Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 15 Oct 2014 20:28:32 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r273151 - in stable: 8/crypto/openssl 8/crypto/openssl/apps 8/crypto/openssl/crypto 8/crypto/openssl/crypto/bn 8/crypto/openssl/crypto/bn/asm 8/crypto/openssl/crypto/ec 8/crypto/openssl...
Message-ID:  <201410152028.s9FKSWSc044057@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Wed Oct 15 20:28:31 2014
New Revision: 273151
URL: https://svnweb.freebsd.org/changeset/base/273151

Log:
  Merge OpenSSL 0.9.8zc.

Added:
  stable/8/crypto/openssl/crypto/constant_time_locl.h
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_locl.h
  stable/8/crypto/openssl/crypto/constant_time_test.c
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_test.c
  stable/8/crypto/openssl/test/constant_time_test.c
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/test/constant_time_test.c
Modified:
  stable/8/crypto/openssl/CHANGES
  stable/8/crypto/openssl/Makefile
  stable/8/crypto/openssl/NEWS
  stable/8/crypto/openssl/README
  stable/8/crypto/openssl/apps/s_client.c
  stable/8/crypto/openssl/crypto/LPdir_vms.c
  stable/8/crypto/openssl/crypto/LPdir_win.c
  stable/8/crypto/openssl/crypto/Makefile
  stable/8/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
  stable/8/crypto/openssl/crypto/bn/bn_exp.c
  stable/8/crypto/openssl/crypto/bn/exptest.c
  stable/8/crypto/openssl/crypto/ec/ec_key.c
  stable/8/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/8/crypto/openssl/crypto/err/openssl.ec
  stable/8/crypto/openssl/crypto/evp/Makefile
  stable/8/crypto/openssl/crypto/evp/evp_enc.c
  stable/8/crypto/openssl/crypto/opensslv.h
  stable/8/crypto/openssl/crypto/rsa/Makefile
  stable/8/crypto/openssl/crypto/rsa/rsa.h
  stable/8/crypto/openssl/crypto/rsa/rsa_err.c
  stable/8/crypto/openssl/crypto/rsa/rsa_oaep.c
  stable/8/crypto/openssl/crypto/rsa/rsa_pk1.c
  stable/8/crypto/openssl/crypto/rsa/rsa_sign.c
  stable/8/crypto/openssl/doc/apps/s_client.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
  stable/8/crypto/openssl/e_os.h
  stable/8/crypto/openssl/openssl.spec
  stable/8/crypto/openssl/ssl/Makefile
  stable/8/crypto/openssl/ssl/d1_lib.c
  stable/8/crypto/openssl/ssl/dtls1.h
  stable/8/crypto/openssl/ssl/s23_clnt.c
  stable/8/crypto/openssl/ssl/s23_srvr.c
  stable/8/crypto/openssl/ssl/s2_lib.c
  stable/8/crypto/openssl/ssl/s3_cbc.c
  stable/8/crypto/openssl/ssl/s3_clnt.c
  stable/8/crypto/openssl/ssl/s3_enc.c
  stable/8/crypto/openssl/ssl/s3_lib.c
  stable/8/crypto/openssl/ssl/s3_pkt.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
  stable/8/crypto/openssl/ssl/ssl.h
  stable/8/crypto/openssl/ssl/ssl3.h
  stable/8/crypto/openssl/ssl/ssl_err.c
  stable/8/crypto/openssl/ssl/ssl_lib.c
  stable/8/crypto/openssl/ssl/t1_enc.c
  stable/8/crypto/openssl/ssl/t1_lib.c
  stable/8/crypto/openssl/ssl/tls1.h
  stable/8/crypto/openssl/test/Makefile
  stable/8/secure/lib/libcrypto/Makefile.inc
  stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/8/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/8/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/8/secure/lib/libcrypto/man/BIO_f_md.3
  stable/8/secure/lib/libcrypto/man/BIO_f_null.3
  stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/8/secure/lib/libcrypto/man/BIO_find_type.3
  stable/8/secure/lib/libcrypto/man/BIO_new.3
  stable/8/secure/lib/libcrypto/man/BIO_push.3
  stable/8/secure/lib/libcrypto/man/BIO_read.3
  stable/8/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/8/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/8/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/8/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/8/secure/lib/libcrypto/man/BIO_s_file.3
  stable/8/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/8/secure/lib/libcrypto/man/BIO_s_null.3
  stable/8/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/8/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/8/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/8/secure/lib/libcrypto/man/BN_add.3
  stable/8/secure/lib/libcrypto/man/BN_add_word.3
  stable/8/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/8/secure/lib/libcrypto/man/BN_cmp.3
  stable/8/secure/lib/libcrypto/man/BN_copy.3
  stable/8/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/8/secure/lib/libcrypto/man/BN_new.3
  stable/8/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/8/secure/lib/libcrypto/man/BN_rand.3
  stable/8/secure/lib/libcrypto/man/BN_set_bit.3
  stable/8/secure/lib/libcrypto/man/BN_swap.3
  stable/8/secure/lib/libcrypto/man/BN_zero.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/8/secure/lib/libcrypto/man/DH_generate_key.3
  stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DH_new.3
  stable/8/secure/lib/libcrypto/man/DH_set_method.3
  stable/8/secure/lib/libcrypto/man/DH_size.3
  stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/8/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DSA_new.3
  stable/8/secure/lib/libcrypto/man/DSA_set_method.3
  stable/8/secure/lib/libcrypto/man/DSA_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_size.3
  stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/8/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/8/secure/lib/libcrypto/man/ERR_error_string.3
  stable/8/secure/lib/libcrypto/man/ERR_get_error.3
  stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/8/secure/lib/libcrypto/man/ERR_put_error.3
  stable/8/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/8/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/8/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/8/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/8/secure/lib/libcrypto/man/PKCS12_create.3
  stable/8/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/8/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/8/secure/lib/libcrypto/man/RAND_add.3
  stable/8/secure/lib/libcrypto/man/RAND_bytes.3
  stable/8/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/8/secure/lib/libcrypto/man/RAND_egd.3
  stable/8/secure/lib/libcrypto/man/RAND_load_file.3
  stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/8/secure/lib/libcrypto/man/RSA_check_key.3
  stable/8/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/RSA_new.3
  stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/8/secure/lib/libcrypto/man/RSA_print.3
  stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_set_method.3
  stable/8/secure/lib/libcrypto/man/RSA_sign.3
  stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/8/secure/lib/libcrypto/man/RSA_size.3
  stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/8/secure/lib/libcrypto/man/X509_new.3
  stable/8/secure/lib/libcrypto/man/bio.3
  stable/8/secure/lib/libcrypto/man/blowfish.3
  stable/8/secure/lib/libcrypto/man/bn.3
  stable/8/secure/lib/libcrypto/man/bn_internal.3
  stable/8/secure/lib/libcrypto/man/buffer.3
  stable/8/secure/lib/libcrypto/man/crypto.3
  stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/8/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_X509.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/8/secure/lib/libcrypto/man/des.3
  stable/8/secure/lib/libcrypto/man/dh.3
  stable/8/secure/lib/libcrypto/man/dsa.3
  stable/8/secure/lib/libcrypto/man/ecdsa.3
  stable/8/secure/lib/libcrypto/man/engine.3
  stable/8/secure/lib/libcrypto/man/err.3
  stable/8/secure/lib/libcrypto/man/evp.3
  stable/8/secure/lib/libcrypto/man/hmac.3
  stable/8/secure/lib/libcrypto/man/lh_stats.3
  stable/8/secure/lib/libcrypto/man/lhash.3
  stable/8/secure/lib/libcrypto/man/md5.3
  stable/8/secure/lib/libcrypto/man/mdc2.3
  stable/8/secure/lib/libcrypto/man/pem.3
  stable/8/secure/lib/libcrypto/man/rand.3
  stable/8/secure/lib/libcrypto/man/rc4.3
  stable/8/secure/lib/libcrypto/man/ripemd.3
  stable/8/secure/lib/libcrypto/man/rsa.3
  stable/8/secure/lib/libcrypto/man/sha.3
  stable/8/secure/lib/libcrypto/man/threads.3
  stable/8/secure/lib/libcrypto/man/ui.3
  stable/8/secure/lib/libcrypto/man/ui_compat.3
  stable/8/secure/lib/libcrypto/man/x509.3
  stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_free.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/8/secure/lib/libssl/man/SSL_CTX_new.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/8/secure/lib/libssl/man/SSL_accept.3
  stable/8/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/8/secure/lib/libssl/man/SSL_clear.3
  stable/8/secure/lib/libssl/man/SSL_connect.3
  stable/8/secure/lib/libssl/man/SSL_do_handshake.3
  stable/8/secure/lib/libssl/man/SSL_free.3
  stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/8/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/8/secure/lib/libssl/man/SSL_get_error.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_get_fd.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/8/secure/lib/libssl/man/SSL_get_rbio.3
  stable/8/secure/lib/libssl/man/SSL_get_session.3
  stable/8/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_get_version.3
  stable/8/secure/lib/libssl/man/SSL_library_init.3
  stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/8/secure/lib/libssl/man/SSL_new.3
  stable/8/secure/lib/libssl/man/SSL_pending.3
  stable/8/secure/lib/libssl/man/SSL_read.3
  stable/8/secure/lib/libssl/man/SSL_rstate_string.3
  stable/8/secure/lib/libssl/man/SSL_session_reused.3
  stable/8/secure/lib/libssl/man/SSL_set_bio.3
  stable/8/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/8/secure/lib/libssl/man/SSL_set_fd.3
  stable/8/secure/lib/libssl/man/SSL_set_session.3
  stable/8/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_state_string.3
  stable/8/secure/lib/libssl/man/SSL_want.3
  stable/8/secure/lib/libssl/man/SSL_write.3
  stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/8/secure/lib/libssl/man/ssl.3
  stable/8/secure/usr.bin/openssl/man/CA.pl.1
  stable/8/secure/usr.bin/openssl/man/asn1parse.1
  stable/8/secure/usr.bin/openssl/man/ca.1
  stable/8/secure/usr.bin/openssl/man/ciphers.1
  stable/8/secure/usr.bin/openssl/man/crl.1
  stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/8/secure/usr.bin/openssl/man/dgst.1
  stable/8/secure/usr.bin/openssl/man/dhparam.1
  stable/8/secure/usr.bin/openssl/man/dsa.1
  stable/8/secure/usr.bin/openssl/man/dsaparam.1
  stable/8/secure/usr.bin/openssl/man/ec.1
  stable/8/secure/usr.bin/openssl/man/ecparam.1
  stable/8/secure/usr.bin/openssl/man/enc.1
  stable/8/secure/usr.bin/openssl/man/errstr.1
  stable/8/secure/usr.bin/openssl/man/gendsa.1
  stable/8/secure/usr.bin/openssl/man/genrsa.1
  stable/8/secure/usr.bin/openssl/man/nseq.1
  stable/8/secure/usr.bin/openssl/man/ocsp.1
  stable/8/secure/usr.bin/openssl/man/openssl.1
  stable/8/secure/usr.bin/openssl/man/passwd.1
  stable/8/secure/usr.bin/openssl/man/pkcs12.1
  stable/8/secure/usr.bin/openssl/man/pkcs7.1
  stable/8/secure/usr.bin/openssl/man/pkcs8.1
  stable/8/secure/usr.bin/openssl/man/rand.1
  stable/8/secure/usr.bin/openssl/man/req.1
  stable/8/secure/usr.bin/openssl/man/rsa.1
  stable/8/secure/usr.bin/openssl/man/rsautl.1
  stable/8/secure/usr.bin/openssl/man/s_client.1
  stable/8/secure/usr.bin/openssl/man/s_server.1
  stable/8/secure/usr.bin/openssl/man/s_time.1
  stable/8/secure/usr.bin/openssl/man/sess_id.1
  stable/8/secure/usr.bin/openssl/man/smime.1
  stable/8/secure/usr.bin/openssl/man/speed.1
  stable/8/secure/usr.bin/openssl/man/spkac.1
  stable/8/secure/usr.bin/openssl/man/verify.1
  stable/8/secure/usr.bin/openssl/man/version.1
  stable/8/secure/usr.bin/openssl/man/x509.1
  stable/8/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/8/crypto/openssl/   (props changed)

Changes in other areas also in this revision:
Added:
  stable/9/crypto/openssl/crypto/constant_time_locl.h
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_locl.h
  stable/9/crypto/openssl/crypto/constant_time_test.c
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_test.c
  stable/9/crypto/openssl/test/constant_time_test.c
     - copied unchanged from r273140, vendor-crypto/openssl/dist-0.9.8/test/constant_time_test.c
Modified:
  stable/9/crypto/openssl/CHANGES
  stable/9/crypto/openssl/Makefile
  stable/9/crypto/openssl/NEWS
  stable/9/crypto/openssl/README
  stable/9/crypto/openssl/apps/s_client.c
  stable/9/crypto/openssl/crypto/LPdir_vms.c
  stable/9/crypto/openssl/crypto/LPdir_win.c
  stable/9/crypto/openssl/crypto/Makefile
  stable/9/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
  stable/9/crypto/openssl/crypto/bn/bn_exp.c
  stable/9/crypto/openssl/crypto/bn/exptest.c
  stable/9/crypto/openssl/crypto/ec/ec_key.c
  stable/9/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/9/crypto/openssl/crypto/err/openssl.ec
  stable/9/crypto/openssl/crypto/evp/Makefile
  stable/9/crypto/openssl/crypto/evp/evp_enc.c
  stable/9/crypto/openssl/crypto/opensslv.h
  stable/9/crypto/openssl/crypto/rsa/Makefile
  stable/9/crypto/openssl/crypto/rsa/rsa.h
  stable/9/crypto/openssl/crypto/rsa/rsa_err.c
  stable/9/crypto/openssl/crypto/rsa/rsa_oaep.c
  stable/9/crypto/openssl/crypto/rsa/rsa_pk1.c
  stable/9/crypto/openssl/crypto/rsa/rsa_sign.c
  stable/9/crypto/openssl/doc/apps/s_client.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
  stable/9/crypto/openssl/e_os.h
  stable/9/crypto/openssl/openssl.spec
  stable/9/crypto/openssl/ssl/Makefile
  stable/9/crypto/openssl/ssl/d1_lib.c
  stable/9/crypto/openssl/ssl/dtls1.h
  stable/9/crypto/openssl/ssl/s23_clnt.c
  stable/9/crypto/openssl/ssl/s23_srvr.c
  stable/9/crypto/openssl/ssl/s2_lib.c
  stable/9/crypto/openssl/ssl/s3_cbc.c
  stable/9/crypto/openssl/ssl/s3_clnt.c
  stable/9/crypto/openssl/ssl/s3_enc.c
  stable/9/crypto/openssl/ssl/s3_lib.c
  stable/9/crypto/openssl/ssl/s3_pkt.c
  stable/9/crypto/openssl/ssl/s3_srvr.c
  stable/9/crypto/openssl/ssl/ssl.h
  stable/9/crypto/openssl/ssl/ssl3.h
  stable/9/crypto/openssl/ssl/ssl_err.c
  stable/9/crypto/openssl/ssl/ssl_lib.c
  stable/9/crypto/openssl/ssl/t1_enc.c
  stable/9/crypto/openssl/ssl/t1_lib.c
  stable/9/crypto/openssl/ssl/tls1.h
  stable/9/crypto/openssl/test/Makefile
  stable/9/secure/lib/libcrypto/Makefile.inc
  stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/9/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/9/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/9/secure/lib/libcrypto/man/BIO_f_md.3
  stable/9/secure/lib/libcrypto/man/BIO_f_null.3
  stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/9/secure/lib/libcrypto/man/BIO_find_type.3
  stable/9/secure/lib/libcrypto/man/BIO_new.3
  stable/9/secure/lib/libcrypto/man/BIO_push.3
  stable/9/secure/lib/libcrypto/man/BIO_read.3
  stable/9/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/9/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/9/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/9/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/9/secure/lib/libcrypto/man/BIO_s_file.3
  stable/9/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/9/secure/lib/libcrypto/man/BIO_s_null.3
  stable/9/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/9/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/9/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/9/secure/lib/libcrypto/man/BN_add.3
  stable/9/secure/lib/libcrypto/man/BN_add_word.3
  stable/9/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/9/secure/lib/libcrypto/man/BN_cmp.3
  stable/9/secure/lib/libcrypto/man/BN_copy.3
  stable/9/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/9/secure/lib/libcrypto/man/BN_new.3
  stable/9/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/9/secure/lib/libcrypto/man/BN_rand.3
  stable/9/secure/lib/libcrypto/man/BN_set_bit.3
  stable/9/secure/lib/libcrypto/man/BN_swap.3
  stable/9/secure/lib/libcrypto/man/BN_zero.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/9/secure/lib/libcrypto/man/DH_generate_key.3
  stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DH_new.3
  stable/9/secure/lib/libcrypto/man/DH_set_method.3
  stable/9/secure/lib/libcrypto/man/DH_size.3
  stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/9/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DSA_new.3
  stable/9/secure/lib/libcrypto/man/DSA_set_method.3
  stable/9/secure/lib/libcrypto/man/DSA_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_size.3
  stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/9/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/9/secure/lib/libcrypto/man/ERR_error_string.3
  stable/9/secure/lib/libcrypto/man/ERR_get_error.3
  stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/9/secure/lib/libcrypto/man/ERR_put_error.3
  stable/9/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/9/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/9/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/9/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/9/secure/lib/libcrypto/man/PKCS12_create.3
  stable/9/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/9/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/9/secure/lib/libcrypto/man/RAND_add.3
  stable/9/secure/lib/libcrypto/man/RAND_bytes.3
  stable/9/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/9/secure/lib/libcrypto/man/RAND_egd.3
  stable/9/secure/lib/libcrypto/man/RAND_load_file.3
  stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/9/secure/lib/libcrypto/man/RSA_check_key.3
  stable/9/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/RSA_new.3
  stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/9/secure/lib/libcrypto/man/RSA_print.3
  stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_set_method.3
  stable/9/secure/lib/libcrypto/man/RSA_sign.3
  stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/9/secure/lib/libcrypto/man/RSA_size.3
  stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/9/secure/lib/libcrypto/man/X509_new.3
  stable/9/secure/lib/libcrypto/man/bio.3
  stable/9/secure/lib/libcrypto/man/blowfish.3
  stable/9/secure/lib/libcrypto/man/bn.3
  stable/9/secure/lib/libcrypto/man/bn_internal.3
  stable/9/secure/lib/libcrypto/man/buffer.3
  stable/9/secure/lib/libcrypto/man/crypto.3
  stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/9/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_X509.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/9/secure/lib/libcrypto/man/des.3
  stable/9/secure/lib/libcrypto/man/dh.3
  stable/9/secure/lib/libcrypto/man/dsa.3
  stable/9/secure/lib/libcrypto/man/ecdsa.3
  stable/9/secure/lib/libcrypto/man/engine.3
  stable/9/secure/lib/libcrypto/man/err.3
  stable/9/secure/lib/libcrypto/man/evp.3
  stable/9/secure/lib/libcrypto/man/hmac.3
  stable/9/secure/lib/libcrypto/man/lh_stats.3
  stable/9/secure/lib/libcrypto/man/lhash.3
  stable/9/secure/lib/libcrypto/man/md5.3
  stable/9/secure/lib/libcrypto/man/mdc2.3
  stable/9/secure/lib/libcrypto/man/pem.3
  stable/9/secure/lib/libcrypto/man/rand.3
  stable/9/secure/lib/libcrypto/man/rc4.3
  stable/9/secure/lib/libcrypto/man/ripemd.3
  stable/9/secure/lib/libcrypto/man/rsa.3
  stable/9/secure/lib/libcrypto/man/sha.3
  stable/9/secure/lib/libcrypto/man/threads.3
  stable/9/secure/lib/libcrypto/man/ui.3
  stable/9/secure/lib/libcrypto/man/ui_compat.3
  stable/9/secure/lib/libcrypto/man/x509.3
  stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_free.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/9/secure/lib/libssl/man/SSL_CTX_new.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/9/secure/lib/libssl/man/SSL_accept.3
  stable/9/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/9/secure/lib/libssl/man/SSL_clear.3
  stable/9/secure/lib/libssl/man/SSL_connect.3
  stable/9/secure/lib/libssl/man/SSL_do_handshake.3
  stable/9/secure/lib/libssl/man/SSL_free.3
  stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/9/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/9/secure/lib/libssl/man/SSL_get_error.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_get_fd.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/9/secure/lib/libssl/man/SSL_get_rbio.3
  stable/9/secure/lib/libssl/man/SSL_get_session.3
  stable/9/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_get_version.3
  stable/9/secure/lib/libssl/man/SSL_library_init.3
  stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/9/secure/lib/libssl/man/SSL_new.3
  stable/9/secure/lib/libssl/man/SSL_pending.3
  stable/9/secure/lib/libssl/man/SSL_read.3
  stable/9/secure/lib/libssl/man/SSL_rstate_string.3
  stable/9/secure/lib/libssl/man/SSL_session_reused.3
  stable/9/secure/lib/libssl/man/SSL_set_bio.3
  stable/9/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/9/secure/lib/libssl/man/SSL_set_fd.3
  stable/9/secure/lib/libssl/man/SSL_set_session.3
  stable/9/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_state_string.3
  stable/9/secure/lib/libssl/man/SSL_want.3
  stable/9/secure/lib/libssl/man/SSL_write.3
  stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/9/secure/lib/libssl/man/ssl.3
  stable/9/secure/usr.bin/openssl/man/CA.pl.1
  stable/9/secure/usr.bin/openssl/man/asn1parse.1
  stable/9/secure/usr.bin/openssl/man/ca.1
  stable/9/secure/usr.bin/openssl/man/ciphers.1
  stable/9/secure/usr.bin/openssl/man/crl.1
  stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/9/secure/usr.bin/openssl/man/dgst.1
  stable/9/secure/usr.bin/openssl/man/dhparam.1
  stable/9/secure/usr.bin/openssl/man/dsa.1
  stable/9/secure/usr.bin/openssl/man/dsaparam.1
  stable/9/secure/usr.bin/openssl/man/ec.1
  stable/9/secure/usr.bin/openssl/man/ecparam.1
  stable/9/secure/usr.bin/openssl/man/enc.1
  stable/9/secure/usr.bin/openssl/man/errstr.1
  stable/9/secure/usr.bin/openssl/man/gendsa.1
  stable/9/secure/usr.bin/openssl/man/genrsa.1
  stable/9/secure/usr.bin/openssl/man/nseq.1
  stable/9/secure/usr.bin/openssl/man/ocsp.1
  stable/9/secure/usr.bin/openssl/man/openssl.1
  stable/9/secure/usr.bin/openssl/man/passwd.1
  stable/9/secure/usr.bin/openssl/man/pkcs12.1
  stable/9/secure/usr.bin/openssl/man/pkcs7.1
  stable/9/secure/usr.bin/openssl/man/pkcs8.1
  stable/9/secure/usr.bin/openssl/man/rand.1
  stable/9/secure/usr.bin/openssl/man/req.1
  stable/9/secure/usr.bin/openssl/man/rsa.1
  stable/9/secure/usr.bin/openssl/man/rsautl.1
  stable/9/secure/usr.bin/openssl/man/s_client.1
  stable/9/secure/usr.bin/openssl/man/s_server.1
  stable/9/secure/usr.bin/openssl/man/s_time.1
  stable/9/secure/usr.bin/openssl/man/sess_id.1
  stable/9/secure/usr.bin/openssl/man/smime.1
  stable/9/secure/usr.bin/openssl/man/speed.1
  stable/9/secure/usr.bin/openssl/man/spkac.1
  stable/9/secure/usr.bin/openssl/man/verify.1
  stable/9/secure/usr.bin/openssl/man/version.1
  stable/9/secure/usr.bin/openssl/man/x509.1
  stable/9/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/9/crypto/openssl/   (props changed)

Modified: stable/8/crypto/openssl/CHANGES
==============================================================================
--- stable/8/crypto/openssl/CHANGES	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/CHANGES	Wed Oct 15 20:28:31 2014	(r273151)
@@ -2,6 +2,43 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+ 
+     Reencode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
  Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
 
   *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject

Modified: stable/8/crypto/openssl/Makefile
==============================================================================
--- stable/8/crypto/openssl/Makefile	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/Makefile	Wed Oct 15 20:28:31 2014	(r273151)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.8zb
+VERSION=0.9.8zc
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8

Modified: stable/8/crypto/openssl/NEWS
==============================================================================
--- stable/8/crypto/openssl/NEWS	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/NEWS	Wed Oct 15 20:28:31 2014	(r273151)
@@ -5,6 +5,13 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
   Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
 
       o Fix for CVE-2014-3510

Modified: stable/8/crypto/openssl/README
==============================================================================
--- stable/8/crypto/openssl/README	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/README	Wed Oct 15 20:28:31 2014	(r273151)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8zb 6 Aug 2014
+ OpenSSL 0.9.8zc 15 Oct 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/8/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/8/crypto/openssl/apps/s_client.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/apps/s_client.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -226,6 +226,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
+	BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
 	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
@@ -339,6 +340,7 @@ int MAIN(int argc, char **argv)
 	char *sess_out = NULL;
 	struct sockaddr peer;
 	int peerlen = sizeof(peer);
+	int fallback_scsv = 0;
 	int enable_timeouts = 0 ;
 	long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
@@ -488,6 +490,10 @@ int MAIN(int argc, char **argv)
 			socket_mtu = atol(*(++argv));
 			}
 #endif
+		else if (strcmp(*argv,"-fallback_scsv") == 0)
+			{
+			fallback_scsv = 1;
+			}
 		else if (strcmp(*argv,"-bugs") == 0)
 			bugs=1;
 		else if	(strcmp(*argv,"-keyform") == 0)
@@ -778,6 +784,10 @@ bad:
 		SSL_set_session(con, sess);
 		SSL_SESSION_free(sess);
 		}
+
+	if (fallback_scsv)
+		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
 #ifndef OPENSSL_NO_TLSEXT
 	if (servername != NULL)
 		{

Modified: stable/8/crypto/openssl/crypto/LPdir_vms.c
==============================================================================
--- stable/8/crypto/openssl/crypto/LPdir_vms.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/LPdir_vms.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -1,4 +1,3 @@
-/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
@@ -82,6 +81,12 @@ const char *LP_find_file(LP_DIR_CTX **ct
       size_t filespeclen = strlen(directory);
       char *filespec = NULL;
 
+      if (filespeclen == 0)
+	{
+	  errno = ENOENT;
+	  return 0;
+	}
+
       /* MUST be a VMS directory specification!  Let's estimate if it is. */
       if (directory[filespeclen-1] != ']'
 	  && directory[filespeclen-1] != '>'

Modified: stable/8/crypto/openssl/crypto/LPdir_win.c
==============================================================================
--- stable/8/crypto/openssl/crypto/LPdir_win.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/LPdir_win.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -1,4 +1,3 @@
-/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
  * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
  * All rights reserved.
@@ -65,6 +64,16 @@ const char *LP_find_file(LP_DIR_CTX **ct
   errno = 0;
   if (*ctx == NULL)
     {
+      const char *extdir = directory;
+      char *extdirbuf = NULL;
+      size_t dirlen = strlen (directory);
+
+      if (dirlen == 0)
+	{
+	  errno = ENOENT;
+	  return 0;
+	}
+
       *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
       if (*ctx == NULL)
 	{
@@ -73,15 +82,35 @@ const char *LP_find_file(LP_DIR_CTX **ct
 	}
       memset(*ctx, '\0', sizeof(LP_DIR_CTX));
 
+      if (directory[dirlen-1] != '*')
+	{
+	  extdirbuf = (char *)malloc(dirlen + 3);
+	  if (extdirbuf == NULL)
+	    {
+	      free(*ctx);
+	      *ctx = NULL;
+	      errno = ENOMEM;
+	      return 0;
+	    }
+	  if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\')
+	    extdir = strcat(strcpy (extdirbuf,directory),"/*");
+	  else
+	    extdir = strcat(strcpy (extdirbuf,directory),"*");
+	}
+
       if (sizeof(TCHAR) != sizeof(char))
 	{
 	  TCHAR *wdir = NULL;
 	  /* len_0 denotes string length *with* trailing 0 */ 
-	  size_t index = 0,len_0 = strlen(directory) + 1;
+	  size_t index = 0,len_0 = strlen(extdir) + 1;
 
-	  wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+	  wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
 	  if (wdir == NULL)
 	    {
+	      if (extdirbuf != NULL)
+		{
+		  free (extdirbuf);
+		}
 	      free(*ctx);
 	      *ctx = NULL;
 	      errno = ENOMEM;
@@ -89,17 +118,23 @@ const char *LP_find_file(LP_DIR_CTX **ct
 	    }
 
 #ifdef LP_MULTIBYTE_AVAILABLE
-	  if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+	  if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
 #endif
 	    for (index = 0; index < len_0; index++)
-	      wdir[index] = (TCHAR)directory[index];
+	      wdir[index] = (TCHAR)extdir[index];
 
 	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
 
 	  free(wdir);
 	}
       else
-	(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+	{
+	  (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
+	}
+      if (extdirbuf != NULL)
+	{
+	  free (extdirbuf);
+	}
 
       if ((*ctx)->handle == INVALID_HANDLE_VALUE)
 	{
@@ -116,7 +151,6 @@ const char *LP_find_file(LP_DIR_CTX **ct
 	  return 0;
 	}
     }
-
   if (sizeof(TCHAR) != sizeof(char))
     {
       TCHAR *wdir = (*ctx)->ctx.cFileName;

Modified: stable/8/crypto/openssl/crypto/Makefile
==============================================================================
--- stable/8/crypto/openssl/crypto/Makefile	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/Makefile	Wed Oct 15 20:28:31 2014	(r273151)
@@ -30,6 +30,7 @@ AFLAGS=$(ASFLAGS)
 LIBS=
 
 GENERAL=Makefile README crypto-lib.com install.com
+TEST=constant_time_test.c
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)

Modified: stable/8/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/asm/x86_64-gcc.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/bn/asm/x86_64-gcc.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -185,7 +185,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
 
 	if (n <= 0) return 0;
 
-	asm (
+	asm volatile (
 	"	subq	%2,%2		\n"
 	".align 16			\n"
 	"1:	movq	(%4,%2,8),%0	\n"
@@ -196,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
 	"	sbbq	%0,%0		\n"
 		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
+		: "cc", "memory"
 	);
 
   return ret&1;
@@ -208,7 +208,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
 
 	if (n <= 0) return 0;
 
-	asm (
+	asm volatile (
 	"	subq	%2,%2		\n"
 	".align 16			\n"
 	"1:	movq	(%4,%2,8),%0	\n"
@@ -219,7 +219,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
 	"	sbbq	%0,%0		\n"
 		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc"
+		: "cc", "memory"
 	);
 
   return ret&1;

Modified: stable/8/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_exp.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/bn/bn_exp.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -767,7 +767,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
 	bits = BN_num_bits(p);
 	if (bits == 0)
 		{
-		ret = BN_one(rr);
+		/* x**0 mod 1 is still zero. */
+		if (BN_is_one(m))
+			{
+			ret = 1;
+			BN_zero(rr);
+			}
+		else
+			ret = BN_one(rr);
 		return ret;
 		}
 	if (a == 0)

Modified: stable/8/crypto/openssl/crypto/bn/exptest.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/exptest.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/bn/exptest.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -71,6 +71,43 @@
 
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
+static int test_exp_mod_zero() {
+	BIGNUM a, p, m;
+	BIGNUM r;
+	BN_CTX *ctx = BN_CTX_new();
+	int ret = 1;
+
+	BN_init(&m);
+	BN_one(&m);
+
+	BN_init(&a);
+	BN_one(&a);
+
+	BN_init(&p);
+	BN_zero(&p);
+
+	BN_init(&r);
+	BN_mod_exp(&r, &a, &p, &m, ctx);
+	BN_CTX_free(ctx);
+
+	if (BN_is_zero(&r))
+		ret = 0;
+	else
+		{
+		printf("1**0 mod 1 = ");
+		BN_print_fp(stdout, &r);
+		printf(", should be 0\n");
+		}
+
+	BN_free(&r);
+	BN_free(&a);
+	BN_free(&p);
+	BN_free(&m);
+
+	return ret;
+}
+
 int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
@@ -190,7 +227,13 @@ int main(int argc, char *argv[])
 	ERR_remove_state(0);
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
-	printf(" done\n");
+	printf("\n");
+
+	if (test_exp_mod_zero() != 0)
+		goto err;
+
+	printf("done\n");
+
 	EXIT(0);
 err:
 	ERR_load_crypto_strings();

Copied: stable/8/crypto/openssl/crypto/constant_time_locl.h (from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_locl.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/8/crypto/openssl/crypto/constant_time_locl.h	Wed Oct 15 20:28:31 2014	(r273151, copy of r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_locl.h)
@@ -0,0 +1,216 @@
+/* crypto/constant_time_locl.h */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+#define HEADER_CONSTANT_TIME_LOCL_H
+
+#include "e_os.h"  /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ *   c = a;
+ * } else {
+ *   c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+
+/*
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+	unsigned int a, unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+	unsigned char a, unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+	{
+	return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+	}
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+	{
+	unsigned int lt;
+	/* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
+	lt = ~(a ^ b) & (a - b);
+	/* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
+	lt |= ~a & b;
+	return constant_time_msb(lt);
+	}
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_lt(a, b));
+	}
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+	{
+	unsigned int ge;
+	/* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
+	ge = ~((a ^ b) | (a - b));
+	/* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
+	ge |= a & ~b;
+	return constant_time_msb(ge);
+	}
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_ge(a, b));
+	}
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+	{
+	return constant_time_msb(~a & (a - 1));
+	}
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+	{
+	return (unsigned char)(constant_time_is_zero(a));
+	}
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+	{
+	return constant_time_is_zero(a ^ b);
+	}
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+	{
+	return (unsigned char)(constant_time_eq(a, b));
+	}
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+	{
+	return constant_time_eq((unsigned)(a), (unsigned)(b));
+	}
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+	{
+	return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+	}
+
+static inline unsigned int constant_time_select(unsigned int mask,
+	unsigned int a, unsigned int b)
+	{
+	return (mask & a) | (~mask & b);
+	}
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+	unsigned char a, unsigned char b)
+	{
+	return (unsigned char)(constant_time_select(mask, a, b));
+	}
+
+inline int constant_time_select_int(unsigned int mask, int a, int b)
+	{
+	return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+	}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* HEADER_CONSTANT_TIME_LOCL_H */

Copied: stable/8/crypto/openssl/crypto/constant_time_test.c (from r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_test.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/8/crypto/openssl/crypto/constant_time_test.c	Wed Oct 15 20:28:31 2014	(r273151, copy of r273140, vendor-crypto/openssl/dist-0.9.8/crypto/constant_time_test.c)
@@ -0,0 +1,330 @@
+/* crypto/constant_time_test.c */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "../crypto/constant_time_locl.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
+static const unsigned int CONSTTIME_FALSE = 0;
+static const unsigned char CONSTTIME_TRUE_8 = 0xff;
+static const unsigned char CONSTTIME_FALSE_8 = 0;
+
+static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b),
+	const char* op_name, unsigned int a, unsigned int b, int is_true)
+	{
+	unsigned c = op(a, b);
+	if (is_true && c != CONSTTIME_TRUE)
+		{
+		fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+			"(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
+		return 1;
+		}
+	else if (!is_true && c != CONSTTIME_FALSE)
+		{
+		fprintf(stderr, "Test failed for  %s(%du, %du): expected %du "
+			"(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE,
+			c);
+		return 1;
+		}
+        return 0;
+	}
+
+static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b),
+	const char* op_name, unsigned int a, unsigned int b, int is_true)
+	{
+	unsigned char c = op(a, b);
+	if (is_true && c != CONSTTIME_TRUE_8)
+		{
+		fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+			"(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
+		return 1;
+		}
+	else if (!is_true && c != CONSTTIME_FALSE_8)
+		{
+		fprintf(stderr, "Test failed for  %s(%du, %du): expected %u "
+			"(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8,
+			c);
+		return 1;
+		}
+        return 0;
+	}
+
+static int test_is_zero(unsigned int a)
+	{
+	unsigned int c = constant_time_is_zero(a);
+	if (a == 0 && c != CONSTTIME_TRUE)
+		{
+		fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+			"expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
+		return 1;
+		}
+	else if (a != 0 && c != CONSTTIME_FALSE)
+		{
+		fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+			"expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE,
+			c);
+		return 1;
+		}
+        return 0;
+	}
+
+static int test_is_zero_8(unsigned int a)
+	{
+	unsigned char c = constant_time_is_zero_8(a);
+	if (a == 0 && c != CONSTTIME_TRUE_8)
+		{
+		fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+			"expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
+		return 1;
+		}
+	else if (a != 0 && c != CONSTTIME_FALSE)
+		{
+		fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+			"expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8,
+			c);
+		return 1;
+		}
+        return 0;
+	}
+
+static int test_select(unsigned int a, unsigned int b)
+	{
+	unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
+	if (selected != a)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+			"%du): expected %du(first value), got %du\n",
+			CONSTTIME_TRUE, a, b, a, selected);
+		return 1;
+		}
+	selected = constant_time_select(CONSTTIME_FALSE, a, b);
+	if (selected != b)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+			"%du): expected %du(second value), got %du\n",
+			CONSTTIME_FALSE, a, b, b, selected);
+		return 1;
+		}
+	return 0;
+	}
+
+static int test_select_8(unsigned char a, unsigned char b)
+	{
+	unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
+	if (selected != a)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+			"%u): expected %u(first value), got %u\n",
+			CONSTTIME_TRUE, a, b, a, selected);
+		return 1;
+		}
+	selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
+	if (selected != b)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+			"%u): expected %u(second value), got %u\n",
+			CONSTTIME_FALSE, a, b, b, selected);
+		return 1;
+		}
+	return 0;
+	}
+
+static int test_select_int(int a, int b)
+	{
+	int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
+	if (selected != a)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+			"%d): expected %d(first value), got %d\n",
+			CONSTTIME_TRUE, a, b, a, selected);
+		return 1;
+		}
+	selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
+	if (selected != b)
+		{
+		fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+			"%d): expected %d(second value), got %d\n",
+			CONSTTIME_FALSE, a, b, b, selected);
+		return 1;
+		}
+	return 0;
+	}
+
+static int test_eq_int(int a, int b)
+	{
+	unsigned int equal = constant_time_eq_int(a, b);
+	if (a == b && equal != CONSTTIME_TRUE)
+		{
+		fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+			"expected %du(TRUE), got %du\n",
+			a, b, CONSTTIME_TRUE, equal);
+		return 1;
+		}
+	else if (a != b && equal != CONSTTIME_FALSE)
+		{
+		fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+			"expected %du(FALSE), got %du\n",
+			a, b, CONSTTIME_FALSE, equal);
+		return 1;
+		}
+	return 0;
+	}
+
+static int test_eq_int_8(int a, int b)
+	{
+	unsigned char equal = constant_time_eq_int_8(a, b);
+	if (a == b && equal != CONSTTIME_TRUE_8)
+		{
+		fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+			"expected %u(TRUE), got %u\n",
+			a, b, CONSTTIME_TRUE_8, equal);
+		return 1;
+		}
+	else if (a != b && equal != CONSTTIME_FALSE_8)
+		{
+		fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+			"expected %u(FALSE), got %u\n",
+			a, b, CONSTTIME_FALSE_8, equal);
+		return 1;
+		}
+	return 0;
+	}
+
+static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1,
+                                     UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1,
+                                     UINT_MAX};
+
+static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
+
+static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345,
+				   32000, -32000, INT_MAX, INT_MIN, INT_MAX-1,
+				   INT_MIN+1};
+
+
+int main(int argc, char *argv[])
+	{
+	unsigned int a, b, i, j;
+	int c, d;
+	unsigned char e, f;
+	int num_failed = 0, num_all = 0;
+	fprintf(stdout, "Testing constant time operations...\n");
+
+	for (i = 0; i < sizeof(test_values)/sizeof(int); ++i)
+		{
+		a = test_values[i];
+		num_failed += test_is_zero(a);
+		num_failed += test_is_zero_8(a);
+		num_all += 2;
+		for (j = 0; j < sizeof(test_values)/sizeof(int); ++j)
+			{
+			b = test_values[j];
+			num_failed += test_binary_op(&constant_time_lt,
+				"constant_time_lt", a, b, a < b);
+			num_failed += test_binary_op_8(&constant_time_lt_8,
+				"constant_time_lt_8", a, b, a < b);
+			num_failed += test_binary_op(&constant_time_lt,
+				"constant_time_lt_8", b, a, b < a);
+			num_failed += test_binary_op_8(&constant_time_lt_8,
+				"constant_time_lt_8", b, a, b < a);
+			num_failed += test_binary_op(&constant_time_ge,
+				"constant_time_ge", a, b, a >= b);
+			num_failed += test_binary_op_8(&constant_time_ge_8,
+				"constant_time_ge_8", a, b, a >= b);
+			num_failed += test_binary_op(&constant_time_ge,
+				"constant_time_ge", b, a, b >= a);
+			num_failed += test_binary_op_8(&constant_time_ge_8,
+				"constant_time_ge_8", b, a, b >= a);
+			num_failed += test_binary_op(&constant_time_eq,
+				"constant_time_eq", a, b, a == b);
+			num_failed += test_binary_op_8(&constant_time_eq_8,
+				"constant_time_eq_8", a, b, a == b);
+			num_failed += test_binary_op(&constant_time_eq,
+				"constant_time_eq", b, a, b == a);
+			num_failed += test_binary_op_8(&constant_time_eq_8,
+				"constant_time_eq_8", b, a, b == a);
+			num_failed += test_select(a, b);
+			num_all += 13;
+			}
+		}
+
+	for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i)
+		{
+		c = signed_test_values[i];
+		for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j)
+			{
+			d = signed_test_values[j];
+			num_failed += test_select_int(c, d);
+			num_failed += test_eq_int(c, d);
+			num_failed += test_eq_int_8(c, d);
+			num_all += 3;
+			}
+		}
+
+	for (i = 0; i < sizeof(test_values_8); ++i)
+		{
+		e = test_values_8[i];
+		for (j = 0; j < sizeof(test_values_8); ++j)
+			{
+			f = test_values_8[j];
+			num_failed += test_select_8(e, f);
+			num_all += 1;
+			}
+		}
+
+	if (!num_failed)
+		{
+		fprintf(stdout, "ok (ran %d tests)\n", num_all);
+		return EXIT_SUCCESS;
+		}
+	else
+		{
+		fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
+		return EXIT_FAILURE;
+		}
+	}

Modified: stable/8/crypto/openssl/crypto/ec/ec_key.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ec/ec_key.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/ec/ec_key.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -64,7 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#include <string.h>
 
 EC_KEY *EC_KEY_new(void)
 	{

Modified: stable/8/crypto/openssl/crypto/ec/ecp_smpl.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ec/ecp_smpl.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/ec/ecp_smpl.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -1676,8 +1676,8 @@ int ec_GFp_simple_points_make_affine(con
 		{
 		for (i = 0; i < num; i++)
 			{
-			if (prod_Z[i] != NULL)
-				BN_clear_free(prod_Z[i]);
+			if (prod_Z[i] == NULL) break;
+			BN_clear_free(prod_Z[i]);
 			}
 		OPENSSL_free(prod_Z);
 		}

Modified: stable/8/crypto/openssl/crypto/err/openssl.ec
==============================================================================
--- stable/8/crypto/openssl/crypto/err/openssl.ec	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/err/openssl.ec	Wed Oct 15 20:28:31 2014	(r273151)
@@ -69,6 +69,7 @@ R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		
 R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
+R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	1086
 R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110

Modified: stable/8/crypto/openssl/crypto/evp/Makefile
==============================================================================
--- stable/8/crypto/openssl/crypto/evp/Makefile	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/evp/Makefile	Wed Oct 15 20:28:31 2014	(r273151)
@@ -385,7 +385,8 @@ evp_enc.o: ../../include/openssl/ossl_ty
 evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../../include/openssl/x509_vfy.h ../constant_time_locl.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
 evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h

Modified: stable/8/crypto/openssl/crypto/evp/evp_enc.c
==============================================================================
--- stable/8/crypto/openssl/crypto/evp/evp_enc.c	Wed Oct 15 20:04:21 2014	(r273150)
+++ stable/8/crypto/openssl/crypto/evp/evp_enc.c	Wed Oct 15 20:28:31 2014	(r273151)
@@ -64,6 +64,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include "../constant_time_locl.h"
 #include "evp_locl.h"
 
 #ifdef OPENSSL_FIPS
@@ -301,11 +302,11 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx
 
 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,n;
-	unsigned int b;
+	unsigned int i, b;
+	unsigned char pad, padding_good;
 
 	*outl=0;
-	b=ctx->cipher->block_size;
+	b=(unsigned int)(ctx->cipher->block_size);
 	if (ctx->flags & EVP_CIPH_NO_PADDING)
 		{
 		if(ctx->buf_len)
@@ -324,28 +325,34 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *
 			return(0);
 			}
 		OPENSSL_assert(b <= sizeof ctx->final);
-		n=ctx->final[b-1];
-		if (n == 0 || n > (int)b)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-			return(0);
-			}
-		for (i=0; i<n; i++)
+		pad=ctx->final[b-1];

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410152028.s9FKSWSc044057>