Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Jan 2016 21:42:10 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r295016 - in stable/10: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/camel...
Message-ID:  <201601282142.u0SLgA10028669@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Thu Jan 28 21:42:10 2016
New Revision: 295016
URL: https://svnweb.freebsd.org/changeset/base/295016

Log:
  Merge OpenSSL 1.0.1r.
  
  Relnotes:	yes

Added:
  stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
     - copied unchanged from r295003, vendor-crypto/openssl/dist-1.0.1/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
  stable/10/crypto/openssl/util/pod2mantest
     - copied unchanged from r295003, vendor-crypto/openssl/dist-1.0.1/util/pod2mantest
  stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3   (contents, props changed)
Modified:
  stable/10/crypto/openssl/ACKNOWLEDGMENTS
  stable/10/crypto/openssl/CHANGES
  stable/10/crypto/openssl/Configure
  stable/10/crypto/openssl/INSTALL
  stable/10/crypto/openssl/LICENSE
  stable/10/crypto/openssl/Makefile
  stable/10/crypto/openssl/Makefile.org
  stable/10/crypto/openssl/NEWS
  stable/10/crypto/openssl/README
  stable/10/crypto/openssl/apps/engine.c
  stable/10/crypto/openssl/apps/ocsp.c
  stable/10/crypto/openssl/apps/pkcs12.c
  stable/10/crypto/openssl/apps/speed.c
  stable/10/crypto/openssl/apps/x509.c
  stable/10/crypto/openssl/crypto/aes/aes.h
  stable/10/crypto/openssl/crypto/aes/aes_cbc.c
  stable/10/crypto/openssl/crypto/aes/aes_cfb.c
  stable/10/crypto/openssl/crypto/aes/aes_core.c
  stable/10/crypto/openssl/crypto/aes/aes_ctr.c
  stable/10/crypto/openssl/crypto/aes/aes_ecb.c
  stable/10/crypto/openssl/crypto/aes/aes_ige.c
  stable/10/crypto/openssl/crypto/aes/aes_locl.h
  stable/10/crypto/openssl/crypto/aes/aes_misc.c
  stable/10/crypto/openssl/crypto/aes/aes_ofb.c
  stable/10/crypto/openssl/crypto/aes/aes_x86core.c
  stable/10/crypto/openssl/crypto/bio/bio.h
  stable/10/crypto/openssl/crypto/bio/bss_bio.c
  stable/10/crypto/openssl/crypto/bio/bss_conn.c
  stable/10/crypto/openssl/crypto/bio/bss_dgram.c
  stable/10/crypto/openssl/crypto/bn/bn_exp.c
  stable/10/crypto/openssl/crypto/bn/exptest.c
  stable/10/crypto/openssl/crypto/camellia/camellia.c
  stable/10/crypto/openssl/crypto/camellia/camellia.h
  stable/10/crypto/openssl/crypto/camellia/cmll_cbc.c
  stable/10/crypto/openssl/crypto/camellia/cmll_cfb.c
  stable/10/crypto/openssl/crypto/camellia/cmll_ctr.c
  stable/10/crypto/openssl/crypto/camellia/cmll_ecb.c
  stable/10/crypto/openssl/crypto/camellia/cmll_locl.h
  stable/10/crypto/openssl/crypto/camellia/cmll_misc.c
  stable/10/crypto/openssl/crypto/camellia/cmll_ofb.c
  stable/10/crypto/openssl/crypto/camellia/cmll_utl.c
  stable/10/crypto/openssl/crypto/des/des_old.c
  stable/10/crypto/openssl/crypto/des/des_old.h
  stable/10/crypto/openssl/crypto/des/des_old2.c
  stable/10/crypto/openssl/crypto/dsa/dsa_ossl.c
  stable/10/crypto/openssl/crypto/dso/dso.h
  stable/10/crypto/openssl/crypto/dso/dso_dl.c
  stable/10/crypto/openssl/crypto/dso/dso_dlfcn.c
  stable/10/crypto/openssl/crypto/dso/dso_lib.c
  stable/10/crypto/openssl/crypto/ec/ectest.c
  stable/10/crypto/openssl/crypto/engine/eng_all.c
  stable/10/crypto/openssl/crypto/evp/e_camellia.c
  stable/10/crypto/openssl/crypto/evp/e_old.c
  stable/10/crypto/openssl/crypto/evp/e_seed.c
  stable/10/crypto/openssl/crypto/mem_clr.c
  stable/10/crypto/openssl/crypto/o_dir.c
  stable/10/crypto/openssl/crypto/o_dir.h
  stable/10/crypto/openssl/crypto/o_dir_test.c
  stable/10/crypto/openssl/crypto/o_str.c
  stable/10/crypto/openssl/crypto/o_str.h
  stable/10/crypto/openssl/crypto/o_time.c
  stable/10/crypto/openssl/crypto/o_time.h
  stable/10/crypto/openssl/crypto/opensslv.h
  stable/10/crypto/openssl/crypto/rc4/rc4_utl.c
  stable/10/crypto/openssl/crypto/rsa/rsa_chk.c
  stable/10/crypto/openssl/crypto/rsa/rsa_sign.c
  stable/10/crypto/openssl/crypto/seed/seed_cbc.c
  stable/10/crypto/openssl/crypto/seed/seed_cfb.c
  stable/10/crypto/openssl/crypto/seed/seed_ecb.c
  stable/10/crypto/openssl/crypto/seed/seed_ofb.c
  stable/10/crypto/openssl/crypto/sha/sha1test.c
  stable/10/crypto/openssl/crypto/store/store.h
  stable/10/crypto/openssl/crypto/store/str_lib.c
  stable/10/crypto/openssl/crypto/store/str_locl.h
  stable/10/crypto/openssl/crypto/store/str_mem.c
  stable/10/crypto/openssl/crypto/store/str_meth.c
  stable/10/crypto/openssl/crypto/ts/ts_rsp_verify.c
  stable/10/crypto/openssl/crypto/ui/ui.h
  stable/10/crypto/openssl/crypto/ui/ui_compat.c
  stable/10/crypto/openssl/crypto/ui/ui_compat.h
  stable/10/crypto/openssl/crypto/ui/ui_lib.c
  stable/10/crypto/openssl/crypto/ui/ui_locl.h
  stable/10/crypto/openssl/crypto/ui/ui_openssl.c
  stable/10/crypto/openssl/crypto/ui/ui_util.c
  stable/10/crypto/openssl/crypto/x509/x509_vfy.c
  stable/10/crypto/openssl/crypto/x509/x509_vfy.h
  stable/10/crypto/openssl/crypto/x509v3/v3_pci.c
  stable/10/crypto/openssl/crypto/x509v3/v3_pcia.c
  stable/10/crypto/openssl/doc/apps/s_time.pod
  stable/10/crypto/openssl/doc/crypto/BIO_s_connect.pod
  stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
  stable/10/crypto/openssl/engines/e_chil.c
  stable/10/crypto/openssl/ssl/d1_both.c
  stable/10/crypto/openssl/ssl/kssl.c
  stable/10/crypto/openssl/ssl/kssl.h
  stable/10/crypto/openssl/ssl/kssl_lcl.h
  stable/10/crypto/openssl/ssl/s2_srvr.c
  stable/10/crypto/openssl/ssl/s3_clnt.c
  stable/10/crypto/openssl/ssl/s3_lib.c
  stable/10/crypto/openssl/ssl/s3_srvr.c
  stable/10/crypto/openssl/ssl/ssl.h
  stable/10/crypto/openssl/ssl/ssl_sess.c
  stable/10/crypto/openssl/ssl/t1_enc.c
  stable/10/crypto/openssl/ssl/t1_lib.c
  stable/10/crypto/openssl/util/pl/VC-32.pl
  stable/10/secure/lib/libcrypto/Makefile.inc
  stable/10/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/10/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/10/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/10/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/10/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/10/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/10/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/10/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/10/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/10/secure/lib/libcrypto/man/BIO_f_md.3
  stable/10/secure/lib/libcrypto/man/BIO_f_null.3
  stable/10/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/10/secure/lib/libcrypto/man/BIO_find_type.3
  stable/10/secure/lib/libcrypto/man/BIO_new.3
  stable/10/secure/lib/libcrypto/man/BIO_new_CMS.3
  stable/10/secure/lib/libcrypto/man/BIO_push.3
  stable/10/secure/lib/libcrypto/man/BIO_read.3
  stable/10/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/10/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/10/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/10/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/10/secure/lib/libcrypto/man/BIO_s_file.3
  stable/10/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/10/secure/lib/libcrypto/man/BIO_s_null.3
  stable/10/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/10/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/10/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/10/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/10/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/10/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/10/secure/lib/libcrypto/man/BN_add.3
  stable/10/secure/lib/libcrypto/man/BN_add_word.3
  stable/10/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/10/secure/lib/libcrypto/man/BN_cmp.3
  stable/10/secure/lib/libcrypto/man/BN_copy.3
  stable/10/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/10/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/10/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/10/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/10/secure/lib/libcrypto/man/BN_new.3
  stable/10/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/10/secure/lib/libcrypto/man/BN_rand.3
  stable/10/secure/lib/libcrypto/man/BN_set_bit.3
  stable/10/secure/lib/libcrypto/man/BN_swap.3
  stable/10/secure/lib/libcrypto/man/BN_zero.3
  stable/10/secure/lib/libcrypto/man/CMS_add0_cert.3
  stable/10/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  stable/10/secure/lib/libcrypto/man/CMS_add1_signer.3
  stable/10/secure/lib/libcrypto/man/CMS_compress.3
  stable/10/secure/lib/libcrypto/man/CMS_decrypt.3
  stable/10/secure/lib/libcrypto/man/CMS_encrypt.3
  stable/10/secure/lib/libcrypto/man/CMS_final.3
  stable/10/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  stable/10/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  stable/10/secure/lib/libcrypto/man/CMS_get0_type.3
  stable/10/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  stable/10/secure/lib/libcrypto/man/CMS_sign.3
  stable/10/secure/lib/libcrypto/man/CMS_sign_receipt.3
  stable/10/secure/lib/libcrypto/man/CMS_uncompress.3
  stable/10/secure/lib/libcrypto/man/CMS_verify.3
  stable/10/secure/lib/libcrypto/man/CMS_verify_receipt.3
  stable/10/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/10/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/10/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  stable/10/secure/lib/libcrypto/man/DH_generate_key.3
  stable/10/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/10/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  stable/10/secure/lib/libcrypto/man/DH_new.3
  stable/10/secure/lib/libcrypto/man/DH_set_method.3
  stable/10/secure/lib/libcrypto/man/DH_size.3
  stable/10/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/10/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/10/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/10/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/10/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/10/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  stable/10/secure/lib/libcrypto/man/DSA_new.3
  stable/10/secure/lib/libcrypto/man/DSA_set_method.3
  stable/10/secure/lib/libcrypto/man/DSA_sign.3
  stable/10/secure/lib/libcrypto/man/DSA_size.3
  stable/10/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/10/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/10/secure/lib/libcrypto/man/ERR_error_string.3
  stable/10/secure/lib/libcrypto/man/ERR_get_error.3
  stable/10/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/10/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/10/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/10/secure/lib/libcrypto/man/ERR_put_error.3
  stable/10/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/10/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/10/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/10/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/10/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  stable/10/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  stable/10/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/10/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  stable/10/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/10/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/10/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/10/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/10/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/10/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/10/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/10/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/10/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/10/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/10/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  stable/10/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  stable/10/secure/lib/libcrypto/man/PKCS12_create.3
  stable/10/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/10/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/10/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/10/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/10/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  stable/10/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/10/secure/lib/libcrypto/man/RAND_add.3
  stable/10/secure/lib/libcrypto/man/RAND_bytes.3
  stable/10/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/10/secure/lib/libcrypto/man/RAND_egd.3
  stable/10/secure/lib/libcrypto/man/RAND_load_file.3
  stable/10/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/10/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/10/secure/lib/libcrypto/man/RSA_check_key.3
  stable/10/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/10/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  stable/10/secure/lib/libcrypto/man/RSA_new.3
  stable/10/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/10/secure/lib/libcrypto/man/RSA_print.3
  stable/10/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/10/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/10/secure/lib/libcrypto/man/RSA_set_method.3
  stable/10/secure/lib/libcrypto/man/RSA_sign.3
  stable/10/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/10/secure/lib/libcrypto/man/RSA_size.3
  stable/10/secure/lib/libcrypto/man/SMIME_read_CMS.3
  stable/10/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/10/secure/lib/libcrypto/man/SMIME_write_CMS.3
  stable/10/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/10/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/10/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/10/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/10/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
  stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  stable/10/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  stable/10/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  stable/10/secure/lib/libcrypto/man/X509_new.3
  stable/10/secure/lib/libcrypto/man/X509_verify_cert.3
  stable/10/secure/lib/libcrypto/man/bio.3
  stable/10/secure/lib/libcrypto/man/blowfish.3
  stable/10/secure/lib/libcrypto/man/bn.3
  stable/10/secure/lib/libcrypto/man/bn_internal.3
  stable/10/secure/lib/libcrypto/man/buffer.3
  stable/10/secure/lib/libcrypto/man/crypto.3
  stable/10/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  stable/10/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
  stable/10/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/10/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  stable/10/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
  stable/10/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  stable/10/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  stable/10/secure/lib/libcrypto/man/d2i_X509.3
  stable/10/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  stable/10/secure/lib/libcrypto/man/d2i_X509_CRL.3
  stable/10/secure/lib/libcrypto/man/d2i_X509_NAME.3
  stable/10/secure/lib/libcrypto/man/d2i_X509_REQ.3
  stable/10/secure/lib/libcrypto/man/d2i_X509_SIG.3
  stable/10/secure/lib/libcrypto/man/des.3
  stable/10/secure/lib/libcrypto/man/dh.3
  stable/10/secure/lib/libcrypto/man/dsa.3
  stable/10/secure/lib/libcrypto/man/ecdsa.3
  stable/10/secure/lib/libcrypto/man/engine.3
  stable/10/secure/lib/libcrypto/man/err.3
  stable/10/secure/lib/libcrypto/man/evp.3
  stable/10/secure/lib/libcrypto/man/hmac.3
  stable/10/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  stable/10/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  stable/10/secure/lib/libcrypto/man/lh_stats.3
  stable/10/secure/lib/libcrypto/man/lhash.3
  stable/10/secure/lib/libcrypto/man/md5.3
  stable/10/secure/lib/libcrypto/man/mdc2.3
  stable/10/secure/lib/libcrypto/man/pem.3
  stable/10/secure/lib/libcrypto/man/rand.3
  stable/10/secure/lib/libcrypto/man/rc4.3
  stable/10/secure/lib/libcrypto/man/ripemd.3
  stable/10/secure/lib/libcrypto/man/rsa.3
  stable/10/secure/lib/libcrypto/man/sha.3
  stable/10/secure/lib/libcrypto/man/threads.3
  stable/10/secure/lib/libcrypto/man/ui.3
  stable/10/secure/lib/libcrypto/man/ui_compat.3
  stable/10/secure/lib/libcrypto/man/x509.3
  stable/10/secure/lib/libssl/Makefile.man
  stable/10/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  stable/10/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  stable/10/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  stable/10/secure/lib/libssl/man/SSL_CTX_add_session.3
  stable/10/secure/lib/libssl/man/SSL_CTX_ctrl.3
  stable/10/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  stable/10/secure/lib/libssl/man/SSL_CTX_free.3
  stable/10/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  stable/10/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  stable/10/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  stable/10/secure/lib/libssl/man/SSL_CTX_new.3
  stable/10/secure/lib/libssl/man/SSL_CTX_sess_number.3
  stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  stable/10/secure/lib/libssl/man/SSL_CTX_sessions.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_mode.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_options.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  stable/10/secure/lib/libssl/man/SSL_CTX_set_verify.3
  stable/10/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  stable/10/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
  stable/10/secure/lib/libssl/man/SSL_SESSION_free.3
  stable/10/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  stable/10/secure/lib/libssl/man/SSL_SESSION_get_time.3
  stable/10/secure/lib/libssl/man/SSL_accept.3
  stable/10/secure/lib/libssl/man/SSL_alert_type_string.3
  stable/10/secure/lib/libssl/man/SSL_clear.3
  stable/10/secure/lib/libssl/man/SSL_connect.3
  stable/10/secure/lib/libssl/man/SSL_do_handshake.3
  stable/10/secure/lib/libssl/man/SSL_free.3
  stable/10/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  stable/10/secure/lib/libssl/man/SSL_get_ciphers.3
  stable/10/secure/lib/libssl/man/SSL_get_client_CA_list.3
  stable/10/secure/lib/libssl/man/SSL_get_current_cipher.3
  stable/10/secure/lib/libssl/man/SSL_get_default_timeout.3
  stable/10/secure/lib/libssl/man/SSL_get_error.3
  stable/10/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  stable/10/secure/lib/libssl/man/SSL_get_ex_new_index.3
  stable/10/secure/lib/libssl/man/SSL_get_fd.3
  stable/10/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  stable/10/secure/lib/libssl/man/SSL_get_peer_certificate.3
  stable/10/secure/lib/libssl/man/SSL_get_psk_identity.3
  stable/10/secure/lib/libssl/man/SSL_get_rbio.3
  stable/10/secure/lib/libssl/man/SSL_get_session.3
  stable/10/secure/lib/libssl/man/SSL_get_verify_result.3
  stable/10/secure/lib/libssl/man/SSL_get_version.3
  stable/10/secure/lib/libssl/man/SSL_library_init.3
  stable/10/secure/lib/libssl/man/SSL_load_client_CA_file.3
  stable/10/secure/lib/libssl/man/SSL_new.3
  stable/10/secure/lib/libssl/man/SSL_pending.3
  stable/10/secure/lib/libssl/man/SSL_read.3
  stable/10/secure/lib/libssl/man/SSL_rstate_string.3
  stable/10/secure/lib/libssl/man/SSL_session_reused.3
  stable/10/secure/lib/libssl/man/SSL_set_bio.3
  stable/10/secure/lib/libssl/man/SSL_set_connect_state.3
  stable/10/secure/lib/libssl/man/SSL_set_fd.3
  stable/10/secure/lib/libssl/man/SSL_set_session.3
  stable/10/secure/lib/libssl/man/SSL_set_shutdown.3
  stable/10/secure/lib/libssl/man/SSL_set_verify_result.3
  stable/10/secure/lib/libssl/man/SSL_shutdown.3
  stable/10/secure/lib/libssl/man/SSL_state_string.3
  stable/10/secure/lib/libssl/man/SSL_want.3
  stable/10/secure/lib/libssl/man/SSL_write.3
  stable/10/secure/lib/libssl/man/d2i_SSL_SESSION.3
  stable/10/secure/lib/libssl/man/ssl.3
  stable/10/secure/usr.bin/openssl/man/CA.pl.1
  stable/10/secure/usr.bin/openssl/man/asn1parse.1
  stable/10/secure/usr.bin/openssl/man/c_rehash.1
  stable/10/secure/usr.bin/openssl/man/ca.1
  stable/10/secure/usr.bin/openssl/man/ciphers.1
  stable/10/secure/usr.bin/openssl/man/cms.1
  stable/10/secure/usr.bin/openssl/man/crl.1
  stable/10/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/10/secure/usr.bin/openssl/man/dgst.1
  stable/10/secure/usr.bin/openssl/man/dhparam.1
  stable/10/secure/usr.bin/openssl/man/dsa.1
  stable/10/secure/usr.bin/openssl/man/dsaparam.1
  stable/10/secure/usr.bin/openssl/man/ec.1
  stable/10/secure/usr.bin/openssl/man/ecparam.1
  stable/10/secure/usr.bin/openssl/man/enc.1
  stable/10/secure/usr.bin/openssl/man/errstr.1
  stable/10/secure/usr.bin/openssl/man/gendsa.1
  stable/10/secure/usr.bin/openssl/man/genpkey.1
  stable/10/secure/usr.bin/openssl/man/genrsa.1
  stable/10/secure/usr.bin/openssl/man/nseq.1
  stable/10/secure/usr.bin/openssl/man/ocsp.1
  stable/10/secure/usr.bin/openssl/man/openssl.1
  stable/10/secure/usr.bin/openssl/man/passwd.1
  stable/10/secure/usr.bin/openssl/man/pkcs12.1
  stable/10/secure/usr.bin/openssl/man/pkcs7.1
  stable/10/secure/usr.bin/openssl/man/pkcs8.1
  stable/10/secure/usr.bin/openssl/man/pkey.1
  stable/10/secure/usr.bin/openssl/man/pkeyparam.1
  stable/10/secure/usr.bin/openssl/man/pkeyutl.1
  stable/10/secure/usr.bin/openssl/man/rand.1
  stable/10/secure/usr.bin/openssl/man/req.1
  stable/10/secure/usr.bin/openssl/man/rsa.1
  stable/10/secure/usr.bin/openssl/man/rsautl.1
  stable/10/secure/usr.bin/openssl/man/s_client.1
  stable/10/secure/usr.bin/openssl/man/s_server.1
  stable/10/secure/usr.bin/openssl/man/s_time.1
  stable/10/secure/usr.bin/openssl/man/sess_id.1
  stable/10/secure/usr.bin/openssl/man/smime.1
  stable/10/secure/usr.bin/openssl/man/speed.1
  stable/10/secure/usr.bin/openssl/man/spkac.1
  stable/10/secure/usr.bin/openssl/man/ts.1
  stable/10/secure/usr.bin/openssl/man/tsget.1
  stable/10/secure/usr.bin/openssl/man/verify.1
  stable/10/secure/usr.bin/openssl/man/version.1
  stable/10/secure/usr.bin/openssl/man/x509.1
  stable/10/secure/usr.bin/openssl/man/x509v3_config.1

Modified: stable/10/crypto/openssl/ACKNOWLEDGMENTS
==============================================================================
--- stable/10/crypto/openssl/ACKNOWLEDGMENTS	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/ACKNOWLEDGMENTS	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,30 +1,2 @@
-The OpenSSL project depends on volunteer efforts and financial support from
-the end user community. That support comes in the form of donations and paid
-sponsorships, software support contracts, paid consulting services
-and commissioned software development.
-
-Since all these activities support the continued development and improvement
-of OpenSSL we consider all these clients and customers as sponsors of the
-OpenSSL project.
-
-We would like to identify and thank the following such sponsors for their past
-or current significant support of the OpenSSL project:
-
-Major support:
-
-	Qualys		http://www.qualys.com/
-
-Very significant support:
-
-	OpenGear:	http://www.opengear.com/
-
-Significant support:
-
-	PSW Group:	http://www.psw.net/
-	Acano Ltd.	http://acano.com/
-
-Please note that we ask permission to identify sponsors and that some sponsors
-we consider eligible for inclusion here have requested to remain anonymous.
-
-Additional sponsorship or financial support is always welcome: for more
-information please contact the OpenSSL Software Foundation.
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.

Modified: stable/10/crypto/openssl/CHANGES
==============================================================================
--- stable/10/crypto/openssl/CHANGES	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/CHANGES	Thu Jan 28 21:42:10 2016	(r295016)
@@ -2,6 +2,30 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
+
+  *) Protection for DH small subgroup attacks
+
+     As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
+     switched on by default and cannot be disabled. This could have some
+     performance impact.
+     [Matt Caswell]
+
+  *) SSLv2 doesn't block disabled ciphers
+
+     A malicious client can negotiate SSLv2 ciphers that have been disabled on
+     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+     been disabled, provided that the SSLv2 protocol was not also disabled via
+     SSL_OP_NO_SSLv2.
+
+     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+     and Sebastian Schinzel.
+     (CVE-2015-3197)
+     [Viktor Dukhovni]
+
+  *) Reject DH handshakes with parameters shorter than 1024 bits.
+     [Kurt Roeckx]
+
  Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
 
   *) Certificate verify crash with missing PSS parameter

Modified: stable/10/crypto/openssl/Configure
==============================================================================
--- stable/10/crypto/openssl/Configure	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/Configure	Thu Jan 28 21:42:10 2016	(r295016)
@@ -105,6 +105,9 @@ my $usage="Usage: Configure [no-<cipher>
 
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
 
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
 
 my $strict_warnings = 0;
@@ -1446,7 +1449,7 @@ if ($target =~ /\-icc$/)	# Intel C compi
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 
 if ($sys_id ne "")
@@ -1953,14 +1956,8 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-		print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
-	make depend
-EOF
-	}
+            $warn_make_depend++;
+        }
 }
 
 # create the ms/version32.rc file if needed
@@ -2039,12 +2036,18 @@ EOF
 
 print <<\EOF if ($no_shared_warn);
 
-You gave the option 'shared'.  Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'.  If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+	make depend
 EOF
 
 exit(0);

Modified: stable/10/crypto/openssl/INSTALL
==============================================================================
--- stable/10/crypto/openssl/INSTALL	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/INSTALL	Thu Jan 28 21:42:10 2016	(r295016)
@@ -164,10 +164,10 @@
      standard headers).  If it is a problem with OpenSSL itself, please
      report the problem to <openssl-bugs@openssl.org> (note that your
      message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
-     public mailing list). Include the output of "make report" in your message.
-     Please check out the request tracker. Maybe the bug was already
-     reported or has already been fixed.
+     at https://www.openssl.org/community/index.html#bugs and will be
+     forwarded to a public mailing list). Include the output of "make
+     report" in your message.  Please check out the request tracker. Maybe
+     the bug was already reported or has already been fixed.
 
      [If you encounter assembler error messages, try the "no-asm"
      configuration option as an immediate fix.]

Modified: stable/10/crypto/openssl/LICENSE
==============================================================================
--- stable/10/crypto/openssl/LICENSE	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/LICENSE	Thu Jan 28 21:42:10 2016	(r295016)
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Modified: stable/10/crypto/openssl/Makefile
==============================================================================
--- stable/10/crypto/openssl/Makefile	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/Makefile	Thu Jan 28 21:42:10 2016	(r295016)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1q
+VERSION=1.0.1r
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -181,8 +181,7 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
+TARFILE=        ../$(NAME).tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
@@ -501,38 +500,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+	                       --owner 0 --group 0 \
+			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
 
-../$(TARFILE).list:
+$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	    | sort > ../$(TARFILE).list
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > $(TARFILE).list
 
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE)
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+	$(TAR_COMMAND) > $(TARFILE)
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE)
 
 dist:   
 	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 
 install: all install_docs install_sw
 

Modified: stable/10/crypto/openssl/Makefile.org
==============================================================================
--- stable/10/crypto/openssl/Makefile.org	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/Makefile.org	Thu Jan 28 21:42:10 2016	(r295016)
@@ -179,8 +179,7 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
+TARFILE=        ../$(NAME).tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h
 
@@ -499,38 +498,35 @@ TABLE: Configure
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+	                       --owner 0 --group 0 \
+			       --transform 's|^|$(NAME)/|' \
 			       -cvf -
 
-../$(TARFILE).list:
+$(TARFILE).list:
 	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
 	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	    | sort > ../$(TARFILE).list
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > $(TARFILE).list
 
-tar: ../$(TARFILE).list
+tar: $(TARFILE).list
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE)
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+	$(TAR_COMMAND) > $(TARFILE)
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE)
 
 dist:   
 	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
 
 install: all install_docs install_sw
 

Modified: stable/10/crypto/openssl/NEWS
==============================================================================
--- stable/10/crypto/openssl/NEWS	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/NEWS	Thu Jan 28 21:42:10 2016	(r295016)
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
+
+      o Protection for DH small subgroup attacks
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
   Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
 
       o Certificate verify crash with missing PSS parameter (CVE-2015-3194)

Modified: stable/10/crypto/openssl/README
==============================================================================
--- stable/10/crypto/openssl/README	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/README	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1q 3 Dec 2015
+ OpenSSL 1.0.1r 28 Jan 2016
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -90,11 +90,12 @@
 
  In order to avoid spam, this is a moderated mailing list, and it might
  take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
- this address is recorded in the public RT (request tracker) database (see
- https://www.openssl.org/support/rt.html for details) and also forwarded
- the public openssl-dev mailing list.  Confidential mail may be sent to
- openssl-security@openssl.org (PGP key available from the key servers).
+ that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list.  Confidential mail
+ may be sent to openssl-security@openssl.org (PGP key available from the
+ key servers).
 
  Please do NOT use this for general assistance or support queries.
  Just because something doesn't work the way you expect does not mean it

Modified: stable/10/crypto/openssl/apps/engine.c
==============================================================================
--- stable/10/crypto/openssl/apps/engine.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/apps/engine.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
 /*
  * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
  * 2000.

Modified: stable/10/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/10/crypto/openssl/apps/ocsp.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/apps/ocsp.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPO
     bs = OCSP_BASICRESP_new();
     thisupd = X509_gmtime_adj(NULL, 0);
     if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
 
     /* Examine each certificate id in the request */
     for (i = 0; i < id_count; i++) {

Modified: stable/10/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/10/crypto/openssl/apps/pkcs12.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/apps/pkcs12.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
 # define CLCERTS         0x8
 # define CACERTS         0x10
 
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
                         int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
             vret = get_cert_chain(ucert, store, &chain2);
             X509_STORE_free(store);
 
-            if (!vret) {
+            if (vret == X509_V_OK) {
                 /* Exclude verified certificate */
                 for (i = 1; i < sk_X509_num(chain2); i++)
                     sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
                 X509_free(sk_X509_value(chain2, 0));
                 sk_X509_free(chain2);
             } else {
-                if (vret >= 0)
+                if (vret != X509_V_ERR_UNSPECIFIED)
                     BIO_printf(bio_err, "Error %s getting chain.\n",
                                X509_verify_cert_error_string(vret));
                 else
@@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS1
 
 /* Given a single certificate return a verified chain or NULL if error */
 
-/* Hope this is OK .... */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain)
 {
     X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn;
+    STACK_OF(X509) *chn = NULL;
     int i = 0;
 
-    /*
-     * FIXME: Should really check the return status of X509_STORE_CTX_init
-     * for an error, but how that fits into the return value of this function
-     * is less obvious.
-     */
-    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
-    if (X509_verify_cert(&store_ctx) <= 0) {
-        i = X509_STORE_CTX_get_error(&store_ctx);
-        if (i == 0)
-            /*
-             * avoid returning 0 if X509_verify_cert() did not set an
-             * appropriate error value in the context
-             */
-            i = -1;
-        chn = NULL;
-        goto err;
-    } else
+    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+        *chain = NULL;
+        return X509_V_ERR_UNSPECIFIED;
+    }
+
+    if (X509_verify_cert(&store_ctx) > 0)
         chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+        i = X509_V_ERR_UNSPECIFIED;
+
     X509_STORE_CTX_cleanup(&store_ctx);
     *chain = chn;
-
     return i;
 }
 

Modified: stable/10/crypto/openssl/apps/speed.c
==============================================================================
--- stable/10/crypto/openssl/apps/speed.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/apps/speed.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *

Modified: stable/10/crypto/openssl/apps/x509.c
==============================================================================
--- stable/10/crypto/openssl/apps/x509.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/apps/x509.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1170,12 +1170,7 @@ static int sign(X509 *x, EVP_PKEY *pkey,
     if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
         goto err;
 
-    /* Lets just make it 12:00am GMT, Jan 1 1970 */
-    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
-    /* 28 days to be certified */
-
-    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
-        NULL)
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
         goto err;
 
     if (!X509_set_pubkey(x, pkey))

Modified: stable/10/crypto/openssl/crypto/aes/aes.h
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_cbc.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_cbc.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_cbc.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_cfb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_cfb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_cfb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
 /* ====================================================================
  * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_core.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_core.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_core.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
  * rijndael-alg-fst.c
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_ctr.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_ctr.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_ctr.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_ecb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_ecb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_ecb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_ige.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_ige.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_ige.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_locl.h
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_locl.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_locl.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_misc.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_misc.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_misc.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_ofb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_ofb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_ofb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
 /* ====================================================================
  * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/aes/aes_x86core.c
==============================================================================
--- stable/10/crypto/openssl/crypto/aes/aes_x86core.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/aes/aes_x86core.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
  * rijndael-alg-fst.c
  *

Modified: stable/10/crypto/openssl/crypto/bio/bio.h
==============================================================================
--- stable/10/crypto/openssl/crypto/bio/bio.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bio/bio.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
 
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
 
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 # define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@@ -495,6 +495,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 
+/* BIO_s_accept() and BIO_s_connect() */
 # define BIO_do_connect(b)       BIO_do_handshake(b)
 # define BIO_do_accept(b)        BIO_do_handshake(b)
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@@ -514,12 +515,15 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
 # define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 # define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 
+/* BIO_s_file() */
 # define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 # define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 
+/* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
 

Modified: stable/10/crypto/openssl/crypto/bio/bss_bio.c
==============================================================================
--- stable/10/crypto/openssl/crypto/bio/bss_bio.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bio/bss_bio.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c  */
 /* ====================================================================
  * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/bio/bss_conn.c
==============================================================================
--- stable/10/crypto/openssl/crypto/bio/bss_conn.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bio/bss_conn.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, l
 {
     BIO *dbio;
     int *ip;
-    const char **pptr;
+    const char **pptr = NULL;
     long ret = 1;
     BIO_CONNECT *data;
 
@@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, l
     case BIO_C_GET_CONNECT:
         if (ptr != NULL) {
             pptr = (const char **)ptr;
-            if (num == 0) {
-                *pptr = data->param_hostname;
+        }
 
-            } else if (num == 1) {
-                *pptr = data->param_port;
-            } else if (num == 2) {
-                *pptr = (char *)&(data->ip[0]);
-            } else if (num == 3) {
-                *((int *)ptr) = data->port;
+        if (b->init) {
+            if (pptr != NULL) {
+                ret = 1;
+                if (num == 0) {
+                    *pptr = data->param_hostname;
+                } else if (num == 1) {
+                    *pptr = data->param_port;
+                } else if (num == 2) {
+                    *pptr = (char *)&(data->ip[0]);
+                } else {
+                    ret = 0;
+                }
+            }
+            if (num == 3) {
+                ret = data->port;
             }
-            if ((!b->init) || (ptr == NULL))
+        } else {
+            if (pptr != NULL)
                 *pptr = "not initialized";
-            ret = 1;
+            ret = 0;
         }
         break;
     case BIO_C_SET_CONNECT:

Modified: stable/10/crypto/openssl/crypto/bio/bss_dgram.c
==============================================================================
--- stable/10/crypto/openssl/crypto/bio/bss_dgram.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bio/bss_dgram.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -515,10 +515,8 @@ static long dgram_ctrl(BIO *b, int cmd, 
     switch (cmd) {
     case BIO_CTRL_RESET:
         num = 0;
-    case BIO_C_FILE_SEEK:
         ret = 0;
         break;
-    case BIO_C_FILE_TELL:
     case BIO_CTRL_INFO:
         ret = 0;
         break;

Modified: stable/10/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- stable/10/crypto/openssl/crypto/bn/bn_exp.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bn/bn_exp.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -271,9 +271,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
     }
 
     bits = BN_num_bits(p);
-
     if (bits == 0) {
-        ret = BN_one(r);
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
         return ret;
     }
 
@@ -407,7 +412,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
     }
     bits = BN_num_bits(p);
     if (bits == 0) {
-        ret = BN_one(rr);
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
         return ret;
     }
 
@@ -579,7 +590,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
  * precomputation memory layout to limit data-dependency to a minimum to
  * protect secret exponents (cf. the hyper-threading timing attacks pointed
  * out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
  */
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                               const BIGNUM *m, BN_CTX *ctx,
@@ -608,7 +619,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
 
     bits = BN_num_bits(p);
     if (bits == 0) {
-        ret = BN_one(rr);
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
         return ret;
     }
 
@@ -908,8 +925,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_
         if (BN_is_one(m)) {
             ret = 1;
             BN_zero(rr);
-        } else
+        } else {
             ret = BN_one(rr);
+        }
         return ret;
     }
     if (a == 0) {
@@ -1023,9 +1041,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B
     }
 
     bits = BN_num_bits(p);
-
-    if (bits == 0) {
-        ret = BN_one(r);
+   if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
         return ret;
     }
 

Modified: stable/10/crypto/openssl/crypto/bn/exptest.c
==============================================================================
--- stable/10/crypto/openssl/crypto/bn/exptest.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/bn/exptest.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -73,14 +73,34 @@ static const char rnd_seed[] =
     "string to make the random number generator think it has entropy";
 
 /*
+ * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
+ * returns zero and prints debug output otherwise.
+ */
+static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
+                             const BIGNUM *a) {
+    if (!BN_is_zero(r)) {
+        fprintf(stderr, "%s failed:\n", method);
+        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "a = ");
+        BN_print_fp(stderr, a);
+        fprintf(stderr, "\nr = ");
+        BN_print_fp(stderr, r);
+        fprintf(stderr, "\n");
+        return 0;
+    }
+    return 1;
+}
+
+/*
  * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
  */
 static int test_exp_mod_zero()
 {
     BIGNUM a, p, m;
     BIGNUM r;
+    BN_ULONG one_word = 1;
     BN_CTX *ctx = BN_CTX_new();
-    int ret = 1;
+    int ret = 1, failed = 0;
 
     BN_init(&m);
     BN_one(&m);
@@ -92,21 +112,65 @@ static int test_exp_mod_zero()
     BN_zero(&p);
 
     BN_init(&r);
-    BN_mod_exp(&r, &a, &p, &m, ctx);
-    BN_CTX_free(ctx);
 
-    if (BN_is_zero(&r))
-        ret = 0;
-    else {
-        printf("1**0 mod 1 = ");
-        BN_print_fp(stdout, &r);
-        printf(", should be 0\n");
+    if (!BN_rand(&a, 1024, 0, 0))
+        goto err;
+
+    if (!BN_mod_exp(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
+        goto err;
+    }
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
+        failed = 1;
+
+    /*
+     * A different codepath exists for single word multiplication
+     * in non-constant-time only.
+     */
+    if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
+        goto err;
+
+    if (!BN_is_zero(&r)) {
+        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
+        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "r = ");
+        BN_print_fp(stderr, &r);
+        fprintf(stderr, "\n");
+        return 0;
     }
 
+    ret = failed;
+
+ err:
     BN_free(&r);
     BN_free(&a);
     BN_free(&p);
     BN_free(&m);
+    BN_CTX_free(ctx);
 
     return ret;
 }

Modified: stable/10/crypto/openssl/crypto/camellia/camellia.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/camellia.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/camellia.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.c */
 /* ====================================================================
  * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
  * ALL RIGHTS RESERVED.
@@ -67,7 +67,7 @@
 
 /*
  * Algorithm Specification
- * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
  */
 
 /*

Modified: stable/10/crypto/openssl/crypto/camellia/camellia.h
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/camellia.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/camellia.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.h */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_cbc.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_cbc.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_cbc.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_cbc.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_cfb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_cfb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_cfb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_cfb.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_ctr.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_ctr.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_ctr.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ctr.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_ecb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_ecb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_ecb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ecb.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_locl.h
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_locl.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_locl.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_locl.h */
 /* ====================================================================
  * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
  * ALL RIGHTS RESERVED.

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_misc.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_misc.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_misc.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_misc.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_ofb.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_ofb.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_ofb.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia_ofb.c */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/camellia/cmll_utl.c
==============================================================================
--- stable/10/crypto/openssl/crypto/camellia/cmll_utl.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/camellia/cmll_utl.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/cmll_utl.c */
 /* ====================================================================
  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *

Modified: stable/10/crypto/openssl/crypto/des/des_old.c
==============================================================================
--- stable/10/crypto/openssl/crypto/des/des_old.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/des/des_old.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 
 /*-
  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

Modified: stable/10/crypto/openssl/crypto/des/des_old.h
==============================================================================
--- stable/10/crypto/openssl/crypto/des/des_old.h	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/des/des_old.h	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.h */
 
 /*-
  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

Modified: stable/10/crypto/openssl/crypto/des/des_old2.c
==============================================================================
--- stable/10/crypto/openssl/crypto/des/des_old2.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/des/des_old2.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 
 /*
  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The

Modified: stable/10/crypto/openssl/crypto/dsa/dsa_ossl.c
==============================================================================
--- stable/10/crypto/openssl/crypto/dsa/dsa_ossl.c	Thu Jan 28 21:30:49 2016	(r295015)
+++ stable/10/crypto/openssl/crypto/dsa/dsa_ossl.c	Thu Jan 28 21:42:10 2016	(r295016)
@@ -187,9 +187,6 @@ static DSA_SIG *dsa_do_sign(const unsign
     if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
         goto err;
 
-    ret = DSA_SIG_new();
-    if (ret == NULL)
-        goto err;
     /*
      * Redo if r or s is zero as required by FIPS 186-3: this is very
      * unlikely.
@@ -201,11 +198,14 @@ static DSA_SIG *dsa_do_sign(const unsign
         }
         goto redo;
     }
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
     ret->r = r;
     ret->s = s;
 

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601282142.u0SLgA10028669>