parse.3 stable/10/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/10/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/10/secure/lib/libcrypto/man/PKCS7_sign.3 stable/10/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/10/secure/lib/libcrypto/man/PKCS7_verify.3 stable/10/secure/lib/libcrypto/man/RAND_add.3 stable/10/secure/lib/libcrypto/man/RAND_bytes.3 stable/10/secure/lib/libcrypto/man/RAND_cleanup.3 stable/10/secure/lib/libcrypto/man/RAND_egd.3 stable/10/secure/lib/libcrypto/man/RAND_load_file.3 stable/10/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/10/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/10/secure/lib/libcrypto/man/RSA_check_key.3 stable/10/secure/lib/libcrypto/man/RSA_generate_key.3 stable/10/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/RSA_new.3 stable/10/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/10/secure/lib/libcrypto/man/RSA_print.3 stable/10/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/10/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/10/secure/lib/libcrypto/man/RSA_set_method.3 stable/10/secure/lib/libcrypto/man/RSA_sign.3 stable/10/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/10/secure/lib/libcrypto/man/RSA_size.3 stable/10/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/10/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/10/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/10/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/10/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/10/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/10/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/10/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/10/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/10/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/10/secure/lib/libcrypto/man/X509_new.3 stable/10/secure/lib/libcrypto/man/X509_verify_cert.3 stable/10/secure/lib/libcrypto/man/bio.3 stable/10/secure/lib/libcrypto/man/blowfish.3 stable/10/secure/lib/libcrypto/man/bn.3 stable/10/secure/lib/libcrypto/man/bn_internal.3 stable/10/secure/lib/libcrypto/man/buffer.3 stable/10/secure/lib/libcrypto/man/crypto.3 stable/10/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/10/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 stable/10/secure/lib/libcrypto/man/d2i_DHparams.3 stable/10/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/10/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 stable/10/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/10/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/10/secure/lib/libcrypto/man/d2i_X509.3 stable/10/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/10/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/10/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/10/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/10/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/10/secure/lib/libcrypto/man/des.3 stable/10/secure/lib/libcrypto/man/dh.3 stable/10/secure/lib/libcrypto/man/dsa.3 stable/10/secure/lib/libcrypto/man/ecdsa.3 stable/10/secure/lib/libcrypto/man/engine.3 stable/10/secure/lib/libcrypto/man/err.3 stable/10/secure/lib/libcrypto/man/evp.3 stable/10/secure/lib/libcrypto/man/hmac.3 stable/10/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/10/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/10/secure/lib/libcrypto/man/lh_stats.3 stable/10/secure/lib/libcrypto/man/lhash.3 stable/10/secure/lib/libcrypto/man/md5.3 stable/10/secure/lib/libcrypto/man/mdc2.3 stable/10/secure/lib/libcrypto/man/pem.3 stable/10/secure/lib/libcrypto/man/rand.3 stable/10/secure/lib/libcrypto/man/rc4.3 stable/10/secure/lib/libcrypto/man/ripemd.3 stable/10/secure/lib/libcrypto/man/rsa.3 stable/10/secure/lib/libcrypto/man/sha.3 stable/10/secure/lib/libcrypto/man/threads.3 stable/10/secure/lib/libcrypto/man/ui.3 stable/10/secure/lib/libcrypto/man/ui_compat.3 stable/10/secure/lib/libcrypto/man/x509.3 stable/10/secure/lib/libcrypto/opensslconf-arm.h stable/10/secure/lib/libcrypto/opensslconf-ia64.h stable/10/secure/lib/libcrypto/opensslconf-mips.h stable/10/secure/lib/libcrypto/opensslconf-powerpc.h stable/10/secure/lib/libcrypto/opensslconf-sparc64.h stable/10/secure/lib/libcrypto/opensslconf-x86.h stable/10/secure/lib/libssl/Makefile.man stable/10/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/10/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/10/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/10/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/10/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/10/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/10/secure/lib/libssl/man/SSL_CTX_free.3 stable/10/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/10/secure/lib/libssl/man/SSL_CTX_new.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/10/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/10/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 stable/10/secure/lib/libssl/man/SSL_SESSION_free.3 stable/10/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/10/secure/lib/libssl/man/SSL_accept.3 stable/10/secure/lib/libssl/man/SSL_alert_type_string.3 stable/10/secure/lib/libssl/man/SSL_clear.3 stable/10/secure/lib/libssl/man/SSL_connect.3 stable/10/secure/lib/libssl/man/SSL_do_handshake.3 stable/10/secure/lib/libssl/man/SSL_free.3 stable/10/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/10/secure/lib/libssl/man/SSL_get_ciphers.3 stable/10/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/10/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/10/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/10/secure/lib/libssl/man/SSL_get_error.3 stable/10/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/10/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_get_fd.3 stable/10/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/10/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/10/secure/lib/libssl/man/SSL_get_psk_identity.3 stable/10/secure/lib/libssl/man/SSL_get_rbio.3 stable/10/secure/lib/libssl/man/SSL_get_session.3 stable/10/secure/lib/libssl/man/SSL_get_verify_result.3 stable/10/secure/lib/libssl/man/SSL_get_version.3 stable/10/secure/lib/libssl/man/SSL_library_init.3 stable/10/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/10/secure/lib/libssl/man/SSL_new.3 stable/10/secure/lib/libssl/man/SSL_pending.3 stable/10/secure/lib/libssl/man/SSL_read.3 stable/10/secure/lib/libssl/man/SSL_rstate_string.3 stable/10/secure/lib/libssl/man/SSL_session_reused.3 stable/10/secure/lib/libssl/man/SSL_set_bio.3 stable/10/secure/lib/libssl/man/SSL_set_connect_state.3 stable/10/secure/lib/libssl/man/SSL_set_fd.3 stable/10/secure/lib/libssl/man/SSL_set_session.3 stable/10/secure/lib/libssl/man/SSL_set_shutdown.3 stable/10/secure/lib/libssl/man/SSL_set_verify_result.3 stable/10/secure/lib/libssl/man/SSL_shutdown.3 stable/10/secure/lib/libssl/man/SSL_state_string.3 stable/10/secure/lib/libssl/man/SSL_want.3 stable/10/secure/lib/libssl/man/SSL_write.3 stable/10/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/10/secure/lib/libssl/man/ssl.3 stable/10/secure/usr.bin/openssl/man/CA.pl.1 stable/10/secure/usr.bin/openssl/man/asn1parse.1 stable/10/secure/usr.bin/openssl/man/c_rehash.1 stable/10/secure/usr.bin/openssl/man/ca.1 stable/10/secure/usr.bin/openssl/man/ciphers.1 stable/10/secure/usr.bin/openssl/man/cms.1 stable/10/secure/usr.bin/openssl/man/crl.1 stable/10/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/10/secure/usr.bin/openssl/man/dgst.1 stable/10/secure/usr.bin/openssl/man/dhparam.1 stable/10/secure/usr.bin/openssl/man/dsa.1 stable/10/secure/usr.bin/openssl/man/dsaparam.1 stable/10/secure/usr.bin/openssl/man/ec.1 stable/10/secure/usr.bin/openssl/man/ecparam.1 stable/10/secure/usr.bin/openssl/man/enc.1 stable/10/secure/usr.bin/openssl/man/errstr.1 stable/10/secure/usr.bin/openssl/man/gendsa.1 stable/10/secure/usr.bin/openssl/man/genpkey.1 stable/10/secure/usr.bin/openssl/man/genrsa.1 stable/10/secure/usr.bin/openssl/man/nseq.1 stable/10/secure/usr.bin/openssl/man/ocsp.1 stable/10/secure/usr.bin/openssl/man/openssl.1 stable/10/secure/usr.bin/openssl/man/passwd.1 stable/10/secure/usr.bin/openssl/man/pkcs12.1 stable/10/secure/usr.bin/openssl/man/pkcs7.1 stable/10/secure/usr.bin/openssl/man/pkcs8.1 stable/10/secure/usr.bin/openssl/man/pkey.1 stable/10/secure/usr.bin/openssl/man/pkeyparam.1 stable/10/secure/usr.bin/openssl/man/pkeyutl.1 stable/10/secure/usr.bin/openssl/man/rand.1 stable/10/secure/usr.bin/openssl/man/req.1 stable/10/secure/usr.bin/openssl/man/rsa.1 stable/10/secure/usr.bin/openssl/man/rsautl.1 stable/10/secure/usr.bin/openssl/man/s_client.1 stable/10/secure/usr.bin/openssl/man/s_server.1 stable/10/secure/usr.bin/openssl/man/s_time.1 stable/10/secure/usr.bin/openssl/man/sess_id.1 stable/10/secure/usr.bin/openssl/man/smime.1 stable/10/secure/usr.bin/openssl/man/speed.1 stable/10/secure/usr.bin/openssl/man/spkac.1 stable/10/secure/usr.bin/openssl/man/ts.1 stable/10/secure/usr.bin/openssl/man/tsget.1 stable/10/secure/usr.bin/openssl/man/verify.1 stable/10/secure/usr.bin/openssl/man/version.1 stable/10/secure/usr.bin/openssl/man/x509.1 stable/10/secure/usr.bin/openssl/man/x509v3_config.1 Modified: stable/10/crypto/openssl/CHANGES ============================================================================== --- stable/10/crypto/openssl/CHANGES Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/CHANGES Wed Mar 2 15:43:01 2016 (r296317) @@ -2,6 +2,138 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1r and 1.0.1s [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + (CVE-2016-0800) + [Viktor Dukhovni] + + *) Fix a double-free in DSA code + + A double free bug was discovered when OpenSSL parses malformed DSA private + keys and could lead to a DoS attack or memory corruption for applications + that receive DSA private keys from untrusted sources. This scenario is + considered rare. + + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using + libFuzzer. + (CVE-2016-0705) + [Stephen Henson] + + *) Disable SRP fake user seed to address a server memory leak. + + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user + was changed to ignore the "fake user" SRP seed, even if the seed + is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + (CVE-2016-0798) + [Emilia Käsper] + + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + + In the BN_hex2bn function the number of hex digits is calculated using an + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For + large values of |i| this can result in |bn_expand| not allocating any + memory because |i * 4| is negative. This can leave the internal BIGNUM data + field as NULL leading to a subsequent NULL ptr deref. For very large values + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + In this case memory is allocated to the internal BIGNUM data field, but it + is insufficiently sized leading to heap corruption. A similar issue exists + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn + is ever called by user applications with very large untrusted hex/dec data. + This is anticipated to be a rare occurrence. + + All OpenSSL internal usage of these functions use data that is not expected + to be untrusted, e.g. config file data or application command line + arguments. If user developed applications generate config file data based + on untrusted data then it is possible that this could also lead to security + consequences. This is also anticipated to be rare. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2016-0797) + [Matt Caswell] + + *) Fix memory issues in BIO_*printf functions + + The internal |fmtstr| function used in processing a "%s" format string in + the BIO_*printf functions could overflow while calculating the length of a + string and cause an OOB read when printing very long strings. + + Additionally the internal |doapr_outch| function can attempt to write to an + OOB memory location (at an offset from the NULL pointer) in the event of a + memory allocation failure. In 1.0.2 and below this could be caused where + the size of a buffer to be allocated is greater than INT_MAX. E.g. this + could be in processing a very long "%s" format string. Memory leaks can + also occur. + + The first issue may mask the second issue dependent on compiler behaviour. + These problems could enable attacks where large amounts of untrusted data + is passed to the BIO_*printf functions. If applications use these functions + in this way then they could be vulnerable. OpenSSL itself uses these + functions when printing out human-readable dumps of ASN.1 data. Therefore + applications that print this data could be vulnerable if the data is from + untrusted sources. OpenSSL command line applications could also be + vulnerable where they print out ASN.1 data, or if untrusted data is passed + as command line arguments. + + Libssl is not considered directly vulnerable. Additionally certificates etc + received via remote connections via libssl are also unlikely to be able to + trigger these issues because of message size limits enforced within libssl. + + This issue was reported to OpenSSL Guido Vranken. + (CVE-2016-0799) + [Matt Caswell] + + *) Side channel attack on modular exponentiation + + A side-channel attack was found which makes use of cache-bank conflicts on + the Intel Sandy-Bridge microarchitecture which could lead to the recovery + of RSA keys. The ability to exploit this issue is limited as it relies on + an attacker who has control of code in a thread running on the same + hyper-threaded core as the victim thread which is performing decryptions. + + This issue was reported to OpenSSL by Yuval Yarom, The University of + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and + Nadia Heninger, University of Pennsylvania with more information at + http://cachebleed.info. + (CVE-2016-0702) + [Andy Polyakov] + + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] + Changes between 1.0.1q and 1.0.1r [28 Jan 2016] *) Protection for DH small subgroup attacks @@ -62,7 +194,7 @@ [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, - return an error + use a random seed, as already documented. [Rich Salz and Ismo Puustinen ] Changes between 1.0.1o and 1.0.1p [9 Jul 2015] Modified: stable/10/crypto/openssl/Configure ============================================================================== --- stable/10/crypto/openssl/Configure Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/Configure Wed Mar 2 15:43:01 2016 (r296317) @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -724,10 +728,12 @@ my %disabled = ( # "what" => "co "md2" => "default", "rc5" => "default", "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", + "ssl2" => "default", "store" => "experimental", "unit-test" => "default", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); Modified: stable/10/crypto/openssl/Makefile ============================================================================== --- stable/10/crypto/openssl/Makefile Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/Makefile Wed Mar 2 15:43:01 2016 (r296317) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1r +VERSION=1.0.1s MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= EX_LIBS= EXE_EXT= Modified: stable/10/crypto/openssl/NEWS ============================================================================== --- stable/10/crypto/openssl/NEWS Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/NEWS Wed Mar 2 15:43:01 2016 (r296317) @@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] o Protection for DH small subgroup attacks Modified: stable/10/crypto/openssl/README ============================================================================== --- stable/10/crypto/openssl/README Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/README Wed Mar 2 15:43:01 2016 (r296317) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1r 28 Jan 2016 + OpenSSL 1.0.1s 1 Mar 2016 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/10/crypto/openssl/apps/s_server.c ============================================================================== --- stable/10/crypto/openssl/apps/s_server.c Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/apps/s_server.c Wed Mar 2 15:43:01 2016 (r296317) @@ -416,6 +416,8 @@ typedef struct srpsrvparm_st { static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *) arg; + int ret = SSL3_AL_FATAL; + if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); @@ -424,21 +426,25 @@ static int MS_CALLBACK ssl_srp_server_pa if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; + goto err; } + if (SSL_set_srp_server_param (s, p->user->N, p->user->g, p->user->s, p->user->v, p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; + goto err; } BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info); - /* need to check whether there are memory leaks */ + ret = SSL_ERROR_NONE; + +err: + SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; - return SSL_ERROR_NONE; + return ret; } #endif @@ -2244,9 +2250,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during write\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2300,9 +2307,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2387,9 +2395,10 @@ static int init_ssl_connection(SSL *con) while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2616,9 +2625,10 @@ static int www_body(char *hostname, int && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2658,9 +2668,10 @@ static int www_body(char *hostname, int if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); Modified: stable/10/crypto/openssl/crypto/bio/b_print.c ============================================================================== --- stable/10/crypto/openssl/crypto/bio/b_print.c Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bio/b_print.c Wed Mar 2 15:43:01 2016 (r296317) @@ -125,16 +125,16 @@ # define LLONG long #endif -static void fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); -static void fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); -static void fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int); -static void doapr_outch(char **, char **, size_t *, size_t *, int); -static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); +static int fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); +static int fmtfp(char **, char **, size_t *, size_t *, + LDOUBLE, int, int, int); +static int doapr_outch(char **, char **, size_t *, size_t *, int); +static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char * #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static void +static int _dopr(char **sbuffer, char **buffer, size_t *maxlen, @@ -196,7 +196,8 @@ _dopr(char **sbuffer, if (ch == '%') state = DP_S_FLAGS; else - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; ch = *format++; break; case DP_S_FLAGS: @@ -302,8 +303,9 @@ _dopr(char **sbuffer, value = va_arg(args, int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 10, min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, + max, flags)) + return 0; break; case 'X': flags |= DP_F_UP; @@ -326,17 +328,19 @@ _dopr(char **sbuffer, value = (LLONG) va_arg(args, unsigned int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, + ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), + min, max, flags)) + return 0; break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); else fvalue = va_arg(args, double); - fmtfp(sbuffer, buffer, &currlen, maxlen, - fvalue, min, max, flags); + if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, + flags)) + return 0; break; case 'E': flags |= DP_F_UP; @@ -355,8 +359,9 @@ _dopr(char **sbuffer, fvalue = va_arg(args, double); break; case 'c': - doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) + return 0; break; case 's': strvalue = va_arg(args, char *); @@ -366,13 +371,15 @@ _dopr(char **sbuffer, else max = *maxlen; } - fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max); + if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, + flags, min, max)) + return 0; break; case 'p': value = (long)va_arg(args, void *); - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, + value, 16, min, max, flags | DP_F_NUM)) + return 0; break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -394,7 +401,8 @@ _dopr(char **sbuffer, } break; case '%': - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; break; case 'w': /* not supported yet, treat as next char */ @@ -418,46 +426,56 @@ _dopr(char **sbuffer, *truncated = (currlen > *maxlen - 1); if (*truncated) currlen = *maxlen - 1; - doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) + return 0; *retlen = currlen - 1; - return; + return 1; } -static void +static int fmtstr(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, const char *value, int flags, int min, int max) { - int padlen, strln; + int padlen; + size_t strln; int cnt = 0; if (value == 0) value = ""; - for (strln = 0; value[strln]; ++strln) ; + + strln = strlen(value); + if (strln > INT_MAX) + strln = INT_MAX; + padlen = min - strln; - if (padlen < 0) + if (min < 0 || padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; while ((padlen > 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; ++cnt; } while (*value && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + return 0; ++cnt; } while ((padlen < 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; ++cnt; } + return 1; } -static void +static int fmtint(char **sbuffer, char **buffer, size_t *currlen, @@ -517,37 +535,44 @@ fmtint(char **sbuffer, /* spaces */ while (spadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --spadlen; } /* sign */ if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; /* prefix */ while (*prefix) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) + return 0; prefix++; } /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } } /* digits */ - while (place > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); + while (place > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) + return 0; + } /* left justified spaces */ while (spadlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++spadlen; } - return; + return 1; } static LDOUBLE abs_val(LDOUBLE value) @@ -578,7 +603,7 @@ static long roundv(LDOUBLE value) return intpart; } -static void +static int fmtfp(char **sbuffer, char **buffer, size_t *currlen, @@ -657,47 +682,61 @@ fmtfp(char **sbuffer, if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; --padlen; signvalue = 0; } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --padlen; } } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; } - if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; - while (iplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); + while (iplace > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) + return 0; + } /* * Decimal point. This should probably use locale to find the correct * char to print out. */ if (max > 0 || (flags & DP_F_NUM)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) + return 0; - while (fplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); + while (fplace > 0) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, + fconvert[--fplace])) + return 0; + } } while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } while (padlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; } + return 1; } -static void +#define BUFFER_INC 1024 + +static int doapr_outch(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) { @@ -708,24 +747,25 @@ doapr_outch(char **sbuffer, assert(*currlen <= *maxlen); if (buffer && *currlen == *maxlen) { - *maxlen += 1024; + if (*maxlen > INT_MAX - BUFFER_INC) + return 0; + + *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); - if (!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + if (*buffer == NULL) + return 0; if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); } *sbuffer = NULL; } else { - *buffer = OPENSSL_realloc(*buffer, *maxlen); - if (!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + char *tmpbuf; + tmpbuf = OPENSSL_realloc(*buffer, *maxlen); + if (tmpbuf == NULL) + return 0; + *buffer = tmpbuf; } } @@ -736,7 +776,7 @@ doapr_outch(char **sbuffer, (*buffer)[(*currlen)++] = (char)c; } - return; + return 1; } /***************************************************************************/ @@ -768,7 +808,11 @@ int BIO_vprintf(BIO *bio, const char *fo dynbuf = NULL; CRYPTO_push_info("doapr()"); - _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); + if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, + args)) { + OPENSSL_free(dynbuf); + return -1; + } if (dynbuf) { ret = BIO_write(bio, dynbuf, (int)retlen); OPENSSL_free(dynbuf); @@ -803,7 +847,8 @@ int BIO_vsnprintf(char *buf, size_t n, c size_t retlen; int truncated; - _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); + if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) + return -1; if (truncated) /* Modified: stable/10/crypto/openssl/crypto/bio/bio.h ============================================================================== --- stable/10/crypto/openssl/crypto/bio/bio.h Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bio/bio.h Wed Mar 2 15:43:01 2016 (r296317) @@ -478,7 +478,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) Modified: stable/10/crypto/openssl/crypto/bn/Makefile ============================================================================== --- stable/10/crypto/openssl/crypto/bn/Makefile Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bn/Makefile Wed Mar 2 15:43:01 2016 (r296317) @@ -243,7 +243,8 @@ bn_exp.o: ../../include/openssl/e_os2.h bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h +bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h Modified: stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl ============================================================================== --- stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Wed Mar 2 15:43:01 2016 (r296317) @@ -66,60 +66,113 @@ bn_mul_mont_gather5: .align 16 .Lmul_enter: mov ${num}d,${num}d - mov `($win64?56:8)`(%rsp),%r10d # load 7th argument + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 push %rbx push %rbp push %r12 push %r13 push %r14 push %r15 -___ -$code.=<<___ if ($win64); - lea -0x28(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + .Lmul_alloca: -___ -$code.=<<___; mov %rsp,%rax lea 2($num),%r11 neg %r11 - lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)) + lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8) and \$-1024,%rsp # minimize TLB usage mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp .Lmul_body: - mov $bp,%r12 # reassign $bp + lea 128($bp),%r12 # reassign $bp (+size optimization) ___ $bp="%r12"; $STRIDE=2**5*8; # 5 is "window size" $N=$STRIDE/4; # should match cache line size $code.=<<___; - mov %r10,%r11 - shr \$`log($N/8)/log(2)`,%r10 - and \$`$N/8-1`,%r11 - not %r10 - lea .Lmagic_masks(%rip),%rax - and \$`2**5/($N/8)-1`,%r10 # 5 is "window size" - lea 96($bp,%r11,8),$bp # pointer within 1st cache line - movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which - movq 8(%rax,%r10,8),%xmm5 # cache line contains element - movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument - movq 24(%rax,%r10,8),%xmm7 - - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) + and \$-16,%r10 + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - movq %xmm0,$m0 # m0=bp[0] mov ($n0),$n0 # pull n0[0] value @@ -128,29 +181,14 @@ $code.=<<___; xor $i,$i # i=0 xor $j,$j # j=0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mov $n0,$m1 mulq $m0 # ap[0]*bp[0] mov %rax,$lo0 mov ($np),%rax - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $lo0,$m1 # "tp[0]"*n0 mov %rdx,$hi0 - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$lo0 # discarded mov 8($ap),%rax @@ -183,8 +221,6 @@ $code.=<<___; cmp $num,$j jne .L1st - movq %xmm0,$m0 # bp[1] - add %rax,$hi1 mov ($ap),%rax # ap[0] adc \$0,%rdx @@ -204,33 +240,46 @@ $code.=<<___; jmp .Louter .align 16 .Louter: + lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + and \$-16,%rdx + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movq %xmm0,$m0 # m0=bp[i] + xor $j,$j # j=0 mov $n0,$m1 mov (%rsp),$lo0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mulq $m0 # ap[0]*bp[i] add %rax,$lo0 # ap[0]*bp[i]+tp[0] mov ($np),%rax adc \$0,%rdx *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-10@freebsd.org Thu Mar 3 07:16:37 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10F44AC23C9; Thu, 3 Mar 2016 07:16:37 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D65DF10F7; Thu, 3 Mar 2016 07:16:36 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u237GZ9m036846; Thu, 3 Mar 2016 07:16:35 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u237GZhj036845; Thu, 3 Mar 2016 07:16:35 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201603030716.u237GZhj036845@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Thu, 3 Mar 2016 07:16:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296340 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2016 07:16:37 -0000 Author: kp Date: Thu Mar 3 07:16:35 2016 New Revision: 296340 URL: https://svnweb.freebsd.org/changeset/base/296340 Log: MFC: r296025: pf: Fix possible out-of-bounds write In the DIOCRSETADDRS ioctl() handler we allocate a table for struct pfr_addrs, which is processed in pfr_set_addrs(). At the users request we also provide feedback on the deleted addresses, by storing them after the new list ('bcopy(&ad, addr + size + i, sizeof(ad));' in pfr_set_addrs()). This means we write outside the bounds of the buffer we've just allocated. We need to look at pfrio_size2 instead (i.e. the size the user reserved for our feedback). That'd allow a malicious user to specify a smaller pfrio_size2 than pfrio_size though, in which case we'd still read outside of the allocated buffer. Instead we allocate the largest of the two values. Reported By: Paul J Murphy PR: 207463 Approved by: re (marius) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Thu Mar 3 07:07:44 2016 (r296339) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Thu Mar 3 07:16:35 2016 (r296340) @@ -2714,13 +2714,14 @@ DIOCCHANGEADDR_error: case DIOCRSETADDRS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_addr *pfras; - size_t totlen; + size_t totlen, count; if (io->pfrio_esize != sizeof(struct pfr_addr)) { error = ENODEV; break; } - totlen = io->pfrio_size * sizeof(struct pfr_addr); + count = max(io->pfrio_size, io->pfrio_size2); + totlen = count * sizeof(struct pfr_addr); pfras = malloc(totlen, M_TEMP, M_WAITOK); error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { From owner-svn-src-stable-10@freebsd.org Fri Mar 4 00:40:18 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 048C2A9495E; Fri, 4 Mar 2016 00:40:18 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B552C399; Fri, 4 Mar 2016 00:40:17 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u240eGUY044596; Fri, 4 Mar 2016 00:40:16 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u240eGeY044590; Fri, 4 Mar 2016 00:40:16 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201603040040.u240eGeY044590@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Fri, 4 Mar 2016 00:40:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296371 - stable/10/secure/lib/libcrypto X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 00:40:18 -0000 Author: jkim Date: Fri Mar 4 00:40:15 2016 New Revision: 296371 URL: https://svnweb.freebsd.org/changeset/base/296371 Log: Re-enable SSLv2 support to restore ABI. Excerpt from CHANGES: Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Approved by: re (marius, gjb), so (delphij) Modified: stable/10/secure/lib/libcrypto/opensslconf-arm.h stable/10/secure/lib/libcrypto/opensslconf-ia64.h stable/10/secure/lib/libcrypto/opensslconf-mips.h stable/10/secure/lib/libcrypto/opensslconf-powerpc.h stable/10/secure/lib/libcrypto/opensslconf-sparc64.h stable/10/secure/lib/libcrypto/opensslconf-x86.h Modified: stable/10/secure/lib/libcrypto/opensslconf-arm.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-arm.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-ia64.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-ia64.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-ia64.h Fri Mar 4 00:40:15 2016 (r296371) @@ -24,9 +24,6 @@ #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,9 +66,6 @@ # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-mips.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-mips.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-powerpc.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-powerpc.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-sparc64.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-sparc64.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-x86.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-x86.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -72,9 +69,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif From owner-svn-src-stable-10@freebsd.org Thu Mar 3 23:25:32 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8495CA93337; Thu, 3 Mar 2016 23:25:32 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 54ADE9EE; Thu, 3 Mar 2016 23:25:32 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u23NPVAq023636; Thu, 3 Mar 2016 23:25:31 GMT (envelope-from gnn@FreeBSD.org) Received: (from gnn@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u23NPVRs023635; Thu, 3 Mar 2016 23:25:31 GMT (envelope-from gnn@FreeBSD.org) Message-Id: <201603032325.u23NPVRs023635@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gnn set sender to gnn@FreeBSD.org using -f From: "George V. Neville-Neil" Date: Thu, 3 Mar 2016 23:25:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296370 - stable/10/sbin/pfctl X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2016 23:25:32 -0000 Author: gnn Date: Thu Mar 3 23:25:31 2016 New Revision: 296370 URL: https://svnweb.freebsd.org/changeset/base/296370 Log: MFC 285730 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode. PR: 194935 Submitted by: Jim Thompson Approved by: re (gjb) Modified: stable/10/sbin/pfctl/pfctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/pfctl/pfctl.c ============================================================================== --- stable/10/sbin/pfctl/pfctl.c Thu Mar 3 23:15:46 2016 (r296369) +++ stable/10/sbin/pfctl/pfctl.c Thu Mar 3 23:25:31 2016 (r296370) @@ -1930,7 +1930,7 @@ pfctl_test_altqsupport(int dev, int opts if (ioctl(dev, DIOCGETALTQS, &pa)) { if (errno == ENODEV) { - if (!(opts & PF_OPT_QUIET)) + if (opts & PF_OPT_VERBOSE) fprintf(stderr, "No ALTQ support in kernel\n" "ALTQ related functions disabled\n"); return (0); From owner-svn-src-stable-10@freebsd.org Fri Mar 4 01:29:11 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55999A9378D; Fri, 4 Mar 2016 01:29:11 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 25F31ADC; Fri, 4 Mar 2016 01:29:11 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u241TAF7060028; Fri, 4 Mar 2016 01:29:10 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u241TAKU060026; Fri, 4 Mar 2016 01:29:10 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201603040129.u241TAKU060026@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Fri, 4 Mar 2016 01:29:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296374 - in stable/10/sys: conf sys X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 01:29:11 -0000 Author: marius Date: Fri Mar 4 01:29:09 2016 New Revision: 296374 URL: https://svnweb.freebsd.org/changeset/base/296374 Log: - Reset stable/10 back to -PRERELEASE status now that releng/10.3 has been branched. - Update __FreeBSD_version to reflect the new -STABLE branch. Approved by: re (implicit) Modified: stable/10/sys/conf/newvers.sh stable/10/sys/sys/param.h Modified: stable/10/sys/conf/newvers.sh ============================================================================== --- stable/10/sys/conf/newvers.sh Fri Mar 4 01:27:38 2016 (r296373) +++ stable/10/sys/conf/newvers.sh Fri Mar 4 01:29:09 2016 (r296374) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="BETA3" +BRANCH="PRERELEASE" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: stable/10/sys/sys/param.h ============================================================================== --- stable/10/sys/sys/param.h Fri Mar 4 01:27:38 2016 (r296373) +++ stable/10/sys/sys/param.h Fri Mar 4 01:29:09 2016 (r296374) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1002509 /* Master, propagated to newvers */ +#define __FreeBSD_version 1003500 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-stable-10@freebsd.org Fri Mar 4 15:03:50 2016 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 687F69DB025; Fri, 4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2CE2CDC1; Fri, 4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1abrGV-000FwA-ND; Fri, 04 Mar 2016 18:03:39 +0300 Date: Fri, 4 Mar 2016 18:03:39 +0300 From: Slawa Olhovchenkov To: Jung-uk Kim Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r296371 - stable/10/secure/lib/libcrypto Message-ID: <20160304150339.GB94639@zxy.spb.ru> References: <201603040040.u240eGeY044590@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201603040040.u240eGeY044590@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 15:03:50 -0000 On Fri, Mar 04, 2016 at 12:40:16AM +0000, Jung-uk Kim wrote: > Author: jkim > Date: Fri Mar 4 00:40:15 2016 > New Revision: 296371 > URL: https://svnweb.freebsd.org/changeset/base/296371 > > Log: > Re-enable SSLv2 support to restore ABI. > > Excerpt from CHANGES: > > Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via > the version-flexible SSLv23_method() will need to explicitly call > either of: > > SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); > or > SSL_clear_options(ssl, SSL_OP_NO_SSLv2); > > as appropriate. Even if either of those is used, or the application > explicitly uses the version-specific SSLv2_method() or its client and > server variants, SSLv2 ciphers vulnerable to exhaustive search key > recovery have been removed. Specifically, the SSLv2 40-bit EXPORT > ciphers, and SSLv2 56-bit DES are no longer available. > > Approved by: re (marius, gjb), so (delphij) > > Modified: > stable/10/secure/lib/libcrypto/opensslconf-arm.h > stable/10/secure/lib/libcrypto/opensslconf-ia64.h > stable/10/secure/lib/libcrypto/opensslconf-mips.h > stable/10/secure/lib/libcrypto/opensslconf-powerpc.h > stable/10/secure/lib/libcrypto/opensslconf-sparc64.h > stable/10/secure/lib/libcrypto/opensslconf-x86.h Need to re-mergered to 10.3 too?