Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Aug 2014 21:06:35 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r269687 - in stable: 8/crypto/openssl 8/crypto/openssl/apps 8/crypto/openssl/crypto 8/crypto/openssl/crypto/asn1 8/crypto/openssl/crypto/bio 8/crypto/openssl/crypto/bn 8/crypto/openssl/...
Message-ID:  <53e3ea5b.20d5.4df5807d@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Thu Aug  7 21:06:34 2014
New Revision: 269687
URL: http://svnweb.freebsd.org/changeset/base/269687

Log:
  Merge OpenSSL 0.9.8zb.

Added:
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
     - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3   (contents, props changed)
Deleted:
  stable/8/crypto/openssl/crypto/pkcs7/bio_ber.c
  stable/8/crypto/openssl/crypto/pkcs7/dec.c
  stable/8/crypto/openssl/crypto/pkcs7/des.pem
  stable/8/crypto/openssl/crypto/pkcs7/doc
  stable/8/crypto/openssl/crypto/pkcs7/enc.c
  stable/8/crypto/openssl/crypto/pkcs7/es1.pem
  stable/8/crypto/openssl/crypto/pkcs7/example.c
  stable/8/crypto/openssl/crypto/pkcs7/example.h
  stable/8/crypto/openssl/crypto/pkcs7/info.pem
  stable/8/crypto/openssl/crypto/pkcs7/infokey.pem
  stable/8/crypto/openssl/crypto/pkcs7/p7/
  stable/8/crypto/openssl/crypto/pkcs7/server.pem
  stable/8/crypto/openssl/crypto/pkcs7/sign.c
  stable/8/crypto/openssl/crypto/pkcs7/t/
  stable/8/crypto/openssl/crypto/pkcs7/verify.c
  stable/8/crypto/openssl/demos/eay/
  stable/8/crypto/openssl/demos/maurice/
Modified:
  stable/8/crypto/openssl/CHANGES
  stable/8/crypto/openssl/FAQ
  stable/8/crypto/openssl/Makefile
  stable/8/crypto/openssl/NEWS
  stable/8/crypto/openssl/README
  stable/8/crypto/openssl/apps/apps.c
  stable/8/crypto/openssl/apps/ca.c
  stable/8/crypto/openssl/apps/crl2p7.c
  stable/8/crypto/openssl/apps/ocsp.c
  stable/8/crypto/openssl/apps/s_server.c
  stable/8/crypto/openssl/apps/speed.c
  stable/8/crypto/openssl/crypto/asn1/a_object.c
  stable/8/crypto/openssl/crypto/asn1/asn1_lib.c
  stable/8/crypto/openssl/crypto/asn1/asn_mime.c
  stable/8/crypto/openssl/crypto/asn1/asn_pack.c
  stable/8/crypto/openssl/crypto/asn1/evp_asn1.c
  stable/8/crypto/openssl/crypto/asn1/t_x509.c
  stable/8/crypto/openssl/crypto/asn1/tasn_enc.c
  stable/8/crypto/openssl/crypto/bio/bio_lib.c
  stable/8/crypto/openssl/crypto/bn/bn_gf2m.c
  stable/8/crypto/openssl/crypto/bn/bn_lib.c
  stable/8/crypto/openssl/crypto/bn/bn_sqr.c
  stable/8/crypto/openssl/crypto/conf/conf_api.c
  stable/8/crypto/openssl/crypto/conf/conf_def.c
  stable/8/crypto/openssl/crypto/ec/ec_lib.c
  stable/8/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/8/crypto/openssl/crypto/idea/ideatest.c
  stable/8/crypto/openssl/crypto/objects/obj_dat.c
  stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c
  stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c
  stable/8/crypto/openssl/crypto/opensslv.h
  stable/8/crypto/openssl/crypto/pkcs7/Makefile
  stable/8/crypto/openssl/crypto/rsa/rsa_eay.c
  stable/8/crypto/openssl/crypto/ui/ui_lib.c
  stable/8/crypto/openssl/doc/apps/asn1parse.pod
  stable/8/crypto/openssl/doc/apps/ca.pod
  stable/8/crypto/openssl/doc/apps/crl.pod
  stable/8/crypto/openssl/doc/apps/dhparam.pod
  stable/8/crypto/openssl/doc/apps/dsa.pod
  stable/8/crypto/openssl/doc/apps/ecparam.pod
  stable/8/crypto/openssl/doc/apps/gendsa.pod
  stable/8/crypto/openssl/doc/apps/genrsa.pod
  stable/8/crypto/openssl/doc/apps/rsa.pod
  stable/8/crypto/openssl/doc/apps/s_client.pod
  stable/8/crypto/openssl/doc/apps/s_server.pod
  stable/8/crypto/openssl/doc/apps/verify.pod
  stable/8/crypto/openssl/doc/apps/x509.pod
  stable/8/crypto/openssl/doc/apps/x509v3_config.pod
  stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
  stable/8/crypto/openssl/doc/crypto/BIO_f_base64.pod
  stable/8/crypto/openssl/doc/crypto/BIO_push.pod
  stable/8/crypto/openssl/doc/crypto/ERR_get_error.pod
  stable/8/crypto/openssl/doc/crypto/RSA_set_method.pod
  stable/8/crypto/openssl/doc/crypto/RSA_sign.pod
  stable/8/crypto/openssl/doc/crypto/des.pod
  stable/8/crypto/openssl/doc/crypto/err.pod
  stable/8/crypto/openssl/doc/crypto/pem.pod
  stable/8/crypto/openssl/doc/crypto/ui.pod
  stable/8/crypto/openssl/doc/fingerprints.txt
  stable/8/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
  stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
  stable/8/crypto/openssl/doc/ssl/SSL_get_version.pod
  stable/8/crypto/openssl/doc/ssl/SSL_shutdown.pod
  stable/8/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
  stable/8/crypto/openssl/openssl.spec
  stable/8/crypto/openssl/ssl/d1_both.c
  stable/8/crypto/openssl/ssl/d1_clnt.c
  stable/8/crypto/openssl/ssl/d1_srvr.c
  stable/8/crypto/openssl/ssl/s23_lib.c
  stable/8/crypto/openssl/ssl/s23_srvr.c
  stable/8/crypto/openssl/ssl/s3_clnt.c
  stable/8/crypto/openssl/ssl/s3_pkt.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
  stable/8/crypto/openssl/ssl/ssl_ciph.c
  stable/8/crypto/openssl/ssl/ssl_stat.c
  stable/8/crypto/openssl/ssl/t1_lib.c
  stable/8/crypto/openssl/util/mkerr.pl
  stable/8/secure/lib/libcrypto/Makefile
  stable/8/secure/lib/libcrypto/Makefile.inc
  stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/8/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/8/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/8/secure/lib/libcrypto/man/BIO_f_md.3
  stable/8/secure/lib/libcrypto/man/BIO_f_null.3
  stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/8/secure/lib/libcrypto/man/BIO_find_type.3
  stable/8/secure/lib/libcrypto/man/BIO_new.3
  stable/8/secure/lib/libcrypto/man/BIO_push.3
  stable/8/secure/lib/libcrypto/man/BIO_read.3
  stable/8/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/8/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/8/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/8/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/8/secure/lib/libcrypto/man/BIO_s_file.3
  stable/8/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/8/secure/lib/libcrypto/man/BIO_s_null.3
  stable/8/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/8/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/8/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/8/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/8/secure/lib/libcrypto/man/BN_add.3
  stable/8/secure/lib/libcrypto/man/BN_add_word.3
  stable/8/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/8/secure/lib/libcrypto/man/BN_cmp.3
  stable/8/secure/lib/libcrypto/man/BN_copy.3
  stable/8/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/8/secure/lib/libcrypto/man/BN_new.3
  stable/8/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/8/secure/lib/libcrypto/man/BN_rand.3
  stable/8/secure/lib/libcrypto/man/BN_set_bit.3
  stable/8/secure/lib/libcrypto/man/BN_swap.3
  stable/8/secure/lib/libcrypto/man/BN_zero.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/8/secure/lib/libcrypto/man/DH_generate_key.3
  stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DH_new.3
  stable/8/secure/lib/libcrypto/man/DH_set_method.3
  stable/8/secure/lib/libcrypto/man/DH_size.3
  stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/8/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/DSA_new.3
  stable/8/secure/lib/libcrypto/man/DSA_set_method.3
  stable/8/secure/lib/libcrypto/man/DSA_sign.3
  stable/8/secure/lib/libcrypto/man/DSA_size.3
  stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/8/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/8/secure/lib/libcrypto/man/ERR_error_string.3
  stable/8/secure/lib/libcrypto/man/ERR_get_error.3
  stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/8/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/8/secure/lib/libcrypto/man/ERR_put_error.3
  stable/8/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/8/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/8/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/8/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/8/secure/lib/libcrypto/man/PKCS12_create.3
  stable/8/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/8/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/8/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/8/secure/lib/libcrypto/man/RAND_add.3
  stable/8/secure/lib/libcrypto/man/RAND_bytes.3
  stable/8/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/8/secure/lib/libcrypto/man/RAND_egd.3
  stable/8/secure/lib/libcrypto/man/RAND_load_file.3
  stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/8/secure/lib/libcrypto/man/RSA_check_key.3
  stable/8/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/8/secure/lib/libcrypto/man/RSA_new.3
  stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/8/secure/lib/libcrypto/man/RSA_print.3
  stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/8/secure/lib/libcrypto/man/RSA_set_method.3
  stable/8/secure/lib/libcrypto/man/RSA_sign.3
  stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/8/secure/lib/libcrypto/man/RSA_size.3
  stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/8/secure/lib/libcrypto/man/X509_new.3
  stable/8/secure/lib/libcrypto/man/bio.3
  stable/8/secure/lib/libcrypto/man/blowfish.3
  stable/8/secure/lib/libcrypto/man/bn.3
  stable/8/secure/lib/libcrypto/man/bn_internal.3
  stable/8/secure/lib/libcrypto/man/buffer.3
  stable/8/secure/lib/libcrypto/man/crypto.3
  stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/8/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/8/secure/lib/libcrypto/man/d2i_X509.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/8/secure/lib/libcrypto/man/des.3
  stable/8/secure/lib/libcrypto/man/dh.3
  stable/8/secure/lib/libcrypto/man/dsa.3
  stable/8/secure/lib/libcrypto/man/ecdsa.3
  stable/8/secure/lib/libcrypto/man/engine.3
  stable/8/secure/lib/libcrypto/man/err.3
  stable/8/secure/lib/libcrypto/man/evp.3
  stable/8/secure/lib/libcrypto/man/hmac.3
  stable/8/secure/lib/libcrypto/man/lh_stats.3
  stable/8/secure/lib/libcrypto/man/lhash.3
  stable/8/secure/lib/libcrypto/man/md5.3
  stable/8/secure/lib/libcrypto/man/mdc2.3
  stable/8/secure/lib/libcrypto/man/pem.3
  stable/8/secure/lib/libcrypto/man/rand.3
  stable/8/secure/lib/libcrypto/man/rc4.3
  stable/8/secure/lib/libcrypto/man/ripemd.3
  stable/8/secure/lib/libcrypto/man/rsa.3
  stable/8/secure/lib/libcrypto/man/sha.3
  stable/8/secure/lib/libcrypto/man/threads.3
  stable/8/secure/lib/libcrypto/man/ui.3
  stable/8/secure/lib/libcrypto/man/ui_compat.3
  stable/8/secure/lib/libcrypto/man/x509.3
  stable/8/secure/lib/libssl/Makefile.man
  stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_free.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/8/secure/lib/libssl/man/SSL_CTX_new.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/8/secure/lib/libssl/man/SSL_accept.3
  stable/8/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/8/secure/lib/libssl/man/SSL_clear.3
  stable/8/secure/lib/libssl/man/SSL_connect.3
  stable/8/secure/lib/libssl/man/SSL_do_handshake.3
  stable/8/secure/lib/libssl/man/SSL_free.3
  stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/8/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/8/secure/lib/libssl/man/SSL_get_error.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/8/secure/lib/libssl/man/SSL_get_fd.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/8/secure/lib/libssl/man/SSL_get_rbio.3
  stable/8/secure/lib/libssl/man/SSL_get_session.3
  stable/8/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_get_version.3
  stable/8/secure/lib/libssl/man/SSL_library_init.3
  stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/8/secure/lib/libssl/man/SSL_new.3
  stable/8/secure/lib/libssl/man/SSL_pending.3
  stable/8/secure/lib/libssl/man/SSL_read.3
  stable/8/secure/lib/libssl/man/SSL_rstate_string.3
  stable/8/secure/lib/libssl/man/SSL_session_reused.3
  stable/8/secure/lib/libssl/man/SSL_set_bio.3
  stable/8/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/8/secure/lib/libssl/man/SSL_set_fd.3
  stable/8/secure/lib/libssl/man/SSL_set_session.3
  stable/8/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/8/secure/lib/libssl/man/SSL_shutdown.3
  stable/8/secure/lib/libssl/man/SSL_state_string.3
  stable/8/secure/lib/libssl/man/SSL_want.3
  stable/8/secure/lib/libssl/man/SSL_write.3
  stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/8/secure/lib/libssl/man/ssl.3
  stable/8/secure/usr.bin/openssl/man/CA.pl.1
  stable/8/secure/usr.bin/openssl/man/asn1parse.1
  stable/8/secure/usr.bin/openssl/man/ca.1
  stable/8/secure/usr.bin/openssl/man/ciphers.1
  stable/8/secure/usr.bin/openssl/man/crl.1
  stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/8/secure/usr.bin/openssl/man/dgst.1
  stable/8/secure/usr.bin/openssl/man/dhparam.1
  stable/8/secure/usr.bin/openssl/man/dsa.1
  stable/8/secure/usr.bin/openssl/man/dsaparam.1
  stable/8/secure/usr.bin/openssl/man/ec.1
  stable/8/secure/usr.bin/openssl/man/ecparam.1
  stable/8/secure/usr.bin/openssl/man/enc.1
  stable/8/secure/usr.bin/openssl/man/errstr.1
  stable/8/secure/usr.bin/openssl/man/gendsa.1
  stable/8/secure/usr.bin/openssl/man/genrsa.1
  stable/8/secure/usr.bin/openssl/man/nseq.1
  stable/8/secure/usr.bin/openssl/man/ocsp.1
  stable/8/secure/usr.bin/openssl/man/openssl.1
  stable/8/secure/usr.bin/openssl/man/passwd.1
  stable/8/secure/usr.bin/openssl/man/pkcs12.1
  stable/8/secure/usr.bin/openssl/man/pkcs7.1
  stable/8/secure/usr.bin/openssl/man/pkcs8.1
  stable/8/secure/usr.bin/openssl/man/rand.1
  stable/8/secure/usr.bin/openssl/man/req.1
  stable/8/secure/usr.bin/openssl/man/rsa.1
  stable/8/secure/usr.bin/openssl/man/rsautl.1
  stable/8/secure/usr.bin/openssl/man/s_client.1
  stable/8/secure/usr.bin/openssl/man/s_server.1
  stable/8/secure/usr.bin/openssl/man/s_time.1
  stable/8/secure/usr.bin/openssl/man/sess_id.1
  stable/8/secure/usr.bin/openssl/man/smime.1
  stable/8/secure/usr.bin/openssl/man/speed.1
  stable/8/secure/usr.bin/openssl/man/spkac.1
  stable/8/secure/usr.bin/openssl/man/verify.1
  stable/8/secure/usr.bin/openssl/man/version.1
  stable/8/secure/usr.bin/openssl/man/x509.1
  stable/8/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/8/crypto/openssl/   (props changed)

Changes in other areas also in this revision:
Added:
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
     - copied unchanged from r269672, vendor-crypto/openssl/dist-0.9.8/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3   (contents, props changed)
Deleted:
  stable/9/crypto/openssl/crypto/pkcs7/bio_ber.c
  stable/9/crypto/openssl/crypto/pkcs7/dec.c
  stable/9/crypto/openssl/crypto/pkcs7/des.pem
  stable/9/crypto/openssl/crypto/pkcs7/doc
  stable/9/crypto/openssl/crypto/pkcs7/enc.c
  stable/9/crypto/openssl/crypto/pkcs7/es1.pem
  stable/9/crypto/openssl/crypto/pkcs7/example.c
  stable/9/crypto/openssl/crypto/pkcs7/example.h
  stable/9/crypto/openssl/crypto/pkcs7/info.pem
  stable/9/crypto/openssl/crypto/pkcs7/infokey.pem
  stable/9/crypto/openssl/crypto/pkcs7/p7/
  stable/9/crypto/openssl/crypto/pkcs7/server.pem
  stable/9/crypto/openssl/crypto/pkcs7/sign.c
  stable/9/crypto/openssl/crypto/pkcs7/t/
  stable/9/crypto/openssl/crypto/pkcs7/verify.c
  stable/9/crypto/openssl/demos/eay/
  stable/9/crypto/openssl/demos/maurice/
Modified:
  stable/9/crypto/openssl/CHANGES
  stable/9/crypto/openssl/FAQ
  stable/9/crypto/openssl/Makefile
  stable/9/crypto/openssl/NEWS
  stable/9/crypto/openssl/README
  stable/9/crypto/openssl/apps/apps.c
  stable/9/crypto/openssl/apps/ca.c
  stable/9/crypto/openssl/apps/crl2p7.c
  stable/9/crypto/openssl/apps/ocsp.c
  stable/9/crypto/openssl/apps/s_server.c
  stable/9/crypto/openssl/apps/speed.c
  stable/9/crypto/openssl/crypto/asn1/a_object.c
  stable/9/crypto/openssl/crypto/asn1/asn1_lib.c
  stable/9/crypto/openssl/crypto/asn1/asn_mime.c
  stable/9/crypto/openssl/crypto/asn1/asn_pack.c
  stable/9/crypto/openssl/crypto/asn1/evp_asn1.c
  stable/9/crypto/openssl/crypto/asn1/t_x509.c
  stable/9/crypto/openssl/crypto/asn1/tasn_enc.c
  stable/9/crypto/openssl/crypto/bio/bio_lib.c
  stable/9/crypto/openssl/crypto/bn/bn_gf2m.c
  stable/9/crypto/openssl/crypto/bn/bn_lib.c
  stable/9/crypto/openssl/crypto/bn/bn_sqr.c
  stable/9/crypto/openssl/crypto/conf/conf_api.c
  stable/9/crypto/openssl/crypto/conf/conf_def.c
  stable/9/crypto/openssl/crypto/ec/ec_lib.c
  stable/9/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/9/crypto/openssl/crypto/idea/ideatest.c
  stable/9/crypto/openssl/crypto/objects/obj_dat.c
  stable/9/crypto/openssl/crypto/ocsp/ocsp_ht.c
  stable/9/crypto/openssl/crypto/ocsp/ocsp_lib.c
  stable/9/crypto/openssl/crypto/opensslv.h
  stable/9/crypto/openssl/crypto/pkcs7/Makefile
  stable/9/crypto/openssl/crypto/rsa/rsa_eay.c
  stable/9/crypto/openssl/crypto/ui/ui_lib.c
  stable/9/crypto/openssl/doc/apps/asn1parse.pod
  stable/9/crypto/openssl/doc/apps/ca.pod
  stable/9/crypto/openssl/doc/apps/crl.pod
  stable/9/crypto/openssl/doc/apps/dhparam.pod
  stable/9/crypto/openssl/doc/apps/dsa.pod
  stable/9/crypto/openssl/doc/apps/ecparam.pod
  stable/9/crypto/openssl/doc/apps/gendsa.pod
  stable/9/crypto/openssl/doc/apps/genrsa.pod
  stable/9/crypto/openssl/doc/apps/rsa.pod
  stable/9/crypto/openssl/doc/apps/s_client.pod
  stable/9/crypto/openssl/doc/apps/s_server.pod
  stable/9/crypto/openssl/doc/apps/verify.pod
  stable/9/crypto/openssl/doc/apps/x509.pod
  stable/9/crypto/openssl/doc/apps/x509v3_config.pod
  stable/9/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
  stable/9/crypto/openssl/doc/crypto/BIO_f_base64.pod
  stable/9/crypto/openssl/doc/crypto/BIO_push.pod
  stable/9/crypto/openssl/doc/crypto/ERR_get_error.pod
  stable/9/crypto/openssl/doc/crypto/RSA_set_method.pod
  stable/9/crypto/openssl/doc/crypto/RSA_sign.pod
  stable/9/crypto/openssl/doc/crypto/des.pod
  stable/9/crypto/openssl/doc/crypto/err.pod
  stable/9/crypto/openssl/doc/crypto/pem.pod
  stable/9/crypto/openssl/doc/crypto/ui.pod
  stable/9/crypto/openssl/doc/fingerprints.txt
  stable/9/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
  stable/9/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
  stable/9/crypto/openssl/doc/ssl/SSL_get_version.pod
  stable/9/crypto/openssl/doc/ssl/SSL_shutdown.pod
  stable/9/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
  stable/9/crypto/openssl/openssl.spec
  stable/9/crypto/openssl/ssl/d1_both.c
  stable/9/crypto/openssl/ssl/d1_clnt.c
  stable/9/crypto/openssl/ssl/d1_srvr.c
  stable/9/crypto/openssl/ssl/s23_lib.c
  stable/9/crypto/openssl/ssl/s23_srvr.c
  stable/9/crypto/openssl/ssl/s3_clnt.c
  stable/9/crypto/openssl/ssl/s3_pkt.c
  stable/9/crypto/openssl/ssl/s3_srvr.c
  stable/9/crypto/openssl/ssl/ssl_ciph.c
  stable/9/crypto/openssl/ssl/ssl_stat.c
  stable/9/crypto/openssl/ssl/t1_lib.c
  stable/9/crypto/openssl/util/mkerr.pl
  stable/9/secure/lib/libcrypto/Makefile
  stable/9/secure/lib/libcrypto/Makefile.inc
  stable/9/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/9/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/9/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/9/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/9/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/9/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/9/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/9/secure/lib/libcrypto/man/BIO_f_md.3
  stable/9/secure/lib/libcrypto/man/BIO_f_null.3
  stable/9/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/9/secure/lib/libcrypto/man/BIO_find_type.3
  stable/9/secure/lib/libcrypto/man/BIO_new.3
  stable/9/secure/lib/libcrypto/man/BIO_push.3
  stable/9/secure/lib/libcrypto/man/BIO_read.3
  stable/9/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/9/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/9/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/9/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/9/secure/lib/libcrypto/man/BIO_s_file.3
  stable/9/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/9/secure/lib/libcrypto/man/BIO_s_null.3
  stable/9/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/9/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/9/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/9/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/9/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/9/secure/lib/libcrypto/man/BN_add.3
  stable/9/secure/lib/libcrypto/man/BN_add_word.3
  stable/9/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/9/secure/lib/libcrypto/man/BN_cmp.3
  stable/9/secure/lib/libcrypto/man/BN_copy.3
  stable/9/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/9/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/9/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/9/secure/lib/libcrypto/man/BN_new.3
  stable/9/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/9/secure/lib/libcrypto/man/BN_rand.3
  stable/9/secure/lib/libcrypto/man/BN_set_bit.3
  stable/9/secure/lib/libcrypto/man/BN_swap.3
  stable/9/secure/lib/libcrypto/man/BN_zero.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/9/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/9/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/9/secure/lib/libcrypto/man/DH_generate_key.3
  stable/9/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DH_new.3
  stable/9/secure/lib/libcrypto/man/DH_set_method.3
  stable/9/secure/lib/libcrypto/man/DH_size.3
  stable/9/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/9/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/9/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/DSA_new.3
  stable/9/secure/lib/libcrypto/man/DSA_set_method.3
  stable/9/secure/lib/libcrypto/man/DSA_sign.3
  stable/9/secure/lib/libcrypto/man/DSA_size.3
  stable/9/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/9/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/9/secure/lib/libcrypto/man/ERR_error_string.3
  stable/9/secure/lib/libcrypto/man/ERR_get_error.3
  stable/9/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/9/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/9/secure/lib/libcrypto/man/ERR_put_error.3
  stable/9/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/9/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/9/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/9/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/9/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/9/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/9/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/9/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/9/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/9/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/9/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/9/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/9/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/9/secure/lib/libcrypto/man/PKCS12_create.3
  stable/9/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/9/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/9/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/9/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/9/secure/lib/libcrypto/man/RAND_add.3
  stable/9/secure/lib/libcrypto/man/RAND_bytes.3
  stable/9/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/9/secure/lib/libcrypto/man/RAND_egd.3
  stable/9/secure/lib/libcrypto/man/RAND_load_file.3
  stable/9/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/9/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/9/secure/lib/libcrypto/man/RSA_check_key.3
  stable/9/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/9/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/9/secure/lib/libcrypto/man/RSA_new.3
  stable/9/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/9/secure/lib/libcrypto/man/RSA_print.3
  stable/9/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/9/secure/lib/libcrypto/man/RSA_set_method.3
  stable/9/secure/lib/libcrypto/man/RSA_sign.3
  stable/9/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/9/secure/lib/libcrypto/man/RSA_size.3
  stable/9/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/9/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/9/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/9/secure/lib/libcrypto/man/X509_new.3
  stable/9/secure/lib/libcrypto/man/bio.3
  stable/9/secure/lib/libcrypto/man/blowfish.3
  stable/9/secure/lib/libcrypto/man/bn.3
  stable/9/secure/lib/libcrypto/man/bn_internal.3
  stable/9/secure/lib/libcrypto/man/buffer.3
  stable/9/secure/lib/libcrypto/man/crypto.3
  stable/9/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/9/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/9/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/9/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/9/secure/lib/libcrypto/man/d2i_X509.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/9/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/9/secure/lib/libcrypto/man/des.3
  stable/9/secure/lib/libcrypto/man/dh.3
  stable/9/secure/lib/libcrypto/man/dsa.3
  stable/9/secure/lib/libcrypto/man/ecdsa.3
  stable/9/secure/lib/libcrypto/man/engine.3
  stable/9/secure/lib/libcrypto/man/err.3
  stable/9/secure/lib/libcrypto/man/evp.3
  stable/9/secure/lib/libcrypto/man/hmac.3
  stable/9/secure/lib/libcrypto/man/lh_stats.3
  stable/9/secure/lib/libcrypto/man/lhash.3
  stable/9/secure/lib/libcrypto/man/md5.3
  stable/9/secure/lib/libcrypto/man/mdc2.3
  stable/9/secure/lib/libcrypto/man/pem.3
  stable/9/secure/lib/libcrypto/man/rand.3
  stable/9/secure/lib/libcrypto/man/rc4.3
  stable/9/secure/lib/libcrypto/man/ripemd.3
  stable/9/secure/lib/libcrypto/man/rsa.3
  stable/9/secure/lib/libcrypto/man/sha.3
  stable/9/secure/lib/libcrypto/man/threads.3
  stable/9/secure/lib/libcrypto/man/ui.3
  stable/9/secure/lib/libcrypto/man/ui_compat.3
  stable/9/secure/lib/libcrypto/man/x509.3
  stable/9/secure/lib/libssl/Makefile.man
  stable/9/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/9/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/9/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/9/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/9/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_free.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/9/secure/lib/libssl/man/SSL_CTX_new.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/9/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/9/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/9/secure/lib/libssl/man/SSL_accept.3
  stable/9/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/9/secure/lib/libssl/man/SSL_clear.3
  stable/9/secure/lib/libssl/man/SSL_connect.3
  stable/9/secure/lib/libssl/man/SSL_do_handshake.3
  stable/9/secure/lib/libssl/man/SSL_free.3
  stable/9/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/9/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/9/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/9/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/9/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/9/secure/lib/libssl/man/SSL_get_error.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/9/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/9/secure/lib/libssl/man/SSL_get_fd.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/9/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/9/secure/lib/libssl/man/SSL_get_rbio.3
  stable/9/secure/lib/libssl/man/SSL_get_session.3
  stable/9/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_get_version.3
  stable/9/secure/lib/libssl/man/SSL_library_init.3
  stable/9/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/9/secure/lib/libssl/man/SSL_new.3
  stable/9/secure/lib/libssl/man/SSL_pending.3
  stable/9/secure/lib/libssl/man/SSL_read.3
  stable/9/secure/lib/libssl/man/SSL_rstate_string.3
  stable/9/secure/lib/libssl/man/SSL_session_reused.3
  stable/9/secure/lib/libssl/man/SSL_set_bio.3
  stable/9/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/9/secure/lib/libssl/man/SSL_set_fd.3
  stable/9/secure/lib/libssl/man/SSL_set_session.3
  stable/9/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/9/secure/lib/libssl/man/SSL_shutdown.3
  stable/9/secure/lib/libssl/man/SSL_state_string.3
  stable/9/secure/lib/libssl/man/SSL_want.3
  stable/9/secure/lib/libssl/man/SSL_write.3
  stable/9/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/9/secure/lib/libssl/man/ssl.3
  stable/9/secure/usr.bin/openssl/man/CA.pl.1
  stable/9/secure/usr.bin/openssl/man/asn1parse.1
  stable/9/secure/usr.bin/openssl/man/ca.1
  stable/9/secure/usr.bin/openssl/man/ciphers.1
  stable/9/secure/usr.bin/openssl/man/crl.1
  stable/9/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/9/secure/usr.bin/openssl/man/dgst.1
  stable/9/secure/usr.bin/openssl/man/dhparam.1
  stable/9/secure/usr.bin/openssl/man/dsa.1
  stable/9/secure/usr.bin/openssl/man/dsaparam.1
  stable/9/secure/usr.bin/openssl/man/ec.1
  stable/9/secure/usr.bin/openssl/man/ecparam.1
  stable/9/secure/usr.bin/openssl/man/enc.1
  stable/9/secure/usr.bin/openssl/man/errstr.1
  stable/9/secure/usr.bin/openssl/man/gendsa.1
  stable/9/secure/usr.bin/openssl/man/genrsa.1
  stable/9/secure/usr.bin/openssl/man/nseq.1
  stable/9/secure/usr.bin/openssl/man/ocsp.1
  stable/9/secure/usr.bin/openssl/man/openssl.1
  stable/9/secure/usr.bin/openssl/man/passwd.1
  stable/9/secure/usr.bin/openssl/man/pkcs12.1
  stable/9/secure/usr.bin/openssl/man/pkcs7.1
  stable/9/secure/usr.bin/openssl/man/pkcs8.1
  stable/9/secure/usr.bin/openssl/man/rand.1
  stable/9/secure/usr.bin/openssl/man/req.1
  stable/9/secure/usr.bin/openssl/man/rsa.1
  stable/9/secure/usr.bin/openssl/man/rsautl.1
  stable/9/secure/usr.bin/openssl/man/s_client.1
  stable/9/secure/usr.bin/openssl/man/s_server.1
  stable/9/secure/usr.bin/openssl/man/s_time.1
  stable/9/secure/usr.bin/openssl/man/sess_id.1
  stable/9/secure/usr.bin/openssl/man/smime.1
  stable/9/secure/usr.bin/openssl/man/speed.1
  stable/9/secure/usr.bin/openssl/man/spkac.1
  stable/9/secure/usr.bin/openssl/man/verify.1
  stable/9/secure/usr.bin/openssl/man/version.1
  stable/9/secure/usr.bin/openssl/man/x509.1
  stable/9/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  stable/9/crypto/openssl/   (props changed)

Modified: stable/8/crypto/openssl/CHANGES
==============================================================================
--- stable/8/crypto/openssl/CHANGES	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/CHANGES	Thu Aug  7 21:06:34 2014	(r269687)
@@ -2,6 +2,53 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
+
+  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+     to a denial of service attack. A malicious server can crash the client
+     with a null pointer dereference (read) by specifying an anonymous (EC)DH
+     ciphersuite and sending carefully crafted handshake messages.
+
+     Thanks to Felix Gröbert (Google) for discovering and researching this
+     issue.
+     (CVE-2014-3510)
+     [Emilia Käsper]
+
+  *) By sending carefully crafted DTLS packets an attacker could cause openssl
+     to leak memory. This can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3507)
+     [Adam Langley]
+
+  *) An attacker can force openssl to consume large amounts of memory whilst
+     processing DTLS handshake messages. This can be exploited through a
+     Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3506)
+     [Adam Langley]
+
+  *) An attacker can force an error condition which causes openssl to crash
+     whilst processing DTLS packets due to memory being freed twice. This
+     can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+     this issue.
+     (CVE-2014-3505)
+     [Adam Langley]
+
+  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+     X509_name_oneline, X509_name_print_ex et al. to leak some information
+     from the stack. Applications may be affected if they echo pretty printing
+     output to the attacker.
+
+     Thanks to Ivan Fratric (Google) for discovering this issue.
+     (CVE-2014-3508)
+     [Emilia Käsper, and Steve Henson]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
  Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
 
   *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted

Modified: stable/8/crypto/openssl/FAQ
==============================================================================
--- stable/8/crypto/openssl/FAQ	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/FAQ	Thu Aug  7 21:06:34 2014	(r269687)
@@ -113,11 +113,6 @@ that came with the version of OpenSSL yo
 documentation is included in each OpenSSL distribution under the docs
 directory.
 
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
-of this still applies to OpenSSL.
-
 There is some documentation about certificate extensions and PKCS#12
 in doc/openssl.txt
 

Modified: stable/8/crypto/openssl/Makefile
==============================================================================
--- stable/8/crypto/openssl/Makefile	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/Makefile	Thu Aug  7 21:06:34 2014	(r269687)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=0.9.8za
+VERSION=0.9.8zb
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8

Modified: stable/8/crypto/openssl/NEWS
==============================================================================
--- stable/8/crypto/openssl/NEWS	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/NEWS	Thu Aug  7 21:06:34 2014	(r269687)
@@ -5,6 +5,22 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3508
+
+  Known issues in OpenSSL 0.9.8za:
+
+      o Compilation failure of s3_pkt.c on some platforms due to missing
+        <limits.h> include. Fixed in 0.9.8zb-dev.
+      o FIPS capable link failure with missing symbol BN_consttime_swap.
+        Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+        algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
   Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
 
       o Fix for CVE-2014-0224

Modified: stable/8/crypto/openssl/README
==============================================================================
--- stable/8/crypto/openssl/README	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/README	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8za 5 Jun 2014
+ OpenSSL 0.9.8zb 6 Aug 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/8/crypto/openssl/apps/apps.c
==============================================================================
--- stable/8/crypto/openssl/apps/apps.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/apps.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, in
 		{
 		arg->count=20;
 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+		if (arg->data == NULL)
+			return 0;
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -1429,6 +1431,8 @@ char *make_config_name()
 
 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
 	p=OPENSSL_malloc(len);
+	if (p == NULL)
+		return NULL;
 	BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
 	BUF_strlcat(p,"/",len);

Modified: stable/8/crypto/openssl/apps/ca.c
==============================================================================
--- stable/8/crypto/openssl/apps/ca.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/ca.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1582,12 +1582,14 @@ static int certify(X509 **xret, char *in
 		{
 		ok=0;
 		BIO_printf(bio_err,"Signature verification problems....\n");
+		ERR_print_errors(bio_err);
 		goto err;
 		}
 	if (i == 0)
 		{
 		ok=0;
 		BIO_printf(bio_err,"Signature did not match the certificate request\n");
+		ERR_print_errors(bio_err);
 		goto err;
 		}
 	else
@@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, 
 
 	revtm = X509_gmtime_adj(NULL, 0);
 
+	if (!revtm)
+		return NULL;
+
 	i = revtm->length + 1;
 
 	if (reason) i += strlen(reason) + 1;

Modified: stable/8/crypto/openssl/apps/crl2p7.c
==============================================================================
--- stable/8/crypto/openssl/apps/crl2p7.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/crl2p7.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -142,7 +142,13 @@ int MAIN(int argc, char **argv)
 			{
 			if (--argc < 1) goto bad;
 			if(!certflst) certflst = sk_new_null();
-			sk_push(certflst,*(++argv));
+			if (!certflst)
+				goto end;
+			if (!sk_push(certflst,*(++argv)))
+				{
+				sk_free(certflst);
+				goto end;
+				}
 			}
 		else
 			{

Modified: stable/8/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/8/crypto/openssl/apps/ocsp.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/ocsp.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *er
 		}
 	resp = query_responder(err, cbio, path, req, req_timeout);
 	if (!resp)
-		BIO_printf(bio_err, "Error querying OCSP responsder\n");
+		BIO_printf(bio_err, "Error querying OCSP responder\n");
 	end:
 	if (ctx)
 		SSL_CTX_free(ctx);

Modified: stable/8/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/8/crypto/openssl/apps/s_server.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/s_server.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb
 	
 	if (servername)
 		{
-    		if (strcmp(servername,p->servername)) 
+    		if (strcasecmp(servername,p->servername)) 
 			return p->extension_error;
 		if (ctx2)
 			{
@@ -1095,6 +1095,14 @@ bad:
 		sv_usage();
 		goto end;
 		}
+#ifndef OPENSSL_NO_DTLS1
+	if (www && socket_type == SOCK_DGRAM)
+		{
+		BIO_printf(bio_err,
+				"Can't use -HTTP, -www or -WWW with DTLS\n");
+		goto end;
+		}
+#endif
 
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
@@ -1922,8 +1930,10 @@ again:	
 #ifdef CHARSET_EBCDIC
 					ascii2ebcdic(buf,buf,i);
 #endif
-					write(fileno(stdout),buf,
-						(unsigned int)i);
+					if (write(fileno(stdout),buf,
+						(unsigned int)i) != i)
+						goto err;
+						
 					if (SSL_pending(con)) goto again;
 					break;
 				case SSL_ERROR_WANT_WRITE:

Modified: stable/8/crypto/openssl/apps/speed.c
==============================================================================
--- stable/8/crypto/openssl/apps/speed.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/apps/speed.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -2767,7 +2767,11 @@ static int do_multi(int multi)
 	fds=malloc(multi*sizeof *fds);
 	for(n=0 ; n < multi ; ++n)
 		{
-		pipe(fd);
+		if (pipe(fd) == -1)
+			{
+			fprintf(stderr, "pipe failure\n");
+			exit(1);
+			}
 		fflush(stdout);
 		fflush(stderr);
 		if(fork())
@@ -2779,7 +2783,11 @@ static int do_multi(int multi)
 			{
 			close(fd[0]);
 			close(1);
-			dup(fd[1]);
+			if (dup(fd[1]) == -1)
+				{
+				fprintf(stderr, "dup failed\n");
+				exit(1);
+				}
 			close(fd[1]);
 			mr=1;
 			usertime=0;

Modified: stable/8/crypto/openssl/crypto/asn1/a_object.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/a_object.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/a_object.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -285,16 +285,28 @@ err:
 		ASN1_OBJECT_free(ret);
 	return(NULL);
 }
+
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	     long len)
 	{
 	ASN1_OBJECT *ret=NULL;
 	const unsigned char *p;
-	int i;
-	/* Sanity check OID encoding: can't have leading 0x80 in
-	 * subidentifiers, see: X.690 8.19.2
+	int i, length;
+
+	/* Sanity check OID encoding.
+	 * Need at least one content octet.
+	 * MSB must be clear in the last octet.
+	 * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp; i < len; i++, p++)
+	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+	    p[len - 1] & 0x80)
+		{
+		ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+		return NULL;
+		}
+	/* Now 0 < len <= INT_MAX, so the cast is safe. */
+	length = (int)len;
+	for (i = 0; i < length; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
@@ -313,20 +325,20 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT
 	else	ret=(*a);
 
 	p= *pp;
-	if ((ret->data == NULL) || (ret->length < len))
+	if ((ret->data == NULL) || (ret->length < length))
 		{
 		if (ret->data != NULL) OPENSSL_free(ret->data);
-		ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+		ret->data=(unsigned char *)OPENSSL_malloc(length);
 		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 		if (ret->data == NULL)
 			{ i=ERR_R_MALLOC_FAILURE; goto err; }
 		}
-	memcpy(ret->data,p,(int)len);
-	ret->length=(int)len;
+	memcpy(ret->data,p,length);
+	ret->length=length;
 	ret->sn=NULL;
 	ret->ln=NULL;
 	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-	p+=len;
+	p+=length;
 
 	if (a != NULL) (*a)=ret;
 	*pp=p;

Modified: stable/8/crypto/openssl/crypto/asn1/asn1_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/asn1_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/asn1_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char 
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
 		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),

Modified: stable/8/crypto/openssl/crypto/asn1/asn_mime.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/asn_mime.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/asn_mime.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse
 	int len, state, save_state = 0;
 
 	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+	if (!headers)
+		return NULL;
 	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 	/* If whitespace at line start then continuation line */
 	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;

Modified: stable/8/crypto/openssl/crypto/asn1/asn_pack.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/asn_pack.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/asn_pack.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj,
 		
 	if (!(octmp->length = i2d(obj, NULL))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		return NULL;
+		goto err;
 	}
 	if (!(p = OPENSSL_malloc (octmp->length))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
+		goto err;
 	}
 	octmp->data = p;
 	i2d (obj, &p);
 	return octmp;
+	err:
+	if (!oct || !*oct)
+		{
+		ASN1_STRING_free(octmp);
+		if (oct)
+			*oct = NULL;
+		}
+	return NULL;
 }
 
 #endif

Modified: stable/8/crypto/openssl/crypto/asn1/evp_asn1.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/evp_asn1.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/evp_asn1.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE 
 	ASN1_STRING *os;
 
 	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+	if (!M_ASN1_OCTET_STRING_set(os,data,len))
+		{
+		M_ASN1_OCTET_STRING_free(os);
+		return 0;
+		}
 	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}

Modified: stable/8/crypto/openssl/crypto/asn1/t_x509.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/t_x509.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/t_x509.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *
 	l=80-2-obase;
 
 	b=X509_NAME_oneline(name,NULL,0);
+	if (!b)
+		return 0;
 	if (!*b)
 		{
 		OPENSSL_free(b);

Modified: stable/8/crypto/openssl/crypto/asn1/tasn_enc.c
==============================================================================
--- stable/8/crypto/openssl/crypto/asn1/tasn_enc.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/asn1/tasn_enc.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN
 			{
 			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
 						* sizeof(*derlst));
+			if (!derlst)
+				return 0;
 			tmpdat = OPENSSL_malloc(skcontlen);
-			if (!derlst || !tmpdat)
+			if (!tmpdat)
+				{
+				OPENSSL_free(derlst);
 				return 0;
+				}
 			}
 		}
 	/* If not sorting just output each item */

Modified: stable/8/crypto/openssl/crypto/bio/bio_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bio/bio_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/bio/bio_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -132,8 +132,8 @@ int BIO_free(BIO *a)
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
-	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
-	a->method->destroy(a);
+	if ((a->method != NULL) && (a->method->destroy != NULL))
+		a->method->destroy(a);
 	OPENSSL_free(a);
 	return(1);
 	}

Modified: stable/8/crypto/openssl/crypto/bn/bn_gf2m.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_gf2m.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/bn/bn_gf2m.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int 
 	return 1;
 	}
 
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+	{
+	BN_ULONG t;
+	int i;
+
+	bn_wcheck_size(a, nwords);
+	bn_wcheck_size(b, nwords);
+
+	assert(a != b);
+	assert((condition & (condition - 1)) == 0);
+	assert(sizeof(BN_ULONG) >= sizeof(int));
+
+	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+	t = (a->top^b->top) & condition;
+	a->top ^= t;
+	b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+	do { \
+		t = (a->d[ind] ^ b->d[ind]) & condition; \
+		a->d[ind] ^= t; \
+		b->d[ind] ^= t; \
+	} while (0)
+
+
+	switch (nwords) {
+	default:
+		for (i = 10; i < nwords; i++) 
+			BN_CONSTTIME_SWAP(i);
+		/* Fallthrough */
+	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+	case 1: BN_CONSTTIME_SWAP(0);
+	}
+#undef BN_CONSTTIME_SWAP
+}

Modified: stable/8/crypto/openssl/crypto/bn/bn_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/bn/bn_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(cons
 		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+#ifdef PURIFY
+	/* Valgrind complains in BN_consttime_swap because we process the whole
+	 * array even if it's not initialised yet. This doesn't matter in that
+	 * function - what's important is constant time operation (we're not
+	 * actually going to use the data)
+	*/
+	memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
 	B=b->d;
 	/* Check if the previous number needs to be copied */
@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a,
 		}
 	return bn_cmp_words(a,b,cl);
 	}
-
-/* 
- * Constant-time conditional swap of a and b.  
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-	{
-	BN_ULONG t;
-	int i;
-
-	bn_wcheck_size(a, nwords);
-	bn_wcheck_size(b, nwords);
-
-	assert(a != b);
-	assert((condition & (condition - 1)) == 0);
-	assert(sizeof(BN_ULONG) >= sizeof(int));
-
-	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
-	t = (a->top^b->top) & condition;
-	a->top ^= t;
-	b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
-	do { \
-		t = (a->d[ind] ^ b->d[ind]) & condition; \
-		a->d[ind] ^= t; \
-		b->d[ind] ^= t; \
-	} while (0)
-
-
-	switch (nwords) {
-	default:
-		for (i = 10; i < nwords; i++) 
-			BN_CONSTTIME_SWAP(i);
-		/* Fallthrough */
-	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-	case 1: BN_CONSTTIME_SWAP(0);
-	}
-#undef BN_CONSTTIME_SWAP
-}

Modified: stable/8/crypto/openssl/crypto/bn/bn_sqr.c
==============================================================================
--- stable/8/crypto/openssl/crypto/bn/bn_sqr.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/bn/bn_sqr.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, B
 	if (al <= 0)
 		{
 		r->top=0;
+		r->neg = 0;
 		return 1;
 		}
 

Modified: stable/8/crypto/openssl/crypto/conf/conf_api.c
==============================================================================
--- stable/8/crypto/openssl/crypto/conf/conf_api.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/conf/conf_api.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf
 	v->value=(char *)sk;
 	
 	vv=(CONF_VALUE *)lh_insert(conf->data,v);
-	assert(vv == NULL);
+	OPENSSL_assert(vv == NULL);
 	ok=1;
 err:
 	if (!ok)

Modified: stable/8/crypto/openssl/crypto/conf/conf_def.c
==============================================================================
--- stable/8/crypto/openssl/crypto/conf/conf_def.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/conf/conf_def.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -324,7 +324,7 @@ again:
 			p=eat_ws(conf, end);
 			if (*p != ']')
 				{
-				if (*p != '\0')
+				if (*p != '\0' && ss != p)
 					{
 					ss=p;
 					goto again;

Modified: stable/8/crypto/openssl/crypto/ec/ec_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ec/ec_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/ec/ec_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, 
 
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
 	{
-	if (group->meth->dbl == 0)
+	if (group->meth->invert == 0)
 		{
 		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 		return 0;

Modified: stable/8/crypto/openssl/crypto/ec/ecp_smpl.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ec/ecp_smpl.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/ec/ecp_smpl.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_G
 int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
 	{
 	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp0, *tmp1;
-	size_t pow2 = 0;
-	BIGNUM **heap = NULL;
+	BIGNUM *tmp, *tmp_Z;
+	BIGNUM **prod_Z = NULL;
 	size_t i;
 	int ret = 0;
 
@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(con
 		}
 
 	BN_CTX_start(ctx);
-	tmp0 = BN_CTX_get(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	if (tmp0  == NULL || tmp1 == NULL) goto err;
-
-	/* Before converting the individual points, compute inverses of all Z values.
-	 * Modular inversion is rather slow, but luckily we can do with a single
-	 * explicit inversion, plus about 3 multiplications per input value.
-	 */
-
-	pow2 = 1;
-	while (num > pow2)
-		pow2 <<= 1;
-	/* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
-	 * We need twice that. */
-	pow2 <<= 1;
-
-	heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
-	if (heap == NULL) goto err;
-	
-	/* The array is used as a binary tree, exactly as in heapsort:
-	 *
-	 *                               heap[1]
-	 *                 heap[2]                     heap[3]
-	 *          heap[4]       heap[5]       heap[6]       heap[7]
-	 *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
-	 *
-	 * We put the Z's in the last line;
-	 * then we set each other node to the product of its two child-nodes (where
-	 * empty or 0 entries are treated as ones);
-	 * then we invert heap[1];
-	 * then we invert each other node by replacing it by the product of its
-	 * parent (after inversion) and its sibling (before inversion).
-	 */
-	heap[0] = NULL;
-	for (i = pow2/2 - 1; i > 0; i--)
-		heap[i] = NULL;
+	tmp = BN_CTX_get(ctx);
+	tmp_Z = BN_CTX_get(ctx);
+	if (tmp == NULL || tmp_Z == NULL) goto err;
+
+	prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+	if (prod_Z == NULL) goto err;
 	for (i = 0; i < num; i++)
-		heap[pow2/2 + i] = &points[i]->Z;
-	for (i = pow2/2 + num; i < pow2; i++)
-		heap[i] = NULL;
-	
-	/* set each node to the product of its children */
-	for (i = pow2/2 - 1; i > 0; i--)
-		{
-		heap[i] = BN_new();
-		if (heap[i] == NULL) goto err;
-		
-		if (heap[2*i] != NULL)
+		{
+		prod_Z[i] = BN_new();
+		if (prod_Z[i] == NULL) goto err;
+		}
+
+	/* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+	 * skipping any zero-valued inputs (pretend that they're 1). */
+
+	if (!BN_is_zero(&points[0]->Z))
+		{
+		if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
+		}
+	else
+		{
+		if (group->meth->field_set_to_one != 0)
 			{
-			if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
-				{
-				if (!BN_copy(heap[i], heap[2*i])) goto err;
-				}
-			else
-				{
-				if (BN_is_zero(heap[2*i]))
-					{
-					if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
-					}
-				else
-					{
-					if (!group->meth->field_mul(group, heap[i],
-						heap[2*i], heap[2*i + 1], ctx)) goto err;
-					}
-				}
+			if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
+			}
+		else
+			{
+			if (!BN_one(prod_Z[0])) goto err;
 			}
 		}
 
-	/* invert heap[1] */
-	if (!BN_is_zero(heap[1]))
+	for (i = 1; i < num; i++)
 		{
-		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+		if (!BN_is_zero(&points[i]->Z))
 			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
-			goto err;
+			if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
 			}
+		else
+			{
+			if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
+			}
+		}
+
+	/* Now use a single explicit inversion to replace every
+	 * non-zero points[i]->Z by its inverse. */
+
+	if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+		goto err;
 		}
 	if (group->meth->field_encode != 0)
 		{
-		/* in the Montgomery case, we just turned  R*H  (representing H)
+		/* In the Montgomery case, we just turned  R*H  (representing H)
 		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
-		 * i.e. we have need to multiply by the Montgomery factor twice */
-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
-		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		 * i.e. we need to multiply by the Montgomery factor twice. */
+		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
+		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
 		}
 
-	/* set other heap[i]'s to their inverses */
-	for (i = 2; i < pow2/2 + num; i += 2)
+	for (i = num - 1; i > 0; --i)
 		{
-		/* i is even */
-		if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
-			{
-			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
-			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
-			if (!BN_copy(heap[i], tmp0)) goto err;
-			if (!BN_copy(heap[i + 1], tmp1)) goto err;
-			}
-		else
+		/* Loop invariant: tmp is the product of the inverses of
+		 * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
+		if (!BN_is_zero(&points[i]->Z))
 			{
-			if (!BN_copy(heap[i], heap[i/2])) goto err;
+			/* Set tmp_Z to the inverse of points[i]->Z (as product
+			 * of Z inverses 0 .. i, Z values 0 .. i - 1). */
+			if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
+			/* Update tmp to satisfy the loop invariant for i - 1. */
+			if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
+			/* Replace points[i]->Z by its inverse. */
+			if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
 			}
 		}
 
-	/* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+	if (!BN_is_zero(&points[0]->Z))
+		{
+		/* Replace points[0]->Z by its inverse. */
+		if (!BN_copy(&points[0]->Z, tmp)) goto err;
+		}
+
+	/* Finally, fix up the X and Y coordinates for all points. */
+
 	for (i = 0; i < num; i++)
 		{
 		EC_POINT *p = points[i];
-		
+
 		if (!BN_is_zero(&p->Z))
 			{
 			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
 
-			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+			if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
+
+			if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
 
-			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
-		
 			if (group->meth->field_set_to_one != 0)
 				{
 				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(con
 		}
 
 	ret = 1;
-		
+
  err:
 	BN_CTX_end(ctx);
 	if (new_ctx != NULL)
 		BN_CTX_free(new_ctx);
-	if (heap != NULL)
+	if (prod_Z != NULL)
 		{
-		/* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
-		for (i = pow2/2 - 1; i > 0; i--)
+		for (i = 0; i < num; i++)
 			{
-			if (heap[i] != NULL)
-				BN_clear_free(heap[i]);
+			if (prod_Z[i] != NULL)
+				BN_clear_free(prod_Z[i]);
 			}
-		OPENSSL_free(heap);
+		OPENSSL_free(prod_Z);
 		}
 	return ret;
 	}

Modified: stable/8/crypto/openssl/crypto/idea/ideatest.c
==============================================================================
--- stable/8/crypto/openssl/crypto/idea/ideatest.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/idea/ideatest.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb
                 }
         memcpy(cfb_tmp,cfb_iv,8);
         n=0;
-        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks,
                 cfb_tmp,&n,IDEA_DECRYPT);
-        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-                (long)CFB_TEST_SIZE-17,&dks,
+        idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]),
+                (long)CFB_TEST_SIZE-13,&eks,
                 cfb_tmp,&n,IDEA_DECRYPT);
         if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
                 {

Modified: stable/8/crypto/openssl/crypto/objects/obj_dat.c
==============================================================================
--- stable/8/crypto/openssl/crypto/objects/obj_dat.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/objects/obj_dat.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -444,11 +444,12 @@ int OBJ_obj2txt(char *buf, int buf_len, 
 	unsigned char *p;
 	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
 
-	if ((a == NULL) || (a->data == NULL)) {
-		buf[0]='\0';
-		return(0);
-	}
+	/* Ensure that, at every state, |buf| is NUL-terminated. */
+	if (buf && buf_len > 0)
+		buf[0] = '\0';
 
+	if ((a == NULL) || (a->data == NULL))
+		return(0);
 
 	if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
 		{
@@ -527,9 +528,10 @@ int OBJ_obj2txt(char *buf, int buf_len, 
 				i=(int)(l/40);
 				l-=(long)(i*40);
 				}
-			if (buf && (buf_len > 0))
+			if (buf && (buf_len > 1))
 				{
 				*buf++ = i + '0';
+				*buf = '\0';
 				buf_len--;
 				}
 			n++;
@@ -544,9 +546,10 @@ int OBJ_obj2txt(char *buf, int buf_len, 
 			i = strlen(bndec);
 			if (buf)
 				{
-				if (buf_len > 0)
+				if (buf_len > 1)
 					{
 					*buf++ = '.';
+					*buf = '\0';
 					buf_len--;
 					}
 				BUF_strlcpy(buf,bndec,buf_len);
@@ -786,4 +789,3 @@ err:
 	OPENSSL_free(buf);
 	return(ok);
 	}
-

Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/ocsp/ocsp_ht.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, 
 
 	ctx = OCSP_sendreq_new(b, path, req, -1);
 
+	if (!ctx)
+		return NULL;
+
 	do
 		{
 		rv = OCSP_sendreq_nbio(&resp, ctx);

Modified: stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/ocsp/ocsp_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **pho
 
 	if (!*ppath) goto mem_err;
 
+	p = host;
+	if(host[0] == '[')
+		{
+		/* ipv6 literal */
+		host++;
+		p = strchr(host, ']');
+		if(!p) goto parse_err;
+		*p = '\0';
+		p++;
+		}
+
 	/* Look for optional ':' for port number */
-	if ((p = strchr(host, ':')))
+	if ((p = strchr(p, ':')))
 		{
 		*p = 0;
 		port = p + 1;

Modified: stable/8/crypto/openssl/crypto/opensslv.h
==============================================================================
--- stable/8/crypto/openssl/crypto/opensslv.h	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/opensslv.h	Thu Aug  7 21:06:34 2014	(r269687)
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x009081afL
+#define OPENSSL_VERSION_NUMBER	0x009081bfL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8za-fips 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8zb-fips 6 Aug 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8za-freebsd 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8zb-freebsd 6 Aug 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

Modified: stable/8/crypto/openssl/crypto/pkcs7/Makefile
==============================================================================
--- stable/8/crypto/openssl/crypto/pkcs7/Makefile	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/pkcs7/Makefile	Thu Aug  7 21:06:34 2014	(r269687)
@@ -39,20 +39,6 @@ test:
 
 all:	lib
 
-testapps: enc dec sign verify
-
-enc: enc.o lib
-	$(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-dec: dec.o lib
-	$(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-sign: sign.o lib
-	$(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-verify: verify.o example.o lib
-	$(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
-
 lib:	$(LIBOBJ)
 	$(ARX) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.

Modified: stable/8/crypto/openssl/crypto/rsa/rsa_eay.c
==============================================================================
--- stable/8/crypto/openssl/crypto/rsa/rsa_eay.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/rsa/rsa_eay.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int f
 	if (padding == RSA_X931_PADDING)
 		{
 		BN_sub(f, rsa->n, ret);
-		if (BN_cmp(ret, f))
+		if (BN_cmp(ret, f) > 0)
 			res = f;
 		else
 			res = ret;

Modified: stable/8/crypto/openssl/crypto/ui/ui_lib.c
==============================================================================
--- stable/8/crypto/openssl/crypto/ui/ui_lib.c	Thu Aug  7 21:04:42 2014	(r269686)
+++ stable/8/crypto/openssl/crypto/ui/ui_lib.c	Thu Aug  7 21:06:34 2014	(r269687)
@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis
 				break;
 				}
 			}
+		}
 	default:
 		break;
 		}
-		}
 	return 0;
 	}

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53e3ea5b.20d5.4df5807d>