Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Mar 2018 17:54:46 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r331638 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf crypto/openssl/crypto/bio crypto/openssl/crypto/bn c...
Message-ID:  <201803271754.w2RHskNj075311@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue Mar 27 17:54:46 2018
New Revision: 331638
URL: https://svnweb.freebsd.org/changeset/base/331638

Log:
  MFC:	r331627
  
  Merge OpenSSL 1.0.2o.

Modified:
  stable/11/crypto/openssl/CHANGES
  stable/11/crypto/openssl/Configure
  stable/11/crypto/openssl/LICENSE
  stable/11/crypto/openssl/Makefile
  stable/11/crypto/openssl/NEWS
  stable/11/crypto/openssl/README
  stable/11/crypto/openssl/apps/app_rand.c
  stable/11/crypto/openssl/apps/apps.c
  stable/11/crypto/openssl/apps/ca.c
  stable/11/crypto/openssl/apps/ciphers.c
  stable/11/crypto/openssl/apps/cms.c
  stable/11/crypto/openssl/apps/dgst.c
  stable/11/crypto/openssl/apps/dsaparam.c
  stable/11/crypto/openssl/apps/ecparam.c
  stable/11/crypto/openssl/apps/enc.c
  stable/11/crypto/openssl/apps/errstr.c
  stable/11/crypto/openssl/apps/ocsp.c
  stable/11/crypto/openssl/apps/openssl.c
  stable/11/crypto/openssl/apps/passwd.c
  stable/11/crypto/openssl/apps/pkcs12.c
  stable/11/crypto/openssl/apps/pkcs8.c
  stable/11/crypto/openssl/apps/rand.c
  stable/11/crypto/openssl/apps/req.c
  stable/11/crypto/openssl/apps/s_client.c
  stable/11/crypto/openssl/apps/s_server.c
  stable/11/crypto/openssl/apps/s_socket.c
  stable/11/crypto/openssl/apps/s_time.c
  stable/11/crypto/openssl/apps/speed.c
  stable/11/crypto/openssl/apps/x509.c
  stable/11/crypto/openssl/crypto/asn1/a_gentm.c
  stable/11/crypto/openssl/crypto/asn1/a_mbstr.c
  stable/11/crypto/openssl/crypto/asn1/a_object.c
  stable/11/crypto/openssl/crypto/asn1/a_strex.c
  stable/11/crypto/openssl/crypto/asn1/a_time.c
  stable/11/crypto/openssl/crypto/asn1/a_utctm.c
  stable/11/crypto/openssl/crypto/asn1/asn1.h
  stable/11/crypto/openssl/crypto/asn1/asn1_err.c
  stable/11/crypto/openssl/crypto/asn1/asn1_lib.c
  stable/11/crypto/openssl/crypto/asn1/asn1_par.c
  stable/11/crypto/openssl/crypto/asn1/asn_mime.c
  stable/11/crypto/openssl/crypto/asn1/t_x509a.c
  stable/11/crypto/openssl/crypto/asn1/tasn_dec.c
  stable/11/crypto/openssl/crypto/asn1/tasn_prn.c
  stable/11/crypto/openssl/crypto/bf/bftest.c
  stable/11/crypto/openssl/crypto/bio/b_dump.c
  stable/11/crypto/openssl/crypto/bio/b_print.c
  stable/11/crypto/openssl/crypto/bio/bio_cb.c
  stable/11/crypto/openssl/crypto/bio/bss_bio.c
  stable/11/crypto/openssl/crypto/bio/bss_conn.c
  stable/11/crypto/openssl/crypto/bio/bss_file.c
  stable/11/crypto/openssl/crypto/bn/bn_exp.c
  stable/11/crypto/openssl/crypto/bn/bn_lib.c
  stable/11/crypto/openssl/crypto/bn/bn_mont.c
  stable/11/crypto/openssl/crypto/bn/bn_print.c
  stable/11/crypto/openssl/crypto/bn/bntest.c
  stable/11/crypto/openssl/crypto/bn/expspeed.c
  stable/11/crypto/openssl/crypto/bn/exptest.c
  stable/11/crypto/openssl/crypto/conf/conf_def.c
  stable/11/crypto/openssl/crypto/conf/conf_mod.c
  stable/11/crypto/openssl/crypto/des/destest.c
  stable/11/crypto/openssl/crypto/des/ecb_enc.c
  stable/11/crypto/openssl/crypto/des/fcrypt.c
  stable/11/crypto/openssl/crypto/des/read_pwd.c
  stable/11/crypto/openssl/crypto/des/set_key.c
  stable/11/crypto/openssl/crypto/dh/dhtest.c
  stable/11/crypto/openssl/crypto/dsa/dsatest.c
  stable/11/crypto/openssl/crypto/ec/ec_lib.c
  stable/11/crypto/openssl/crypto/ec/ec_mult.c
  stable/11/crypto/openssl/crypto/ec/ecp_nistp224.c
  stable/11/crypto/openssl/crypto/ec/ecp_nistp256.c
  stable/11/crypto/openssl/crypto/ec/ecp_nistp521.c
  stable/11/crypto/openssl/crypto/ec/ecp_nistz256.c
  stable/11/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/11/crypto/openssl/crypto/ec/ectest.c
  stable/11/crypto/openssl/crypto/ecdh/ecdhtest.c
  stable/11/crypto/openssl/crypto/engine/eng_cryptodev.c
  stable/11/crypto/openssl/crypto/engine/eng_table.c
  stable/11/crypto/openssl/crypto/err/err.c
  stable/11/crypto/openssl/crypto/err/err_prn.c
  stable/11/crypto/openssl/crypto/evp/bio_b64.c
  stable/11/crypto/openssl/crypto/evp/digest.c
  stable/11/crypto/openssl/crypto/evp/e_aes.c
  stable/11/crypto/openssl/crypto/evp/e_camellia.c
  stable/11/crypto/openssl/crypto/evp/evp_enc.c
  stable/11/crypto/openssl/crypto/evp/evp_locl.h
  stable/11/crypto/openssl/crypto/evp/evp_pbe.c
  stable/11/crypto/openssl/crypto/evp/evp_test.c
  stable/11/crypto/openssl/crypto/evp/openbsd_hw.c
  stable/11/crypto/openssl/crypto/evp/p5_crpt2.c
  stable/11/crypto/openssl/crypto/hmac/hmac.c
  stable/11/crypto/openssl/crypto/jpake/jpake.c
  stable/11/crypto/openssl/crypto/md2/md2_dgst.c
  stable/11/crypto/openssl/crypto/md4/md4.c
  stable/11/crypto/openssl/crypto/mem_dbg.c
  stable/11/crypto/openssl/crypto/o_init.c
  stable/11/crypto/openssl/crypto/o_time.c
  stable/11/crypto/openssl/crypto/objects/o_names.c
  stable/11/crypto/openssl/crypto/objects/obj_dat.c
  stable/11/crypto/openssl/crypto/opensslv.h
  stable/11/crypto/openssl/crypto/pem/pem_info.c
  stable/11/crypto/openssl/crypto/pem/pem_lib.c
  stable/11/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/11/crypto/openssl/crypto/rand/md_rand.c
  stable/11/crypto/openssl/crypto/rand/rand_egd.c
  stable/11/crypto/openssl/crypto/rand/rand_unix.c
  stable/11/crypto/openssl/crypto/rsa/rsa_crpt.c
  stable/11/crypto/openssl/crypto/rsa/rsa_gen.c
  stable/11/crypto/openssl/crypto/rsa/rsa_pss.c
  stable/11/crypto/openssl/crypto/rsa/rsa_test.c
  stable/11/crypto/openssl/crypto/srp/srp_grps.h
  stable/11/crypto/openssl/crypto/threads/mttest.c
  stable/11/crypto/openssl/crypto/ts/Makefile
  stable/11/crypto/openssl/crypto/ts/ts_rsp_sign.c
  stable/11/crypto/openssl/crypto/ui/ui_openssl.c
  stable/11/crypto/openssl/crypto/x509/x509_txt.c
  stable/11/crypto/openssl/crypto/x509/x509_v3.c
  stable/11/crypto/openssl/crypto/x509/x509_vpm.c
  stable/11/crypto/openssl/crypto/x509v3/v3_alt.c
  stable/11/crypto/openssl/crypto/x509v3/v3_conf.c
  stable/11/crypto/openssl/crypto/x509v3/v3_info.c
  stable/11/crypto/openssl/doc/apps/ca.pod
  stable/11/crypto/openssl/doc/apps/ecparam.pod
  stable/11/crypto/openssl/doc/apps/s_client.pod
  stable/11/crypto/openssl/doc/apps/verify.pod
  stable/11/crypto/openssl/doc/apps/x509.pod
  stable/11/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
  stable/11/crypto/openssl/doc/crypto/BIO_s_mem.pod
  stable/11/crypto/openssl/doc/crypto/BN_zero.pod
  stable/11/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
  stable/11/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
  stable/11/crypto/openssl/doc/crypto/threads.pod
  stable/11/crypto/openssl/engines/ccgost/README.gost
  stable/11/crypto/openssl/engines/ccgost/gost_eng.c
  stable/11/crypto/openssl/engines/e_atalla.c
  stable/11/crypto/openssl/ssl/Makefile
  stable/11/crypto/openssl/ssl/bad_dtls_test.c
  stable/11/crypto/openssl/ssl/d1_lib.c
  stable/11/crypto/openssl/ssl/d1_pkt.c
  stable/11/crypto/openssl/ssl/fatalerrtest.c
  stable/11/crypto/openssl/ssl/kssl.c
  stable/11/crypto/openssl/ssl/s23_srvr.c
  stable/11/crypto/openssl/ssl/s2_clnt.c
  stable/11/crypto/openssl/ssl/s2_enc.c
  stable/11/crypto/openssl/ssl/s2_lib.c
  stable/11/crypto/openssl/ssl/s2_srvr.c
  stable/11/crypto/openssl/ssl/s3_clnt.c
  stable/11/crypto/openssl/ssl/s3_lib.c
  stable/11/crypto/openssl/ssl/s3_pkt.c
  stable/11/crypto/openssl/ssl/s3_srvr.c
  stable/11/crypto/openssl/ssl/ssl_cert.c
  stable/11/crypto/openssl/ssl/ssl_lib.c
  stable/11/crypto/openssl/ssl/ssl_sess.c
  stable/11/crypto/openssl/ssl/ssltest.c
  stable/11/crypto/openssl/ssl/t1_enc.c
  stable/11/crypto/openssl/ssl/t1_lib.c
  stable/11/crypto/openssl/ssl/t1_trce.c
  stable/11/secure/lib/libcrypto/Makefile.inc
  stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3
  stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/11/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/11/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/11/secure/lib/libcrypto/man/BIO_f_md.3
  stable/11/secure/lib/libcrypto/man/BIO_f_null.3
  stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/11/secure/lib/libcrypto/man/BIO_find_type.3
  stable/11/secure/lib/libcrypto/man/BIO_new.3
  stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3
  stable/11/secure/lib/libcrypto/man/BIO_push.3
  stable/11/secure/lib/libcrypto/man/BIO_read.3
  stable/11/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/11/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/11/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/11/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/11/secure/lib/libcrypto/man/BIO_s_file.3
  stable/11/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/11/secure/lib/libcrypto/man/BIO_s_null.3
  stable/11/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/11/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/11/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/11/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/11/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/11/secure/lib/libcrypto/man/BN_add.3
  stable/11/secure/lib/libcrypto/man/BN_add_word.3
  stable/11/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/11/secure/lib/libcrypto/man/BN_cmp.3
  stable/11/secure/lib/libcrypto/man/BN_copy.3
  stable/11/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/11/secure/lib/libcrypto/man/BN_new.3
  stable/11/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/11/secure/lib/libcrypto/man/BN_rand.3
  stable/11/secure/lib/libcrypto/man/BN_set_bit.3
  stable/11/secure/lib/libcrypto/man/BN_swap.3
  stable/11/secure/lib/libcrypto/man/BN_zero.3
  stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3
  stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3
  stable/11/secure/lib/libcrypto/man/CMS_compress.3
  stable/11/secure/lib/libcrypto/man/CMS_decrypt.3
  stable/11/secure/lib/libcrypto/man/CMS_encrypt.3
  stable/11/secure/lib/libcrypto/man/CMS_final.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  stable/11/secure/lib/libcrypto/man/CMS_get0_type.3
  stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  stable/11/secure/lib/libcrypto/man/CMS_sign.3
  stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3
  stable/11/secure/lib/libcrypto/man/CMS_uncompress.3
  stable/11/secure/lib/libcrypto/man/CMS_verify.3
  stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3
  stable/11/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/11/secure/lib/libcrypto/man/DH_generate_key.3
  stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/DH_new.3
  stable/11/secure/lib/libcrypto/man/DH_set_method.3
  stable/11/secure/lib/libcrypto/man/DH_size.3
  stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/11/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/11/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/DSA_new.3
  stable/11/secure/lib/libcrypto/man/DSA_set_method.3
  stable/11/secure/lib/libcrypto/man/DSA_sign.3
  stable/11/secure/lib/libcrypto/man/DSA_size.3
  stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3
  stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3
  stable/11/secure/lib/libcrypto/man/EC_KEY_new.3
  stable/11/secure/lib/libcrypto/man/EC_POINT_add.3
  stable/11/secure/lib/libcrypto/man/EC_POINT_new.3
  stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/11/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/11/secure/lib/libcrypto/man/ERR_error_string.3
  stable/11/secure/lib/libcrypto/man/ERR_get_error.3
  stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/11/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/11/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/11/secure/lib/libcrypto/man/ERR_put_error.3
  stable/11/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/11/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3
  stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  stable/11/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/11/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  stable/11/secure/lib/libcrypto/man/PKCS12_create.3
  stable/11/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/11/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  stable/11/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/11/secure/lib/libcrypto/man/RAND_add.3
  stable/11/secure/lib/libcrypto/man/RAND_bytes.3
  stable/11/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/11/secure/lib/libcrypto/man/RAND_egd.3
  stable/11/secure/lib/libcrypto/man/RAND_load_file.3
  stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/11/secure/lib/libcrypto/man/RSA_check_key.3
  stable/11/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/RSA_new.3
  stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/11/secure/lib/libcrypto/man/RSA_print.3
  stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/11/secure/lib/libcrypto/man/RSA_set_method.3
  stable/11/secure/lib/libcrypto/man/RSA_sign.3
  stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/11/secure/lib/libcrypto/man/RSA_size.3
  stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3
  stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3
  stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  stable/11/secure/lib/libcrypto/man/X509_check_host.3
  stable/11/secure/lib/libcrypto/man/X509_check_private_key.3
  stable/11/secure/lib/libcrypto/man/X509_new.3
  stable/11/secure/lib/libcrypto/man/X509_verify_cert.3
  stable/11/secure/lib/libcrypto/man/bio.3
  stable/11/secure/lib/libcrypto/man/blowfish.3
  stable/11/secure/lib/libcrypto/man/bn.3
  stable/11/secure/lib/libcrypto/man/bn_internal.3
  stable/11/secure/lib/libcrypto/man/buffer.3
  stable/11/secure/lib/libcrypto/man/crypto.3
  stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
  stable/11/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3
  stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3
  stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/11/secure/lib/libcrypto/man/d2i_X509.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/11/secure/lib/libcrypto/man/des.3
  stable/11/secure/lib/libcrypto/man/dh.3
  stable/11/secure/lib/libcrypto/man/dsa.3
  stable/11/secure/lib/libcrypto/man/ec.3
  stable/11/secure/lib/libcrypto/man/ecdsa.3
  stable/11/secure/lib/libcrypto/man/engine.3
  stable/11/secure/lib/libcrypto/man/err.3
  stable/11/secure/lib/libcrypto/man/evp.3
  stable/11/secure/lib/libcrypto/man/hmac.3
  stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  stable/11/secure/lib/libcrypto/man/lh_stats.3
  stable/11/secure/lib/libcrypto/man/lhash.3
  stable/11/secure/lib/libcrypto/man/md5.3
  stable/11/secure/lib/libcrypto/man/mdc2.3
  stable/11/secure/lib/libcrypto/man/pem.3
  stable/11/secure/lib/libcrypto/man/rand.3
  stable/11/secure/lib/libcrypto/man/rc4.3
  stable/11/secure/lib/libcrypto/man/ripemd.3
  stable/11/secure/lib/libcrypto/man/rsa.3
  stable/11/secure/lib/libcrypto/man/sha.3
  stable/11/secure/lib/libcrypto/man/threads.3
  stable/11/secure/lib/libcrypto/man/ui.3
  stable/11/secure/lib/libcrypto/man/ui_compat.3
  stable/11/secure/lib/libcrypto/man/x509.3
  stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
  stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
  stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3
  stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/11/secure/lib/libssl/man/SSL_CTX_free.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/11/secure/lib/libssl/man/SSL_CTX_new.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
  stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/11/secure/lib/libssl/man/SSL_accept.3
  stable/11/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/11/secure/lib/libssl/man/SSL_check_chain.3
  stable/11/secure/lib/libssl/man/SSL_clear.3
  stable/11/secure/lib/libssl/man/SSL_connect.3
  stable/11/secure/lib/libssl/man/SSL_do_handshake.3
  stable/11/secure/lib/libssl/man/SSL_export_keying_material.3
  stable/11/secure/lib/libssl/man/SSL_free.3
  stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/11/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/11/secure/lib/libssl/man/SSL_get_error.3
  stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/11/secure/lib/libssl/man/SSL_get_fd.3
  stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3
  stable/11/secure/lib/libssl/man/SSL_get_rbio.3
  stable/11/secure/lib/libssl/man/SSL_get_session.3
  stable/11/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/11/secure/lib/libssl/man/SSL_get_version.3
  stable/11/secure/lib/libssl/man/SSL_library_init.3
  stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/11/secure/lib/libssl/man/SSL_new.3
  stable/11/secure/lib/libssl/man/SSL_pending.3
  stable/11/secure/lib/libssl/man/SSL_read.3
  stable/11/secure/lib/libssl/man/SSL_rstate_string.3
  stable/11/secure/lib/libssl/man/SSL_session_reused.3
  stable/11/secure/lib/libssl/man/SSL_set_bio.3
  stable/11/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/11/secure/lib/libssl/man/SSL_set_fd.3
  stable/11/secure/lib/libssl/man/SSL_set_session.3
  stable/11/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/11/secure/lib/libssl/man/SSL_shutdown.3
  stable/11/secure/lib/libssl/man/SSL_state_string.3
  stable/11/secure/lib/libssl/man/SSL_want.3
  stable/11/secure/lib/libssl/man/SSL_write.3
  stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/11/secure/lib/libssl/man/ssl.3
  stable/11/secure/usr.bin/openssl/man/CA.pl.1
  stable/11/secure/usr.bin/openssl/man/asn1parse.1
  stable/11/secure/usr.bin/openssl/man/ca.1
  stable/11/secure/usr.bin/openssl/man/ciphers.1
  stable/11/secure/usr.bin/openssl/man/cms.1
  stable/11/secure/usr.bin/openssl/man/crl.1
  stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/11/secure/usr.bin/openssl/man/dgst.1
  stable/11/secure/usr.bin/openssl/man/dhparam.1
  stable/11/secure/usr.bin/openssl/man/dsa.1
  stable/11/secure/usr.bin/openssl/man/dsaparam.1
  stable/11/secure/usr.bin/openssl/man/ec.1
  stable/11/secure/usr.bin/openssl/man/ecparam.1
  stable/11/secure/usr.bin/openssl/man/enc.1
  stable/11/secure/usr.bin/openssl/man/errstr.1
  stable/11/secure/usr.bin/openssl/man/gendsa.1
  stable/11/secure/usr.bin/openssl/man/genpkey.1
  stable/11/secure/usr.bin/openssl/man/genrsa.1
  stable/11/secure/usr.bin/openssl/man/nseq.1
  stable/11/secure/usr.bin/openssl/man/ocsp.1
  stable/11/secure/usr.bin/openssl/man/openssl.1
  stable/11/secure/usr.bin/openssl/man/passwd.1
  stable/11/secure/usr.bin/openssl/man/pkcs12.1
  stable/11/secure/usr.bin/openssl/man/pkcs7.1
  stable/11/secure/usr.bin/openssl/man/pkcs8.1
  stable/11/secure/usr.bin/openssl/man/pkey.1
  stable/11/secure/usr.bin/openssl/man/pkeyparam.1
  stable/11/secure/usr.bin/openssl/man/pkeyutl.1
  stable/11/secure/usr.bin/openssl/man/rand.1
  stable/11/secure/usr.bin/openssl/man/req.1
  stable/11/secure/usr.bin/openssl/man/rsa.1
  stable/11/secure/usr.bin/openssl/man/rsautl.1
  stable/11/secure/usr.bin/openssl/man/s_client.1
  stable/11/secure/usr.bin/openssl/man/s_server.1
  stable/11/secure/usr.bin/openssl/man/s_time.1
  stable/11/secure/usr.bin/openssl/man/sess_id.1
  stable/11/secure/usr.bin/openssl/man/smime.1
  stable/11/secure/usr.bin/openssl/man/speed.1
  stable/11/secure/usr.bin/openssl/man/spkac.1
  stable/11/secure/usr.bin/openssl/man/ts.1
  stable/11/secure/usr.bin/openssl/man/tsget.1
  stable/11/secure/usr.bin/openssl/man/verify.1
  stable/11/secure/usr.bin/openssl/man/version.1
  stable/11/secure/usr.bin/openssl/man/x509.1
  stable/11/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/crypto/openssl/CHANGES
==============================================================================
--- stable/11/crypto/openssl/CHANGES	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/CHANGES	Tue Mar 27 17:54:46 2018	(r331638)
@@ -7,6 +7,21 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+     Constructed ASN.1 types with a recursive definition (such as can be found
+     in PKCS7) could eventually exceed the stack given malicious input with
+     excessive recursion. This could result in a Denial Of Service attack. There
+     are no such structures used within SSL/TLS that come from untrusted sources
+     so this is considered safe.
+
+     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+     project.
+     (CVE-2018-0739)
+     [Matt Caswell]
+
  Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
 
   *) Read/write after SSL object in error state
@@ -2012,8 +2027,11 @@
      to work with OPENSSL_NO_SSL_INTERN defined.
      [Steve Henson]
 
-  *) Add SRP support.
-     [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
+  *) A long standing patch to add support for SRP from EdelWeb (Peter
+     Sylvester and Christophe Renou) was integrated.
+     [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+     <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+     Ben Laurie]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]

Modified: stable/11/crypto/openssl/Configure
==============================================================================
--- stable/11/crypto/openssl/Configure	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/Configure	Tue Mar 27 17:54:46 2018	(r331638)
@@ -354,7 +354,7 @@ my %table=(
 "hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc",	"gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc",	"gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
 
 # DEC Alpha OSF/1/Tru64 targets.
 #
@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
 if (defined($postlflags))	{ $lflags=$postlflags;	}
 else				{ $lflags=$prelflags; undef $prelflags;	}
 
-if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
 	{
 	$cflags =~ s/\-mno\-cygwin\s*//;
 	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 	$shlib_minor=$2;
 	}
 
-my $ecc = $cc;
-$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+my %predefined;
 
+# collect compiler pre-defines from gcc or gcc-alike...
+open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
+while (<PIPE>) {
+  m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+  $predefined{$1} = defined($2) ? $2 : "";
+}
+close(PIPE);
+
 if ($strict_warnings)
 	{
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+	die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
 		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 		}
-	if ($ecc eq "clang")
+	if (defined($predefined{__clang__}))
 		{
 		foreach $wopt (split /\s+/, $clang_devteam_warn)
 			{
@@ -1723,15 +1730,14 @@ while (<IN>)
 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
 		s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
 		}
 	else	{
 		s/^CC=.*$/CC= $cc/;
 		s/^AR=\s*ar/AR= $ar/;
 		s/^RANLIB=.*/RANLIB= $ranlib/;
 		s/^RC=.*/RC= $windres/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
 		}
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;

Modified: stable/11/crypto/openssl/LICENSE
==============================================================================
--- stable/11/crypto/openssl/LICENSE	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/LICENSE	Tue Mar 27 17:54:46 2018	(r331638)
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2017 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Modified: stable/11/crypto/openssl/Makefile
==============================================================================
--- stable/11/crypto/openssl/Makefile	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/Makefile	Tue Mar 27 17:54:46 2018	(r331638)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2n
+VERSION=1.0.2o
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
@@ -73,7 +73,7 @@ NM= nm
 PERL= /usr/bin/perl
 TAR= tar
 TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
+MAKEDEPPROG= cc
 LIBDIR=lib
 
 # We let the C compiler driver to take care of .s files. This is done in

Modified: stable/11/crypto/openssl/NEWS
==============================================================================
--- stable/11/crypto/openssl/NEWS	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/NEWS	Tue Mar 27 17:54:46 2018	(r331638)
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
+
+      o Constructed ASN.1 types with a recursive definition could exceed the
+        stack (CVE-2018-0739)
+
   Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
 
       o Read/write after SSL object in error state (CVE-2017-3737)

Modified: stable/11/crypto/openssl/README
==============================================================================
--- stable/11/crypto/openssl/README	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/README	Tue Mar 27 17:54:46 2018	(r331638)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2n 7 Dec 2017
+ OpenSSL 1.0.2o 27 Mar 2018
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/11/crypto/openssl/apps/app_rand.c
==============================================================================
--- stable/11/crypto/openssl/apps/app_rand.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/app_rand.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, i
 #endif
 
     if (file == NULL)
-        file = RAND_file_name(buffer, sizeof buffer);
+        file = RAND_file_name(buffer, sizeof(buffer));
     else if (RAND_egd(file) > 0) {
         /*
          * we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
         return 0;
 
     if (file == NULL)
-        file = RAND_file_name(buffer, sizeof buffer);
+        file = RAND_file_name(buffer, sizeof(buffer));
     if (file == NULL || !RAND_write_file(file)) {
         BIO_printf(bio_e, "unable to write 'random state'\n");
         return 0;

Modified: stable/11/crypto/openssl/apps/apps.c
==============================================================================
--- stable/11/crypto/openssl/apps/apps.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/apps.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM
         BUF_strlcpy(buf[0], serialfile, BSIZE);
     else {
 #ifndef OPENSSL_SYS_VMS
-        j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
 #else
-        j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
 #endif
     }
 #ifdef RL_DEBUG
@@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, 
         goto err;
     }
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
 #else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
 #else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
 #endif
 #ifdef RL_DEBUG
     BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
         goto err;
 
 #ifndef OPENSSL_SYS_VMS
-    BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+    BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
 #else
-    BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+    BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
 #endif
     dbattr_conf = NCONF_new(NULL);
     if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix,
         goto err;
     }
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
 #else
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
 #else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
 #else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
 #endif
 #ifdef RL_DEBUG
     BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_s
         goto err;
     }
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
 #else
-    j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
 #else
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
 #else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
 #else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
 #endif
 #ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
 #else
-    j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
 #endif
 #ifdef RL_DEBUG
     BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *c
 
     JPAKE_STEP3A_init(&s3a);
     JPAKE_STEP3A_generate(&s3a, ctx);
-    BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+    BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
     (void)BIO_flush(bconn);
     JPAKE_STEP3A_release(&s3a);
 }
@@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *c
 
     JPAKE_STEP3B_init(&s3b);
     JPAKE_STEP3B_generate(&s3b, ctx);
-    BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+    BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
     (void)BIO_flush(bconn);
     JPAKE_STEP3B_release(&s3b);
 }
@@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
     char buf[10240];
     int l;
 
-    l = BIO_gets(bconn, buf, sizeof buf);
+    l = BIO_gets(bconn, buf, sizeof(buf));
     assert(l > 0);
     assert(buf[l - 1] == '\n');
     buf[l - 1] = '\0';
@@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *
     int l;
 
     JPAKE_STEP3A_init(&s3a);
-    l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
-    assert(l == sizeof s3a.hhk);
+    l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
+    assert(l == sizeof(s3a.hhk));
     if (!JPAKE_STEP3A_process(ctx, &s3a)) {
         ERR_print_errors(bio_err);
         exit(1);
@@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *
     int l;
 
     JPAKE_STEP3B_init(&s3b);
-    l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
-    assert(l == sizeof s3b.hk);
+    l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
+    assert(l == sizeof(s3b.hk));
     if (!JPAKE_STEP3B_process(ctx, &s3b)) {
         ERR_print_errors(bio_err);
         exit(1);

Modified: stable/11/crypto/openssl/apps/ca.c
==============================================================================
--- stable/11/crypto/openssl/apps/ca.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/ca.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
                    CONF *lconf, unsigned long certopt, unsigned long nameopt,
                    int default_op, int ext_copy, int selfsign)
 {
-    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
-        NULL;
+    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
     ASN1_UTCTIME *tm, *tmptm;
     ASN1_STRING *str, *str2;
     ASN1_OBJECT *obj;
@@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
 
             if (push != NULL) {
                 if (!X509_NAME_add_entry(subject, push, -1, 0)) {
-                    if (push != NULL)
-                        X509_NAME_ENTRY_free(push);
                     BIO_printf(bio_err, "Memory allocation failure\n");
                     goto err;
                 }
@@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
             goto err;
     }
 
-    if (verbose)
-        BIO_printf(bio_err,
-                   "The subject name appears to be ok, checking data base for clashes\n");
-
-    /* Build the correct Subject if no e-mail is wanted in the subject */
-    /*
-     * and add it later on because of the method extensions are added
-     * (altName)
-     */
-
-    if (email_dn)
-        dn_subject = subject;
-    else {
-        X509_NAME_ENTRY *tmpne;
-        /*
-         * Its best to dup the subject DN and then delete any email addresses
-         * because this retains its structure.
-         */
-        if (!(dn_subject = X509_NAME_dup(subject))) {
-            BIO_printf(bio_err, "Memory allocation failure\n");
-            goto err;
-        }
-        while ((i = X509_NAME_get_index_by_NID(dn_subject,
-                                               NID_pkcs9_emailAddress,
-                                               -1)) >= 0) {
-            tmpne = X509_NAME_get_entry(dn_subject, i);
-            X509_NAME_delete_entry(dn_subject, i);
-            X509_NAME_ENTRY_free(tmpne);
-        }
-    }
-
-    if (BN_is_zero(serial))
-        row[DB_serial] = BUF_strdup("00");
-    else
-        row[DB_serial] = BN_bn2hex(serial);
-    if (row[DB_serial] == NULL) {
-        BIO_printf(bio_err, "Memory allocation failure\n");
-        goto err;
-    }
-
-    if (db->attributes.unique_subject) {
-        OPENSSL_STRING *crow = row;
-
-        rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
-        if (rrow != NULL) {
-            BIO_printf(bio_err,
-                       "ERROR:There is already a certificate for %s\n",
-                       row[DB_name]);
-        }
-    }
-    if (rrow == NULL) {
-        rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
-        if (rrow != NULL) {
-            BIO_printf(bio_err,
-                       "ERROR:Serial number %s has already been issued,\n",
-                       row[DB_serial]);
-            BIO_printf(bio_err,
-                       "      check the database/serial_file for corruption\n");
-        }
-    }
-
-    if (rrow != NULL) {
-        BIO_printf(bio_err, "The matching entry has the following details\n");
-        if (rrow[DB_type][0] == 'E')
-            p = "Expired";
-        else if (rrow[DB_type][0] == 'R')
-            p = "Revoked";
-        else if (rrow[DB_type][0] == 'V')
-            p = "Valid";
-        else
-            p = "\ninvalid type, Data base error\n";
-        BIO_printf(bio_err, "Type          :%s\n", p);;
-        if (rrow[DB_type][0] == 'R') {
-            p = rrow[DB_exp_date];
-            if (p == NULL)
-                p = "undef";
-            BIO_printf(bio_err, "Was revoked on:%s\n", p);
-        }
-        p = rrow[DB_exp_date];
-        if (p == NULL)
-            p = "undef";
-        BIO_printf(bio_err, "Expires on    :%s\n", p);
-        p = rrow[DB_serial];
-        if (p == NULL)
-            p = "undef";
-        BIO_printf(bio_err, "Serial Number :%s\n", p);
-        p = rrow[DB_file];
-        if (p == NULL)
-            p = "undef";
-        BIO_printf(bio_err, "File name     :%s\n", p);
-        p = rrow[DB_name];
-        if (p == NULL)
-            p = "undef";
-        BIO_printf(bio_err, "Subject Name  :%s\n", p);
-        ok = -1;                /* This is now a 'bad' error. */
-        goto err;
-    }
-
     /* We are now totally happy, lets make and sign the certificate */
     if (verbose)
         BIO_printf(bio_err,
@@ -2056,12 +1955,126 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
                 goto err;
     }
 
-    /* Set the right value for the noemailDN option */
-    if (email_dn == 0) {
-        if (!X509_set_subject_name(ret, dn_subject))
+    if (verbose)
+        BIO_printf(bio_err,
+                   "The subject name appears to be ok, checking data base for clashes\n");
+
+    /* Build the correct Subject if no e-mail is wanted in the subject */
+
+    if (!email_dn) {
+        X509_NAME_ENTRY *tmpne;
+        X509_NAME *dn_subject;
+
+        /*
+         * Its best to dup the subject DN and then delete any email addresses
+         * because this retains its structure.
+         */
+        if (!(dn_subject = X509_NAME_dup(subject))) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
             goto err;
+        }
+        while ((i = X509_NAME_get_index_by_NID(dn_subject,
+                                               NID_pkcs9_emailAddress,
+                                               -1)) >= 0) {
+            tmpne = X509_NAME_get_entry(dn_subject, i);
+            X509_NAME_delete_entry(dn_subject, i);
+            X509_NAME_ENTRY_free(tmpne);
+        }
+
+        if (!X509_set_subject_name(ret, dn_subject)) {
+            X509_NAME_free(dn_subject);
+            goto err;
+        }
+        X509_NAME_free(dn_subject);
     }
 
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+    if (row[DB_name] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto err;
+    }
+
+    if (BN_is_zero(serial))
+        row[DB_serial] = BUF_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(serial);
+    if (row[DB_serial] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto err;
+    }
+
+    if (row[DB_name][0] == '\0') {
+        /*
+         * An empty subject! We'll use the serial number instead. If
+         * unique_subject is in use then we don't want different entries with
+         * empty subjects matching each other.
+         */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+        if (row[DB_name] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto err;
+        }
+    }
+
+    if (db->attributes.unique_subject) {
+        OPENSSL_STRING *crow = row;
+
+        rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:There is already a certificate for %s\n",
+                       row[DB_name]);
+        }
+    }
+    if (rrow == NULL) {
+        rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:Serial number %s has already been issued,\n",
+                       row[DB_serial]);
+            BIO_printf(bio_err,
+                       "      check the database/serial_file for corruption\n");
+        }
+    }
+
+    if (rrow != NULL) {
+        BIO_printf(bio_err, "The matching entry has the following details\n");
+        if (rrow[DB_type][0] == 'E')
+            p = "Expired";
+        else if (rrow[DB_type][0] == 'R')
+            p = "Revoked";
+        else if (rrow[DB_type][0] == 'V')
+            p = "Valid";
+        else
+            p = "\ninvalid type, Data base error\n";
+        BIO_printf(bio_err, "Type          :%s\n", p);;
+        if (rrow[DB_type][0] == 'R') {
+            p = rrow[DB_exp_date];
+            if (p == NULL)
+                p = "undef";
+            BIO_printf(bio_err, "Was revoked on:%s\n", p);
+        }
+        p = rrow[DB_exp_date];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Expires on    :%s\n", p);
+        p = rrow[DB_serial];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Serial Number :%s\n", p);
+        p = rrow[DB_file];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "File name     :%s\n", p);
+        p = rrow[DB_name];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Subject Name  :%s\n", p);
+        ok = -1;                /* This is now a 'bad' error. */
+        goto err;
+    }
+
     if (!default_op) {
         BIO_printf(bio_err, "Certificate Details:\n");
         /*
@@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
     row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
     row[DB_rev_date] = OPENSSL_malloc(1);
     row[DB_file] = OPENSSL_malloc(8);
-    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
     if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
         (row[DB_rev_date] == NULL) ||
-        (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+        (row[DB_file] == NULL)) {
         BIO_printf(bio_err, "Memory allocation failure\n");
         goto err;
     }
@@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
     irow = NULL;
     ok = 1;
  err:
-    if (irow != NULL) {
+    if (ok != 1) {
         for (i = 0; i < DB_NUMBER; i++)
             OPENSSL_free(row[i]);
-        OPENSSL_free(irow);
     }
+    OPENSSL_free(irow);
 
     if (CAname != NULL)
         X509_NAME_free(CAname);
     if (subject != NULL)
         X509_NAME_free(subject);
-    if ((dn_subject != NULL) && !email_dn)
-        X509_NAME_free(dn_subject);
     if (tmptm != NULL)
         ASN1_UTCTIME_free(tmptm);
     if (ok <= 0) {
@@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, 
     else
         row[DB_serial] = BN_bn2hex(bn);
     BN_free(bn);
+    if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+        /* Entries with empty Subjects actually use the serial number instead */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+    }
     if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
         BIO_printf(bio_err, "Memory allocation failure\n");
         goto err;

Modified: stable/11/crypto/openssl/apps/ciphers.c
==============================================================================
--- stable/11/crypto/openssl/apps/ciphers.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/ciphers.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
                 BIO_printf(STDout, "%s - ", nm);
             }
 #endif
-            BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
+            BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
         }
     }
 

Modified: stable/11/crypto/openssl/apps/cms.c
==============================================================================
--- stable/11/crypto/openssl/apps/cms.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/cms.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -4,7 +4,7 @@
  * project.
  */
 /* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2008-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
 
             signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
                                e, "signer certificate");
-            if (!signer)
+            if (!signer) {
+                ret = 2;
                 goto end;
+            }
             key = load_key(bio_err, keyfile, keyform, 0, passin, e,
                            "signing key file");
-            if (!key)
+            if (!key) {
+                ret = 2;
                 goto end;
+            }
             for (kparam = key_first; kparam; kparam = kparam->next) {
                 if (kparam->idx == i) {
                     tflags |= CMS_KEY_PARAM;

Modified: stable/11/crypto/openssl/apps/dgst.c
==============================================================================
--- stable/11/crypto/openssl/apps/dgst.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/dgst.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
         goto end;
 
     /* first check the program name */
-    program_name(argv[0], pname, sizeof pname);
+    program_name(argv[0], pname, sizeof(pname));
 
     md = EVP_get_digestbyname(pname);
 

Modified: stable/11/crypto/openssl/apps/dsaparam.c
==============================================================================
--- stable/11/crypto/openssl/apps/dsaparam.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/dsaparam.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
         printf("\treturn(dsa);\n\t}\n");
     }
 
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
     if (!noout) {
         if (outformat == FORMAT_ASN1)
             i = i2d_DSAparams_bio(out, dsa);

Modified: stable/11/crypto/openssl/apps/ecparam.c
==============================================================================
--- stable/11/crypto/openssl/apps/ecparam.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/ecparam.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
         BIO_printf(out, "\treturn(group);\n\t}\n");
     }
 
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
     if (!noout) {
         if (outformat == FORMAT_ASN1)
             i = i2d_ECPKParameters_bio(out, group);
@@ -581,6 +584,9 @@ int MAIN(int argc, char **argv)
 
         if (EC_KEY_set_group(eckey, group) == 0)
             goto end;
+
+        if (new_form)
+            EC_KEY_set_conv_form(eckey, form);
 
         if (!EC_KEY_generate_key(eckey)) {
             EC_KEY_free(eckey);

Modified: stable/11/crypto/openssl/apps/enc.c
==============================================================================
--- stable/11/crypto/openssl/apps/enc.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/enc.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -114,7 +114,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
     static const char magic[] = "Salted__";
-    char mbuf[sizeof magic - 1];
+    char mbuf[sizeof(magic) - 1];
     char *strbuf = NULL;
     unsigned char *buff = NULL, *bufsize = NULL;
     int bsize = BSIZE, verbose = 0;
@@ -154,7 +154,7 @@ int MAIN(int argc, char **argv)
         goto end;
 
     /* first check the program name */
-    program_name(argv[0], pname, sizeof pname);
+    program_name(argv[0], pname, sizeof(pname));
     if (strcmp(pname, "base64") == 0)
         base64 = 1;
 #ifdef ZLIB
@@ -247,7 +247,7 @@ int MAIN(int argc, char **argv)
                 goto bad;
             }
             buf[0] = '\0';
-            if (!fgets(buf, sizeof buf, infile)) {
+            if (!fgets(buf, sizeof(buf), infile)) {
                 BIO_printf(bio_err, "unable to read key from '%s'\n", file);
                 goto bad;
             }
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
         for (;;) {
             char buf[200];
 
-            BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+            BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
                          OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
                          (enc) ? "encryption" : "decryption");
             strbuf[0] = '\0';
@@ -517,31 +517,31 @@ int MAIN(int argc, char **argv)
             else {
                 if (enc) {
                     if (hsalt) {
-                        if (!set_hex(hsalt, salt, sizeof salt)) {
+                        if (!set_hex(hsalt, salt, sizeof(salt))) {
                             BIO_printf(bio_err, "invalid hex salt value\n");
                             goto end;
                         }
-                    } else if (RAND_bytes(salt, sizeof salt) <= 0)
+                    } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
                         goto end;
                     /*
                      * If -P option then don't bother writing
                      */
                     if ((printkey != 2)
                         && (BIO_write(wbio, magic,
-                                      sizeof magic - 1) != sizeof magic - 1
+                                      sizeof(magic) - 1) != sizeof(magic) - 1
                             || BIO_write(wbio,
                                          (char *)salt,
-                                         sizeof salt) != sizeof salt)) {
+                                         sizeof(salt)) != sizeof(salt))) {
                         BIO_printf(bio_err, "error writing output file\n");
                         goto end;
                     }
-                } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+                } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
                            || BIO_read(rbio,
                                        (unsigned char *)salt,
-                                       sizeof salt) != sizeof salt) {
+                                       sizeof(salt)) != sizeof(salt)) {
                     BIO_printf(bio_err, "error reading input file\n");
                     goto end;
-                } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+                } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
                     BIO_printf(bio_err, "bad magic number\n");
                     goto end;
                 }
@@ -564,7 +564,7 @@ int MAIN(int argc, char **argv)
             int siz = EVP_CIPHER_iv_length(cipher);
             if (siz == 0) {
                 BIO_printf(bio_err, "warning: iv not use by this cipher\n");
-            } else if (!set_hex(hiv, iv, sizeof iv)) {
+            } else if (!set_hex(hiv, iv, sizeof(iv))) {
                 BIO_printf(bio_err, "invalid hex iv value\n");
                 goto end;
             }

Modified: stable/11/crypto/openssl/apps/errstr.c
==============================================================================
--- stable/11/crypto/openssl/apps/errstr.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/errstr.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
 
     for (i = 1; i < argc; i++) {
         if (sscanf(argv[i], "%lx", &l)) {
-            ERR_error_string_n(l, buf, sizeof buf);
+            ERR_error_string_n(l, buf, sizeof(buf));
             printf("%s\n", buf);
         } else {
             printf("%s: bad error code\n", argv[i]);

Modified: stable/11/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/11/crypto/openssl/apps/ocsp.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/ocsp.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb
     *pcbio = cbio;
 
     for (;;) {
-        len = BIO_gets(cbio, inbuf, sizeof inbuf);
+        len = BIO_gets(cbio, inbuf, sizeof(inbuf));
         if (len <= 0)
             return 1;
         /* Look for "POST" signalling start of query */

Modified: stable/11/crypto/openssl/apps/openssl.c
==============================================================================
--- stable/11/crypto/openssl/apps/openssl.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/openssl.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
     prog = prog_init();
 
     /* first check the program name */
-    program_name(Argv[0], pname, sizeof pname);
+    program_name(Argv[0], pname, sizeof(pname));
 
     f.name = pname;
     fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
     for (;;) {
         ret = 0;
         p = buf;
-        n = sizeof buf;
+        n = sizeof(buf);
         i = 0;
         for (;;) {
             p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
 
     /* Purely so it looks nice when the user hits ? */
     for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
-    qsort(functions, i, sizeof *functions, SortFnByName);
+    qsort(functions, i, sizeof(*functions), SortFnByName);
 
     if ((ret = lh_FUNCTION_new()) == NULL)
         return (NULL);

Modified: stable/11/crypto/openssl/apps/passwd.c
==============================================================================
--- stable/11/crypto/openssl/apps/passwd.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/passwd.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
                     /* ignore rest of line */
                     char trash[BUFSIZ];
                     do
-                        r = BIO_gets(in, trash, sizeof trash);
+                        r = BIO_gets(in, trash, sizeof(trash));
                     while ((r > 0) && (!strchr(trash, '\n')));
                 }
 
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *
     EVP_DigestUpdate(&md2, passwd, passwd_len);
     EVP_DigestFinal_ex(&md2, buf, NULL);
 
-    for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-        EVP_DigestUpdate(&md, buf, sizeof buf);
+    for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
+        EVP_DigestUpdate(&md, buf, sizeof(buf));
     EVP_DigestUpdate(&md, buf, i);
 
     n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *
     for (i = 0; i < 1000; i++) {
         EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
         EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
-                         (i & 1) ? passwd_len : sizeof buf);
+                         (i & 1) ? passwd_len : sizeof(buf));
         if (i % 3)
             EVP_DigestUpdate(&md2, salt_out, salt_len);
         if (i % 7)
             EVP_DigestUpdate(&md2, passwd, passwd_len);
         EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
-                         (i & 1) ? sizeof buf : passwd_len);
+                         (i & 1) ? sizeof(buf) : passwd_len);
         EVP_DigestFinal_ex(&md2, buf, NULL);
     }
     EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *
     {
         /* transform buf into output string */
 
-        unsigned char buf_perm[sizeof buf];
+        unsigned char buf_perm[sizeof(buf)];
         int dest, source;
         char *output;
 
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *
         buf_perm[15] = buf[11];
 #  ifndef PEDANTIC              /* Unfortunately, this generates a "no
                                  * effect" warning */
-        assert(16 == sizeof buf_perm);
+        assert(16 == sizeof(buf_perm));
 #  endif
 
         output = salt_out + salt_len;

Modified: stable/11/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/11/crypto/openssl/apps/pkcs12.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/pkcs12.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
         CRYPTO_push_info("read MAC password");
 # endif
         if (EVP_read_pw_string
-            (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+            (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
             BIO_printf(bio_err, "Can't read Password\n");
             goto end;
         }
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
 # endif
 
         if (!noprompt &&
-            EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+            EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
                                1)) {
             BIO_printf(bio_err, "Can't read Password\n");
             goto export_end;
         }
         if (!twopass)
-            BUF_strlcpy(macpass, pass, sizeof macpass);
+            BUF_strlcpy(macpass, pass, sizeof(macpass));
 
 # ifdef CRYPTO_MDEBUG
         CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_push_info("read import password");
 # endif
     if (!noprompt
-        && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+        && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
                               0)) {
         BIO_printf(bio_err, "Can't read Password\n");
         goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
 # endif
 
     if (!twopass)
-        BUF_strlcpy(macpass, pass, sizeof macpass);
+        BUF_strlcpy(macpass, pass, sizeof(macpass));
 
     if ((options & INFO) && p12->mac)
         BIO_printf(bio_err, "MAC Iteration %ld\n",

Modified: stable/11/crypto/openssl/apps/pkcs8.c
==============================================================================
--- stable/11/crypto/openssl/apps/pkcs8.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/pkcs8.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
             else {
                 p8pass = pass;
                 if (EVP_read_pw_string
-                    (pass, sizeof pass, "Enter Encryption Password:", 1))
+                    (pass, sizeof(pass), "Enter Encryption Password:", 1))
                     goto end;
             }
             app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
             p8pass = passin;
         else {
             p8pass = pass;
-            EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+            EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
         }
         p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
     }

Modified: stable/11/crypto/openssl/apps/rand.c
==============================================================================
--- stable/11/crypto/openssl/apps/rand.c	Tue Mar 27 17:52:52 2018	(r331637)
+++ stable/11/crypto/openssl/apps/rand.c	Tue Mar 27 17:54:46 2018	(r331638)
@@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
 
         chunk = num;
         if (chunk > (int)sizeof(buf))

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803271754.w2RHskNj075311>