Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 May 2017 20:52:16 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r318899 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio ...
Message-ID:  <201705252052.v4PKqG5W016258@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Thu May 25 20:52:16 2017
New Revision: 318899
URL: https://svnweb.freebsd.org/changeset/base/318899

Log:
  Merge OpenSSL 1.0.2l.

Added:
  head/crypto/openssl/doc/man3/
     - copied from r318897, vendor-crypto/openssl/dist/doc/man3/
  head/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3   (contents, props changed)
Modified:
  head/crypto/openssl/CHANGES
  head/crypto/openssl/Configure
  head/crypto/openssl/LICENSE
  head/crypto/openssl/Makefile
  head/crypto/openssl/Makefile.org
  head/crypto/openssl/NEWS
  head/crypto/openssl/README
  head/crypto/openssl/apps/ca.c
  head/crypto/openssl/apps/dhparam.c
  head/crypto/openssl/apps/enc.c
  head/crypto/openssl/apps/engine.c
  head/crypto/openssl/apps/pkeyutl.c
  head/crypto/openssl/apps/prime.c
  head/crypto/openssl/apps/progs.h
  head/crypto/openssl/apps/progs.pl
  head/crypto/openssl/apps/req.c
  head/crypto/openssl/apps/s_client.c
  head/crypto/openssl/apps/s_server.c
  head/crypto/openssl/apps/srp.c
  head/crypto/openssl/appveyor.yml
  head/crypto/openssl/config
  head/crypto/openssl/crypto/aes/Makefile
  head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
  head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
  head/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
  head/crypto/openssl/crypto/asn1/a_bitstr.c
  head/crypto/openssl/crypto/asn1/a_digest.c
  head/crypto/openssl/crypto/asn1/a_gentm.c
  head/crypto/openssl/crypto/asn1/a_strnid.c
  head/crypto/openssl/crypto/asn1/a_time.c
  head/crypto/openssl/crypto/asn1/a_utctm.c
  head/crypto/openssl/crypto/asn1/f_enum.c
  head/crypto/openssl/crypto/asn1/f_int.c
  head/crypto/openssl/crypto/asn1/tasn_dec.c
  head/crypto/openssl/crypto/asn1/tasn_new.c
  head/crypto/openssl/crypto/asn1/x_long.c
  head/crypto/openssl/crypto/asn1/x_name.c
  head/crypto/openssl/crypto/bio/b_print.c
  head/crypto/openssl/crypto/bio/bio_cb.c
  head/crypto/openssl/crypto/bio/bss_file.c
  head/crypto/openssl/crypto/bn/Makefile
  head/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
  head/crypto/openssl/crypto/bn/bn_prime.c
  head/crypto/openssl/crypto/bn/bn_prime.h
  head/crypto/openssl/crypto/bn/bn_prime.pl
  head/crypto/openssl/crypto/bn/bn_print.c
  head/crypto/openssl/crypto/comp/c_rle.c
  head/crypto/openssl/crypto/conf/conf.h
  head/crypto/openssl/crypto/conf/conf_def.c
  head/crypto/openssl/crypto/conf/conf_err.c
  head/crypto/openssl/crypto/des/Makefile
  head/crypto/openssl/crypto/des/set_key.c
  head/crypto/openssl/crypto/dh/dh.h
  head/crypto/openssl/crypto/ec/ec_ameth.c
  head/crypto/openssl/crypto/ec/ec_asn1.c
  head/crypto/openssl/crypto/ec/ec_mult.c
  head/crypto/openssl/crypto/ec/eck_prn.c
  head/crypto/openssl/crypto/engine/eng_cryptodev.c
  head/crypto/openssl/crypto/err/err.c
  head/crypto/openssl/crypto/err/err.h
  head/crypto/openssl/crypto/evp/e_aes.c
  head/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
  head/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
  head/crypto/openssl/crypto/evp/e_des3.c
  head/crypto/openssl/crypto/evp/evp_enc.c
  head/crypto/openssl/crypto/evp/pmeth_lib.c
  head/crypto/openssl/crypto/ex_data.c
  head/crypto/openssl/crypto/hmac/hm_pmeth.c
  head/crypto/openssl/crypto/md5/Makefile
  head/crypto/openssl/crypto/mem.c
  head/crypto/openssl/crypto/modes/Makefile
  head/crypto/openssl/crypto/o_dir.c
  head/crypto/openssl/crypto/o_time.c
  head/crypto/openssl/crypto/opensslv.h
  head/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
  head/crypto/openssl/crypto/pkcs12/p12_mutl.c
  head/crypto/openssl/crypto/ppccap.c
  head/crypto/openssl/crypto/rand/md_rand.c
  head/crypto/openssl/crypto/rc4/Makefile
  head/crypto/openssl/crypto/rsa/rsa_pmeth.c
  head/crypto/openssl/crypto/rsa/rsa_pss.c
  head/crypto/openssl/crypto/sha/Makefile
  head/crypto/openssl/crypto/srp/srp_vfy.c
  head/crypto/openssl/crypto/txt_db/txt_db.c
  head/crypto/openssl/crypto/ui/ui_lib.c
  head/crypto/openssl/crypto/x509/x509_lu.c
  head/crypto/openssl/crypto/x509v3/v3_alt.c
  head/crypto/openssl/crypto/x509v3/v3_cpols.c
  head/crypto/openssl/crypto/x509v3/v3_info.c
  head/crypto/openssl/crypto/x509v3/v3_purp.c
  head/crypto/openssl/crypto/x86_64cpuid.pl
  head/crypto/openssl/crypto/x86cpuid.pl
  head/crypto/openssl/doc/apps/ciphers.pod
  head/crypto/openssl/doc/apps/config.pod
  head/crypto/openssl/doc/apps/genrsa.pod
  head/crypto/openssl/doc/apps/req.pod
  head/crypto/openssl/doc/apps/s_client.pod
  head/crypto/openssl/doc/apps/s_server.pod
  head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
  head/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
  head/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
  head/crypto/openssl/doc/crypto/X509_STORE_CTX_new.pod
  head/crypto/openssl/doc/crypto/des.pod
  head/crypto/openssl/ssl/d1_both.c
  head/crypto/openssl/ssl/d1_clnt.c
  head/crypto/openssl/ssl/d1_pkt.c
  head/crypto/openssl/ssl/d1_srvr.c
  head/crypto/openssl/ssl/s23_clnt.c
  head/crypto/openssl/ssl/s23_srvr.c
  head/crypto/openssl/ssl/s3_clnt.c
  head/crypto/openssl/ssl/s3_enc.c
  head/crypto/openssl/ssl/s3_lib.c
  head/crypto/openssl/ssl/s3_pkt.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/crypto/openssl/ssl/ssl_cert.c
  head/crypto/openssl/ssl/ssl_ciph.c
  head/crypto/openssl/ssl/ssl_lib.c
  head/crypto/openssl/ssl/ssl_locl.h
  head/crypto/openssl/ssl/ssl_rsa.c
  head/crypto/openssl/ssl/ssl_sess.c
  head/crypto/openssl/ssl/ssltest.c
  head/crypto/openssl/ssl/t1_ext.c
  head/crypto/openssl/ssl/t1_lib.c
  head/crypto/openssl/util/domd
  head/crypto/openssl/util/mk1mf.pl
  head/secure/lib/libcrypto/Makefile.inc
  head/secure/lib/libcrypto/Makefile.man
  head/secure/lib/libcrypto/amd64/aesni-sha1-x86_64.S
  head/secure/lib/libcrypto/amd64/aesni-sha256-x86_64.S
  head/secure/lib/libcrypto/amd64/x86_64cpuid.S
  head/secure/lib/libcrypto/arm/bsaes-armv7.S
  head/secure/lib/libcrypto/i386/x86cpuid.S
  head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_length.3
  head/secure/lib/libcrypto/man/ASN1_STRING_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  head/secure/lib/libcrypto/man/ASN1_TIME_set.3
  head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  head/secure/lib/libcrypto/man/BIO_ctrl.3
  head/secure/lib/libcrypto/man/BIO_f_base64.3
  head/secure/lib/libcrypto/man/BIO_f_buffer.3
  head/secure/lib/libcrypto/man/BIO_f_cipher.3
  head/secure/lib/libcrypto/man/BIO_f_md.3
  head/secure/lib/libcrypto/man/BIO_f_null.3
  head/secure/lib/libcrypto/man/BIO_f_ssl.3
  head/secure/lib/libcrypto/man/BIO_find_type.3
  head/secure/lib/libcrypto/man/BIO_new.3
  head/secure/lib/libcrypto/man/BIO_new_CMS.3
  head/secure/lib/libcrypto/man/BIO_push.3
  head/secure/lib/libcrypto/man/BIO_read.3
  head/secure/lib/libcrypto/man/BIO_s_accept.3
  head/secure/lib/libcrypto/man/BIO_s_bio.3
  head/secure/lib/libcrypto/man/BIO_s_connect.3
  head/secure/lib/libcrypto/man/BIO_s_fd.3
  head/secure/lib/libcrypto/man/BIO_s_file.3
  head/secure/lib/libcrypto/man/BIO_s_mem.3
  head/secure/lib/libcrypto/man/BIO_s_null.3
  head/secure/lib/libcrypto/man/BIO_s_socket.3
  head/secure/lib/libcrypto/man/BIO_set_callback.3
  head/secure/lib/libcrypto/man/BIO_should_retry.3
  head/secure/lib/libcrypto/man/BN_BLINDING_new.3
  head/secure/lib/libcrypto/man/BN_CTX_new.3
  head/secure/lib/libcrypto/man/BN_CTX_start.3
  head/secure/lib/libcrypto/man/BN_add.3
  head/secure/lib/libcrypto/man/BN_add_word.3
  head/secure/lib/libcrypto/man/BN_bn2bin.3
  head/secure/lib/libcrypto/man/BN_cmp.3
  head/secure/lib/libcrypto/man/BN_copy.3
  head/secure/lib/libcrypto/man/BN_generate_prime.3
  head/secure/lib/libcrypto/man/BN_mod_inverse.3
  head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  head/secure/lib/libcrypto/man/BN_new.3
  head/secure/lib/libcrypto/man/BN_num_bytes.3
  head/secure/lib/libcrypto/man/BN_rand.3
  head/secure/lib/libcrypto/man/BN_set_bit.3
  head/secure/lib/libcrypto/man/BN_swap.3
  head/secure/lib/libcrypto/man/BN_zero.3
  head/secure/lib/libcrypto/man/CMS_add0_cert.3
  head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  head/secure/lib/libcrypto/man/CMS_add1_signer.3
  head/secure/lib/libcrypto/man/CMS_compress.3
  head/secure/lib/libcrypto/man/CMS_decrypt.3
  head/secure/lib/libcrypto/man/CMS_encrypt.3
  head/secure/lib/libcrypto/man/CMS_final.3
  head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_type.3
  head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  head/secure/lib/libcrypto/man/CMS_sign.3
  head/secure/lib/libcrypto/man/CMS_sign_receipt.3
  head/secure/lib/libcrypto/man/CMS_uncompress.3
  head/secure/lib/libcrypto/man/CMS_verify.3
  head/secure/lib/libcrypto/man/CMS_verify_receipt.3
  head/secure/lib/libcrypto/man/CONF_modules_free.3
  head/secure/lib/libcrypto/man/CONF_modules_load_file.3
  head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  head/secure/lib/libcrypto/man/DH_generate_key.3
  head/secure/lib/libcrypto/man/DH_generate_parameters.3
  head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  head/secure/lib/libcrypto/man/DH_new.3
  head/secure/lib/libcrypto/man/DH_set_method.3
  head/secure/lib/libcrypto/man/DH_size.3
  head/secure/lib/libcrypto/man/DSA_SIG_new.3
  head/secure/lib/libcrypto/man/DSA_do_sign.3
  head/secure/lib/libcrypto/man/DSA_dup_DH.3
  head/secure/lib/libcrypto/man/DSA_generate_key.3
  head/secure/lib/libcrypto/man/DSA_generate_parameters.3
  head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  head/secure/lib/libcrypto/man/DSA_new.3
  head/secure/lib/libcrypto/man/DSA_set_method.3
  head/secure/lib/libcrypto/man/DSA_sign.3
  head/secure/lib/libcrypto/man/DSA_size.3
  head/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  head/secure/lib/libcrypto/man/EC_GROUP_copy.3
  head/secure/lib/libcrypto/man/EC_GROUP_new.3
  head/secure/lib/libcrypto/man/EC_KEY_new.3
  head/secure/lib/libcrypto/man/EC_POINT_add.3
  head/secure/lib/libcrypto/man/EC_POINT_new.3
  head/secure/lib/libcrypto/man/ERR_GET_LIB.3
  head/secure/lib/libcrypto/man/ERR_clear_error.3
  head/secure/lib/libcrypto/man/ERR_error_string.3
  head/secure/lib/libcrypto/man/ERR_get_error.3
  head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  head/secure/lib/libcrypto/man/ERR_load_strings.3
  head/secure/lib/libcrypto/man/ERR_print_errors.3
  head/secure/lib/libcrypto/man/ERR_put_error.3
  head/secure/lib/libcrypto/man/ERR_remove_state.3
  head/secure/lib/libcrypto/man/ERR_set_mark.3
  head/secure/lib/libcrypto/man/EVP_BytesToKey.3
  head/secure/lib/libcrypto/man/EVP_DigestInit.3
  head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  head/secure/lib/libcrypto/man/EVP_EncodeInit.3
  head/secure/lib/libcrypto/man/EVP_EncryptInit.3
  head/secure/lib/libcrypto/man/EVP_OpenInit.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
  head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  head/secure/lib/libcrypto/man/EVP_PKEY_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  head/secure/lib/libcrypto/man/EVP_SealInit.3
  head/secure/lib/libcrypto/man/EVP_SignInit.3
  head/secure/lib/libcrypto/man/EVP_VerifyInit.3
  head/secure/lib/libcrypto/man/OBJ_nid2obj.3
  head/secure/lib/libcrypto/man/OPENSSL_Applink.3
  head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  head/secure/lib/libcrypto/man/OPENSSL_config.3
  head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  head/secure/lib/libcrypto/man/PKCS12_create.3
  head/secure/lib/libcrypto/man/PKCS12_parse.3
  head/secure/lib/libcrypto/man/PKCS7_decrypt.3
  head/secure/lib/libcrypto/man/PKCS7_encrypt.3
  head/secure/lib/libcrypto/man/PKCS7_sign.3
  head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  head/secure/lib/libcrypto/man/PKCS7_verify.3
  head/secure/lib/libcrypto/man/RAND_add.3
  head/secure/lib/libcrypto/man/RAND_bytes.3
  head/secure/lib/libcrypto/man/RAND_cleanup.3
  head/secure/lib/libcrypto/man/RAND_egd.3
  head/secure/lib/libcrypto/man/RAND_load_file.3
  head/secure/lib/libcrypto/man/RAND_set_rand_method.3
  head/secure/lib/libcrypto/man/RSA_blinding_on.3
  head/secure/lib/libcrypto/man/RSA_check_key.3
  head/secure/lib/libcrypto/man/RSA_generate_key.3
  head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  head/secure/lib/libcrypto/man/RSA_new.3
  head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  head/secure/lib/libcrypto/man/RSA_print.3
  head/secure/lib/libcrypto/man/RSA_private_encrypt.3
  head/secure/lib/libcrypto/man/RSA_public_encrypt.3
  head/secure/lib/libcrypto/man/RSA_set_method.3
  head/secure/lib/libcrypto/man/RSA_sign.3
  head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  head/secure/lib/libcrypto/man/RSA_size.3
  head/secure/lib/libcrypto/man/SMIME_read_CMS.3
  head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  head/secure/lib/libcrypto/man/SMIME_write_CMS.3
  head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  head/secure/lib/libcrypto/man/X509_check_host.3
  head/secure/lib/libcrypto/man/X509_new.3
  head/secure/lib/libcrypto/man/X509_verify_cert.3
  head/secure/lib/libcrypto/man/bio.3
  head/secure/lib/libcrypto/man/blowfish.3
  head/secure/lib/libcrypto/man/bn.3
  head/secure/lib/libcrypto/man/bn_internal.3
  head/secure/lib/libcrypto/man/buffer.3
  head/secure/lib/libcrypto/man/crypto.3
  head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  head/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
  head/secure/lib/libcrypto/man/d2i_DHparams.3
  head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  head/secure/lib/libcrypto/man/d2i_ECPKParameters.3
  head/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
  head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  head/secure/lib/libcrypto/man/d2i_PrivateKey.3
  head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  head/secure/lib/libcrypto/man/d2i_X509.3
  head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  head/secure/lib/libcrypto/man/d2i_X509_CRL.3
  head/secure/lib/libcrypto/man/d2i_X509_NAME.3
  head/secure/lib/libcrypto/man/d2i_X509_REQ.3
  head/secure/lib/libcrypto/man/d2i_X509_SIG.3
  head/secure/lib/libcrypto/man/des.3
  head/secure/lib/libcrypto/man/dh.3
  head/secure/lib/libcrypto/man/dsa.3
  head/secure/lib/libcrypto/man/ec.3
  head/secure/lib/libcrypto/man/ecdsa.3
  head/secure/lib/libcrypto/man/engine.3
  head/secure/lib/libcrypto/man/err.3
  head/secure/lib/libcrypto/man/evp.3
  head/secure/lib/libcrypto/man/hmac.3
  head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  head/secure/lib/libcrypto/man/lh_stats.3
  head/secure/lib/libcrypto/man/lhash.3
  head/secure/lib/libcrypto/man/md5.3
  head/secure/lib/libcrypto/man/mdc2.3
  head/secure/lib/libcrypto/man/pem.3
  head/secure/lib/libcrypto/man/rand.3
  head/secure/lib/libcrypto/man/rc4.3
  head/secure/lib/libcrypto/man/ripemd.3
  head/secure/lib/libcrypto/man/rsa.3
  head/secure/lib/libcrypto/man/sha.3
  head/secure/lib/libcrypto/man/threads.3
  head/secure/lib/libcrypto/man/ui.3
  head/secure/lib/libcrypto/man/ui_compat.3
  head/secure/lib/libcrypto/man/x509.3
  head/secure/lib/libssl/Makefile.man
  head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  head/secure/lib/libssl/man/SSL_CONF_CTX_new.3
  head/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
  head/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
  head/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
  head/secure/lib/libssl/man/SSL_CONF_cmd.3
  head/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
  head/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
  head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  head/secure/lib/libssl/man/SSL_CTX_add_session.3
  head/secure/lib/libssl/man/SSL_CTX_ctrl.3
  head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  head/secure/lib/libssl/man/SSL_CTX_free.3
  head/secure/lib/libssl/man/SSL_CTX_get0_param.3
  head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  head/secure/lib/libssl/man/SSL_CTX_new.3
  head/secure/lib/libssl/man/SSL_CTX_sess_number.3
  head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  head/secure/lib/libssl/man/SSL_CTX_sessions.3
  head/secure/lib/libssl/man/SSL_CTX_set1_curves.3
  head/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
  head/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
  head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_mode.3
  head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_options.3
  head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  head/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
  head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  head/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_verify.3
  head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
  head/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
  head/secure/lib/libssl/man/SSL_SESSION_free.3
  head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_SESSION_get_time.3
  head/secure/lib/libssl/man/SSL_accept.3
  head/secure/lib/libssl/man/SSL_alert_type_string.3
  head/secure/lib/libssl/man/SSL_check_chain.3
  head/secure/lib/libssl/man/SSL_clear.3
  head/secure/lib/libssl/man/SSL_connect.3
  head/secure/lib/libssl/man/SSL_do_handshake.3
  head/secure/lib/libssl/man/SSL_free.3
  head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  head/secure/lib/libssl/man/SSL_get_ciphers.3
  head/secure/lib/libssl/man/SSL_get_client_CA_list.3
  head/secure/lib/libssl/man/SSL_get_current_cipher.3
  head/secure/lib/libssl/man/SSL_get_default_timeout.3
  head/secure/lib/libssl/man/SSL_get_error.3
  head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  head/secure/lib/libssl/man/SSL_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_get_fd.3
  head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  head/secure/lib/libssl/man/SSL_get_peer_certificate.3
  head/secure/lib/libssl/man/SSL_get_psk_identity.3
  head/secure/lib/libssl/man/SSL_get_rbio.3
  head/secure/lib/libssl/man/SSL_get_session.3
  head/secure/lib/libssl/man/SSL_get_verify_result.3
  head/secure/lib/libssl/man/SSL_get_version.3
  head/secure/lib/libssl/man/SSL_library_init.3
  head/secure/lib/libssl/man/SSL_load_client_CA_file.3
  head/secure/lib/libssl/man/SSL_new.3
  head/secure/lib/libssl/man/SSL_pending.3
  head/secure/lib/libssl/man/SSL_read.3
  head/secure/lib/libssl/man/SSL_rstate_string.3
  head/secure/lib/libssl/man/SSL_session_reused.3
  head/secure/lib/libssl/man/SSL_set_bio.3
  head/secure/lib/libssl/man/SSL_set_connect_state.3
  head/secure/lib/libssl/man/SSL_set_fd.3
  head/secure/lib/libssl/man/SSL_set_session.3
  head/secure/lib/libssl/man/SSL_set_shutdown.3
  head/secure/lib/libssl/man/SSL_set_verify_result.3
  head/secure/lib/libssl/man/SSL_shutdown.3
  head/secure/lib/libssl/man/SSL_state_string.3
  head/secure/lib/libssl/man/SSL_want.3
  head/secure/lib/libssl/man/SSL_write.3
  head/secure/lib/libssl/man/d2i_SSL_SESSION.3
  head/secure/lib/libssl/man/ssl.3
  head/secure/usr.bin/openssl/Makefile.man
  head/secure/usr.bin/openssl/man/CA.pl.1
  head/secure/usr.bin/openssl/man/asn1parse.1
  head/secure/usr.bin/openssl/man/c_rehash.1
  head/secure/usr.bin/openssl/man/ca.1
  head/secure/usr.bin/openssl/man/ciphers.1
  head/secure/usr.bin/openssl/man/cms.1
  head/secure/usr.bin/openssl/man/crl.1
  head/secure/usr.bin/openssl/man/crl2pkcs7.1
  head/secure/usr.bin/openssl/man/dgst.1
  head/secure/usr.bin/openssl/man/dhparam.1
  head/secure/usr.bin/openssl/man/dsa.1
  head/secure/usr.bin/openssl/man/dsaparam.1
  head/secure/usr.bin/openssl/man/ec.1
  head/secure/usr.bin/openssl/man/ecparam.1
  head/secure/usr.bin/openssl/man/enc.1
  head/secure/usr.bin/openssl/man/errstr.1
  head/secure/usr.bin/openssl/man/gendsa.1
  head/secure/usr.bin/openssl/man/genpkey.1
  head/secure/usr.bin/openssl/man/genrsa.1
  head/secure/usr.bin/openssl/man/nseq.1
  head/secure/usr.bin/openssl/man/ocsp.1
  head/secure/usr.bin/openssl/man/openssl.1
  head/secure/usr.bin/openssl/man/passwd.1
  head/secure/usr.bin/openssl/man/pkcs12.1
  head/secure/usr.bin/openssl/man/pkcs7.1
  head/secure/usr.bin/openssl/man/pkcs8.1
  head/secure/usr.bin/openssl/man/pkey.1
  head/secure/usr.bin/openssl/man/pkeyparam.1
  head/secure/usr.bin/openssl/man/pkeyutl.1
  head/secure/usr.bin/openssl/man/rand.1
  head/secure/usr.bin/openssl/man/req.1
  head/secure/usr.bin/openssl/man/rsa.1
  head/secure/usr.bin/openssl/man/rsautl.1
  head/secure/usr.bin/openssl/man/s_client.1
  head/secure/usr.bin/openssl/man/s_server.1
  head/secure/usr.bin/openssl/man/s_time.1
  head/secure/usr.bin/openssl/man/sess_id.1
  head/secure/usr.bin/openssl/man/smime.1
  head/secure/usr.bin/openssl/man/speed.1
  head/secure/usr.bin/openssl/man/spkac.1
  head/secure/usr.bin/openssl/man/ts.1
  head/secure/usr.bin/openssl/man/tsget.1
  head/secure/usr.bin/openssl/man/verify.1
  head/secure/usr.bin/openssl/man/version.1
  head/secure/usr.bin/openssl/man/x509.1
  head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  head/crypto/openssl/   (props changed)

Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/CHANGES	Thu May 25 20:52:16 2017	(r318899)
@@ -2,6 +2,12 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.2k and 1.0.2l [25 May 2017]
+
+  *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
+     platform rather than 'mingw'.
+     [Richard Levitte]
+
  Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
 
   *) Truncated packet could crash via OOB read

Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/Configure	Thu May 25 20:52:16 2017	(r318899)
@@ -109,7 +109,7 @@ my $usage="Usage: Configure [no-<cipher>
 # Minimum warning options... any contributions to OpenSSL should at least get
 # past these. 
 
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 
 # TODO(openssl-team): fix problems and investigate if (at least) the following
 # warnings can also be enabled:
@@ -2041,12 +2041,13 @@ EOF
 	close(OUT);
 } else {
 	my $make_command = "$make PERL=\'$perl\'";
-	my $make_targets = "";
-	$make_targets .= " links" if $symlink;
-	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
-	$make_targets .= " gentests" if $symlink;
-	(system $make_command.$make_targets) == 0 or exit $?
-		if $make_targets ne "";
+	my @make_targets = ();
+	push @make_targets, "links" if $symlink;
+	push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend;
+	push @make_targets, "gentests" if $symlink;
+	foreach my $make_target (@make_targets) {
+	    (system "$make_command $make_target") == 0 or exit $?;
+	}
 	if ( $perl =~ m@^/@) {
 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
 	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
@@ -2056,8 +2057,8 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-            $warn_make_depend++;
-        }
+	    $warn_make_depend++;
+	}
 }
 
 # create the ms/version32.rc file if needed

Modified: head/crypto/openssl/LICENSE
==============================================================================
--- head/crypto/openssl/LICENSE	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/LICENSE	Thu May 25 20:52:16 2017	(r318899)
@@ -2,7 +2,7 @@
   LICENSE ISSUES
   ==============
 
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
   the OpenSSL License and the original SSLeay license apply to the toolkit.
   See below for the actual license texts. Actually both licenses are BSD-style
   Open Source licenses. In case of any license issues related to OpenSSL
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2017 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/Makefile	Thu May 25 20:52:16 2017	(r318899)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2k
+VERSION=1.0.2l
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
@@ -426,6 +426,14 @@ clean:	libclean
 	rm -fr $$i/*; \
 	done
 
+distclean: clean
+	-$(RM) `find . -name .git -prune -o -type l -print`
+	$(RM) apps/CA.pl
+	$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
+	$(RM) tools/c_rehash
+	$(RM) crypto/opensslconf.h
+	$(RM) Makefile Makefile.bak
+
 makefile.one: files
 	$(PERL) util/mk1mf.pl >makefile.one; \
 	sh util/do_ms.sh

Modified: head/crypto/openssl/Makefile.org
==============================================================================
--- head/crypto/openssl/Makefile.org	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/Makefile.org	Thu May 25 20:52:16 2017	(r318899)
@@ -424,6 +424,14 @@ clean:	libclean
 	rm -fr $$i/*; \
 	done
 
+distclean: clean
+	-$(RM) `find . -name .git -prune -o -type l -print`
+	$(RM) apps/CA.pl
+	$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
+	$(RM) tools/c_rehash
+	$(RM) crypto/opensslconf.h
+	$(RM) Makefile Makefile.bak
+
 makefile.one: files
 	$(PERL) util/mk1mf.pl >makefile.one; \
 	sh util/do_ms.sh

Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/NEWS	Thu May 25 20:52:16 2017	(r318899)
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
+
+      o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
   Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
 
       o Truncated packet could crash via OOB read (CVE-2017-3731)

Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/README	Thu May 25 20:52:16 2017	(r318899)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2k 26 Jan 2017
+ OpenSSL 1.0.2l 25 May 2017
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: head/crypto/openssl/apps/ca.c
==============================================================================
--- head/crypto/openssl/apps/ca.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/ca.c	Thu May 25 20:52:16 2017	(r318899)
@@ -2126,10 +2126,8 @@ static int do_body(X509 **xret, EVP_PKEY
         goto err;
     }
 
-    for (i = 0; i < DB_NUMBER; i++) {
+    for (i = 0; i < DB_NUMBER; i++)
         irow[i] = row[i];
-        row[i] = NULL;
-    }
     irow[DB_NUMBER] = NULL;
 
     if (!TXT_DB_insert(db->db, irow)) {
@@ -2137,11 +2135,14 @@ static int do_body(X509 **xret, EVP_PKEY
         BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
         goto err;
     }
+    irow = NULL;
     ok = 1;
  err:
-    for (i = 0; i < DB_NUMBER; i++)
-        if (row[i] != NULL)
+    if (irow != NULL) {
+        for (i = 0; i < DB_NUMBER; i++)
             OPENSSL_free(row[i]);
+        OPENSSL_free(irow);
+    }
 
     if (CAname != NULL)
         X509_NAME_free(CAname);
@@ -2396,18 +2397,20 @@ static int do_revoke(X509 *x509, CA_DB *
             goto err;
         }
 
-        for (i = 0; i < DB_NUMBER; i++) {
+        for (i = 0; i < DB_NUMBER; i++)
             irow[i] = row[i];
-            row[i] = NULL;
-        }
         irow[DB_NUMBER] = NULL;
 
         if (!TXT_DB_insert(db->db, irow)) {
             BIO_printf(bio_err, "failed to update database\n");
             BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+            OPENSSL_free(irow);
             goto err;
         }
 
+        for (i = 0; i < DB_NUMBER; i++)
+            row[i] = NULL;
+
         /* Revoke Certificate */
         if (type == -1)
             ok = 1;

Modified: head/crypto/openssl/apps/dhparam.c
==============================================================================
--- head/crypto/openssl/apps/dhparam.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/dhparam.c	Thu May 25 20:52:16 2017	(r318899)
@@ -381,10 +381,19 @@ int MAIN(int argc, char **argv)
         } else
 # endif
         {
-            if (informat == FORMAT_ASN1)
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
                 dh = d2i_DHparams_bio(in, NULL);
-            else                /* informat == FORMAT_PEM */
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
                 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
 
             if (dh == NULL) {
                 BIO_printf(bio_err, "unable to load DH parameters\n");
@@ -484,10 +493,13 @@ int MAIN(int argc, char **argv)
     }
 
     if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DHparams_bio(out, dh);
-        else if (outformat == FORMAT_PEM) {
-            if (dh->q)
+        if (outformat == FORMAT_ASN1) {
+            if (dh->q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (outformat == FORMAT_PEM) {
+            if (dh->q != NULL)
                 i = PEM_write_bio_DHxparams(out, dh);
             else
                 i = PEM_write_bio_DHparams(out, dh);

Modified: head/crypto/openssl/apps/enc.c
==============================================================================
--- head/crypto/openssl/apps/enc.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/enc.c	Thu May 25 20:52:16 2017	(r318899)
@@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out
 #define BSIZE   (8*1024)
 #define PROG    enc_main
 
-static void show_ciphers(const OBJ_NAME *name, void *bio_)
+struct doall_enc_ciphers {
+    BIO *bio;
+    int n;
+};
+
+static void show_ciphers(const OBJ_NAME *name, void *arg)
 {
-    BIO *bio = bio_;
-    static int n;
+    struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
+    const EVP_CIPHER *cipher;
 
     if (!islower((unsigned char)*name->name))
         return;
 
-    BIO_printf(bio, "-%-25s", name->name);
-    if (++n == 3) {
-        BIO_printf(bio, "\n");
-        n = 0;
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
     } else
-        BIO_printf(bio, " ");
+        BIO_printf(dec->bio, " ");
 }
 
 int MAIN(int, char **);
@@ -130,6 +142,7 @@ int MAIN(int argc, char **argv)
     ENGINE *e = NULL;
     const EVP_MD *dgst = NULL;
     int non_fips_allow = 0;
+    struct doall_enc_ciphers dec;
 
     apps_startup();
 
@@ -311,8 +324,10 @@ int MAIN(int argc, char **argv)
 #endif
 
             BIO_printf(bio_err, "Cipher Types\n");
+            dec.n = 0;
+            dec.bio = bio_err;
             OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-                                   show_ciphers, bio_err);
+                                   show_ciphers, &dec);
             BIO_printf(bio_err, "\n");
 
             goto end;

Modified: head/crypto/openssl/apps/engine.c
==============================================================================
--- head/crypto/openssl/apps/engine.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/engine.c	Thu May 25 20:52:16 2017	(r318899)
@@ -108,13 +108,16 @@ static int append_buf(char **buf, const 
     }
 
     if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+        char *p = *buf;
+
         *size += step;
         *buf = OPENSSL_realloc(*buf, *size);
+        if (*buf == NULL) {
+            OPENSSL_free(p);
+            return 0;
+        }
     }
 
-    if (*buf == NULL)
-        return 0;
-
     if (**buf != '\0')
         BUF_strlcat(*buf, ", ", *size);
     BUF_strlcat(*buf, s, *size);

Modified: head/crypto/openssl/apps/pkeyutl.c
==============================================================================
--- head/crypto/openssl/apps/pkeyutl.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/pkeyutl.c	Thu May 25 20:52:16 2017	(r318899)
@@ -322,8 +322,10 @@ int MAIN(int argc, char **argv)
                              buf_in, (size_t)buf_inlen);
         if (rv == 0)
             BIO_puts(out, "Signature Verification Failure\n");
-        else if (rv == 1)
+        else if (rv == 1) {
             BIO_puts(out, "Signature Verified Successfully\n");
+            ret = 0;
+        }
         if (rv >= 0)
             goto end;
     } else {

Modified: head/crypto/openssl/apps/prime.c
==============================================================================
--- head/crypto/openssl/apps/prime.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/prime.c	Thu May 25 20:52:16 2017	(r318899)
@@ -155,5 +155,8 @@ int MAIN(int argc, char **argv)
     BIO_printf(bio_err, "options are\n");
     BIO_printf(bio_err, "%-14s hex\n", "-hex");
     BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
+    BIO_printf(bio_err, "%-14s generate prime\n", "-generate");
+    BIO_printf(bio_err, "%-14s number of bits\n", "-bits <n>");
+    BIO_printf(bio_err, "%-14s safe prime\n", "-safe");
     return 1;
 }

Modified: head/crypto/openssl/apps/progs.h
==============================================================================
--- head/crypto/openssl/apps/progs.h	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/progs.h	Thu May 25 20:52:16 2017	(r318899)
@@ -58,7 +58,7 @@ extern int srp_main(int argc, char *argv
 typedef struct {
     int type;
     const char *name;
-    int (*func) (int argc, char *argv[]);
+    int (*func)(int argc, char *argv[]);
 } FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 

Modified: head/crypto/openssl/apps/progs.pl
==============================================================================
--- head/crypto/openssl/apps/progs.pl	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/progs.pl	Thu May 25 20:52:16 2017	(r318899)
@@ -6,22 +6,22 @@ print "/* automatically generated by pro
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+	{ printf "extern int %s_main(int argc, char *argv[]);\n",$_; }
 
 print <<'EOF';
 
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-#define FUNC_TYPE_PKEY		4
-#define FUNC_TYPE_MD_ALG	5
-#define FUNC_TYPE_CIPHER_ALG	6
+#define FUNC_TYPE_GENERAL       1
+#define FUNC_TYPE_MD            2
+#define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
 
 typedef struct {
-	int type;
-	const char *name;
-	int (*func)(int argc,char *argv[]);
-	} FUNCTION;
+    int type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+} FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 
 FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
 foreach (@ARGV)
 	{
 	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+	$str="    {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } 
 	elsif ( ($_ =~ /^speed$/))
@@ -60,7 +60,7 @@ foreach (@ARGV)
 foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
-	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+	printf "#ifndef OPENSSL_NO_".uc($_)."\n    {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n";
 	}
 
 foreach (
@@ -86,7 +86,7 @@ foreach (
 	{
 	push(@files,$_);
 
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+	$t=sprintf("    {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
 	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -101,4 +101,4 @@ foreach (
 	print $t;
 	}
 
-print "\t{0,NULL,NULL}\n\t};\n";
+print "    {0, NULL, NULL}\n};\n";

Modified: head/crypto/openssl/apps/req.c
==============================================================================
--- head/crypto/openssl/apps/req.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/req.c	Thu May 25 20:52:16 2017	(r318899)
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
         else if (strcmp(*argv, "-text") == 0)
             text = 1;
         else if (strcmp(*argv, "-x509") == 0) {
-            newreq = 1;
             x509 = 1;
         } else if (strcmp(*argv, "-asn1-kludge") == 0)
             kludge = 1;
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
+    if (x509 && infile == NULL)
+        newreq = 1;
+
     ERR_load_crypto_strings();
     if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv)
         }
     }
 
-    if (newreq) {
+    if (newreq || x509) {
         if (pkey == NULL) {
             BIO_printf(bio_err, "you need to specify a private key\n");
             goto end;

Modified: head/crypto/openssl/apps/s_client.c
==============================================================================
--- head/crypto/openssl/apps/s_client.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/s_client.c	Thu May 25 20:52:16 2017	(r318899)
@@ -2132,6 +2132,7 @@ int MAIN(int argc, char **argv)
         BIO_free(bio_c_msg);
         bio_c_msg = NULL;
     }
+    SSL_COMP_free_compression_methods();
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }

Modified: head/crypto/openssl/apps/s_server.c
==============================================================================
--- head/crypto/openssl/apps/s_server.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/s_server.c	Thu May 25 20:52:16 2017	(r318899)
@@ -2132,6 +2132,7 @@ int MAIN(int argc, char *argv[])
         BIO_free(bio_s_msg);
         bio_s_msg = NULL;
     }
+    SSL_COMP_free_compression_methods();
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }

Modified: head/crypto/openssl/apps/srp.c
==============================================================================
--- head/crypto/openssl/apps/srp.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/apps/srp.c	Thu May 25 20:52:16 2017	(r318899)
@@ -183,10 +183,8 @@ static int update_index(CA_DB *db, BIO *
         return 0;
     }
 
-    for (i = 0; i < DB_NUMBER; i++) {
+    for (i = 0; i < DB_NUMBER; i++)
         irow[i] = row[i];
-        row[i] = NULL;
-    }
     irow[DB_NUMBER] = NULL;
 
     if (!TXT_DB_insert(db->db, irow)) {

Modified: head/crypto/openssl/appveyor.yml
==============================================================================
--- head/crypto/openssl/appveyor.yml	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/appveyor.yml	Thu May 25 20:52:16 2017	(r318899)
@@ -50,11 +50,3 @@ build_script:
 
 test_script:
     - nmake /f ms\%MAK% test
-
-notifications:
-    - provider: Email
-      to:
-          - openssl-commits@openssl.org
-      on_build_success: false
-      on_build_failure: true
-      on_build_status_changed: true

Modified: head/crypto/openssl/config
==============================================================================
--- head/crypto/openssl/config	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/config	Thu May 25 20:52:16 2017	(r318899)
@@ -344,6 +344,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
 	echo "mips-sony-newsos4"; exit 0;
 	;;
 
+    # The following combinations are supported
+    # MINGW64* on x86_64 => mingw64
+    # MINGW32* on x86_64 => mingw
+    # MINGW32* on i?86 => mingw
+    #
+    # MINGW64* on i?86 isn't expected to work...
+    MINGW64*:*:*:x86_64)
+	echo "${MACHINE}-whatever-mingw64"; exit 0;
+	;;
     MINGW*)
 	echo "${MACHINE}-whatever-mingw"; exit 0;
 	;;

Modified: head/crypto/openssl/crypto/aes/Makefile
==============================================================================
--- head/crypto/openssl/crypto/aes/Makefile	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/aes/Makefile	Thu May 25 20:52:16 2017	(r318899)
@@ -133,7 +133,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.s *.S *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 

Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl	Thu May 25 20:52:16 2017	(r318899)
@@ -1702,6 +1702,7 @@ $code.=<<___;
 	mov	240($key),$rounds
 	sub	$in0,$out
 	movups	($key),$rndkey0			# $key[0]
+	movups	($ivp),$iv			# load IV
 	movups	16($key),$rndkey[0]		# forward reference
 	lea	112($key),$key			# size optimization
 

Modified: head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl	Thu May 25 20:52:16 2017	(r318899)
@@ -1299,6 +1299,7 @@ $code.=<<___;
 	mov		240($key),$rounds
 	sub		$in0,$out
 	movups		($key),$rndkey0		# $key[0]
+	movups		($ivp),$iv		# load IV
 	movups		16($key),$rndkey[0]	# forward reference
 	lea		112($key),$key		# size optimization
 

Modified: head/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl	Thu May 25 20:52:16 2017	(r318899)
@@ -1333,7 +1333,7 @@ bsaes_cbc_encrypt:
 	vmov	@XMM[4],@XMM[15]		@ just in case ensure that IV
 	vmov	@XMM[5],@XMM[0]			@ and input are preserved
 	bl	AES_decrypt
-	vld1.8	{@XMM[0]}, [$fp,:64]		@ load result
+	vld1.8	{@XMM[0]}, [$fp]		@ load result
 	veor	@XMM[0], @XMM[0], @XMM[4]	@ ^= IV
 	vmov	@XMM[15], @XMM[5]		@ @XMM[5] holds input
 	vst1.8	{@XMM[0]}, [$rounds]		@ write output

Modified: head/crypto/openssl/crypto/asn1/a_bitstr.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_bitstr.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_bitstr.c	Thu May 25 20:52:16 2017	(r318899)
@@ -114,10 +114,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING 
 
     *(p++) = (unsigned char)bits;
     d = a->data;
-    memcpy(p, d, len);
-    p += len;
-    if (len > 0)
+    if (len > 0) {
+        memcpy(p, d, len);
+        p += len;
         p[-1] &= (0xff << bits);
+    }
     *pp = p;
     return (ret);
 }

Modified: head/crypto/openssl/crypto/asn1/a_digest.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_digest.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_digest.c	Thu May 25 20:52:16 2017	(r318899)
@@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const 
     p = str;
     i2d(data, &p);
 
-    if (!EVP_Digest(str, i, md, len, type, NULL))
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
         return 0;
+    }
     OPENSSL_free(str);
     return (1);
 }
@@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it
     if (!str)
         return (0);
 
-    if (!EVP_Digest(str, i, md, len, type, NULL))
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
         return 0;
+    }
     OPENSSL_free(str);
     return (1);
 }

Modified: head/crypto/openssl/crypto/asn1/a_gentm.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_gentm.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_gentm.c	Thu May 25 20:52:16 2017	(r318899)
@@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm
     if (a[o] == 'Z')
         o++;
     else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? -1 : 1, offset = 0;
+        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
         o++;
         if (o + 4 > l)
             goto err;

Modified: head/crypto/openssl/crypto/asn1/a_strnid.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_strnid.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_strnid.c	Thu May 25 20:52:16 2017	(r318899)
@@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_stand
     {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
     {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
     {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
 };
 
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,

Modified: head/crypto/openssl/crypto/asn1/a_time.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_time.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_time.c	Thu May 25 20:52:16 2017	(r318899)
@@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
                                                    ASN1_GENERALIZEDTIME **out)
 {
-    ASN1_GENERALIZEDTIME *ret;
+    ASN1_GENERALIZEDTIME *ret = NULL;
     char *str;
     int newlen;
 
@@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_gener
 
     if (!out || !*out) {
         if (!(ret = ASN1_GENERALIZEDTIME_new()))
-            return NULL;
-        if (out)
-            *out = ret;
-    } else
+            goto err;
+    } else {
         ret = *out;
+    }
 
     /* If already GeneralizedTime just copy across */
     if (t->type == V_ASN1_GENERALIZEDTIME) {
         if (!ASN1_STRING_set(ret, t->data, t->length))
-            return NULL;
-        return ret;
+            goto err;
+        goto done;
     }
 
     /* grow the string */
     if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-        return NULL;
+        goto err;
     /* ASN1_STRING_set() allocated 'len + 1' bytes. */
     newlen = t->length + 2 + 1;
     str = (char *)ret->data;
@@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_gener
 
     BUF_strlcat(str, (char *)t->data, newlen);
 
-    return ret;
+ done:
+   if (out != NULL && *out == NULL)
+       *out = ret;
+   return ret;
+
+ err:
+    if (out == NULL || *out != ret)
+        ASN1_GENERALIZEDTIME_free(ret);
+    return NULL;
 }
 
+
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
     ASN1_TIME t;

Modified: head/crypto/openssl/crypto/asn1/a_utctm.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/a_utctm.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/a_utctm.c	Thu May 25 20:52:16 2017	(r318899)
@@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, co
     if (a[o] == 'Z')
         o++;
     else if ((a[o] == '+') || (a[o] == '-')) {
-        int offsign = a[o] == '-' ? -1 : 1, offset = 0;
+        int offsign = a[o] == '-' ? 1 : -1, offset = 0;
         o++;
         if (o + 4 > l)
             goto err;

Modified: head/crypto/openssl/crypto/asn1/f_enum.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/f_enum.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/f_enum.c	Thu May 25 20:52:16 2017	(r318899)
@@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_EN
         bufp = (unsigned char *)buf;
         if (first) {
             first = 0;
-            if ((bufp[0] == '0') && (buf[1] == '0')) {
+            if ((bufp[0] == '0') && (bufp[1] == '0')) {
                 bufp += 2;
                 i -= 2;
             }

Modified: head/crypto/openssl/crypto/asn1/f_int.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/f_int.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/f_int.c	Thu May 25 20:52:16 2017	(r318899)
@@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEG
         bufp = (unsigned char *)buf;
         if (first) {
             first = 0;
-            if ((bufp[0] == '0') && (buf[1] == '0')) {
+            if ((bufp[0] == '0') && (bufp[1] == '0')) {
                 bufp += 2;
                 i -= 2;
             }

Modified: head/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_dec.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/tasn_dec.c	Thu May 25 20:52:16 2017	(r318899)
@@ -673,6 +673,7 @@ static int asn1_template_noexp_d2i(ASN1_
             }
             len -= p - q;
             if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
+                ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
                 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
                 goto err;
             }

Modified: head/crypto/openssl/crypto/asn1/tasn_new.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_new.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/tasn_new.c	Thu May 25 20:52:16 2017	(r318899)
@@ -158,7 +158,7 @@ static int asn1_item_ex_combine_new(ASN1
         }
         asn1_set_choice_selector(pval, -1, it);
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
-            goto auxerr;
+            goto auxerr2;
         break;
 
     case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -186,10 +186,10 @@ static int asn1_item_ex_combine_new(ASN1
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
             pseqval = asn1_get_field_ptr(pval, tt);
             if (!ASN1_template_new(pseqval, tt))
-                goto memerr;
+                goto memerr2;
         }
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
-            goto auxerr;
+            goto auxerr2;
         break;
     }
 #ifdef CRYPTO_MDEBUG
@@ -198,6 +198,8 @@ static int asn1_item_ex_combine_new(ASN1
 #endif
     return 1;
 
+ memerr2:
+    ASN1_item_ex_free(pval, it);
  memerr:
     ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
 #ifdef CRYPTO_MDEBUG
@@ -206,9 +208,10 @@ static int asn1_item_ex_combine_new(ASN1
 #endif
     return 0;
 
+ auxerr2:
+    ASN1_item_ex_free(pval, it);
  auxerr:
     ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
-    ASN1_item_ex_free(pval, it);
 #ifdef CRYPTO_MDEBUG
     if (it->sname)
         CRYPTO_pop_info();

Modified: head/crypto/openssl/crypto/asn1/x_long.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/x_long.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/x_long.c	Thu May 25 20:52:16 2017	(r318899)
@@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, u
      * set.
      */
     if (ltmp < 0)
-        utmp = -ltmp - 1;
+        utmp = 0 - (unsigned long)ltmp - 1;
     else
         utmp = ltmp;
     clen = BN_num_bits_word(utmp);
@@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, u
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                     int utype, char *free_cont, const ASN1_ITEM *it)
 {
-    int neg, i;
+    int neg = -1, i;
     long ltmp;
     unsigned long utmp = 0;
     char *cp = (char *)pval;
+
+    if (len) {
+        /*
+         * Check possible pad byte.  Worst case, we're skipping past actual
+         * content, but since that's only with 0x00 and 0xff and we set neg
+         * accordingly, the result will be correct in the end anyway.
+         */
+        switch (cont[0]) {
+        case 0xff:
+            cont++;
+            len--;
+            neg = 1;
+            break;
+        case 0:
+            cont++;
+            len--;
+            neg = 0;
+            break;
+        }
+    }
     if (len > (int)sizeof(long)) {
         ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
         return 0;
     }
-    /* Is it negative? */
-    if (len && (cont[0] & 0x80))
-        neg = 1;
-    else
-        neg = 0;
+    if (neg == -1) {
+        /* Is it negative? */
+        if (len && (cont[0] & 0x80))
+            neg = 1;
+        else
+            neg = 0;
+    }
     utmp = 0;
     for (i = 0; i < len; i++) {
         utmp <<= 8;
@@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, c
     }
     ltmp = (long)utmp;
     if (neg) {
-        ltmp++;
         ltmp = -ltmp;
+        ltmp--;
     }
     if (ltmp == it->size) {
         ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

Modified: head/crypto/openssl/crypto/asn1/x_name.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/x_name.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/asn1/x_name.c	Thu May 25 20:52:16 2017	(r318899)
@@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE
     *pval = NULL;
 }
 
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_free(ne);
+}
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+}
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
                             const unsigned char **in, long len,
                             const ASN1_ITEM *it, int tag, int aclass,
@@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE *
             entry->set = i;
             if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                 goto err;
+            sk_X509_NAME_ENTRY_set(entries, j, NULL);
         }
-        sk_X509_NAME_ENTRY_free(entries);
     }
-    sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
     ret = x509_name_canon(nm.x);
     if (!ret)
         goto err;
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
     nm.x->modified = 0;
     *val = nm.a;
     *in = p;
@@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE *
  err:
     if (nm.x != NULL)
         X509_NAME_free(nm.x);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
     ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
     return 0;
 }
@@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE *
     return ret;
 }
 
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
-{
-    sk_X509_NAME_ENTRY_free(ne);
-}
-
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
-{
-    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
-}
-
 static int x509_name_encode(X509_NAME *a)
 {
     union {
@@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a
             entries = sk_X509_NAME_ENTRY_new_null();
             if (!entries)
                 goto memerr;
-            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
                 goto memerr;
+            }
             set = entry->set;
         }
         if (!sk_X509_NAME_ENTRY_push(entries, entry))
@@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a)
             entries = sk_X509_NAME_ENTRY_new_null();
             if (!entries)
                 goto err;
-            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
                 goto err;
+            }
             set = entry->set;
         }
         tmpentry = X509_NAME_ENTRY_new();

Modified: head/crypto/openssl/crypto/bio/b_print.c
==============================================================================
--- head/crypto/openssl/crypto/bio/b_print.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/bio/b_print.c	Thu May 25 20:52:16 2017	(r318899)
@@ -502,7 +502,7 @@ fmtint(char **sbuffer,
     if (!(flags & DP_F_UNSIGNED)) {
         if (value < 0) {
             signvalue = '-';
-            uvalue = -value;
+            uvalue = -(unsigned LLONG)value;
         } else if (flags & DP_F_PLUS)
             signvalue = '+';
         else if (flags & DP_F_SPACE)

Modified: head/crypto/openssl/crypto/bio/bio_cb.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bio_cb.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/bio/bio_cb.c	Thu May 25 20:52:16 2017	(r318899)
@@ -78,6 +78,9 @@ long MS_CALLBACK BIO_debug_callback(BIO 
 
     len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
 
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
     p = buf + len;
     p_maxlen = sizeof(buf) - len;
 

Modified: head/crypto/openssl/crypto/bio/bss_file.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_file.c	Thu May 25 19:39:16 2017	(r318898)
+++ head/crypto/openssl/crypto/bio/bss_file.c	Thu May 25 20:52:16 2017	(r318899)
@@ -251,7 +251,7 @@ static int MS_CALLBACK file_read(BIO *b,
             ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
         if (ret == 0
             && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
-            ferror((FILE *)b->ptr)) {
+                                               ferror((FILE *)b->ptr)) {
             SYSerr(SYS_F_FREAD, get_last_sys_error());
             BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
             ret = -1;
@@ -287,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b
     FILE *fp = (FILE *)b->ptr;
     FILE **fpp;
     char p[4];
+    int st;
 
     switch (cmd) {
     case BIO_C_FILE_SEEK:
@@ -318,8 +319,11 @@ static long MS_CALLBACK file_ctrl(BIO *b
 #   if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
 #    define _IOB_ENTRIES 20
 #   endif
-#   if defined(_IOB_ENTRIES)
         /* Safety net to catch purely internal BIO_set_fp calls */
+#   if defined(_MSC_VER) && _MSC_VER>=1900
+        if (ptr == stdin || ptr == stdout || ptr == stderr)
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   elif defined(_IOB_ENTRIES)
         if ((size_t)ptr >= (size_t)stdin &&
             (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
             BIO_clear_flags(b, BIO_FLAGS_UPLINK);
@@ -424,10 +428,14 @@ static long MS_CALLBACK file_ctrl(BIO *b
         b->shutdown = (int)num;
         break;
     case BIO_CTRL_FLUSH:
-        if (b->flags & BIO_FLAGS_UPLINK)
-            UP_fflush(b->ptr);
-        else
-            fflush((FILE *)b->ptr);
+        st = b->flags & BIO_FLAGS_UPLINK
+                ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr);

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705252052.v4PKqG5W016258>