Date: Mon, 7 Mar 2016 16:22:12 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r296465 - in releng/9.3: . crypto/openssl crypto/openssl/apps crypto/openssl/bugs crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bf cry... Message-ID: <201603071622.u27GMC4a082792@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Mar 7 16:22:11 2016 New Revision: 296465 URL: https://svnweb.freebsd.org/changeset/base/296465 Log: Fix multiple OpenSSL vulnerabilities. Security: FreeBSD-SA-16:12.openssl Approved by: so Added: releng/9.3/crypto/openssl/doc/dir-locals.example.el releng/9.3/crypto/openssl/doc/openssl-c-indent.el releng/9.3/crypto/openssl/util/indent.pro releng/9.3/crypto/openssl/util/openssl-format-source releng/9.3/crypto/openssl/util/su-filter.pl Deleted: releng/9.3/crypto/openssl/crypto/des/t/ releng/9.3/crypto/openssl/test/bctest releng/9.3/crypto/openssl/util/pod2mantest Modified: releng/9.3/UPDATING releng/9.3/crypto/openssl/CHANGES releng/9.3/crypto/openssl/FAQ releng/9.3/crypto/openssl/Makefile releng/9.3/crypto/openssl/Makefile.org releng/9.3/crypto/openssl/NEWS releng/9.3/crypto/openssl/README releng/9.3/crypto/openssl/apps/app_rand.c releng/9.3/crypto/openssl/apps/apps.c releng/9.3/crypto/openssl/apps/apps.h releng/9.3/crypto/openssl/apps/asn1pars.c releng/9.3/crypto/openssl/apps/ca.c releng/9.3/crypto/openssl/apps/ciphers.c releng/9.3/crypto/openssl/apps/cms.c releng/9.3/crypto/openssl/apps/crl.c releng/9.3/crypto/openssl/apps/crl2p7.c releng/9.3/crypto/openssl/apps/dgst.c releng/9.3/crypto/openssl/apps/dh.c releng/9.3/crypto/openssl/apps/dhparam.c releng/9.3/crypto/openssl/apps/dsa.c releng/9.3/crypto/openssl/apps/dsaparam.c releng/9.3/crypto/openssl/apps/ec.c releng/9.3/crypto/openssl/apps/ecparam.c releng/9.3/crypto/openssl/apps/enc.c releng/9.3/crypto/openssl/apps/engine.c releng/9.3/crypto/openssl/apps/errstr.c releng/9.3/crypto/openssl/apps/gendh.c releng/9.3/crypto/openssl/apps/gendsa.c releng/9.3/crypto/openssl/apps/genrsa.c releng/9.3/crypto/openssl/apps/nseq.c releng/9.3/crypto/openssl/apps/ocsp.c releng/9.3/crypto/openssl/apps/openssl.c releng/9.3/crypto/openssl/apps/passwd.c releng/9.3/crypto/openssl/apps/pkcs12.c releng/9.3/crypto/openssl/apps/pkcs7.c releng/9.3/crypto/openssl/apps/pkcs8.c releng/9.3/crypto/openssl/apps/prime.c releng/9.3/crypto/openssl/apps/progs.h releng/9.3/crypto/openssl/apps/rand.c releng/9.3/crypto/openssl/apps/req.c releng/9.3/crypto/openssl/apps/rsa.c releng/9.3/crypto/openssl/apps/rsautl.c releng/9.3/crypto/openssl/apps/s_apps.h releng/9.3/crypto/openssl/apps/s_cb.c releng/9.3/crypto/openssl/apps/s_client.c releng/9.3/crypto/openssl/apps/s_server.c releng/9.3/crypto/openssl/apps/s_socket.c releng/9.3/crypto/openssl/apps/s_time.c releng/9.3/crypto/openssl/apps/sess_id.c releng/9.3/crypto/openssl/apps/smime.c releng/9.3/crypto/openssl/apps/speed.c releng/9.3/crypto/openssl/apps/spkac.c releng/9.3/crypto/openssl/apps/testdsa.h releng/9.3/crypto/openssl/apps/testrsa.h releng/9.3/crypto/openssl/apps/timeouts.h releng/9.3/crypto/openssl/apps/verify.c releng/9.3/crypto/openssl/apps/version.c releng/9.3/crypto/openssl/apps/winrand.c releng/9.3/crypto/openssl/apps/x509.c releng/9.3/crypto/openssl/bugs/alpha.c releng/9.3/crypto/openssl/bugs/dggccbug.c releng/9.3/crypto/openssl/bugs/sgiccbug.c releng/9.3/crypto/openssl/bugs/stream.c releng/9.3/crypto/openssl/bugs/ultrixcc.c releng/9.3/crypto/openssl/crypto/LPdir_nyi.c releng/9.3/crypto/openssl/crypto/LPdir_unix.c releng/9.3/crypto/openssl/crypto/LPdir_vms.c releng/9.3/crypto/openssl/crypto/LPdir_win.c releng/9.3/crypto/openssl/crypto/LPdir_win32.c releng/9.3/crypto/openssl/crypto/LPdir_wince.c releng/9.3/crypto/openssl/crypto/aes/aes.h releng/9.3/crypto/openssl/crypto/aes/aes_cbc.c releng/9.3/crypto/openssl/crypto/aes/aes_cfb.c releng/9.3/crypto/openssl/crypto/aes/aes_core.c releng/9.3/crypto/openssl/crypto/aes/aes_ctr.c releng/9.3/crypto/openssl/crypto/aes/aes_ecb.c releng/9.3/crypto/openssl/crypto/aes/aes_ige.c releng/9.3/crypto/openssl/crypto/aes/aes_locl.h releng/9.3/crypto/openssl/crypto/aes/aes_misc.c releng/9.3/crypto/openssl/crypto/aes/aes_ofb.c releng/9.3/crypto/openssl/crypto/aes/aes_wrap.c releng/9.3/crypto/openssl/crypto/asn1/a_bitstr.c releng/9.3/crypto/openssl/crypto/asn1/a_bool.c releng/9.3/crypto/openssl/crypto/asn1/a_bytes.c releng/9.3/crypto/openssl/crypto/asn1/a_d2i_fp.c releng/9.3/crypto/openssl/crypto/asn1/a_digest.c releng/9.3/crypto/openssl/crypto/asn1/a_dup.c releng/9.3/crypto/openssl/crypto/asn1/a_enum.c releng/9.3/crypto/openssl/crypto/asn1/a_gentm.c releng/9.3/crypto/openssl/crypto/asn1/a_hdr.c releng/9.3/crypto/openssl/crypto/asn1/a_i2d_fp.c releng/9.3/crypto/openssl/crypto/asn1/a_int.c releng/9.3/crypto/openssl/crypto/asn1/a_mbstr.c releng/9.3/crypto/openssl/crypto/asn1/a_meth.c releng/9.3/crypto/openssl/crypto/asn1/a_object.c releng/9.3/crypto/openssl/crypto/asn1/a_octet.c releng/9.3/crypto/openssl/crypto/asn1/a_print.c releng/9.3/crypto/openssl/crypto/asn1/a_set.c releng/9.3/crypto/openssl/crypto/asn1/a_sign.c releng/9.3/crypto/openssl/crypto/asn1/a_strex.c releng/9.3/crypto/openssl/crypto/asn1/a_strnid.c releng/9.3/crypto/openssl/crypto/asn1/a_time.c releng/9.3/crypto/openssl/crypto/asn1/a_type.c releng/9.3/crypto/openssl/crypto/asn1/a_utctm.c releng/9.3/crypto/openssl/crypto/asn1/a_utf8.c releng/9.3/crypto/openssl/crypto/asn1/a_verify.c releng/9.3/crypto/openssl/crypto/asn1/asn1.h releng/9.3/crypto/openssl/crypto/asn1/asn1_err.c releng/9.3/crypto/openssl/crypto/asn1/asn1_gen.c releng/9.3/crypto/openssl/crypto/asn1/asn1_lib.c releng/9.3/crypto/openssl/crypto/asn1/asn1_mac.h releng/9.3/crypto/openssl/crypto/asn1/asn1_par.c releng/9.3/crypto/openssl/crypto/asn1/asn1t.h releng/9.3/crypto/openssl/crypto/asn1/asn_mime.c releng/9.3/crypto/openssl/crypto/asn1/asn_moid.c releng/9.3/crypto/openssl/crypto/asn1/asn_pack.c releng/9.3/crypto/openssl/crypto/asn1/charmap.h releng/9.3/crypto/openssl/crypto/asn1/d2i_pr.c releng/9.3/crypto/openssl/crypto/asn1/d2i_pu.c releng/9.3/crypto/openssl/crypto/asn1/evp_asn1.c releng/9.3/crypto/openssl/crypto/asn1/f_enum.c releng/9.3/crypto/openssl/crypto/asn1/f_int.c releng/9.3/crypto/openssl/crypto/asn1/f_string.c releng/9.3/crypto/openssl/crypto/asn1/i2d_pr.c releng/9.3/crypto/openssl/crypto/asn1/i2d_pu.c releng/9.3/crypto/openssl/crypto/asn1/n_pkey.c releng/9.3/crypto/openssl/crypto/asn1/nsseq.c releng/9.3/crypto/openssl/crypto/asn1/p5_pbe.c releng/9.3/crypto/openssl/crypto/asn1/p5_pbev2.c releng/9.3/crypto/openssl/crypto/asn1/p8_key.c releng/9.3/crypto/openssl/crypto/asn1/p8_pkey.c releng/9.3/crypto/openssl/crypto/asn1/t_bitst.c releng/9.3/crypto/openssl/crypto/asn1/t_crl.c releng/9.3/crypto/openssl/crypto/asn1/t_pkey.c releng/9.3/crypto/openssl/crypto/asn1/t_req.c releng/9.3/crypto/openssl/crypto/asn1/t_spki.c releng/9.3/crypto/openssl/crypto/asn1/t_x509.c releng/9.3/crypto/openssl/crypto/asn1/t_x509a.c releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c releng/9.3/crypto/openssl/crypto/asn1/tasn_enc.c releng/9.3/crypto/openssl/crypto/asn1/tasn_fre.c releng/9.3/crypto/openssl/crypto/asn1/tasn_new.c releng/9.3/crypto/openssl/crypto/asn1/tasn_prn.c releng/9.3/crypto/openssl/crypto/asn1/tasn_typ.c releng/9.3/crypto/openssl/crypto/asn1/tasn_utl.c releng/9.3/crypto/openssl/crypto/asn1/x_algor.c releng/9.3/crypto/openssl/crypto/asn1/x_attrib.c releng/9.3/crypto/openssl/crypto/asn1/x_bignum.c releng/9.3/crypto/openssl/crypto/asn1/x_crl.c releng/9.3/crypto/openssl/crypto/asn1/x_exten.c releng/9.3/crypto/openssl/crypto/asn1/x_info.c releng/9.3/crypto/openssl/crypto/asn1/x_long.c releng/9.3/crypto/openssl/crypto/asn1/x_name.c releng/9.3/crypto/openssl/crypto/asn1/x_pkey.c releng/9.3/crypto/openssl/crypto/asn1/x_pubkey.c releng/9.3/crypto/openssl/crypto/asn1/x_req.c releng/9.3/crypto/openssl/crypto/asn1/x_sig.c releng/9.3/crypto/openssl/crypto/asn1/x_spki.c releng/9.3/crypto/openssl/crypto/asn1/x_val.c releng/9.3/crypto/openssl/crypto/asn1/x_x509.c releng/9.3/crypto/openssl/crypto/asn1/x_x509a.c releng/9.3/crypto/openssl/crypto/bf/bf_cbc.c releng/9.3/crypto/openssl/crypto/bf/bf_cfb64.c releng/9.3/crypto/openssl/crypto/bf/bf_ecb.c releng/9.3/crypto/openssl/crypto/bf/bf_enc.c releng/9.3/crypto/openssl/crypto/bf/bf_locl.h releng/9.3/crypto/openssl/crypto/bf/bf_ofb64.c releng/9.3/crypto/openssl/crypto/bf/bf_opts.c releng/9.3/crypto/openssl/crypto/bf/bf_pi.h releng/9.3/crypto/openssl/crypto/bf/bf_skey.c releng/9.3/crypto/openssl/crypto/bf/bfspeed.c releng/9.3/crypto/openssl/crypto/bf/bftest.c releng/9.3/crypto/openssl/crypto/bf/blowfish.h releng/9.3/crypto/openssl/crypto/bio/b_dump.c releng/9.3/crypto/openssl/crypto/bio/b_print.c releng/9.3/crypto/openssl/crypto/bio/b_sock.c releng/9.3/crypto/openssl/crypto/bio/bf_buff.c releng/9.3/crypto/openssl/crypto/bio/bf_lbuf.c releng/9.3/crypto/openssl/crypto/bio/bf_nbio.c releng/9.3/crypto/openssl/crypto/bio/bf_null.c releng/9.3/crypto/openssl/crypto/bio/bio.h releng/9.3/crypto/openssl/crypto/bio/bio_cb.c releng/9.3/crypto/openssl/crypto/bio/bio_err.c releng/9.3/crypto/openssl/crypto/bio/bio_lcl.h releng/9.3/crypto/openssl/crypto/bio/bio_lib.c releng/9.3/crypto/openssl/crypto/bio/bss_acpt.c releng/9.3/crypto/openssl/crypto/bio/bss_bio.c releng/9.3/crypto/openssl/crypto/bio/bss_conn.c releng/9.3/crypto/openssl/crypto/bio/bss_dgram.c releng/9.3/crypto/openssl/crypto/bio/bss_fd.c releng/9.3/crypto/openssl/crypto/bio/bss_file.c releng/9.3/crypto/openssl/crypto/bio/bss_log.c releng/9.3/crypto/openssl/crypto/bio/bss_mem.c releng/9.3/crypto/openssl/crypto/bio/bss_null.c releng/9.3/crypto/openssl/crypto/bio/bss_rtcp.c releng/9.3/crypto/openssl/crypto/bio/bss_sock.c releng/9.3/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/9.3/crypto/openssl/crypto/bn/bn.h releng/9.3/crypto/openssl/crypto/bn/bn_add.c releng/9.3/crypto/openssl/crypto/bn/bn_asm.c releng/9.3/crypto/openssl/crypto/bn/bn_blind.c releng/9.3/crypto/openssl/crypto/bn/bn_const.c releng/9.3/crypto/openssl/crypto/bn/bn_ctx.c releng/9.3/crypto/openssl/crypto/bn/bn_depr.c releng/9.3/crypto/openssl/crypto/bn/bn_div.c releng/9.3/crypto/openssl/crypto/bn/bn_err.c releng/9.3/crypto/openssl/crypto/bn/bn_exp.c releng/9.3/crypto/openssl/crypto/bn/bn_exp2.c releng/9.3/crypto/openssl/crypto/bn/bn_gcd.c releng/9.3/crypto/openssl/crypto/bn/bn_gf2m.c releng/9.3/crypto/openssl/crypto/bn/bn_kron.c releng/9.3/crypto/openssl/crypto/bn/bn_lcl.h releng/9.3/crypto/openssl/crypto/bn/bn_lib.c releng/9.3/crypto/openssl/crypto/bn/bn_mod.c releng/9.3/crypto/openssl/crypto/bn/bn_mont.c releng/9.3/crypto/openssl/crypto/bn/bn_mpi.c releng/9.3/crypto/openssl/crypto/bn/bn_mul.c releng/9.3/crypto/openssl/crypto/bn/bn_nist.c releng/9.3/crypto/openssl/crypto/bn/bn_opt.c releng/9.3/crypto/openssl/crypto/bn/bn_prime.c releng/9.3/crypto/openssl/crypto/bn/bn_prime.h releng/9.3/crypto/openssl/crypto/bn/bn_print.c releng/9.3/crypto/openssl/crypto/bn/bn_rand.c releng/9.3/crypto/openssl/crypto/bn/bn_recp.c releng/9.3/crypto/openssl/crypto/bn/bn_shift.c releng/9.3/crypto/openssl/crypto/bn/bn_sqr.c releng/9.3/crypto/openssl/crypto/bn/bn_sqrt.c releng/9.3/crypto/openssl/crypto/bn/bn_word.c releng/9.3/crypto/openssl/crypto/bn/bn_x931p.c releng/9.3/crypto/openssl/crypto/bn/bnspeed.c releng/9.3/crypto/openssl/crypto/bn/bntest.c releng/9.3/crypto/openssl/crypto/bn/divtest.c releng/9.3/crypto/openssl/crypto/bn/exp.c releng/9.3/crypto/openssl/crypto/bn/expspeed.c releng/9.3/crypto/openssl/crypto/bn/exptest.c releng/9.3/crypto/openssl/crypto/buffer/buf_err.c releng/9.3/crypto/openssl/crypto/buffer/buf_str.c releng/9.3/crypto/openssl/crypto/buffer/buffer.c releng/9.3/crypto/openssl/crypto/buffer/buffer.h releng/9.3/crypto/openssl/crypto/camellia/camellia.c releng/9.3/crypto/openssl/crypto/camellia/camellia.h releng/9.3/crypto/openssl/crypto/camellia/cmll_cbc.c releng/9.3/crypto/openssl/crypto/camellia/cmll_cfb.c releng/9.3/crypto/openssl/crypto/camellia/cmll_ctr.c releng/9.3/crypto/openssl/crypto/camellia/cmll_ecb.c releng/9.3/crypto/openssl/crypto/camellia/cmll_locl.h releng/9.3/crypto/openssl/crypto/camellia/cmll_misc.c releng/9.3/crypto/openssl/crypto/camellia/cmll_ofb.c releng/9.3/crypto/openssl/crypto/cast/c_cfb64.c releng/9.3/crypto/openssl/crypto/cast/c_ecb.c releng/9.3/crypto/openssl/crypto/cast/c_enc.c releng/9.3/crypto/openssl/crypto/cast/c_ofb64.c releng/9.3/crypto/openssl/crypto/cast/c_skey.c releng/9.3/crypto/openssl/crypto/cast/cast.h releng/9.3/crypto/openssl/crypto/cast/cast_lcl.h releng/9.3/crypto/openssl/crypto/cast/cast_s.h releng/9.3/crypto/openssl/crypto/cast/cast_spd.c releng/9.3/crypto/openssl/crypto/cast/castopts.c releng/9.3/crypto/openssl/crypto/cast/casttest.c releng/9.3/crypto/openssl/crypto/cms/cms.h releng/9.3/crypto/openssl/crypto/cms/cms_asn1.c releng/9.3/crypto/openssl/crypto/cms/cms_att.c releng/9.3/crypto/openssl/crypto/cms/cms_cd.c releng/9.3/crypto/openssl/crypto/cms/cms_dd.c releng/9.3/crypto/openssl/crypto/cms/cms_enc.c releng/9.3/crypto/openssl/crypto/cms/cms_env.c releng/9.3/crypto/openssl/crypto/cms/cms_err.c releng/9.3/crypto/openssl/crypto/cms/cms_ess.c releng/9.3/crypto/openssl/crypto/cms/cms_io.c releng/9.3/crypto/openssl/crypto/cms/cms_lcl.h releng/9.3/crypto/openssl/crypto/cms/cms_lib.c releng/9.3/crypto/openssl/crypto/cms/cms_sd.c releng/9.3/crypto/openssl/crypto/cms/cms_smime.c releng/9.3/crypto/openssl/crypto/comp/c_rle.c releng/9.3/crypto/openssl/crypto/comp/c_zlib.c releng/9.3/crypto/openssl/crypto/comp/comp.h releng/9.3/crypto/openssl/crypto/comp/comp_err.c releng/9.3/crypto/openssl/crypto/comp/comp_lib.c releng/9.3/crypto/openssl/crypto/conf/cnf_save.c releng/9.3/crypto/openssl/crypto/conf/conf.h releng/9.3/crypto/openssl/crypto/conf/conf_api.c releng/9.3/crypto/openssl/crypto/conf/conf_api.h releng/9.3/crypto/openssl/crypto/conf/conf_def.c releng/9.3/crypto/openssl/crypto/conf/conf_def.h releng/9.3/crypto/openssl/crypto/conf/conf_err.c releng/9.3/crypto/openssl/crypto/conf/conf_lib.c releng/9.3/crypto/openssl/crypto/conf/conf_mall.c releng/9.3/crypto/openssl/crypto/conf/conf_mod.c releng/9.3/crypto/openssl/crypto/conf/conf_sap.c releng/9.3/crypto/openssl/crypto/conf/test.c releng/9.3/crypto/openssl/crypto/constant_time_locl.h releng/9.3/crypto/openssl/crypto/constant_time_test.c releng/9.3/crypto/openssl/crypto/cpt_err.c releng/9.3/crypto/openssl/crypto/cryptlib.c releng/9.3/crypto/openssl/crypto/cryptlib.h releng/9.3/crypto/openssl/crypto/crypto.h releng/9.3/crypto/openssl/crypto/cversion.c releng/9.3/crypto/openssl/crypto/des/cbc3_enc.c releng/9.3/crypto/openssl/crypto/des/cbc_cksm.c releng/9.3/crypto/openssl/crypto/des/cbc_enc.c releng/9.3/crypto/openssl/crypto/des/cfb64ede.c releng/9.3/crypto/openssl/crypto/des/cfb64enc.c releng/9.3/crypto/openssl/crypto/des/cfb_enc.c releng/9.3/crypto/openssl/crypto/des/des.c releng/9.3/crypto/openssl/crypto/des/des.h releng/9.3/crypto/openssl/crypto/des/des_enc.c releng/9.3/crypto/openssl/crypto/des/des_lib.c releng/9.3/crypto/openssl/crypto/des/des_locl.h releng/9.3/crypto/openssl/crypto/des/des_old.c releng/9.3/crypto/openssl/crypto/des/des_old.h releng/9.3/crypto/openssl/crypto/des/des_old2.c releng/9.3/crypto/openssl/crypto/des/des_opts.c releng/9.3/crypto/openssl/crypto/des/des_ver.h releng/9.3/crypto/openssl/crypto/des/destest.c releng/9.3/crypto/openssl/crypto/des/ecb3_enc.c releng/9.3/crypto/openssl/crypto/des/ecb_enc.c releng/9.3/crypto/openssl/crypto/des/ede_cbcm_enc.c releng/9.3/crypto/openssl/crypto/des/enc_read.c releng/9.3/crypto/openssl/crypto/des/enc_writ.c releng/9.3/crypto/openssl/crypto/des/fcrypt.c releng/9.3/crypto/openssl/crypto/des/fcrypt_b.c releng/9.3/crypto/openssl/crypto/des/ncbc_enc.c releng/9.3/crypto/openssl/crypto/des/ofb64ede.c releng/9.3/crypto/openssl/crypto/des/ofb64enc.c releng/9.3/crypto/openssl/crypto/des/ofb_enc.c releng/9.3/crypto/openssl/crypto/des/pcbc_enc.c releng/9.3/crypto/openssl/crypto/des/qud_cksm.c releng/9.3/crypto/openssl/crypto/des/rand_key.c releng/9.3/crypto/openssl/crypto/des/read2pwd.c releng/9.3/crypto/openssl/crypto/des/read_pwd.c releng/9.3/crypto/openssl/crypto/des/rpc_des.h releng/9.3/crypto/openssl/crypto/des/rpc_enc.c releng/9.3/crypto/openssl/crypto/des/rpw.c releng/9.3/crypto/openssl/crypto/des/set_key.c releng/9.3/crypto/openssl/crypto/des/speed.c releng/9.3/crypto/openssl/crypto/des/spr.h releng/9.3/crypto/openssl/crypto/des/str2key.c releng/9.3/crypto/openssl/crypto/des/xcbc_enc.c releng/9.3/crypto/openssl/crypto/dh/dh.h releng/9.3/crypto/openssl/crypto/dh/dh_asn1.c releng/9.3/crypto/openssl/crypto/dh/dh_check.c releng/9.3/crypto/openssl/crypto/dh/dh_depr.c releng/9.3/crypto/openssl/crypto/dh/dh_err.c releng/9.3/crypto/openssl/crypto/dh/dh_gen.c releng/9.3/crypto/openssl/crypto/dh/dh_key.c releng/9.3/crypto/openssl/crypto/dh/dh_lib.c releng/9.3/crypto/openssl/crypto/dh/dhtest.c releng/9.3/crypto/openssl/crypto/dh/p1024.c releng/9.3/crypto/openssl/crypto/dh/p192.c releng/9.3/crypto/openssl/crypto/dh/p512.c releng/9.3/crypto/openssl/crypto/dsa/dsa.h releng/9.3/crypto/openssl/crypto/dsa/dsa_asn1.c releng/9.3/crypto/openssl/crypto/dsa/dsa_depr.c releng/9.3/crypto/openssl/crypto/dsa/dsa_err.c releng/9.3/crypto/openssl/crypto/dsa/dsa_gen.c releng/9.3/crypto/openssl/crypto/dsa/dsa_key.c releng/9.3/crypto/openssl/crypto/dsa/dsa_lib.c releng/9.3/crypto/openssl/crypto/dsa/dsa_ossl.c releng/9.3/crypto/openssl/crypto/dsa/dsa_sign.c releng/9.3/crypto/openssl/crypto/dsa/dsa_utl.c releng/9.3/crypto/openssl/crypto/dsa/dsa_vrf.c releng/9.3/crypto/openssl/crypto/dsa/dsagen.c releng/9.3/crypto/openssl/crypto/dsa/dsatest.c releng/9.3/crypto/openssl/crypto/dso/dso.h releng/9.3/crypto/openssl/crypto/dso/dso_dl.c releng/9.3/crypto/openssl/crypto/dso/dso_dlfcn.c releng/9.3/crypto/openssl/crypto/dso/dso_err.c releng/9.3/crypto/openssl/crypto/dso/dso_lib.c releng/9.3/crypto/openssl/crypto/dso/dso_null.c releng/9.3/crypto/openssl/crypto/dso/dso_openssl.c releng/9.3/crypto/openssl/crypto/dyn_lck.c releng/9.3/crypto/openssl/crypto/ebcdic.c releng/9.3/crypto/openssl/crypto/ebcdic.h releng/9.3/crypto/openssl/crypto/ec/ec.h releng/9.3/crypto/openssl/crypto/ec/ec2_mult.c releng/9.3/crypto/openssl/crypto/ec/ec2_smpl.c releng/9.3/crypto/openssl/crypto/ec/ec2_smpt.c releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c releng/9.3/crypto/openssl/crypto/ec/ec_check.c releng/9.3/crypto/openssl/crypto/ec/ec_curve.c releng/9.3/crypto/openssl/crypto/ec/ec_cvt.c releng/9.3/crypto/openssl/crypto/ec/ec_err.c releng/9.3/crypto/openssl/crypto/ec/ec_key.c releng/9.3/crypto/openssl/crypto/ec/ec_lcl.h releng/9.3/crypto/openssl/crypto/ec/ec_lib.c releng/9.3/crypto/openssl/crypto/ec/ec_mult.c releng/9.3/crypto/openssl/crypto/ec/ec_print.c releng/9.3/crypto/openssl/crypto/ec/ecp_mont.c releng/9.3/crypto/openssl/crypto/ec/ecp_nist.c releng/9.3/crypto/openssl/crypto/ec/ecp_smpl.c releng/9.3/crypto/openssl/crypto/ec/ectest.c releng/9.3/crypto/openssl/crypto/ecdh/ecdh.h releng/9.3/crypto/openssl/crypto/ecdh/ecdhtest.c releng/9.3/crypto/openssl/crypto/ecdh/ech_err.c releng/9.3/crypto/openssl/crypto/ecdh/ech_key.c releng/9.3/crypto/openssl/crypto/ecdh/ech_lib.c releng/9.3/crypto/openssl/crypto/ecdh/ech_locl.h releng/9.3/crypto/openssl/crypto/ecdh/ech_ossl.c releng/9.3/crypto/openssl/crypto/ecdsa/Makefile releng/9.3/crypto/openssl/crypto/ecdsa/ecdsa.h releng/9.3/crypto/openssl/crypto/ecdsa/ecdsatest.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_asn1.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_err.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_lib.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_locl.h releng/9.3/crypto/openssl/crypto/ecdsa/ecs_ossl.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_sign.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/9.3/crypto/openssl/crypto/engine/eng_all.c releng/9.3/crypto/openssl/crypto/engine/eng_cnf.c releng/9.3/crypto/openssl/crypto/engine/eng_cryptodev.c releng/9.3/crypto/openssl/crypto/engine/eng_ctrl.c releng/9.3/crypto/openssl/crypto/engine/eng_dyn.c releng/9.3/crypto/openssl/crypto/engine/eng_err.c releng/9.3/crypto/openssl/crypto/engine/eng_fat.c releng/9.3/crypto/openssl/crypto/engine/eng_init.c releng/9.3/crypto/openssl/crypto/engine/eng_int.h releng/9.3/crypto/openssl/crypto/engine/eng_lib.c releng/9.3/crypto/openssl/crypto/engine/eng_list.c releng/9.3/crypto/openssl/crypto/engine/eng_openssl.c releng/9.3/crypto/openssl/crypto/engine/eng_padlock.c releng/9.3/crypto/openssl/crypto/engine/eng_pkey.c releng/9.3/crypto/openssl/crypto/engine/eng_table.c releng/9.3/crypto/openssl/crypto/engine/engine.h releng/9.3/crypto/openssl/crypto/engine/enginetest.c releng/9.3/crypto/openssl/crypto/engine/tb_cipher.c releng/9.3/crypto/openssl/crypto/engine/tb_dh.c releng/9.3/crypto/openssl/crypto/engine/tb_digest.c releng/9.3/crypto/openssl/crypto/engine/tb_dsa.c releng/9.3/crypto/openssl/crypto/engine/tb_ecdh.c releng/9.3/crypto/openssl/crypto/engine/tb_ecdsa.c releng/9.3/crypto/openssl/crypto/engine/tb_rand.c releng/9.3/crypto/openssl/crypto/engine/tb_rsa.c releng/9.3/crypto/openssl/crypto/engine/tb_store.c releng/9.3/crypto/openssl/crypto/err/err.c releng/9.3/crypto/openssl/crypto/err/err.h releng/9.3/crypto/openssl/crypto/err/err_all.c releng/9.3/crypto/openssl/crypto/err/err_bio.c releng/9.3/crypto/openssl/crypto/err/err_def.c releng/9.3/crypto/openssl/crypto/err/err_prn.c releng/9.3/crypto/openssl/crypto/err/err_str.c releng/9.3/crypto/openssl/crypto/evp/bio_b64.c releng/9.3/crypto/openssl/crypto/evp/bio_enc.c releng/9.3/crypto/openssl/crypto/evp/bio_md.c releng/9.3/crypto/openssl/crypto/evp/bio_ok.c releng/9.3/crypto/openssl/crypto/evp/c_all.c releng/9.3/crypto/openssl/crypto/evp/c_allc.c releng/9.3/crypto/openssl/crypto/evp/c_alld.c releng/9.3/crypto/openssl/crypto/evp/dig_eng.c releng/9.3/crypto/openssl/crypto/evp/digest.c releng/9.3/crypto/openssl/crypto/evp/e_aes.c releng/9.3/crypto/openssl/crypto/evp/e_bf.c releng/9.3/crypto/openssl/crypto/evp/e_camellia.c releng/9.3/crypto/openssl/crypto/evp/e_cast.c releng/9.3/crypto/openssl/crypto/evp/e_des.c releng/9.3/crypto/openssl/crypto/evp/e_des3.c releng/9.3/crypto/openssl/crypto/evp/e_dsa.c releng/9.3/crypto/openssl/crypto/evp/e_idea.c releng/9.3/crypto/openssl/crypto/evp/e_null.c releng/9.3/crypto/openssl/crypto/evp/e_old.c releng/9.3/crypto/openssl/crypto/evp/e_rc2.c releng/9.3/crypto/openssl/crypto/evp/e_rc4.c releng/9.3/crypto/openssl/crypto/evp/e_rc5.c releng/9.3/crypto/openssl/crypto/evp/e_seed.c releng/9.3/crypto/openssl/crypto/evp/e_xcbc_d.c releng/9.3/crypto/openssl/crypto/evp/enc_min.c releng/9.3/crypto/openssl/crypto/evp/encode.c releng/9.3/crypto/openssl/crypto/evp/evp.h releng/9.3/crypto/openssl/crypto/evp/evp_acnf.c releng/9.3/crypto/openssl/crypto/evp/evp_cnf.c releng/9.3/crypto/openssl/crypto/evp/evp_enc.c releng/9.3/crypto/openssl/crypto/evp/evp_err.c releng/9.3/crypto/openssl/crypto/evp/evp_key.c releng/9.3/crypto/openssl/crypto/evp/evp_lib.c releng/9.3/crypto/openssl/crypto/evp/evp_locl.h releng/9.3/crypto/openssl/crypto/evp/evp_pbe.c releng/9.3/crypto/openssl/crypto/evp/evp_pkey.c releng/9.3/crypto/openssl/crypto/evp/evp_test.c releng/9.3/crypto/openssl/crypto/evp/m_dss.c releng/9.3/crypto/openssl/crypto/evp/m_dss1.c releng/9.3/crypto/openssl/crypto/evp/m_ecdsa.c releng/9.3/crypto/openssl/crypto/evp/m_md2.c releng/9.3/crypto/openssl/crypto/evp/m_md4.c releng/9.3/crypto/openssl/crypto/evp/m_md5.c releng/9.3/crypto/openssl/crypto/evp/m_mdc2.c releng/9.3/crypto/openssl/crypto/evp/m_null.c releng/9.3/crypto/openssl/crypto/evp/m_ripemd.c releng/9.3/crypto/openssl/crypto/evp/m_sha.c releng/9.3/crypto/openssl/crypto/evp/m_sha1.c releng/9.3/crypto/openssl/crypto/evp/names.c releng/9.3/crypto/openssl/crypto/evp/openbsd_hw.c releng/9.3/crypto/openssl/crypto/evp/p5_crpt.c releng/9.3/crypto/openssl/crypto/evp/p5_crpt2.c releng/9.3/crypto/openssl/crypto/evp/p_dec.c releng/9.3/crypto/openssl/crypto/evp/p_enc.c releng/9.3/crypto/openssl/crypto/evp/p_lib.c releng/9.3/crypto/openssl/crypto/evp/p_open.c releng/9.3/crypto/openssl/crypto/evp/p_seal.c releng/9.3/crypto/openssl/crypto/evp/p_sign.c releng/9.3/crypto/openssl/crypto/evp/p_verify.c releng/9.3/crypto/openssl/crypto/ex_data.c releng/9.3/crypto/openssl/crypto/fips_err.c releng/9.3/crypto/openssl/crypto/fips_err.h releng/9.3/crypto/openssl/crypto/hmac/hmac.c releng/9.3/crypto/openssl/crypto/hmac/hmac.h releng/9.3/crypto/openssl/crypto/hmac/hmactest.c releng/9.3/crypto/openssl/crypto/idea/i_cbc.c releng/9.3/crypto/openssl/crypto/idea/i_cfb64.c releng/9.3/crypto/openssl/crypto/idea/i_ecb.c releng/9.3/crypto/openssl/crypto/idea/i_ofb64.c releng/9.3/crypto/openssl/crypto/idea/i_skey.c releng/9.3/crypto/openssl/crypto/idea/idea.h releng/9.3/crypto/openssl/crypto/idea/idea_lcl.h releng/9.3/crypto/openssl/crypto/idea/idea_spd.c releng/9.3/crypto/openssl/crypto/idea/ideatest.c releng/9.3/crypto/openssl/crypto/jpake/jpake.c releng/9.3/crypto/openssl/crypto/jpake/jpake.h releng/9.3/crypto/openssl/crypto/jpake/jpake_err.c releng/9.3/crypto/openssl/crypto/jpake/jpaketest.c releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.c releng/9.3/crypto/openssl/crypto/krb5/krb5_asn.h releng/9.3/crypto/openssl/crypto/lhash/lh_stats.c releng/9.3/crypto/openssl/crypto/lhash/lh_test.c releng/9.3/crypto/openssl/crypto/lhash/lhash.c releng/9.3/crypto/openssl/crypto/lhash/lhash.h releng/9.3/crypto/openssl/crypto/md2/md2.c releng/9.3/crypto/openssl/crypto/md2/md2.h releng/9.3/crypto/openssl/crypto/md2/md2_dgst.c releng/9.3/crypto/openssl/crypto/md2/md2_one.c releng/9.3/crypto/openssl/crypto/md2/md2test.c releng/9.3/crypto/openssl/crypto/md32_common.h releng/9.3/crypto/openssl/crypto/md4/md4.c releng/9.3/crypto/openssl/crypto/md4/md4.h releng/9.3/crypto/openssl/crypto/md4/md4_dgst.c releng/9.3/crypto/openssl/crypto/md4/md4_locl.h releng/9.3/crypto/openssl/crypto/md4/md4_one.c releng/9.3/crypto/openssl/crypto/md4/md4test.c releng/9.3/crypto/openssl/crypto/md5/md5.c releng/9.3/crypto/openssl/crypto/md5/md5.h releng/9.3/crypto/openssl/crypto/md5/md5_dgst.c releng/9.3/crypto/openssl/crypto/md5/md5_locl.h releng/9.3/crypto/openssl/crypto/md5/md5_one.c releng/9.3/crypto/openssl/crypto/md5/md5test.c releng/9.3/crypto/openssl/crypto/mdc2/mdc2.h releng/9.3/crypto/openssl/crypto/mdc2/mdc2_one.c releng/9.3/crypto/openssl/crypto/mdc2/mdc2dgst.c releng/9.3/crypto/openssl/crypto/mdc2/mdc2test.c releng/9.3/crypto/openssl/crypto/mem.c releng/9.3/crypto/openssl/crypto/mem_clr.c releng/9.3/crypto/openssl/crypto/mem_dbg.c releng/9.3/crypto/openssl/crypto/o_dir.c releng/9.3/crypto/openssl/crypto/o_dir.h releng/9.3/crypto/openssl/crypto/o_dir_test.c releng/9.3/crypto/openssl/crypto/o_init.c releng/9.3/crypto/openssl/crypto/o_str.c releng/9.3/crypto/openssl/crypto/o_str.h releng/9.3/crypto/openssl/crypto/o_time.c releng/9.3/crypto/openssl/crypto/o_time.h releng/9.3/crypto/openssl/crypto/objects/o_names.c releng/9.3/crypto/openssl/crypto/objects/obj_dat.c releng/9.3/crypto/openssl/crypto/objects/obj_err.c releng/9.3/crypto/openssl/crypto/objects/obj_lib.c releng/9.3/crypto/openssl/crypto/objects/obj_mac.h releng/9.3/crypto/openssl/crypto/objects/objects.h releng/9.3/crypto/openssl/crypto/objects/objects.pl releng/9.3/crypto/openssl/crypto/ocsp/ocsp.h releng/9.3/crypto/openssl/crypto/ocsp/ocsp_asn.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_cl.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_err.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ext.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_ht.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_prn.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_srv.c releng/9.3/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/9.3/crypto/openssl/crypto/opensslv.h releng/9.3/crypto/openssl/crypto/ossl_typ.h releng/9.3/crypto/openssl/crypto/pem/pem.h releng/9.3/crypto/openssl/crypto/pem/pem2.h releng/9.3/crypto/openssl/crypto/pem/pem_all.c releng/9.3/crypto/openssl/crypto/pem/pem_err.c releng/9.3/crypto/openssl/crypto/pem/pem_info.c releng/9.3/crypto/openssl/crypto/pem/pem_lib.c releng/9.3/crypto/openssl/crypto/pem/pem_oth.c releng/9.3/crypto/openssl/crypto/pem/pem_pk8.c releng/9.3/crypto/openssl/crypto/pem/pem_pkey.c releng/9.3/crypto/openssl/crypto/pem/pem_seal.c releng/9.3/crypto/openssl/crypto/pem/pem_sign.c releng/9.3/crypto/openssl/crypto/pem/pem_x509.c releng/9.3/crypto/openssl/crypto/pem/pem_xaux.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_add.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_asn.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_attr.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_crpt.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_crt.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_decr.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_init.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_key.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_kiss.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_mutl.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_npas.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8d.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_p8e.c releng/9.3/crypto/openssl/crypto/pkcs12/p12_utl.c releng/9.3/crypto/openssl/crypto/pkcs12/pk12err.c releng/9.3/crypto/openssl/crypto/pkcs12/pkcs12.h releng/9.3/crypto/openssl/crypto/pkcs7/pk7_asn1.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_attr.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_dgst.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_enc.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_mime.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_smime.c releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7.h releng/9.3/crypto/openssl/crypto/pkcs7/pkcs7err.c releng/9.3/crypto/openssl/crypto/pqueue/pq_compat.h releng/9.3/crypto/openssl/crypto/pqueue/pq_test.c releng/9.3/crypto/openssl/crypto/pqueue/pqueue.c releng/9.3/crypto/openssl/crypto/pqueue/pqueue.h releng/9.3/crypto/openssl/crypto/rand/md_rand.c releng/9.3/crypto/openssl/crypto/rand/rand.h releng/9.3/crypto/openssl/crypto/rand/rand_egd.c releng/9.3/crypto/openssl/crypto/rand/rand_eng.c releng/9.3/crypto/openssl/crypto/rand/rand_err.c releng/9.3/crypto/openssl/crypto/rand/rand_lcl.h releng/9.3/crypto/openssl/crypto/rand/rand_lib.c releng/9.3/crypto/openssl/crypto/rand/rand_nw.c releng/9.3/crypto/openssl/crypto/rand/rand_os2.c releng/9.3/crypto/openssl/crypto/rand/rand_unix.c releng/9.3/crypto/openssl/crypto/rand/rand_vms.c releng/9.3/crypto/openssl/crypto/rand/rand_win.c releng/9.3/crypto/openssl/crypto/rand/randfile.c releng/9.3/crypto/openssl/crypto/rand/randtest.c releng/9.3/crypto/openssl/crypto/rc2/rc2.h releng/9.3/crypto/openssl/crypto/rc2/rc2_cbc.c releng/9.3/crypto/openssl/crypto/rc2/rc2_ecb.c releng/9.3/crypto/openssl/crypto/rc2/rc2_locl.h releng/9.3/crypto/openssl/crypto/rc2/rc2_skey.c releng/9.3/crypto/openssl/crypto/rc2/rc2cfb64.c releng/9.3/crypto/openssl/crypto/rc2/rc2ofb64.c releng/9.3/crypto/openssl/crypto/rc2/rc2speed.c releng/9.3/crypto/openssl/crypto/rc2/rc2test.c releng/9.3/crypto/openssl/crypto/rc2/tab.c releng/9.3/crypto/openssl/crypto/rc4/rc4.c releng/9.3/crypto/openssl/crypto/rc4/rc4.h releng/9.3/crypto/openssl/crypto/rc4/rc4_enc.c releng/9.3/crypto/openssl/crypto/rc4/rc4_fblk.c releng/9.3/crypto/openssl/crypto/rc4/rc4_locl.h releng/9.3/crypto/openssl/crypto/rc4/rc4_skey.c releng/9.3/crypto/openssl/crypto/rc4/rc4speed.c releng/9.3/crypto/openssl/crypto/rc4/rc4test.c releng/9.3/crypto/openssl/crypto/rc5/rc5.h releng/9.3/crypto/openssl/crypto/rc5/rc5_ecb.c releng/9.3/crypto/openssl/crypto/rc5/rc5_enc.c releng/9.3/crypto/openssl/crypto/rc5/rc5_locl.h releng/9.3/crypto/openssl/crypto/rc5/rc5_skey.c releng/9.3/crypto/openssl/crypto/rc5/rc5cfb64.c releng/9.3/crypto/openssl/crypto/rc5/rc5ofb64.c releng/9.3/crypto/openssl/crypto/rc5/rc5speed.c releng/9.3/crypto/openssl/crypto/rc5/rc5test.c releng/9.3/crypto/openssl/crypto/ripemd/ripemd.h releng/9.3/crypto/openssl/crypto/ripemd/rmd160.c releng/9.3/crypto/openssl/crypto/ripemd/rmd_dgst.c releng/9.3/crypto/openssl/crypto/ripemd/rmd_locl.h releng/9.3/crypto/openssl/crypto/ripemd/rmd_one.c releng/9.3/crypto/openssl/crypto/ripemd/rmdconst.h releng/9.3/crypto/openssl/crypto/ripemd/rmdtest.c releng/9.3/crypto/openssl/crypto/rsa/rsa.h releng/9.3/crypto/openssl/crypto/rsa/rsa_asn1.c releng/9.3/crypto/openssl/crypto/rsa/rsa_chk.c releng/9.3/crypto/openssl/crypto/rsa/rsa_depr.c releng/9.3/crypto/openssl/crypto/rsa/rsa_eay.c releng/9.3/crypto/openssl/crypto/rsa/rsa_eng.c releng/9.3/crypto/openssl/crypto/rsa/rsa_err.c releng/9.3/crypto/openssl/crypto/rsa/rsa_gen.c releng/9.3/crypto/openssl/crypto/rsa/rsa_lib.c releng/9.3/crypto/openssl/crypto/rsa/rsa_none.c releng/9.3/crypto/openssl/crypto/rsa/rsa_null.c releng/9.3/crypto/openssl/crypto/rsa/rsa_oaep.c releng/9.3/crypto/openssl/crypto/rsa/rsa_pk1.c releng/9.3/crypto/openssl/crypto/rsa/rsa_pss.c releng/9.3/crypto/openssl/crypto/rsa/rsa_saos.c releng/9.3/crypto/openssl/crypto/rsa/rsa_sign.c releng/9.3/crypto/openssl/crypto/rsa/rsa_ssl.c releng/9.3/crypto/openssl/crypto/rsa/rsa_test.c releng/9.3/crypto/openssl/crypto/rsa/rsa_x931.c releng/9.3/crypto/openssl/crypto/rsa/rsa_x931g.c releng/9.3/crypto/openssl/crypto/seed/seed.c releng/9.3/crypto/openssl/crypto/seed/seed.h releng/9.3/crypto/openssl/crypto/seed/seed_cbc.c releng/9.3/crypto/openssl/crypto/seed/seed_cfb.c releng/9.3/crypto/openssl/crypto/seed/seed_ecb.c releng/9.3/crypto/openssl/crypto/seed/seed_locl.h releng/9.3/crypto/openssl/crypto/seed/seed_ofb.c releng/9.3/crypto/openssl/crypto/sha/sha.c releng/9.3/crypto/openssl/crypto/sha/sha.h releng/9.3/crypto/openssl/crypto/sha/sha1.c releng/9.3/crypto/openssl/crypto/sha/sha1_one.c releng/9.3/crypto/openssl/crypto/sha/sha1dgst.c releng/9.3/crypto/openssl/crypto/sha/sha1test.c releng/9.3/crypto/openssl/crypto/sha/sha256.c releng/9.3/crypto/openssl/crypto/sha/sha256t.c releng/9.3/crypto/openssl/crypto/sha/sha512.c releng/9.3/crypto/openssl/crypto/sha/sha512t.c releng/9.3/crypto/openssl/crypto/sha/sha_dgst.c releng/9.3/crypto/openssl/crypto/sha/sha_locl.h releng/9.3/crypto/openssl/crypto/sha/sha_one.c releng/9.3/crypto/openssl/crypto/sha/shatest.c releng/9.3/crypto/openssl/crypto/stack/safestack.h releng/9.3/crypto/openssl/crypto/stack/stack.c releng/9.3/crypto/openssl/crypto/stack/stack.h releng/9.3/crypto/openssl/crypto/store/store.h releng/9.3/crypto/openssl/crypto/store/str_err.c releng/9.3/crypto/openssl/crypto/store/str_lib.c releng/9.3/crypto/openssl/crypto/store/str_locl.h releng/9.3/crypto/openssl/crypto/store/str_mem.c releng/9.3/crypto/openssl/crypto/store/str_meth.c releng/9.3/crypto/openssl/crypto/symhacks.h releng/9.3/crypto/openssl/crypto/threads/mttest.c releng/9.3/crypto/openssl/crypto/threads/th-lock.c releng/9.3/crypto/openssl/crypto/tmdiff.c releng/9.3/crypto/openssl/crypto/tmdiff.h releng/9.3/crypto/openssl/crypto/txt_db/txt_db.c releng/9.3/crypto/openssl/crypto/txt_db/txt_db.h releng/9.3/crypto/openssl/crypto/ui/ui.h releng/9.3/crypto/openssl/crypto/ui/ui_compat.c releng/9.3/crypto/openssl/crypto/ui/ui_compat.h releng/9.3/crypto/openssl/crypto/ui/ui_err.c releng/9.3/crypto/openssl/crypto/ui/ui_lib.c releng/9.3/crypto/openssl/crypto/ui/ui_locl.h releng/9.3/crypto/openssl/crypto/ui/ui_openssl.c releng/9.3/crypto/openssl/crypto/ui/ui_util.c releng/9.3/crypto/openssl/crypto/uid.c releng/9.3/crypto/openssl/crypto/x509/by_dir.c releng/9.3/crypto/openssl/crypto/x509/by_file.c releng/9.3/crypto/openssl/crypto/x509/x509.h releng/9.3/crypto/openssl/crypto/x509/x509_att.c releng/9.3/crypto/openssl/crypto/x509/x509_cmp.c releng/9.3/crypto/openssl/crypto/x509/x509_d2.c releng/9.3/crypto/openssl/crypto/x509/x509_def.c releng/9.3/crypto/openssl/crypto/x509/x509_err.c releng/9.3/crypto/openssl/crypto/x509/x509_ext.c releng/9.3/crypto/openssl/crypto/x509/x509_lu.c releng/9.3/crypto/openssl/crypto/x509/x509_obj.c releng/9.3/crypto/openssl/crypto/x509/x509_r2x.c releng/9.3/crypto/openssl/crypto/x509/x509_req.c releng/9.3/crypto/openssl/crypto/x509/x509_set.c releng/9.3/crypto/openssl/crypto/x509/x509_trs.c releng/9.3/crypto/openssl/crypto/x509/x509_txt.c releng/9.3/crypto/openssl/crypto/x509/x509_v3.c releng/9.3/crypto/openssl/crypto/x509/x509_vfy.c releng/9.3/crypto/openssl/crypto/x509/x509_vfy.h releng/9.3/crypto/openssl/crypto/x509/x509_vpm.c releng/9.3/crypto/openssl/crypto/x509/x509cset.c releng/9.3/crypto/openssl/crypto/x509/x509name.c releng/9.3/crypto/openssl/crypto/x509/x509rset.c releng/9.3/crypto/openssl/crypto/x509/x509spki.c releng/9.3/crypto/openssl/crypto/x509/x509type.c releng/9.3/crypto/openssl/crypto/x509/x_all.c releng/9.3/crypto/openssl/crypto/x509v3/ext_dat.h releng/9.3/crypto/openssl/crypto/x509v3/pcy_cache.c releng/9.3/crypto/openssl/crypto/x509v3/pcy_data.c releng/9.3/crypto/openssl/crypto/x509v3/pcy_int.h releng/9.3/crypto/openssl/crypto/x509v3/pcy_lib.c releng/9.3/crypto/openssl/crypto/x509v3/pcy_map.c releng/9.3/crypto/openssl/crypto/x509v3/pcy_node.c releng/9.3/crypto/openssl/crypto/x509v3/pcy_tree.c releng/9.3/crypto/openssl/crypto/x509v3/tabtest.c releng/9.3/crypto/openssl/crypto/x509v3/v3_addr.c releng/9.3/crypto/openssl/crypto/x509v3/v3_akey.c releng/9.3/crypto/openssl/crypto/x509v3/v3_akeya.c releng/9.3/crypto/openssl/crypto/x509v3/v3_alt.c releng/9.3/crypto/openssl/crypto/x509v3/v3_asid.c releng/9.3/crypto/openssl/crypto/x509v3/v3_bcons.c releng/9.3/crypto/openssl/crypto/x509v3/v3_bitst.c releng/9.3/crypto/openssl/crypto/x509v3/v3_conf.c releng/9.3/crypto/openssl/crypto/x509v3/v3_cpols.c releng/9.3/crypto/openssl/crypto/x509v3/v3_crld.c releng/9.3/crypto/openssl/crypto/x509v3/v3_enum.c releng/9.3/crypto/openssl/crypto/x509v3/v3_extku.c releng/9.3/crypto/openssl/crypto/x509v3/v3_genn.c releng/9.3/crypto/openssl/crypto/x509v3/v3_ia5.c releng/9.3/crypto/openssl/crypto/x509v3/v3_info.c releng/9.3/crypto/openssl/crypto/x509v3/v3_int.c releng/9.3/crypto/openssl/crypto/x509v3/v3_lib.c releng/9.3/crypto/openssl/crypto/x509v3/v3_ncons.c releng/9.3/crypto/openssl/crypto/x509v3/v3_ocsp.c releng/9.3/crypto/openssl/crypto/x509v3/v3_pci.c releng/9.3/crypto/openssl/crypto/x509v3/v3_pcia.c releng/9.3/crypto/openssl/crypto/x509v3/v3_pcons.c releng/9.3/crypto/openssl/crypto/x509v3/v3_pku.c releng/9.3/crypto/openssl/crypto/x509v3/v3_pmaps.c releng/9.3/crypto/openssl/crypto/x509v3/v3_prn.c releng/9.3/crypto/openssl/crypto/x509v3/v3_purp.c releng/9.3/crypto/openssl/crypto/x509v3/v3_skey.c releng/9.3/crypto/openssl/crypto/x509v3/v3_sxnet.c releng/9.3/crypto/openssl/crypto/x509v3/v3_utl.c releng/9.3/crypto/openssl/crypto/x509v3/v3conf.c releng/9.3/crypto/openssl/crypto/x509v3/v3err.c releng/9.3/crypto/openssl/crypto/x509v3/v3prin.c releng/9.3/crypto/openssl/crypto/x509v3/x509v3.h releng/9.3/crypto/openssl/demos/asn1/ocsp.c releng/9.3/crypto/openssl/demos/b64.c releng/9.3/crypto/openssl/demos/bio/saccept.c releng/9.3/crypto/openssl/demos/bio/sconnect.c releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.c releng/9.3/crypto/openssl/demos/easy_tls/easy-tls.h releng/9.3/crypto/openssl/demos/easy_tls/test.c releng/9.3/crypto/openssl/demos/easy_tls/test.h releng/9.3/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c releng/9.3/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca.c releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c releng/9.3/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h releng/9.3/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.c releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod.h releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.c releng/9.3/crypto/openssl/demos/engines/zencod/hw_zencod_err.h releng/9.3/crypto/openssl/demos/jpake/jpakedemo.c releng/9.3/crypto/openssl/demos/pkcs12/pkread.c releng/9.3/crypto/openssl/demos/pkcs12/pkwrite.c releng/9.3/crypto/openssl/demos/prime/prime.c releng/9.3/crypto/openssl/demos/selfsign.c releng/9.3/crypto/openssl/demos/sign/sign.c releng/9.3/crypto/openssl/demos/spkigen.c releng/9.3/crypto/openssl/demos/state_machine/state_machine.c releng/9.3/crypto/openssl/demos/tunala/breakage.c releng/9.3/crypto/openssl/demos/tunala/buffer.c releng/9.3/crypto/openssl/demos/tunala/cb.c releng/9.3/crypto/openssl/demos/tunala/ip.c releng/9.3/crypto/openssl/demos/tunala/sm.c releng/9.3/crypto/openssl/demos/tunala/tunala.c releng/9.3/crypto/openssl/demos/tunala/tunala.h releng/9.3/crypto/openssl/demos/x509/mkcert.c releng/9.3/crypto/openssl/demos/x509/mkreq.c releng/9.3/crypto/openssl/doc/apps/ciphers.pod releng/9.3/crypto/openssl/doc/crypto/BN_rand.pod releng/9.3/crypto/openssl/doc/crypto/BN_set_bit.pod releng/9.3/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/9.3/crypto/openssl/doc/crypto/d2i_X509.pod releng/9.3/crypto/openssl/doc/crypto/pem.pod releng/9.3/crypto/openssl/e_os.h releng/9.3/crypto/openssl/e_os2.h releng/9.3/crypto/openssl/engines/e_4758cca.c releng/9.3/crypto/openssl/engines/e_4758cca_err.c releng/9.3/crypto/openssl/engines/e_4758cca_err.h releng/9.3/crypto/openssl/engines/e_aep.c releng/9.3/crypto/openssl/engines/e_aep_err.c releng/9.3/crypto/openssl/engines/e_aep_err.h releng/9.3/crypto/openssl/engines/e_atalla.c releng/9.3/crypto/openssl/engines/e_atalla_err.c releng/9.3/crypto/openssl/engines/e_atalla_err.h releng/9.3/crypto/openssl/engines/e_capi.c releng/9.3/crypto/openssl/engines/e_capi_err.c releng/9.3/crypto/openssl/engines/e_capi_err.h releng/9.3/crypto/openssl/engines/e_chil.c releng/9.3/crypto/openssl/engines/e_chil_err.c releng/9.3/crypto/openssl/engines/e_chil_err.h releng/9.3/crypto/openssl/engines/e_cswift.c releng/9.3/crypto/openssl/engines/e_cswift_err.c releng/9.3/crypto/openssl/engines/e_cswift_err.h releng/9.3/crypto/openssl/engines/e_gmp.c releng/9.3/crypto/openssl/engines/e_gmp_err.c releng/9.3/crypto/openssl/engines/e_gmp_err.h releng/9.3/crypto/openssl/engines/e_nuron.c releng/9.3/crypto/openssl/engines/e_nuron_err.c releng/9.3/crypto/openssl/engines/e_nuron_err.h releng/9.3/crypto/openssl/engines/e_sureware.c releng/9.3/crypto/openssl/engines/e_sureware_err.c releng/9.3/crypto/openssl/engines/e_sureware_err.h releng/9.3/crypto/openssl/engines/e_ubsec.c releng/9.3/crypto/openssl/engines/e_ubsec_err.c releng/9.3/crypto/openssl/engines/e_ubsec_err.h releng/9.3/crypto/openssl/engines/vendor_defns/aep.h releng/9.3/crypto/openssl/engines/vendor_defns/atalla.h releng/9.3/crypto/openssl/engines/vendor_defns/cswift.h releng/9.3/crypto/openssl/engines/vendor_defns/hw_4758_cca.h releng/9.3/crypto/openssl/engines/vendor_defns/hw_ubsec.h releng/9.3/crypto/openssl/engines/vendor_defns/hwcryptohook.h releng/9.3/crypto/openssl/engines/vendor_defns/sureware.h releng/9.3/crypto/openssl/fips/aes/fips_aes_selftest.c releng/9.3/crypto/openssl/fips/aes/fips_aesavs.c releng/9.3/crypto/openssl/fips/des/fips_des_selftest.c releng/9.3/crypto/openssl/fips/des/fips_desmovs.c releng/9.3/crypto/openssl/fips/dh/dh_gen.c releng/9.3/crypto/openssl/fips/dh/fips_dh_check.c releng/9.3/crypto/openssl/fips/dh/fips_dh_gen.c releng/9.3/crypto/openssl/fips/dh/fips_dh_key.c releng/9.3/crypto/openssl/fips/dh/fips_dh_lib.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_gen.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_key.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_lib.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_ossl.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_selftest.c releng/9.3/crypto/openssl/fips/dsa/fips_dsa_sign.c releng/9.3/crypto/openssl/fips/dsa/fips_dsatest.c releng/9.3/crypto/openssl/fips/dsa/fips_dssvs.c releng/9.3/crypto/openssl/fips/fips.c releng/9.3/crypto/openssl/fips/fips.h releng/9.3/crypto/openssl/fips/fips_canister.c releng/9.3/crypto/openssl/fips/fips_locl.h releng/9.3/crypto/openssl/fips/fips_premain.c releng/9.3/crypto/openssl/fips/fips_test_suite.c releng/9.3/crypto/openssl/fips/fips_utl.h releng/9.3/crypto/openssl/fips/hmac/fips_hmac.c releng/9.3/crypto/openssl/fips/hmac/fips_hmac_selftest.c releng/9.3/crypto/openssl/fips/hmac/fips_hmactest.c releng/9.3/crypto/openssl/fips/rand/fips_rand.c releng/9.3/crypto/openssl/fips/rand/fips_rand.h releng/9.3/crypto/openssl/fips/rand/fips_rand_selftest.c releng/9.3/crypto/openssl/fips/rand/fips_randtest.c releng/9.3/crypto/openssl/fips/rand/fips_rngvs.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_eay.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_gen.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_lib.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_selftest.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_sign.c releng/9.3/crypto/openssl/fips/rsa/fips_rsa_x931g.c releng/9.3/crypto/openssl/fips/rsa/fips_rsagtest.c releng/9.3/crypto/openssl/fips/rsa/fips_rsastest.c releng/9.3/crypto/openssl/fips/rsa/fips_rsavtest.c releng/9.3/crypto/openssl/fips/sha/fips_sha1_selftest.c releng/9.3/crypto/openssl/fips/sha/fips_shatest.c releng/9.3/crypto/openssl/fips/sha/fips_standalone_sha1.c releng/9.3/crypto/openssl/openssl.spec releng/9.3/crypto/openssl/ssl/bio_ssl.c releng/9.3/crypto/openssl/ssl/d1_both.c releng/9.3/crypto/openssl/ssl/d1_clnt.c releng/9.3/crypto/openssl/ssl/d1_enc.c releng/9.3/crypto/openssl/ssl/d1_lib.c releng/9.3/crypto/openssl/ssl/d1_meth.c releng/9.3/crypto/openssl/ssl/d1_pkt.c releng/9.3/crypto/openssl/ssl/d1_srvr.c releng/9.3/crypto/openssl/ssl/dtls1.h releng/9.3/crypto/openssl/ssl/kssl.c releng/9.3/crypto/openssl/ssl/kssl.h releng/9.3/crypto/openssl/ssl/kssl_lcl.h releng/9.3/crypto/openssl/ssl/s23_clnt.c releng/9.3/crypto/openssl/ssl/s23_lib.c releng/9.3/crypto/openssl/ssl/s23_meth.c releng/9.3/crypto/openssl/ssl/s23_pkt.c releng/9.3/crypto/openssl/ssl/s23_srvr.c releng/9.3/crypto/openssl/ssl/s2_clnt.c releng/9.3/crypto/openssl/ssl/s2_enc.c releng/9.3/crypto/openssl/ssl/s2_lib.c releng/9.3/crypto/openssl/ssl/s2_meth.c releng/9.3/crypto/openssl/ssl/s2_pkt.c releng/9.3/crypto/openssl/ssl/s2_srvr.c releng/9.3/crypto/openssl/ssl/s3_both.c releng/9.3/crypto/openssl/ssl/s3_cbc.c releng/9.3/crypto/openssl/ssl/s3_clnt.c releng/9.3/crypto/openssl/ssl/s3_enc.c releng/9.3/crypto/openssl/ssl/s3_lib.c releng/9.3/crypto/openssl/ssl/s3_meth.c releng/9.3/crypto/openssl/ssl/s3_pkt.c releng/9.3/crypto/openssl/ssl/s3_srvr.c releng/9.3/crypto/openssl/ssl/ssl.h releng/9.3/crypto/openssl/ssl/ssl2.h releng/9.3/crypto/openssl/ssl/ssl23.h releng/9.3/crypto/openssl/ssl/ssl3.h releng/9.3/crypto/openssl/ssl/ssl_algs.c releng/9.3/crypto/openssl/ssl/ssl_asn1.c releng/9.3/crypto/openssl/ssl/ssl_cert.c releng/9.3/crypto/openssl/ssl/ssl_ciph.c releng/9.3/crypto/openssl/ssl/ssl_err.c releng/9.3/crypto/openssl/ssl/ssl_err2.c releng/9.3/crypto/openssl/ssl/ssl_lib.c releng/9.3/crypto/openssl/ssl/ssl_locl.h releng/9.3/crypto/openssl/ssl/ssl_rsa.c releng/9.3/crypto/openssl/ssl/ssl_sess.c releng/9.3/crypto/openssl/ssl/ssl_stat.c releng/9.3/crypto/openssl/ssl/ssl_task.c releng/9.3/crypto/openssl/ssl/ssl_txt.c releng/9.3/crypto/openssl/ssl/ssltest.c releng/9.3/crypto/openssl/ssl/t1_clnt.c releng/9.3/crypto/openssl/ssl/t1_enc.c releng/9.3/crypto/openssl/ssl/t1_lib.c releng/9.3/crypto/openssl/ssl/t1_meth.c releng/9.3/crypto/openssl/ssl/t1_reneg.c releng/9.3/crypto/openssl/ssl/t1_srvr.c releng/9.3/crypto/openssl/ssl/tls1.h releng/9.3/crypto/openssl/test/dummytest.c releng/9.3/crypto/openssl/test/igetest.c releng/9.3/crypto/openssl/test/methtest.c releng/9.3/crypto/openssl/test/r160test.c releng/9.3/crypto/openssl/util/ck_errf.pl releng/9.3/crypto/openssl/util/mkerr.pl releng/9.3/secure/lib/libcrypto/Makefile releng/9.3/secure/lib/libcrypto/Makefile.inc releng/9.3/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/9.3/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/9.3/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/9.3/secure/lib/libcrypto/man/BIO_ctrl.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_base64.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_md.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_null.3 releng/9.3/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/9.3/secure/lib/libcrypto/man/BIO_find_type.3 releng/9.3/secure/lib/libcrypto/man/BIO_new.3 releng/9.3/secure/lib/libcrypto/man/BIO_push.3 releng/9.3/secure/lib/libcrypto/man/BIO_read.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_accept.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_bio.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_connect.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_fd.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_file.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_mem.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_null.3 releng/9.3/secure/lib/libcrypto/man/BIO_s_socket.3 releng/9.3/secure/lib/libcrypto/man/BIO_set_callback.3 releng/9.3/secure/lib/libcrypto/man/BIO_should_retry.3 releng/9.3/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/9.3/secure/lib/libcrypto/man/BN_CTX_new.3 releng/9.3/secure/lib/libcrypto/man/BN_CTX_start.3 releng/9.3/secure/lib/libcrypto/man/BN_add.3 releng/9.3/secure/lib/libcrypto/man/BN_add_word.3 releng/9.3/secure/lib/libcrypto/man/BN_bn2bin.3 releng/9.3/secure/lib/libcrypto/man/BN_cmp.3 releng/9.3/secure/lib/libcrypto/man/BN_copy.3 releng/9.3/secure/lib/libcrypto/man/BN_generate_prime.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/9.3/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/9.3/secure/lib/libcrypto/man/BN_new.3 releng/9.3/secure/lib/libcrypto/man/BN_num_bytes.3 releng/9.3/secure/lib/libcrypto/man/BN_rand.3 releng/9.3/secure/lib/libcrypto/man/BN_set_bit.3 releng/9.3/secure/lib/libcrypto/man/BN_swap.3 releng/9.3/secure/lib/libcrypto/man/BN_zero.3 releng/9.3/secure/lib/libcrypto/man/CONF_modules_free.3 releng/9.3/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/9.3/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/9.3/secure/lib/libcrypto/man/DH_generate_key.3 releng/9.3/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/9.3/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/DH_new.3 releng/9.3/secure/lib/libcrypto/man/DH_set_method.3 releng/9.3/secure/lib/libcrypto/man/DH_size.3 releng/9.3/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/9.3/secure/lib/libcrypto/man/DSA_do_sign.3 releng/9.3/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/9.3/secure/lib/libcrypto/man/DSA_generate_key.3 releng/9.3/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/9.3/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/DSA_new.3 releng/9.3/secure/lib/libcrypto/man/DSA_set_method.3 releng/9.3/secure/lib/libcrypto/man/DSA_sign.3 releng/9.3/secure/lib/libcrypto/man/DSA_size.3 releng/9.3/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/9.3/secure/lib/libcrypto/man/ERR_clear_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_error_string.3 releng/9.3/secure/lib/libcrypto/man/ERR_get_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/9.3/secure/lib/libcrypto/man/ERR_load_strings.3 releng/9.3/secure/lib/libcrypto/man/ERR_print_errors.3 releng/9.3/secure/lib/libcrypto/man/ERR_put_error.3 releng/9.3/secure/lib/libcrypto/man/ERR_remove_state.3 releng/9.3/secure/lib/libcrypto/man/ERR_set_mark.3 releng/9.3/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/9.3/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/9.3/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/9.3/secure/lib/libcrypto/man/EVP_SealInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_SignInit.3 releng/9.3/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/9.3/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_config.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/9.3/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/9.3/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/9.3/secure/lib/libcrypto/man/PKCS12_create.3 releng/9.3/secure/lib/libcrypto/man/PKCS12_parse.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_sign.3 releng/9.3/secure/lib/libcrypto/man/PKCS7_verify.3 releng/9.3/secure/lib/libcrypto/man/RAND_add.3 releng/9.3/secure/lib/libcrypto/man/RAND_bytes.3 releng/9.3/secure/lib/libcrypto/man/RAND_cleanup.3 releng/9.3/secure/lib/libcrypto/man/RAND_egd.3 releng/9.3/secure/lib/libcrypto/man/RAND_load_file.3 releng/9.3/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/9.3/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/9.3/secure/lib/libcrypto/man/RSA_check_key.3 releng/9.3/secure/lib/libcrypto/man/RSA_generate_key.3 releng/9.3/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/9.3/secure/lib/libcrypto/man/RSA_new.3 releng/9.3/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/9.3/secure/lib/libcrypto/man/RSA_print.3 releng/9.3/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/9.3/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/9.3/secure/lib/libcrypto/man/RSA_set_method.3 releng/9.3/secure/lib/libcrypto/man/RSA_sign.3 releng/9.3/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/9.3/secure/lib/libcrypto/man/RSA_size.3 releng/9.3/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/9.3/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/9.3/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/9.3/secure/lib/libcrypto/man/X509_new.3 releng/9.3/secure/lib/libcrypto/man/bio.3 releng/9.3/secure/lib/libcrypto/man/blowfish.3 releng/9.3/secure/lib/libcrypto/man/bn.3 releng/9.3/secure/lib/libcrypto/man/bn_internal.3 releng/9.3/secure/lib/libcrypto/man/buffer.3 releng/9.3/secure/lib/libcrypto/man/crypto.3 releng/9.3/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/9.3/secure/lib/libcrypto/man/d2i_DHparams.3 releng/9.3/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/9.3/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/9.3/secure/lib/libcrypto/man/des.3 releng/9.3/secure/lib/libcrypto/man/dh.3 releng/9.3/secure/lib/libcrypto/man/dsa.3 releng/9.3/secure/lib/libcrypto/man/ecdsa.3 releng/9.3/secure/lib/libcrypto/man/engine.3 releng/9.3/secure/lib/libcrypto/man/err.3 releng/9.3/secure/lib/libcrypto/man/evp.3 releng/9.3/secure/lib/libcrypto/man/hmac.3 releng/9.3/secure/lib/libcrypto/man/lh_stats.3 releng/9.3/secure/lib/libcrypto/man/lhash.3 releng/9.3/secure/lib/libcrypto/man/md5.3 releng/9.3/secure/lib/libcrypto/man/mdc2.3 releng/9.3/secure/lib/libcrypto/man/pem.3 releng/9.3/secure/lib/libcrypto/man/rand.3 releng/9.3/secure/lib/libcrypto/man/rc4.3 releng/9.3/secure/lib/libcrypto/man/ripemd.3 releng/9.3/secure/lib/libcrypto/man/rsa.3 releng/9.3/secure/lib/libcrypto/man/sha.3 releng/9.3/secure/lib/libcrypto/man/threads.3 releng/9.3/secure/lib/libcrypto/man/ui.3 releng/9.3/secure/lib/libcrypto/man/ui_compat.3 releng/9.3/secure/lib/libcrypto/man/x509.3 releng/9.3/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/9.3/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_free.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_new.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/9.3/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_free.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/9.3/secure/lib/libssl/man/SSL_accept.3 releng/9.3/secure/lib/libssl/man/SSL_alert_type_string.3 releng/9.3/secure/lib/libssl/man/SSL_clear.3 releng/9.3/secure/lib/libssl/man/SSL_connect.3 releng/9.3/secure/lib/libssl/man/SSL_do_handshake.3 releng/9.3/secure/lib/libssl/man/SSL_free.3 releng/9.3/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/9.3/secure/lib/libssl/man/SSL_get_ciphers.3 releng/9.3/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/9.3/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/9.3/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/9.3/secure/lib/libssl/man/SSL_get_error.3 releng/9.3/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/9.3/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/9.3/secure/lib/libssl/man/SSL_get_fd.3 releng/9.3/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/9.3/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/9.3/secure/lib/libssl/man/SSL_get_rbio.3 releng/9.3/secure/lib/libssl/man/SSL_get_session.3 releng/9.3/secure/lib/libssl/man/SSL_get_verify_result.3 releng/9.3/secure/lib/libssl/man/SSL_get_version.3 releng/9.3/secure/lib/libssl/man/SSL_library_init.3 releng/9.3/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/9.3/secure/lib/libssl/man/SSL_new.3 releng/9.3/secure/lib/libssl/man/SSL_pending.3 releng/9.3/secure/lib/libssl/man/SSL_read.3 releng/9.3/secure/lib/libssl/man/SSL_rstate_string.3 releng/9.3/secure/lib/libssl/man/SSL_session_reused.3 releng/9.3/secure/lib/libssl/man/SSL_set_bio.3 releng/9.3/secure/lib/libssl/man/SSL_set_connect_state.3 releng/9.3/secure/lib/libssl/man/SSL_set_fd.3 releng/9.3/secure/lib/libssl/man/SSL_set_session.3 releng/9.3/secure/lib/libssl/man/SSL_set_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_set_verify_result.3 releng/9.3/secure/lib/libssl/man/SSL_shutdown.3 releng/9.3/secure/lib/libssl/man/SSL_state_string.3 releng/9.3/secure/lib/libssl/man/SSL_want.3 releng/9.3/secure/lib/libssl/man/SSL_write.3 releng/9.3/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/9.3/secure/lib/libssl/man/ssl.3 releng/9.3/secure/usr.bin/openssl/man/CA.pl.1 releng/9.3/secure/usr.bin/openssl/man/asn1parse.1 releng/9.3/secure/usr.bin/openssl/man/ca.1 releng/9.3/secure/usr.bin/openssl/man/ciphers.1 releng/9.3/secure/usr.bin/openssl/man/crl.1 releng/9.3/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/9.3/secure/usr.bin/openssl/man/dgst.1 releng/9.3/secure/usr.bin/openssl/man/dhparam.1 releng/9.3/secure/usr.bin/openssl/man/dsa.1 releng/9.3/secure/usr.bin/openssl/man/dsaparam.1 releng/9.3/secure/usr.bin/openssl/man/ec.1 releng/9.3/secure/usr.bin/openssl/man/ecparam.1 releng/9.3/secure/usr.bin/openssl/man/enc.1 releng/9.3/secure/usr.bin/openssl/man/errstr.1 releng/9.3/secure/usr.bin/openssl/man/gendsa.1 releng/9.3/secure/usr.bin/openssl/man/genrsa.1 releng/9.3/secure/usr.bin/openssl/man/nseq.1 releng/9.3/secure/usr.bin/openssl/man/ocsp.1 releng/9.3/secure/usr.bin/openssl/man/openssl.1 releng/9.3/secure/usr.bin/openssl/man/passwd.1 releng/9.3/secure/usr.bin/openssl/man/pkcs12.1 releng/9.3/secure/usr.bin/openssl/man/pkcs7.1 releng/9.3/secure/usr.bin/openssl/man/pkcs8.1 releng/9.3/secure/usr.bin/openssl/man/rand.1 releng/9.3/secure/usr.bin/openssl/man/req.1 releng/9.3/secure/usr.bin/openssl/man/rsa.1 releng/9.3/secure/usr.bin/openssl/man/rsautl.1 releng/9.3/secure/usr.bin/openssl/man/s_client.1 releng/9.3/secure/usr.bin/openssl/man/s_server.1 releng/9.3/secure/usr.bin/openssl/man/s_time.1 releng/9.3/secure/usr.bin/openssl/man/sess_id.1 releng/9.3/secure/usr.bin/openssl/man/smime.1 releng/9.3/secure/usr.bin/openssl/man/speed.1 releng/9.3/secure/usr.bin/openssl/man/spkac.1 releng/9.3/secure/usr.bin/openssl/man/verify.1 releng/9.3/secure/usr.bin/openssl/man/version.1 releng/9.3/secure/usr.bin/openssl/man/x509.1 releng/9.3/secure/usr.bin/openssl/man/x509v3_config.1 releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Mon Mar 7 16:20:01 2016 (r296464) +++ releng/9.3/UPDATING Mon Mar 7 16:22:11 2016 (r296465) @@ -11,6 +11,10 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20160303 p37 FreeBSD-SA-16:12.openssl + + Fix multiple vulnerabilities of OpenSSL. + 20160130 p36 FreeBSD-SA-16:11.openssl Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability. [SA-16:11] Modified: releng/9.3/crypto/openssl/CHANGES ============================================================================== --- releng/9.3/crypto/openssl/CHANGES Mon Mar 7 16:20:01 2016 (r296464) +++ releng/9.3/crypto/openssl/CHANGES Mon Mar 7 16:22:11 2016 (r296465) @@ -2,6 +2,170 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Böck. + (CVE-2015-1789) + [Emilia Käsper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Käsper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + + Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015] + + *) Segmentation fault in ASN1_TYPE_cmp fix + + The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is + made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check + certificate signature algorithm consistency this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + (CVE-2015-0286) + [Stephen Henson] + + *) ASN.1 structure reuse memory corruption fix + + Reusing a structure in ASN.1 parsing may allow an attacker to cause + memory corruption via an invalid write. Such reuse is and has been + strongly discouraged and is believed to be rare. + + Applications that parse structures containing CHOICE or ANY DEFINED BY + components may be affected. Certificate parsing (d2i_X509 and related + functions) are however not affected. OpenSSL clients and servers are + not affected. + (CVE-2015-0287) + [Stephen Henson] + + *) PKCS7 NULL pointer dereferences fix + + The PKCS#7 parsing code does not handle missing outer ContentInfo + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with + missing content and trigger a NULL pointer dereference on parsing. + + Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or + otherwise parse PKCS#7 structures from untrusted sources are + affected. OpenSSL clients and servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-0289) + [Emilia Käsper] + + *) DoS via reachable assert in SSLv2 servers fix + + A malicious client can trigger an OPENSSL_assert (i.e., an abort) in + servers that both support SSLv2 and enable export cipher suites by sending + a specially crafted SSLv2 CLIENT-MASTER-KEY message. + + This issue was discovered by Sean Burford (Google) and Emilia Käsper + (OpenSSL development team). + (CVE-2015-0293) + [Emilia Käsper] + + *) Use After Free following d2i_ECPrivatekey error fix + + A malformed EC private key file consumed via the d2i_ECPrivateKey function + could cause a use after free condition. This, in turn, could cause a double + free in several private key parsing functions (such as d2i_PrivateKey + or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption + for applications that receive EC private keys from untrusted + sources. This scenario is considered rare. + + This issue was discovered by the BoringSSL project and fixed in their + commit 517073cd4b. + (CVE-2015-0209) + [Matt Caswell] + + *) X509_to_X509_REQ NULL pointer deref fix + + The function X509_to_X509_REQ will crash with a NULL pointer dereference if + the certificate key is invalid. This function is rarely used in practice. + + This issue was discovered by Brian Carpenter. + (CVE-2015-0288) + [Stephen Henson] + + *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers + [Kurt Roeckx] + + Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS Modified: releng/9.3/crypto/openssl/FAQ ============================================================================== --- releng/9.3/crypto/openssl/FAQ Mon Mar 7 16:20:01 2016 (r296464) +++ releng/9.3/crypto/openssl/FAQ Mon Mar 7 16:22:11 2016 (r296465) @@ -1,1039 +1,2 @@ -OpenSSL - Frequently Asked Questions --------------------------------------- - -[MISC] Miscellaneous questions - -* Which is the current version of OpenSSL? -* Where is the documentation? -* How can I contact the OpenSSL developers? -* Where can I get a compiled version of OpenSSL? -* Why aren't tools like 'autoconf' and 'libtool' used? -* What is an 'engine' version? -* How do I check the authenticity of the OpenSSL distribution? -* How does the versioning scheme work? - -[LEGAL] Legal questions - -* Do I need patent licenses to use OpenSSL? -* Can I use OpenSSL with GPL software? - -[USER] Questions on using the OpenSSL applications - -* Why do I get a "PRNG not seeded" error message? -* Why do I get an "unable to write 'random state'" error message? -* How do I create certificates or certificate requests? -* Why can't I create certificate requests? -* Why does <SSL program> fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? -* What is a "128 bit certificate"? Can I create one with OpenSSL? -* Why does OpenSSL set the authority key identifier extension incorrectly? -* How can I set up a bundle of commercial root CA certificates? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL test fail with "bc: stack empty"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? -* What is special about OpenSSL on Redhat? -* Why does the OpenSSL compilation fail on MacOS X? -* Why does the OpenSSL test suite fail on MacOS X? -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? -* Why does compiler fail to compile sha512.c? -* Test suite still fails, what to do? -* I think I've found a bug, what should I do? -* I'm SURE I've found a bug, how do I report it? -* I've found a security issue, how do I report it? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* OpenSSL uses DER but I need BER format: does OpenSSL support BER? -* I've tried using <M_some_evil_pkcs12_macro> and I get errors why? -* I've called <some function> and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? -* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? -* I think I've detected a memory leak, is this a bug? -* Why does Valgrind complain about the use of uninitialized data? -* Why doesn't a memory BIO work when a file does? -* Where are the declarations and implementations of d2i_X509() etc? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.1d was released on Feb 5th, 2013. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at <URL: -ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. Many -manual pages are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -<URL: http://www.openssl.org/docs/>. Note that the online documents refer -to the very latest development versions of OpenSSL and may include features -not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. The pod format -documentation is included in each OpenSSL distribution under the docs -directory. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -<URL: http://www.openssl.org>. - - -* Where can I get a compiled version of OpenSSL? - -You can finder pointers to binary distributions in -<URL: http://www.openssl.org/related/binaries.html>; . - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to build OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 the changes were merged into the main development line, -so that the special release is no longer necessary. - -* How do I check the authenticity of the OpenSSL distribution? - -We provide MD5 digests and ASC signatures of each tarball. -Use MD5 to check that a tarball from a mirror site is identical: - - md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 - -You can check authenticity using pgp or gpg. You need the OpenSSL team -member public key used to sign it (download it from a key server, see a -list of keys at <URL: http://www.openssl.org/about/>). Then -just do: - - pgp TARBALL.asc - -* How does the versioning scheme work? - -After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter -releases (e.g. 1.0.1a) can only contain bug and security fixes and no -new features. Minor releases change the last number (e.g. 1.0.2) and -can contain new features that retain binary compatibility. Changes to -the middle number are considered major releases and neither source nor -binary compatibility is guaranteed. - -Therefore the answer to the common question "when will feature X be -backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear -in the next minor release. - -[LEGAL] ======================================================================= - -* Do I need patent licenses to use OpenSSL? - -The patents section of the README file lists patents that may apply to -you if you want to use OpenSSL. For information on intellectual -property rights, please consult a lawyer. The OpenSSL team does not -offer legal advice. - -You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using - ./config no-idea no-mdc2 no-rc5 - - -* Can I use OpenSSL with GPL software? - -On many systems including the major Linux and BSD distributions, yes (the -GPL does not place restrictions on using libraries that are part of the -normal operating system distribution). - -On other systems, the situation is less clear. Some GPL software copyright -holders claim that you infringe on their rights if you use OpenSSL with -their software on operating systems that don't normally include OpenSSL. - -If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitly that -"This program is released under the GPL with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed." If you are using -GPL software developed by others, you may want to ask the copyright holder -for permission to use their software with OpenSSL. - - -[USER] ======================================================================== - -* Why do I get a "PRNG not seeded" error message? - -Cryptographic software needs a source of unpredictable data to work -correctly. Many open source operating systems provide a "randomness -device" (/dev/urandom or /dev/random) that serves this purpose. -All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not -available. - -On other systems, applications have to call the RAND_add() or -RAND_seed() function with appropriate data before generating keys or -performing public key encryption. (These functions initialize the -pseudo-random number generator, PRNG.) Some broken applications do -not do this. As of version 0.9.5, the OpenSSL functions that need -randomness report an error if the random number generator has not been -seeded with at least 128 bits of randomness. If this error occurs and -is not discussed in the documentation of the application you are -using, please contact the author of that application; it is likely -that it never worked correctly. OpenSSL 0.9.5 and later make the -error visible by refusing to perform potentially insecure encryption. - -If you are using Solaris 8, you can add /dev/urandom and /dev/random -devices by installing patch 112438 (Sparc) or 112439 (x86), which are -available via the Patchfinder at <URL: http://sunsolve.sun.com>; -(Solaris 9 includes these devices by default). For /dev/random support -for earlier Solaris versions, see Sun's statement at -<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>; -(the SUNWski package is available in patch 105710). - -On systems without /dev/urandom and /dev/random, it is a good idea to -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for -details. Starting with version 0.9.7, OpenSSL will automatically look -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and -/etc/entropy. - -Most components of the openssl command line utility automatically try -to seed the random number generator from a file. The name of the -default seeding file is determined as follows: If environment variable -RANDFILE is set, then it names the seeding file. Otherwise if -environment variable HOME is set, then the seeding file is $HOME/.rnd. -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will -use file .rnd in the current directory while OpenSSL 0.9.6a uses no -default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:\" for HOME on -Windows systems if the environment variable has not been set. - -If the default seeding file does not exist or is too short, the "PRNG -not seeded" error message may occur. - -The openssl command line utility will write back a new state to the -default seeding file (and create this file if necessary) unless -there was no sufficient seeding. - -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. -Use the "-rand" option of the OpenSSL command line tools instead. -The $RANDFILE environment variable and $HOME/.rnd are only used by the -OpenSSL command line tools. Applications using the OpenSSL library -provide their own configuration options to specify the entropy source, -please check out the documentation coming the with application. - - -* Why do I get an "unable to write 'random state'" error message? - - -Sometimes the openssl command line utility does not abort with -a "PRNG not seeded" error message, but complains that it is -"unable to write 'random state'". This message refers to the -default seeding file (see previous answer). A possible reason -is that no default filename is known because neither RANDFILE -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the -current directory in this case, but this has changed with 0.9.6a.) - - -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (in ca(1), req(1), x509v3_config(5) ) - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does <SSL program> fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - -* Why can't I use OpenSSL certificates with SSL client authentication? - -What will typically happen is that when a server requests authentication -it will either not include your certificate or tell you that you have -no client certificates (Netscape) or present you with an empty list box -(MSIE). The reason for this is that when a server requests a client -certificate it includes a list of CAs names which it will accept. Browsers -will only let you select certificates from the list on the grounds that -there is little point presenting a certificate which the server will -reject. - -The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server software in uses. You can -print out the servers list of acceptable CAs using the OpenSSL s_client tool: - -openssl s_client -connect www.some.host:443 -prexit - -If your server only requests certificates on certain URLs then you may need -to manually issue an HTTP GET command to get the list when s_client connects: - -GET /some/page/needing/a/certificate.html - -If your CA does not appear in the list then this confirms the problem. - - -* Why does my browser give a warning about a mismatched hostname? - -Browsers expect the server's hostname to match the value in the commonName -(CN) field of the certificate. If it does not then you get a warning. - - -* How do I install a CA certificate into a browser? - -The usual way is to send the DER encoded certificate to the browser as -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate -link. On MSIE certain extensions such as .der or .cacert may also work, or you -can import the certificate using the certificate import wizard. - -You can convert a certificate to DER form using the command: - -openssl x509 -in ca.pem -outform DER -out ca.der - -Occasionally someone suggests using a command such as: - -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem - -DO NOT DO THIS! This command will give away your CAs private key and -reduces its security to zero: allowing anyone to forge certificates in -whatever name they choose. - -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -The ways to print out the oneline format of the DN (Distinguished Name) have -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() -interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour -has however been left as default for the sake of compatibility. - -* What is a "128 bit certificate"? Can I create one with OpenSSL? - -The term "128 bit certificate" is a highly misleading marketing term. It does -*not* refer to the size of the public key in the certificate! A certificate -containing a 128 bit RSA key would have negligible security. - -There were various other names such as "magic certificates", "SGC -certificates", "step up certificates" etc. - -You can't generally create such a certificate using OpenSSL but there is no -need to any more. Nowadays web browsers using unrestricted strong encryption -are generally available. - -When there were tight restrictions on the export of strong encryption -software from the US only weak encryption algorithms could be freely exported -(initially 40 bit and then 56 bit). It was widely recognised that this was -inadequate. A relaxation of the rules allowed the use of strong encryption but -only to an authorised server. - -Two slighly different techniques were developed to support this, one used by -Netscape was called "step up", the other used by MSIE was called "Server Gated -Cryptography" (SGC). When a browser initially connected to a server it would -check to see if the certificate contained certain extensions and was issued by -an authorised authority. If these test succeeded it would reconnect using -strong encryption. - -Only certain (initially one) certificate authorities could issue the -certificates and they generally cost more than ordinary certificates. - -Although OpenSSL can create certificates containing the appropriate extensions -the certificate would not come from a permitted authority and so would not -be recognized. - -The export laws were later changed to allow almost unrestricted use of strong -encryption so these certificates are now obsolete. - - -* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly? - -It doesn't: this extension is often the cause of confusion. - -Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose -certificate C contains AKID. - -The purpose of this extension is to identify the authority certificate B. This -can be done either by including the subject key identifier of B or its issuer -name and serial number. - -In this latter case because it is identifying certifcate B it must contain the -issuer name and serial number of B. - -It is often wrongly assumed that it should contain the subject name of B. If it -did this would be redundant information because it would duplicate the issuer -name of C. - - -* How can I set up a bundle of commercial root CA certificates? - -The OpenSSL software is shipped without any root CA certificate as the -OpenSSL project does not have any policy on including or excluding -any specific CA and does not intend to set up such a policy. Deciding -about which CAs to support is up to application developers or -administrators. - -Other projects do have other policies so you can for example extract the CA -bundle used by Mozilla and/or modssl as described in this article: - - <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>; - - -[BUILD] ======================================================================= - -* Why does the linker complain about undefined symbols? - -Maybe the compilation was interrupted, and make doesn't notice that -something is missing. Run "make clean; make". - -If you used ./Configure instead of ./config, make sure that you -selected the right target. File formats may differ slightly between -OS versions (for example sparcv8/sparcv9, or a.out/elf). - -In case you get errors about the following symbols, use the config -option "no-asm", as described in INSTALL: - - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order - -If none of these helps, you may want to try using the current snapshot. -If the problem persists, please submit a bug report. - - -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered -when you run the test suite (using "make test"). The message returned is -"bc: 1 not implemented". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>; -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL test fail with "bc: stack empty"? - -On some DG/ux versions, bc seems to have a too small stack for calculations -that the OpenSSL bntest throws at it. This gets triggered when you run the -test suite (using "make test"). The message returned is "bc: stack empty". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see <URL: http://www.gnu.org/software/software.html>; -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? - -On some Alpha installations running Tru64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). - -There are three options to solve this problem: - -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. - -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: - ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - -3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It -should not be used and is not used in SSL/TLS nor any other recognized -protocol in either case. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem for VC++ versions up to 6, one should run -VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ -installation directory (somewhere under 'Program Files'). For VC++ -version 7 (and up?), which is also called VS.NET, the file is called -VSVARS32.BAT instead. -This needs to be done prior to running NMAKE, and the changes are only -valid for the current DOS session. - - -* What is special about OpenSSL on Redhat? - -Red Hat Linux (release 7.0 and later) include a preinstalled limited -version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 -is disabled in this version. The same may apply to other Linux distributions. -Users may therefore wish to install more or all of the features left out. - -To do this you MUST ensure that you do not overwrite the openssl that is in -/usr/bin on your Red Hat machine. Several packages depend on this file, -including sendmail and ssh. /usr/local/bin is a good alternative choice. The -libraries that come with Red Hat 7.0 onwards have different names and so are -not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and -/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and -/lib/libcrypto.so.2 respectively). - -Please note that we have been advised by Red Hat attempting to recompile the -openssl rpm with all the cryptography enabled will not work. All other -packages depend on the original Red Hat supplied openssl package. It is also -worth noting that due to the way Red Hat supplies its packages, updates to -openssl on each distribution never change the package version, only the -build number. For example, on Red Hat 7.1, the latest openssl package has -version number 0.9.6 and build number 9 even though it contains all the -relevant updates in packages up to and including 0.9.6b. - -A possible way around this is to persuade Red Hat to produce a non-US -version of Red Hat Linux. - -FYI: Patent numbers and expiry dates of US patents: -MDC-2: 4,908,861 13/03/2007 -IDEA: 5,214,703 25/05/2010 -RC5: 5,724,428 03/03/2015 - - -* Why does the OpenSSL compilation fail on MacOS X? - -If the failure happens when trying to build the "openssl" binary, with -a large number of undefined symbols, it's very probable that you have -OpenSSL 0.9.6b delivered with the operating system (you can find out by -running '/usr/bin/openssl version') and that you were trying to build -OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in -MacOS X has a misfeature that's quite difficult to go around. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - - -* Why does the OpenSSL test suite fail on MacOS X? - -If the failure happens when running 'make test' and the RC4 test fails, -it's very probable that you have OpenSSL 0.9.6b delivered with the -operating system (you can find out by running '/usr/bin/openssl version') -and that you were trying to build OpenSSL 0.9.6d. The problem is that -the loader ('ld') in MacOS X has a misfeature that's quite difficult to -go around and has linked the programs "openssl" and the test programs -with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the -libraries you just built. -Look in the file PROBLEMS for a more detailed explanation and for possible -solutions. - -* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]? - -Failure in BN_sqr test is most likely caused by a failure to configure the -toolkit for current platform or lack of support for the platform in question. -Run './config -t' and './apps/openssl version -p'. Do these platform -identifiers match? If they don't, then you most likely failed to run -./config and you're hereby advised to do so before filing a bug report. -If ./config itself fails to run, then it's most likely problem with your -local environment and you should turn to your system administrator (or -similar). If identifiers match (and/or no alternative identifier is -suggested by ./config script), then the platform is unsupported. There might -or might not be a workaround. Most notably on SPARC64 platforms with GNU -C compiler you should be able to produce a working build by running -'./config -m32'. I understand that -m32 might not be what you want/need, -but the build should be operational. For further details turn to -<openssl-dev@openssl.org>. - -* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"? - -As of 0.9.7 assembler routines were overhauled for position independence -of the machine code, which is essential for shared library support. For -some reason OpenBSD is equipped with an out-of-date GNU assembler which -finds the new code offensive. To work around the problem, configure with -no-asm (and sacrifice a great deal of performance) or patch your assembler -according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. -For your convenience a pre-compiled replacement binary is provided at -<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. -Reportedly elder *BSD a.out platforms also suffer from this problem and -remedy should be same. Provided binary is statically linked and should be -working across wider range of *BSD branches, not just OpenBSD. - -* Why does the OpenSSL test suite fail in sha512t on x86 CPU? - -If the test program in question fails withs SIGILL, Illegal Instruction -exception, then you more than likely to run SSE2-capable CPU, such as -Intel P4, under control of kernel which does not support SSE2 -instruction extentions. See accompanying INSTALL file and -OPENSSL_ia32cap(3) documentation page for further information. - -* Why does compiler fail to compile sha512.c? - -OpenSSL SHA-512 implementation depends on compiler support for 64-bit -integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a -couple] lack support for this and therefore are incapable of compiling -the module in question. The recommendation is to disable SHA-512 by -adding no-sha512 to ./config [or ./Configure] command line. Another -possible alternative might be to switch to GCC. - -* Test suite still fails, what to do? - -Another common reason for failure to complete some particular test is -simply bad code generated by a buggy component in toolchain or deficiency -in run-time environment. There are few cases documented in PROBLEMS file, -consult it for possible workaround before you beat the drum. Even if you -don't find solution or even mention there, do reserve for possibility of -a compiler bug. Compiler bugs might appear in rather bizarre ways, they -never make sense, and tend to emerge when you least expect them. In order -to identify one, drop optimization level, e.g. by editing CFLAG line in -top-level Makefile, recompile and re-run the test. - -* I think I've found a bug, what should I do? - -If you are a new user then it is quite likely you haven't found a bug and -something is happening you aren't familiar with. Check this FAQ, the associated -documentation and the mailing lists for similar queries. If you are still -unsure whether it is a bug or not submit a query to the openssl-users mailing -list. - - -* I'm SURE I've found a bug, how do I report it? - -Bug reports with no security implications should be sent to the request -tracker. This can be done by mailing the report to <rt@openssl.org> (or its -alias <openssl-bugs@openssl.org>), please note that messages sent to the -request tracker also appear in the public openssl-dev mailing list. - -The report should be in plain text. Any patches should be sent as -plain text attachments because some mailers corrupt patches sent inline. -If your issue affects multiple versions of OpenSSL check any patches apply -cleanly and, if possible include patches to each affected version. - -The report should be given a meaningful subject line briefly summarising the -issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful. - -By sending reports to the request tracker the bug can then be given a priority -and assigned to the appropriate maintainer. The history of discussions can be -accessed and if the issue has been addressed or a reason why not. If patches -are only sent to openssl-dev they can be mislaid if a team member has to -wade through months of old messages to review the discussion. - -See also <URL: http://www.openssl.org/support/rt.html>; - - -* I've found a security issue, how do I report it? - -If you think your bug has security implications then please send it to -openssl-security@openssl.org if you don't get a prompt reply at least -acknowledging receipt then resend or mail it directly to one of the -more active team members (e.g. Steve). - -Note that bugs only present in the openssl utility are not in general -considered to be security issues. - -[PROG] ======================================================================== - -* Is OpenSSL thread-safe? - -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. - -* I've compiled a program under Windows and it crashes: why? - -This is usually because you've missed the comment in INSTALL.W32. -Your application must link against the same version of the Win32 -C-Runtime against which your openssl libraries were linked. The -default version for OpenSSL is /MD - "Multithreaded DLL". - -If you are using Microsoft Visual C++'s IDE (Visual Studio), in -many cases, your new project most likely defaulted to "Debug -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your -program will crash, typically on the first BIO related read or write -operation. - -For each of the six possible link stage configurations within Win32, -your application must link against the same by which OpenSSL was -built. If you are using MS Visual C++ (Studio) this can be changed -by: - - 1. Select Settings... from the Project Menu. - 2. Select the C/C++ Tab. - 3. Select "Code Generation from the "Category" drop down list box - 4. Select the Appropriate library (see table below) from the "Use - run-time library" drop down list box. Perform this step for both - your debug and release versions of your application (look at the - top left of the settings panel to change between the two) - *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603071622.u27GMC4a082792>