Date: Wed, 25 Feb 2015 05:56:18 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r279264 - in releng: 10.0 10.0/crypto/openssl 10.0/crypto/openssl/apps 10.0/crypto/openssl/crypto 10.0/crypto/openssl/crypto/aes/asm 10.0/crypto/openssl/crypto/asn1 10.0/crypto/openssl/... Message-ID: <201502250556.t1P5uIsj088883@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Feb 25 05:56:16 2015 New Revision: 279264 URL: https://svnweb.freebsd.org/changeset/base/279264 Log: Fix integer overflow in IGMP protocol. [SA-15:04] Fix vt(4) crash with improper ioctl parameters. [EN-15:01] Updated base system OpenSSL to 1.0.1l. [EN-15:02] Fix freebsd-update libraries update ordering issue. [EN-15:03] Approved by: so Added: releng/10.0/crypto/openssl/crypto/constant_time_locl.h (contents, props changed) releng/10.0/crypto/openssl/crypto/constant_time_test.c (contents, props changed) releng/10.0/crypto/openssl/doc/apps/c_rehash.pod releng/10.0/crypto/openssl/doc/crypto/CMS_add1_signer.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod releng/10.0/crypto/openssl/ssl/heartbeat_test.c (contents, props changed) releng/10.0/crypto/openssl/ssl/ssl_utst.c (contents, props changed) releng/10.0/crypto/openssl/util/mkbuildinf.pl (contents, props changed) releng/10.0/secure/lib/libcrypto/man/CMS_add1_signer.3 (contents, props changed) releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (contents, props changed) releng/10.0/secure/usr.bin/openssl/man/c_rehash.1 (contents, props changed) releng/10.1/crypto/openssl/util/mkbuildinf.pl (contents, props changed) Deleted: releng/10.0/crypto/openssl/crypto/bn/asm/mips3.s releng/10.0/crypto/openssl/crypto/pkcs7/bio_ber.c releng/10.0/crypto/openssl/crypto/pkcs7/dec.c releng/10.0/crypto/openssl/crypto/pkcs7/des.pem releng/10.0/crypto/openssl/crypto/pkcs7/doc releng/10.0/crypto/openssl/crypto/pkcs7/enc.c releng/10.0/crypto/openssl/crypto/pkcs7/es1.pem releng/10.0/crypto/openssl/crypto/pkcs7/example.c releng/10.0/crypto/openssl/crypto/pkcs7/example.h releng/10.0/crypto/openssl/crypto/pkcs7/info.pem releng/10.0/crypto/openssl/crypto/pkcs7/infokey.pem releng/10.0/crypto/openssl/crypto/pkcs7/p7/ releng/10.0/crypto/openssl/crypto/pkcs7/server.pem releng/10.0/crypto/openssl/crypto/pkcs7/sign.c releng/10.0/crypto/openssl/crypto/pkcs7/t/ releng/10.0/crypto/openssl/crypto/pkcs7/verify.c releng/10.0/crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod releng/10.1/crypto/openssl/crypto/bn/asm/mips3.s Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/ACKNOWLEDGMENTS releng/10.0/crypto/openssl/CHANGES releng/10.0/crypto/openssl/Configure releng/10.0/crypto/openssl/FAQ releng/10.0/crypto/openssl/Makefile releng/10.0/crypto/openssl/Makefile.org releng/10.0/crypto/openssl/NEWS releng/10.0/crypto/openssl/README releng/10.0/crypto/openssl/apps/Makefile releng/10.0/crypto/openssl/apps/apps.c releng/10.0/crypto/openssl/apps/apps.h releng/10.0/crypto/openssl/apps/ca.c releng/10.0/crypto/openssl/apps/ciphers.c releng/10.0/crypto/openssl/apps/crl.c releng/10.0/crypto/openssl/apps/crl2p7.c releng/10.0/crypto/openssl/apps/dgst.c releng/10.0/crypto/openssl/apps/ecparam.c releng/10.0/crypto/openssl/apps/enc.c releng/10.0/crypto/openssl/apps/ocsp.c releng/10.0/crypto/openssl/apps/openssl.c releng/10.0/crypto/openssl/apps/pkcs12.c releng/10.0/crypto/openssl/apps/progs.h releng/10.0/crypto/openssl/apps/progs.pl releng/10.0/crypto/openssl/apps/req.c releng/10.0/crypto/openssl/apps/s_cb.c releng/10.0/crypto/openssl/apps/s_client.c releng/10.0/crypto/openssl/apps/s_server.c releng/10.0/crypto/openssl/apps/s_socket.c releng/10.0/crypto/openssl/apps/s_time.c releng/10.0/crypto/openssl/apps/smime.c releng/10.0/crypto/openssl/apps/speed.c releng/10.0/crypto/openssl/config releng/10.0/crypto/openssl/crypto/Makefile releng/10.0/crypto/openssl/crypto/aes/asm/aes-mips.pl releng/10.0/crypto/openssl/crypto/aes/asm/aes-parisc.pl releng/10.0/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl releng/10.0/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl releng/10.0/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl releng/10.0/crypto/openssl/crypto/armcap.c releng/10.0/crypto/openssl/crypto/asn1/a_int.c releng/10.0/crypto/openssl/crypto/asn1/a_strex.c releng/10.0/crypto/openssl/crypto/asn1/a_strnid.c releng/10.0/crypto/openssl/crypto/asn1/a_utctm.c releng/10.0/crypto/openssl/crypto/asn1/ameth_lib.c releng/10.0/crypto/openssl/crypto/asn1/asn1.h releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c releng/10.0/crypto/openssl/crypto/asn1/asn1_lib.c releng/10.0/crypto/openssl/crypto/asn1/asn_mime.c releng/10.0/crypto/openssl/crypto/asn1/asn_pack.c releng/10.0/crypto/openssl/crypto/asn1/bio_asn1.c releng/10.0/crypto/openssl/crypto/asn1/charmap.pl releng/10.0/crypto/openssl/crypto/asn1/evp_asn1.c releng/10.0/crypto/openssl/crypto/asn1/t_x509.c releng/10.0/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.0/crypto/openssl/crypto/asn1/tasn_enc.c releng/10.0/crypto/openssl/crypto/asn1/x_crl.c releng/10.0/crypto/openssl/crypto/asn1/x_name.c releng/10.0/crypto/openssl/crypto/bio/bio.h releng/10.0/crypto/openssl/crypto/bio/bio_lib.c releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c releng/10.0/crypto/openssl/crypto/bio/bss_log.c releng/10.0/crypto/openssl/crypto/bn/Makefile releng/10.0/crypto/openssl/crypto/bn/asm/mips-mont.pl releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl releng/10.0/crypto/openssl/crypto/bn/asm/parisc-mont.pl releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl releng/10.0/crypto/openssl/crypto/bn/bn.h releng/10.0/crypto/openssl/crypto/bn/bn_ctx.c releng/10.0/crypto/openssl/crypto/bn/bn_div.c releng/10.0/crypto/openssl/crypto/bn/bn_exp.c releng/10.0/crypto/openssl/crypto/bn/bn_lib.c releng/10.0/crypto/openssl/crypto/bn/bn_mont.c releng/10.0/crypto/openssl/crypto/bn/bn_nist.c releng/10.0/crypto/openssl/crypto/bn/bn_sqr.c releng/10.0/crypto/openssl/crypto/bn/bntest.c releng/10.0/crypto/openssl/crypto/bn/exptest.c releng/10.0/crypto/openssl/crypto/buffer/buffer.c releng/10.0/crypto/openssl/crypto/buffer/buffer.h releng/10.0/crypto/openssl/crypto/cms/cms_env.c releng/10.0/crypto/openssl/crypto/cms/cms_lib.c releng/10.0/crypto/openssl/crypto/cms/cms_pwri.c releng/10.0/crypto/openssl/crypto/cms/cms_sd.c releng/10.0/crypto/openssl/crypto/cms/cms_smime.c releng/10.0/crypto/openssl/crypto/conf/conf_def.c releng/10.0/crypto/openssl/crypto/cryptlib.c releng/10.0/crypto/openssl/crypto/cversion.c releng/10.0/crypto/openssl/crypto/dsa/dsa_ameth.c releng/10.0/crypto/openssl/crypto/dso/dso_dlfcn.c releng/10.0/crypto/openssl/crypto/ebcdic.h releng/10.0/crypto/openssl/crypto/ec/ec.h releng/10.0/crypto/openssl/crypto/ec/ec2_smpl.c releng/10.0/crypto/openssl/crypto/ec/ec_ameth.c releng/10.0/crypto/openssl/crypto/ec/ec_asn1.c releng/10.0/crypto/openssl/crypto/ec/ec_lcl.h releng/10.0/crypto/openssl/crypto/ec/ec_lib.c releng/10.0/crypto/openssl/crypto/ec/ec_mult.c releng/10.0/crypto/openssl/crypto/ec/ec_pmeth.c releng/10.0/crypto/openssl/crypto/ec/ecp_mont.c releng/10.0/crypto/openssl/crypto/ec/ecp_nist.c releng/10.0/crypto/openssl/crypto/ec/ecp_nistp256.c releng/10.0/crypto/openssl/crypto/ec/ecp_smpl.c releng/10.0/crypto/openssl/crypto/ec/ectest.c releng/10.0/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.0/crypto/openssl/crypto/engine/eng_dyn.c releng/10.0/crypto/openssl/crypto/engine/eng_list.c releng/10.0/crypto/openssl/crypto/engine/eng_rdrand.c releng/10.0/crypto/openssl/crypto/evp/Makefile releng/10.0/crypto/openssl/crypto/evp/bio_b64.c releng/10.0/crypto/openssl/crypto/evp/digest.c releng/10.0/crypto/openssl/crypto/evp/e_aes.c releng/10.0/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c releng/10.0/crypto/openssl/crypto/evp/e_des3.c releng/10.0/crypto/openssl/crypto/evp/encode.c releng/10.0/crypto/openssl/crypto/evp/evp_enc.c releng/10.0/crypto/openssl/crypto/evp/evp_pbe.c releng/10.0/crypto/openssl/crypto/evp/p5_crpt2.c releng/10.0/crypto/openssl/crypto/idea/ideatest.c releng/10.0/crypto/openssl/crypto/md32_common.h releng/10.0/crypto/openssl/crypto/md5/asm/md5-x86_64.pl releng/10.0/crypto/openssl/crypto/mem.c releng/10.0/crypto/openssl/crypto/modes/Makefile releng/10.0/crypto/openssl/crypto/modes/asm/ghash-parisc.pl releng/10.0/crypto/openssl/crypto/modes/cbc128.c releng/10.0/crypto/openssl/crypto/modes/ccm128.c releng/10.0/crypto/openssl/crypto/modes/cts128.c releng/10.0/crypto/openssl/crypto/modes/gcm128.c releng/10.0/crypto/openssl/crypto/modes/modes.h releng/10.0/crypto/openssl/crypto/modes/modes_lcl.h releng/10.0/crypto/openssl/crypto/objects/obj_dat.h releng/10.0/crypto/openssl/crypto/objects/obj_dat.pl releng/10.0/crypto/openssl/crypto/objects/obj_xref.h releng/10.0/crypto/openssl/crypto/objects/objxref.pl releng/10.0/crypto/openssl/crypto/ocsp/ocsp_ht.c releng/10.0/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/10.0/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/10.0/crypto/openssl/crypto/opensslconf.h releng/10.0/crypto/openssl/crypto/opensslv.h releng/10.0/crypto/openssl/crypto/ossl_typ.h releng/10.0/crypto/openssl/crypto/pariscid.pl releng/10.0/crypto/openssl/crypto/pem/pem_info.c releng/10.0/crypto/openssl/crypto/pem/pvkfmt.c releng/10.0/crypto/openssl/crypto/pkcs12/p12_crt.c releng/10.0/crypto/openssl/crypto/pkcs12/p12_kiss.c releng/10.0/crypto/openssl/crypto/pkcs7/Makefile releng/10.0/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7.h releng/10.0/crypto/openssl/crypto/pkcs7/pkcs7err.c releng/10.0/crypto/openssl/crypto/pqueue/pqueue.h releng/10.0/crypto/openssl/crypto/rand/md_rand.c releng/10.0/crypto/openssl/crypto/rand/rand.h releng/10.0/crypto/openssl/crypto/rand/rand_err.c releng/10.0/crypto/openssl/crypto/rand/rand_lcl.h releng/10.0/crypto/openssl/crypto/rand/rand_lib.c releng/10.0/crypto/openssl/crypto/rand/randfile.c releng/10.0/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl releng/10.0/crypto/openssl/crypto/rsa/Makefile releng/10.0/crypto/openssl/crypto/rsa/rsa.h releng/10.0/crypto/openssl/crypto/rsa/rsa_ameth.c releng/10.0/crypto/openssl/crypto/rsa/rsa_chk.c releng/10.0/crypto/openssl/crypto/rsa/rsa_eay.c releng/10.0/crypto/openssl/crypto/rsa/rsa_err.c releng/10.0/crypto/openssl/crypto/rsa/rsa_oaep.c releng/10.0/crypto/openssl/crypto/rsa/rsa_pk1.c releng/10.0/crypto/openssl/crypto/rsa/rsa_pmeth.c releng/10.0/crypto/openssl/crypto/rsa/rsa_sign.c releng/10.0/crypto/openssl/crypto/sha/Makefile releng/10.0/crypto/openssl/crypto/sha/asm/sha1-mips.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha1-parisc.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha512-mips.pl releng/10.0/crypto/openssl/crypto/sha/asm/sha512-parisc.pl releng/10.0/crypto/openssl/crypto/sha/sha512.c releng/10.0/crypto/openssl/crypto/srp/srp_grps.h releng/10.0/crypto/openssl/crypto/srp/srp_lib.c releng/10.0/crypto/openssl/crypto/srp/srp_vfy.c releng/10.0/crypto/openssl/crypto/stack/safestack.h releng/10.0/crypto/openssl/crypto/symhacks.h releng/10.0/crypto/openssl/crypto/ts/ts_rsp_sign.c releng/10.0/crypto/openssl/crypto/ts/ts_rsp_verify.c releng/10.0/crypto/openssl/crypto/ui/ui_lib.c releng/10.0/crypto/openssl/crypto/x509/by_dir.c releng/10.0/crypto/openssl/crypto/x509/x509_vfy.c releng/10.0/crypto/openssl/crypto/x509/x509_vpm.c releng/10.0/crypto/openssl/crypto/x509/x_all.c releng/10.0/crypto/openssl/crypto/x509v3/v3_ncons.c releng/10.0/crypto/openssl/crypto/x509v3/v3_purp.c releng/10.0/crypto/openssl/crypto/x86cpuid.pl releng/10.0/crypto/openssl/doc/HOWTO/certificates.txt releng/10.0/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/10.0/crypto/openssl/doc/apps/asn1parse.pod releng/10.0/crypto/openssl/doc/apps/ca.pod releng/10.0/crypto/openssl/doc/apps/ciphers.pod releng/10.0/crypto/openssl/doc/apps/cms.pod releng/10.0/crypto/openssl/doc/apps/config.pod releng/10.0/crypto/openssl/doc/apps/crl.pod releng/10.0/crypto/openssl/doc/apps/dgst.pod releng/10.0/crypto/openssl/doc/apps/dhparam.pod releng/10.0/crypto/openssl/doc/apps/dsa.pod releng/10.0/crypto/openssl/doc/apps/ec.pod releng/10.0/crypto/openssl/doc/apps/ecparam.pod releng/10.0/crypto/openssl/doc/apps/enc.pod releng/10.0/crypto/openssl/doc/apps/gendsa.pod releng/10.0/crypto/openssl/doc/apps/genrsa.pod releng/10.0/crypto/openssl/doc/apps/ocsp.pod releng/10.0/crypto/openssl/doc/apps/pkcs12.pod releng/10.0/crypto/openssl/doc/apps/req.pod releng/10.0/crypto/openssl/doc/apps/rsa.pod releng/10.0/crypto/openssl/doc/apps/s_client.pod releng/10.0/crypto/openssl/doc/apps/s_server.pod releng/10.0/crypto/openssl/doc/apps/smime.pod releng/10.0/crypto/openssl/doc/apps/ts.pod releng/10.0/crypto/openssl/doc/apps/tsget.pod releng/10.0/crypto/openssl/doc/apps/verify.pod releng/10.0/crypto/openssl/doc/apps/version.pod releng/10.0/crypto/openssl/doc/apps/x509.pod releng/10.0/crypto/openssl/doc/apps/x509v3_config.pod releng/10.0/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod releng/10.0/crypto/openssl/doc/crypto/BIO_f_base64.pod releng/10.0/crypto/openssl/doc/crypto/BIO_push.pod releng/10.0/crypto/openssl/doc/crypto/BIO_s_accept.pod releng/10.0/crypto/openssl/doc/crypto/BN_BLINDING_new.pod releng/10.0/crypto/openssl/doc/crypto/CMS_decrypt.pod releng/10.0/crypto/openssl/doc/crypto/CONF_modules_free.pod releng/10.0/crypto/openssl/doc/crypto/CONF_modules_load_file.pod releng/10.0/crypto/openssl/doc/crypto/ERR_get_error.pod releng/10.0/crypto/openssl/doc/crypto/EVP_BytesToKey.pod releng/10.0/crypto/openssl/doc/crypto/EVP_DigestInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_EncryptInit.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod releng/10.0/crypto/openssl/doc/crypto/EVP_PKEY_sign.pod releng/10.0/crypto/openssl/doc/crypto/EVP_SignInit.pod releng/10.0/crypto/openssl/doc/crypto/OPENSSL_config.pod releng/10.0/crypto/openssl/doc/crypto/RSA_set_method.pod releng/10.0/crypto/openssl/doc/crypto/RSA_sign.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod releng/10.0/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_error.pod releng/10.0/crypto/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod releng/10.0/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod releng/10.0/crypto/openssl/doc/crypto/des.pod releng/10.0/crypto/openssl/doc/crypto/ecdsa.pod releng/10.0/crypto/openssl/doc/crypto/err.pod releng/10.0/crypto/openssl/doc/crypto/pem.pod releng/10.0/crypto/openssl/doc/crypto/ui.pod releng/10.0/crypto/openssl/doc/fingerprints.txt releng/10.0/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod releng/10.0/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_new.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod releng/10.0/crypto/openssl/doc/ssl/SSL_accept.pod releng/10.0/crypto/openssl/doc/ssl/SSL_clear.pod releng/10.0/crypto/openssl/doc/ssl/SSL_connect.pod releng/10.0/crypto/openssl/doc/ssl/SSL_do_handshake.pod releng/10.0/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod releng/10.0/crypto/openssl/doc/ssl/SSL_get_version.pod releng/10.0/crypto/openssl/doc/ssl/SSL_read.pod releng/10.0/crypto/openssl/doc/ssl/SSL_session_reused.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_fd.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_session.pod releng/10.0/crypto/openssl/doc/ssl/SSL_set_shutdown.pod releng/10.0/crypto/openssl/doc/ssl/SSL_shutdown.pod releng/10.0/crypto/openssl/doc/ssl/SSL_write.pod releng/10.0/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod releng/10.0/crypto/openssl/e_os.h releng/10.0/crypto/openssl/engines/ccgost/gost89.h releng/10.0/crypto/openssl/engines/ccgost/gost_ameth.c releng/10.0/crypto/openssl/engines/ccgost/gosthash.c releng/10.0/crypto/openssl/engines/e_padlock.c releng/10.0/crypto/openssl/ssl/Makefile releng/10.0/crypto/openssl/ssl/d1_both.c releng/10.0/crypto/openssl/ssl/d1_clnt.c releng/10.0/crypto/openssl/ssl/d1_enc.c releng/10.0/crypto/openssl/ssl/d1_lib.c releng/10.0/crypto/openssl/ssl/d1_pkt.c releng/10.0/crypto/openssl/ssl/d1_srvr.c releng/10.0/crypto/openssl/ssl/dtls1.h releng/10.0/crypto/openssl/ssl/kssl.c releng/10.0/crypto/openssl/ssl/kssl.h releng/10.0/crypto/openssl/ssl/s23_clnt.c releng/10.0/crypto/openssl/ssl/s23_lib.c releng/10.0/crypto/openssl/ssl/s23_srvr.c releng/10.0/crypto/openssl/ssl/s2_enc.c releng/10.0/crypto/openssl/ssl/s2_lib.c releng/10.0/crypto/openssl/ssl/s2_pkt.c releng/10.0/crypto/openssl/ssl/s2_srvr.c releng/10.0/crypto/openssl/ssl/s3_both.c releng/10.0/crypto/openssl/ssl/s3_cbc.c releng/10.0/crypto/openssl/ssl/s3_clnt.c releng/10.0/crypto/openssl/ssl/s3_enc.c releng/10.0/crypto/openssl/ssl/s3_lib.c releng/10.0/crypto/openssl/ssl/s3_meth.c releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/crypto/openssl/ssl/s3_srvr.c releng/10.0/crypto/openssl/ssl/srtp.h releng/10.0/crypto/openssl/ssl/ssl.h releng/10.0/crypto/openssl/ssl/ssl3.h releng/10.0/crypto/openssl/ssl/ssl_asn1.c releng/10.0/crypto/openssl/ssl/ssl_cert.c releng/10.0/crypto/openssl/ssl/ssl_ciph.c releng/10.0/crypto/openssl/ssl/ssl_err.c releng/10.0/crypto/openssl/ssl/ssl_lib.c releng/10.0/crypto/openssl/ssl/ssl_locl.h releng/10.0/crypto/openssl/ssl/ssl_sess.c releng/10.0/crypto/openssl/ssl/ssl_stat.c releng/10.0/crypto/openssl/ssl/ssltest.c releng/10.0/crypto/openssl/ssl/t1_enc.c releng/10.0/crypto/openssl/ssl/t1_lib.c releng/10.0/crypto/openssl/ssl/tls1.h releng/10.0/crypto/openssl/util/libeay.num releng/10.0/crypto/openssl/util/mk1mf.pl releng/10.0/crypto/openssl/util/mkdef.pl releng/10.0/crypto/openssl/util/mkerr.pl releng/10.0/crypto/openssl/util/pl/BC-32.pl releng/10.0/crypto/openssl/util/pl/VC-32.pl releng/10.0/crypto/openssl/util/pl/netware.pl releng/10.0/crypto/openssl/util/shlib_wrap.sh releng/10.0/crypto/openssl/util/ssleay.num releng/10.0/secure/lib/libcrypto/Makefile releng/10.0/secure/lib/libcrypto/Makefile.inc releng/10.0/secure/lib/libcrypto/Makefile.man releng/10.0/secure/lib/libcrypto/amd64/bsaes-x86_64.S releng/10.0/secure/lib/libcrypto/amd64/vpaes-x86_64.S releng/10.0/secure/lib/libcrypto/i386/x86cpuid.s releng/10.0/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/10.0/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/10.0/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/10.0/secure/lib/libcrypto/man/BIO_ctrl.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_base64.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_md.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_null.3 releng/10.0/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/10.0/secure/lib/libcrypto/man/BIO_find_type.3 releng/10.0/secure/lib/libcrypto/man/BIO_new.3 releng/10.0/secure/lib/libcrypto/man/BIO_new_CMS.3 releng/10.0/secure/lib/libcrypto/man/BIO_push.3 releng/10.0/secure/lib/libcrypto/man/BIO_read.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_accept.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_bio.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_connect.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_fd.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_file.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_mem.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_null.3 releng/10.0/secure/lib/libcrypto/man/BIO_s_socket.3 releng/10.0/secure/lib/libcrypto/man/BIO_set_callback.3 releng/10.0/secure/lib/libcrypto/man/BIO_should_retry.3 releng/10.0/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/10.0/secure/lib/libcrypto/man/BN_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/BN_CTX_start.3 releng/10.0/secure/lib/libcrypto/man/BN_add.3 releng/10.0/secure/lib/libcrypto/man/BN_add_word.3 releng/10.0/secure/lib/libcrypto/man/BN_bn2bin.3 releng/10.0/secure/lib/libcrypto/man/BN_cmp.3 releng/10.0/secure/lib/libcrypto/man/BN_copy.3 releng/10.0/secure/lib/libcrypto/man/BN_generate_prime.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/10.0/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/10.0/secure/lib/libcrypto/man/BN_new.3 releng/10.0/secure/lib/libcrypto/man/BN_num_bytes.3 releng/10.0/secure/lib/libcrypto/man/BN_rand.3 releng/10.0/secure/lib/libcrypto/man/BN_set_bit.3 releng/10.0/secure/lib/libcrypto/man/BN_swap.3 releng/10.0/secure/lib/libcrypto/man/BN_zero.3 releng/10.0/secure/lib/libcrypto/man/CMS_add0_cert.3 releng/10.0/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 releng/10.0/secure/lib/libcrypto/man/CMS_compress.3 releng/10.0/secure/lib/libcrypto/man/CMS_decrypt.3 releng/10.0/secure/lib/libcrypto/man/CMS_encrypt.3 releng/10.0/secure/lib/libcrypto/man/CMS_final.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 releng/10.0/secure/lib/libcrypto/man/CMS_get0_type.3 releng/10.0/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 releng/10.0/secure/lib/libcrypto/man/CMS_sign_receipt.3 releng/10.0/secure/lib/libcrypto/man/CMS_uncompress.3 releng/10.0/secure/lib/libcrypto/man/CMS_verify.3 releng/10.0/secure/lib/libcrypto/man/CMS_verify_receipt.3 releng/10.0/secure/lib/libcrypto/man/CONF_modules_free.3 releng/10.0/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/10.0/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/10.0/secure/lib/libcrypto/man/DH_generate_key.3 releng/10.0/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/10.0/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/DH_new.3 releng/10.0/secure/lib/libcrypto/man/DH_set_method.3 releng/10.0/secure/lib/libcrypto/man/DH_size.3 releng/10.0/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/10.0/secure/lib/libcrypto/man/DSA_do_sign.3 releng/10.0/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/10.0/secure/lib/libcrypto/man/DSA_generate_key.3 releng/10.0/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/10.0/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/DSA_new.3 releng/10.0/secure/lib/libcrypto/man/DSA_set_method.3 releng/10.0/secure/lib/libcrypto/man/DSA_sign.3 releng/10.0/secure/lib/libcrypto/man/DSA_size.3 releng/10.0/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/10.0/secure/lib/libcrypto/man/ERR_clear_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_error_string.3 releng/10.0/secure/lib/libcrypto/man/ERR_get_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/10.0/secure/lib/libcrypto/man/ERR_load_strings.3 releng/10.0/secure/lib/libcrypto/man/ERR_print_errors.3 releng/10.0/secure/lib/libcrypto/man/ERR_put_error.3 releng/10.0/secure/lib/libcrypto/man/ERR_remove_state.3 releng/10.0/secure/lib/libcrypto/man/ERR_set_mark.3 releng/10.0/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestSignInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_derive.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_sign.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify.3 releng/10.0/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 releng/10.0/secure/lib/libcrypto/man/EVP_SealInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_SignInit.3 releng/10.0/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/10.0/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_config.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/10.0/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/10.0/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 releng/10.0/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 releng/10.0/secure/lib/libcrypto/man/PKCS12_create.3 releng/10.0/secure/lib/libcrypto/man/PKCS12_parse.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_sign.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 releng/10.0/secure/lib/libcrypto/man/PKCS7_verify.3 releng/10.0/secure/lib/libcrypto/man/RAND_add.3 releng/10.0/secure/lib/libcrypto/man/RAND_bytes.3 releng/10.0/secure/lib/libcrypto/man/RAND_cleanup.3 releng/10.0/secure/lib/libcrypto/man/RAND_egd.3 releng/10.0/secure/lib/libcrypto/man/RAND_load_file.3 releng/10.0/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/10.0/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/10.0/secure/lib/libcrypto/man/RSA_check_key.3 releng/10.0/secure/lib/libcrypto/man/RSA_generate_key.3 releng/10.0/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/RSA_new.3 releng/10.0/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/10.0/secure/lib/libcrypto/man/RSA_print.3 releng/10.0/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/10.0/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/10.0/secure/lib/libcrypto/man/RSA_set_method.3 releng/10.0/secure/lib/libcrypto/man/RSA_sign.3 releng/10.0/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/10.0/secure/lib/libcrypto/man/RSA_size.3 releng/10.0/secure/lib/libcrypto/man/SMIME_read_CMS.3 releng/10.0/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/10.0/secure/lib/libcrypto/man/SMIME_write_CMS.3 releng/10.0/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/10.0/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 releng/10.0/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 releng/10.0/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 releng/10.0/secure/lib/libcrypto/man/X509_new.3 releng/10.0/secure/lib/libcrypto/man/X509_verify_cert.3 releng/10.0/secure/lib/libcrypto/man/bio.3 releng/10.0/secure/lib/libcrypto/man/blowfish.3 releng/10.0/secure/lib/libcrypto/man/bn.3 releng/10.0/secure/lib/libcrypto/man/bn_internal.3 releng/10.0/secure/lib/libcrypto/man/buffer.3 releng/10.0/secure/lib/libcrypto/man/crypto.3 releng/10.0/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/10.0/secure/lib/libcrypto/man/d2i_DHparams.3 releng/10.0/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/10.0/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/10.0/secure/lib/libcrypto/man/des.3 releng/10.0/secure/lib/libcrypto/man/dh.3 releng/10.0/secure/lib/libcrypto/man/dsa.3 releng/10.0/secure/lib/libcrypto/man/ecdsa.3 releng/10.0/secure/lib/libcrypto/man/engine.3 releng/10.0/secure/lib/libcrypto/man/err.3 releng/10.0/secure/lib/libcrypto/man/evp.3 releng/10.0/secure/lib/libcrypto/man/hmac.3 releng/10.0/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 releng/10.0/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 releng/10.0/secure/lib/libcrypto/man/lh_stats.3 releng/10.0/secure/lib/libcrypto/man/lhash.3 releng/10.0/secure/lib/libcrypto/man/md5.3 releng/10.0/secure/lib/libcrypto/man/mdc2.3 releng/10.0/secure/lib/libcrypto/man/pem.3 releng/10.0/secure/lib/libcrypto/man/rand.3 releng/10.0/secure/lib/libcrypto/man/rc4.3 releng/10.0/secure/lib/libcrypto/man/ripemd.3 releng/10.0/secure/lib/libcrypto/man/rsa.3 releng/10.0/secure/lib/libcrypto/man/sha.3 releng/10.0/secure/lib/libcrypto/man/threads.3 releng/10.0/secure/lib/libcrypto/man/ui.3 releng/10.0/secure/lib/libcrypto/man/ui_compat.3 releng/10.0/secure/lib/libcrypto/man/x509.3 releng/10.0/secure/lib/libssl/Makefile.man releng/10.0/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/10.0/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_free.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_new.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/10.0/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_free.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/10.0/secure/lib/libssl/man/SSL_accept.3 releng/10.0/secure/lib/libssl/man/SSL_alert_type_string.3 releng/10.0/secure/lib/libssl/man/SSL_clear.3 releng/10.0/secure/lib/libssl/man/SSL_connect.3 releng/10.0/secure/lib/libssl/man/SSL_do_handshake.3 releng/10.0/secure/lib/libssl/man/SSL_free.3 releng/10.0/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/10.0/secure/lib/libssl/man/SSL_get_ciphers.3 releng/10.0/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/10.0/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/10.0/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/10.0/secure/lib/libssl/man/SSL_get_error.3 releng/10.0/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/10.0/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/10.0/secure/lib/libssl/man/SSL_get_fd.3 releng/10.0/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/10.0/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/10.0/secure/lib/libssl/man/SSL_get_psk_identity.3 releng/10.0/secure/lib/libssl/man/SSL_get_rbio.3 releng/10.0/secure/lib/libssl/man/SSL_get_session.3 releng/10.0/secure/lib/libssl/man/SSL_get_verify_result.3 releng/10.0/secure/lib/libssl/man/SSL_get_version.3 releng/10.0/secure/lib/libssl/man/SSL_library_init.3 releng/10.0/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/10.0/secure/lib/libssl/man/SSL_new.3 releng/10.0/secure/lib/libssl/man/SSL_pending.3 releng/10.0/secure/lib/libssl/man/SSL_read.3 releng/10.0/secure/lib/libssl/man/SSL_rstate_string.3 releng/10.0/secure/lib/libssl/man/SSL_session_reused.3 releng/10.0/secure/lib/libssl/man/SSL_set_bio.3 releng/10.0/secure/lib/libssl/man/SSL_set_connect_state.3 releng/10.0/secure/lib/libssl/man/SSL_set_fd.3 releng/10.0/secure/lib/libssl/man/SSL_set_session.3 releng/10.0/secure/lib/libssl/man/SSL_set_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_set_verify_result.3 releng/10.0/secure/lib/libssl/man/SSL_shutdown.3 releng/10.0/secure/lib/libssl/man/SSL_state_string.3 releng/10.0/secure/lib/libssl/man/SSL_want.3 releng/10.0/secure/lib/libssl/man/SSL_write.3 releng/10.0/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/10.0/secure/lib/libssl/man/ssl.3 releng/10.0/secure/usr.bin/openssl/Makefile.man releng/10.0/secure/usr.bin/openssl/man/CA.pl.1 releng/10.0/secure/usr.bin/openssl/man/asn1parse.1 releng/10.0/secure/usr.bin/openssl/man/ca.1 releng/10.0/secure/usr.bin/openssl/man/ciphers.1 releng/10.0/secure/usr.bin/openssl/man/cms.1 releng/10.0/secure/usr.bin/openssl/man/crl.1 releng/10.0/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/10.0/secure/usr.bin/openssl/man/dgst.1 releng/10.0/secure/usr.bin/openssl/man/dhparam.1 releng/10.0/secure/usr.bin/openssl/man/dsa.1 releng/10.0/secure/usr.bin/openssl/man/dsaparam.1 releng/10.0/secure/usr.bin/openssl/man/ec.1 releng/10.0/secure/usr.bin/openssl/man/ecparam.1 releng/10.0/secure/usr.bin/openssl/man/enc.1 releng/10.0/secure/usr.bin/openssl/man/errstr.1 releng/10.0/secure/usr.bin/openssl/man/gendsa.1 releng/10.0/secure/usr.bin/openssl/man/genpkey.1 releng/10.0/secure/usr.bin/openssl/man/genrsa.1 releng/10.0/secure/usr.bin/openssl/man/nseq.1 releng/10.0/secure/usr.bin/openssl/man/ocsp.1 releng/10.0/secure/usr.bin/openssl/man/openssl.1 releng/10.0/secure/usr.bin/openssl/man/passwd.1 releng/10.0/secure/usr.bin/openssl/man/pkcs12.1 releng/10.0/secure/usr.bin/openssl/man/pkcs7.1 releng/10.0/secure/usr.bin/openssl/man/pkcs8.1 releng/10.0/secure/usr.bin/openssl/man/pkey.1 releng/10.0/secure/usr.bin/openssl/man/pkeyparam.1 releng/10.0/secure/usr.bin/openssl/man/pkeyutl.1 releng/10.0/secure/usr.bin/openssl/man/rand.1 releng/10.0/secure/usr.bin/openssl/man/req.1 releng/10.0/secure/usr.bin/openssl/man/rsa.1 releng/10.0/secure/usr.bin/openssl/man/rsautl.1 releng/10.0/secure/usr.bin/openssl/man/s_client.1 releng/10.0/secure/usr.bin/openssl/man/s_server.1 releng/10.0/secure/usr.bin/openssl/man/s_time.1 releng/10.0/secure/usr.bin/openssl/man/sess_id.1 releng/10.0/secure/usr.bin/openssl/man/smime.1 releng/10.0/secure/usr.bin/openssl/man/speed.1 releng/10.0/secure/usr.bin/openssl/man/spkac.1 releng/10.0/secure/usr.bin/openssl/man/ts.1 releng/10.0/secure/usr.bin/openssl/man/tsget.1 releng/10.0/secure/usr.bin/openssl/man/verify.1 releng/10.0/secure/usr.bin/openssl/man/version.1 releng/10.0/secure/usr.bin/openssl/man/x509.1 releng/10.0/secure/usr.bin/openssl/man/x509v3_config.1 releng/10.0/sys/conf/newvers.sh releng/10.0/sys/netinet/igmp.c releng/10.0/usr.sbin/freebsd-update/freebsd-update.sh releng/10.1/UPDATING releng/10.1/crypto/openssl/CHANGES releng/10.1/crypto/openssl/Configure releng/10.1/crypto/openssl/Makefile releng/10.1/crypto/openssl/NEWS releng/10.1/crypto/openssl/README releng/10.1/crypto/openssl/apps/ca.c releng/10.1/crypto/openssl/apps/dgst.c releng/10.1/crypto/openssl/apps/ocsp.c releng/10.1/crypto/openssl/apps/openssl.c releng/10.1/crypto/openssl/apps/s_client.c releng/10.1/crypto/openssl/apps/s_server.c releng/10.1/crypto/openssl/apps/s_time.c releng/10.1/crypto/openssl/apps/speed.c releng/10.1/crypto/openssl/crypto/Makefile releng/10.1/crypto/openssl/crypto/aes/asm/aes-mips.pl releng/10.1/crypto/openssl/crypto/asn1/asn1.h releng/10.1/crypto/openssl/crypto/asn1/asn1_err.c releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.1/crypto/openssl/crypto/asn1/x_name.c releng/10.1/crypto/openssl/crypto/bio/bio.h releng/10.1/crypto/openssl/crypto/bio/bss_dgram.c releng/10.1/crypto/openssl/crypto/bn/bn.h releng/10.1/crypto/openssl/crypto/bn/bn_ctx.c releng/10.1/crypto/openssl/crypto/bn/bn_div.c releng/10.1/crypto/openssl/crypto/bn/bntest.c releng/10.1/crypto/openssl/crypto/constant_time_locl.h releng/10.1/crypto/openssl/crypto/cversion.c releng/10.1/crypto/openssl/crypto/dso/dso_dlfcn.c releng/10.1/crypto/openssl/crypto/ec/ec_lib.c releng/10.1/crypto/openssl/crypto/ec/ec_mult.c releng/10.1/crypto/openssl/crypto/ec/ec_pmeth.c releng/10.1/crypto/openssl/crypto/ec/ecp_nistp256.c releng/10.1/crypto/openssl/crypto/ec/ectest.c releng/10.1/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.1/crypto/openssl/crypto/engine/eng_dyn.c releng/10.1/crypto/openssl/crypto/evp/Makefile releng/10.1/crypto/openssl/crypto/evp/e_des3.c releng/10.1/crypto/openssl/crypto/evp/evp_enc.c releng/10.1/crypto/openssl/crypto/md32_common.h releng/10.1/crypto/openssl/crypto/mem.c releng/10.1/crypto/openssl/crypto/objects/obj_xref.h releng/10.1/crypto/openssl/crypto/objects/objxref.pl releng/10.1/crypto/openssl/crypto/opensslv.h releng/10.1/crypto/openssl/crypto/sha/asm/sha1-mips.pl releng/10.1/crypto/openssl/crypto/sha/asm/sha512-mips.pl releng/10.1/crypto/openssl/crypto/ts/ts_rsp_sign.c releng/10.1/crypto/openssl/crypto/x509/x509_vpm.c releng/10.1/crypto/openssl/crypto/x509v3/v3_ncons.c releng/10.1/crypto/openssl/doc/HOWTO/certificates.txt releng/10.1/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/10.1/crypto/openssl/doc/apps/dgst.pod releng/10.1/crypto/openssl/doc/apps/ocsp.pod releng/10.1/crypto/openssl/doc/crypto/EVP_EncryptInit.pod releng/10.1/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod releng/10.1/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod releng/10.1/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod releng/10.1/crypto/openssl/e_os.h releng/10.1/crypto/openssl/engines/e_padlock.c releng/10.1/crypto/openssl/ssl/d1_both.c releng/10.1/crypto/openssl/ssl/d1_clnt.c releng/10.1/crypto/openssl/ssl/d1_enc.c releng/10.1/crypto/openssl/ssl/d1_lib.c releng/10.1/crypto/openssl/ssl/d1_pkt.c releng/10.1/crypto/openssl/ssl/d1_srvr.c releng/10.1/crypto/openssl/ssl/dtls1.h releng/10.1/crypto/openssl/ssl/kssl.c releng/10.1/crypto/openssl/ssl/s23_srvr.c releng/10.1/crypto/openssl/ssl/s2_enc.c releng/10.1/crypto/openssl/ssl/s2_pkt.c releng/10.1/crypto/openssl/ssl/s2_srvr.c releng/10.1/crypto/openssl/ssl/s3_both.c releng/10.1/crypto/openssl/ssl/s3_clnt.c releng/10.1/crypto/openssl/ssl/s3_enc.c releng/10.1/crypto/openssl/ssl/s3_lib.c releng/10.1/crypto/openssl/ssl/s3_meth.c releng/10.1/crypto/openssl/ssl/s3_pkt.c releng/10.1/crypto/openssl/ssl/s3_srvr.c releng/10.1/crypto/openssl/ssl/srtp.h releng/10.1/crypto/openssl/ssl/ssl.h releng/10.1/crypto/openssl/ssl/ssl3.h releng/10.1/crypto/openssl/ssl/ssl_cert.c releng/10.1/crypto/openssl/ssl/ssl_ciph.c releng/10.1/crypto/openssl/ssl/ssl_lib.c releng/10.1/crypto/openssl/ssl/ssl_locl.h releng/10.1/crypto/openssl/ssl/ssl_sess.c releng/10.1/crypto/openssl/ssl/ssltest.c releng/10.1/crypto/openssl/ssl/t1_enc.c releng/10.1/crypto/openssl/ssl/t1_lib.c releng/10.1/crypto/openssl/util/mk1mf.pl releng/10.1/crypto/openssl/util/mkdef.pl releng/10.1/crypto/openssl/util/pl/netware.pl releng/10.1/crypto/openssl/util/ssleay.num releng/10.1/secure/lib/libcrypto/Makefile releng/10.1/secure/lib/libcrypto/Makefile.inc releng/10.1/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_length.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_new.3 releng/10.1/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 releng/10.1/secure/lib/libcrypto/man/ASN1_generate_nconf.3 releng/10.1/secure/lib/libcrypto/man/BIO_ctrl.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_base64.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_buffer.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_cipher.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_md.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_null.3 releng/10.1/secure/lib/libcrypto/man/BIO_f_ssl.3 releng/10.1/secure/lib/libcrypto/man/BIO_find_type.3 releng/10.1/secure/lib/libcrypto/man/BIO_new.3 releng/10.1/secure/lib/libcrypto/man/BIO_new_CMS.3 releng/10.1/secure/lib/libcrypto/man/BIO_push.3 releng/10.1/secure/lib/libcrypto/man/BIO_read.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_accept.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_bio.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_connect.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_fd.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_file.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_mem.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_null.3 releng/10.1/secure/lib/libcrypto/man/BIO_s_socket.3 releng/10.1/secure/lib/libcrypto/man/BIO_set_callback.3 releng/10.1/secure/lib/libcrypto/man/BIO_should_retry.3 releng/10.1/secure/lib/libcrypto/man/BN_BLINDING_new.3 releng/10.1/secure/lib/libcrypto/man/BN_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/BN_CTX_start.3 releng/10.1/secure/lib/libcrypto/man/BN_add.3 releng/10.1/secure/lib/libcrypto/man/BN_add_word.3 releng/10.1/secure/lib/libcrypto/man/BN_bn2bin.3 releng/10.1/secure/lib/libcrypto/man/BN_cmp.3 releng/10.1/secure/lib/libcrypto/man/BN_copy.3 releng/10.1/secure/lib/libcrypto/man/BN_generate_prime.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_inverse.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 releng/10.1/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 releng/10.1/secure/lib/libcrypto/man/BN_new.3 releng/10.1/secure/lib/libcrypto/man/BN_num_bytes.3 releng/10.1/secure/lib/libcrypto/man/BN_rand.3 releng/10.1/secure/lib/libcrypto/man/BN_set_bit.3 releng/10.1/secure/lib/libcrypto/man/BN_swap.3 releng/10.1/secure/lib/libcrypto/man/BN_zero.3 releng/10.1/secure/lib/libcrypto/man/CMS_add0_cert.3 releng/10.1/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 releng/10.1/secure/lib/libcrypto/man/CMS_add1_signer.3 releng/10.1/secure/lib/libcrypto/man/CMS_compress.3 releng/10.1/secure/lib/libcrypto/man/CMS_decrypt.3 releng/10.1/secure/lib/libcrypto/man/CMS_encrypt.3 releng/10.1/secure/lib/libcrypto/man/CMS_final.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 releng/10.1/secure/lib/libcrypto/man/CMS_get0_type.3 releng/10.1/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 releng/10.1/secure/lib/libcrypto/man/CMS_sign.3 releng/10.1/secure/lib/libcrypto/man/CMS_sign_receipt.3 releng/10.1/secure/lib/libcrypto/man/CMS_uncompress.3 releng/10.1/secure/lib/libcrypto/man/CMS_verify.3 releng/10.1/secure/lib/libcrypto/man/CMS_verify_receipt.3 releng/10.1/secure/lib/libcrypto/man/CONF_modules_free.3 releng/10.1/secure/lib/libcrypto/man/CONF_modules_load_file.3 releng/10.1/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 releng/10.1/secure/lib/libcrypto/man/DH_generate_key.3 releng/10.1/secure/lib/libcrypto/man/DH_generate_parameters.3 releng/10.1/secure/lib/libcrypto/man/DH_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/DH_new.3 releng/10.1/secure/lib/libcrypto/man/DH_set_method.3 releng/10.1/secure/lib/libcrypto/man/DH_size.3 releng/10.1/secure/lib/libcrypto/man/DSA_SIG_new.3 releng/10.1/secure/lib/libcrypto/man/DSA_do_sign.3 releng/10.1/secure/lib/libcrypto/man/DSA_dup_DH.3 releng/10.1/secure/lib/libcrypto/man/DSA_generate_key.3 releng/10.1/secure/lib/libcrypto/man/DSA_generate_parameters.3 releng/10.1/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/DSA_new.3 releng/10.1/secure/lib/libcrypto/man/DSA_set_method.3 releng/10.1/secure/lib/libcrypto/man/DSA_sign.3 releng/10.1/secure/lib/libcrypto/man/DSA_size.3 releng/10.1/secure/lib/libcrypto/man/ERR_GET_LIB.3 releng/10.1/secure/lib/libcrypto/man/ERR_clear_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_error_string.3 releng/10.1/secure/lib/libcrypto/man/ERR_get_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 releng/10.1/secure/lib/libcrypto/man/ERR_load_strings.3 releng/10.1/secure/lib/libcrypto/man/ERR_print_errors.3 releng/10.1/secure/lib/libcrypto/man/ERR_put_error.3 releng/10.1/secure/lib/libcrypto/man/ERR_remove_state.3 releng/10.1/secure/lib/libcrypto/man/ERR_set_mark.3 releng/10.1/secure/lib/libcrypto/man/EVP_BytesToKey.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestSignInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_EncryptInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_OpenInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_derive.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_new.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_sign.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify.3 releng/10.1/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 releng/10.1/secure/lib/libcrypto/man/EVP_SealInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_SignInit.3 releng/10.1/secure/lib/libcrypto/man/EVP_VerifyInit.3 releng/10.1/secure/lib/libcrypto/man/OBJ_nid2obj.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_Applink.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_config.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 releng/10.1/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 releng/10.1/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 releng/10.1/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 releng/10.1/secure/lib/libcrypto/man/PKCS12_create.3 releng/10.1/secure/lib/libcrypto/man/PKCS12_parse.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_decrypt.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_encrypt.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_sign.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 releng/10.1/secure/lib/libcrypto/man/PKCS7_verify.3 releng/10.1/secure/lib/libcrypto/man/RAND_add.3 releng/10.1/secure/lib/libcrypto/man/RAND_bytes.3 releng/10.1/secure/lib/libcrypto/man/RAND_cleanup.3 releng/10.1/secure/lib/libcrypto/man/RAND_egd.3 releng/10.1/secure/lib/libcrypto/man/RAND_load_file.3 releng/10.1/secure/lib/libcrypto/man/RAND_set_rand_method.3 releng/10.1/secure/lib/libcrypto/man/RSA_blinding_on.3 releng/10.1/secure/lib/libcrypto/man/RSA_check_key.3 releng/10.1/secure/lib/libcrypto/man/RSA_generate_key.3 releng/10.1/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/RSA_new.3 releng/10.1/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 releng/10.1/secure/lib/libcrypto/man/RSA_print.3 releng/10.1/secure/lib/libcrypto/man/RSA_private_encrypt.3 releng/10.1/secure/lib/libcrypto/man/RSA_public_encrypt.3 releng/10.1/secure/lib/libcrypto/man/RSA_set_method.3 releng/10.1/secure/lib/libcrypto/man/RSA_sign.3 releng/10.1/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 releng/10.1/secure/lib/libcrypto/man/RSA_size.3 releng/10.1/secure/lib/libcrypto/man/SMIME_read_CMS.3 releng/10.1/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 releng/10.1/secure/lib/libcrypto/man/SMIME_write_CMS.3 releng/10.1/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 releng/10.1/secure/lib/libcrypto/man/X509_NAME_print_ex.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 releng/10.1/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 releng/10.1/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 releng/10.1/secure/lib/libcrypto/man/X509_new.3 releng/10.1/secure/lib/libcrypto/man/X509_verify_cert.3 releng/10.1/secure/lib/libcrypto/man/bio.3 releng/10.1/secure/lib/libcrypto/man/blowfish.3 releng/10.1/secure/lib/libcrypto/man/bn.3 releng/10.1/secure/lib/libcrypto/man/bn_internal.3 releng/10.1/secure/lib/libcrypto/man/buffer.3 releng/10.1/secure/lib/libcrypto/man/crypto.3 releng/10.1/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 releng/10.1/secure/lib/libcrypto/man/d2i_DHparams.3 releng/10.1/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_CRL.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_NAME.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_REQ.3 releng/10.1/secure/lib/libcrypto/man/d2i_X509_SIG.3 releng/10.1/secure/lib/libcrypto/man/des.3 releng/10.1/secure/lib/libcrypto/man/dh.3 releng/10.1/secure/lib/libcrypto/man/dsa.3 releng/10.1/secure/lib/libcrypto/man/ecdsa.3 releng/10.1/secure/lib/libcrypto/man/engine.3 releng/10.1/secure/lib/libcrypto/man/err.3 releng/10.1/secure/lib/libcrypto/man/evp.3 releng/10.1/secure/lib/libcrypto/man/hmac.3 releng/10.1/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 releng/10.1/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 releng/10.1/secure/lib/libcrypto/man/lh_stats.3 releng/10.1/secure/lib/libcrypto/man/lhash.3 releng/10.1/secure/lib/libcrypto/man/md5.3 releng/10.1/secure/lib/libcrypto/man/mdc2.3 releng/10.1/secure/lib/libcrypto/man/pem.3 releng/10.1/secure/lib/libcrypto/man/rand.3 releng/10.1/secure/lib/libcrypto/man/rc4.3 releng/10.1/secure/lib/libcrypto/man/ripemd.3 releng/10.1/secure/lib/libcrypto/man/rsa.3 releng/10.1/secure/lib/libcrypto/man/sha.3 releng/10.1/secure/lib/libcrypto/man/threads.3 releng/10.1/secure/lib/libcrypto/man/ui.3 releng/10.1/secure/lib/libcrypto/man/ui_compat.3 releng/10.1/secure/lib/libcrypto/man/x509.3 releng/10.1/secure/lib/libssl/man/SSL_CIPHER_get_name.3 releng/10.1/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_add_session.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_ctrl.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_free.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_new.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_number.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_sessions.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_options.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_timeout.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_set_verify.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_use_certificate.3 releng/10.1/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_free.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_SESSION_get_time.3 releng/10.1/secure/lib/libssl/man/SSL_accept.3 releng/10.1/secure/lib/libssl/man/SSL_alert_type_string.3 releng/10.1/secure/lib/libssl/man/SSL_clear.3 releng/10.1/secure/lib/libssl/man/SSL_connect.3 releng/10.1/secure/lib/libssl/man/SSL_do_handshake.3 releng/10.1/secure/lib/libssl/man/SSL_free.3 releng/10.1/secure/lib/libssl/man/SSL_get_SSL_CTX.3 releng/10.1/secure/lib/libssl/man/SSL_get_ciphers.3 releng/10.1/secure/lib/libssl/man/SSL_get_client_CA_list.3 releng/10.1/secure/lib/libssl/man/SSL_get_current_cipher.3 releng/10.1/secure/lib/libssl/man/SSL_get_default_timeout.3 releng/10.1/secure/lib/libssl/man/SSL_get_error.3 releng/10.1/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 releng/10.1/secure/lib/libssl/man/SSL_get_ex_new_index.3 releng/10.1/secure/lib/libssl/man/SSL_get_fd.3 releng/10.1/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 releng/10.1/secure/lib/libssl/man/SSL_get_peer_certificate.3 releng/10.1/secure/lib/libssl/man/SSL_get_psk_identity.3 releng/10.1/secure/lib/libssl/man/SSL_get_rbio.3 releng/10.1/secure/lib/libssl/man/SSL_get_session.3 releng/10.1/secure/lib/libssl/man/SSL_get_verify_result.3 releng/10.1/secure/lib/libssl/man/SSL_get_version.3 releng/10.1/secure/lib/libssl/man/SSL_library_init.3 releng/10.1/secure/lib/libssl/man/SSL_load_client_CA_file.3 releng/10.1/secure/lib/libssl/man/SSL_new.3 releng/10.1/secure/lib/libssl/man/SSL_pending.3 releng/10.1/secure/lib/libssl/man/SSL_read.3 releng/10.1/secure/lib/libssl/man/SSL_rstate_string.3 releng/10.1/secure/lib/libssl/man/SSL_session_reused.3 releng/10.1/secure/lib/libssl/man/SSL_set_bio.3 releng/10.1/secure/lib/libssl/man/SSL_set_connect_state.3 releng/10.1/secure/lib/libssl/man/SSL_set_fd.3 releng/10.1/secure/lib/libssl/man/SSL_set_session.3 releng/10.1/secure/lib/libssl/man/SSL_set_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_set_verify_result.3 releng/10.1/secure/lib/libssl/man/SSL_shutdown.3 releng/10.1/secure/lib/libssl/man/SSL_state_string.3 releng/10.1/secure/lib/libssl/man/SSL_want.3 releng/10.1/secure/lib/libssl/man/SSL_write.3 releng/10.1/secure/lib/libssl/man/d2i_SSL_SESSION.3 releng/10.1/secure/lib/libssl/man/ssl.3 releng/10.1/secure/usr.bin/openssl/man/CA.pl.1 releng/10.1/secure/usr.bin/openssl/man/asn1parse.1 releng/10.1/secure/usr.bin/openssl/man/c_rehash.1 releng/10.1/secure/usr.bin/openssl/man/ca.1 releng/10.1/secure/usr.bin/openssl/man/ciphers.1 releng/10.1/secure/usr.bin/openssl/man/cms.1 releng/10.1/secure/usr.bin/openssl/man/crl.1 releng/10.1/secure/usr.bin/openssl/man/crl2pkcs7.1 releng/10.1/secure/usr.bin/openssl/man/dgst.1 releng/10.1/secure/usr.bin/openssl/man/dhparam.1 releng/10.1/secure/usr.bin/openssl/man/dsa.1 releng/10.1/secure/usr.bin/openssl/man/dsaparam.1 releng/10.1/secure/usr.bin/openssl/man/ec.1 releng/10.1/secure/usr.bin/openssl/man/ecparam.1 releng/10.1/secure/usr.bin/openssl/man/enc.1 releng/10.1/secure/usr.bin/openssl/man/errstr.1 releng/10.1/secure/usr.bin/openssl/man/gendsa.1 releng/10.1/secure/usr.bin/openssl/man/genpkey.1 releng/10.1/secure/usr.bin/openssl/man/genrsa.1 releng/10.1/secure/usr.bin/openssl/man/nseq.1 releng/10.1/secure/usr.bin/openssl/man/ocsp.1 releng/10.1/secure/usr.bin/openssl/man/openssl.1 releng/10.1/secure/usr.bin/openssl/man/passwd.1 releng/10.1/secure/usr.bin/openssl/man/pkcs12.1 releng/10.1/secure/usr.bin/openssl/man/pkcs7.1 releng/10.1/secure/usr.bin/openssl/man/pkcs8.1 releng/10.1/secure/usr.bin/openssl/man/pkey.1 releng/10.1/secure/usr.bin/openssl/man/pkeyparam.1 releng/10.1/secure/usr.bin/openssl/man/pkeyutl.1 releng/10.1/secure/usr.bin/openssl/man/rand.1 releng/10.1/secure/usr.bin/openssl/man/req.1 releng/10.1/secure/usr.bin/openssl/man/rsa.1 releng/10.1/secure/usr.bin/openssl/man/rsautl.1 releng/10.1/secure/usr.bin/openssl/man/s_client.1 releng/10.1/secure/usr.bin/openssl/man/s_server.1 releng/10.1/secure/usr.bin/openssl/man/s_time.1 releng/10.1/secure/usr.bin/openssl/man/sess_id.1 releng/10.1/secure/usr.bin/openssl/man/smime.1 releng/10.1/secure/usr.bin/openssl/man/speed.1 releng/10.1/secure/usr.bin/openssl/man/spkac.1 releng/10.1/secure/usr.bin/openssl/man/ts.1 releng/10.1/secure/usr.bin/openssl/man/tsget.1 releng/10.1/secure/usr.bin/openssl/man/verify.1 releng/10.1/secure/usr.bin/openssl/man/version.1 releng/10.1/secure/usr.bin/openssl/man/x509.1 releng/10.1/secure/usr.bin/openssl/man/x509v3_config.1 releng/10.1/sys/conf/newvers.sh releng/10.1/sys/dev/vt/vt_core.c releng/10.1/sys/netinet/igmp.c releng/10.1/usr.sbin/freebsd-update/freebsd-update.sh Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/UPDATING Wed Feb 25 05:56:16 2015 (r279264) @@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150225: p18 FreeBSD-SA-15:04.igmp + FreeBSD-EN-15:01.vt + FreeBSD-EN-15:02.openssl + FreeBSD-EN-15:03.freebsd-update + + Fix integer overflow in IGMP protocol. [SA-15:04] + + Fix vt(4) crash with improper ioctl parameters. [EN-15:01] + + Updated base system OpenSSL to 1.0.1l. [EN-15:02] + + Fix freebsd-update libraries update ordering issue. [EN-15:03] + 20150127: p17 FreeBSD-SA-15:02.kmem FreeBSD-SA-15:03.sctp Modified: releng/10.0/crypto/openssl/ACKNOWLEDGMENTS ============================================================================== --- releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/ACKNOWLEDGMENTS Wed Feb 25 05:56:16 2015 (r279264) @@ -10,13 +10,18 @@ OpenSSL project. We would like to identify and thank the following such sponsors for their past or current significant support of the OpenSSL project: +Major support: + + Qualys http://www.qualys.com/ + Very significant support: - OpenGear: www.opengear.com + OpenGear: http://www.opengear.com/ Significant support: - PSW Group: www.psw.net + PSW Group: http://www.psw.net/ + Acano Ltd. http://acano.com/ Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. Modified: releng/10.0/crypto/openssl/CHANGES ============================================================================== --- releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/CHANGES Wed Feb 25 05:56:16 2015 (r279264) @@ -2,9 +2,376 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + + *) Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. + [David Benjamin, Emilia Käsper] + + *) Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) + [Emilia Käsper] + + *) Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. + + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. + [Emilia Käsper] + + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gröbert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia Käsper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia Käsper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gröbert, Ivan Fratric, Steve Henson] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha <mancha1@zoho.com>] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha <mancha1@zoho.com>] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha <mancha1@zoho.com>] + + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) TLS pad extension: draft-agl-tls-padding-03 + + Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the + TLS client Hello record length value would otherwise be > 255 and + less that 512 pad with a dummy extension containing zeroes so it + is at least 512 bytes long. + + [Adam Langley, Steve Henson] + + Changes between 1.0.1e and 1.0.1f [6 Jan 2014] + + *) Fix for TLS record tampering bug. A carefully crafted invalid + handshake could crash OpenSSL with a NULL pointer exception. + Thanks to Anton Johansson for reporting this issues. + (CVE-2013-4353) + + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which + avoids preferring ECDHE-ECDSA ciphers when the client appears to be + Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for + several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug + is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing + 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. + [Rob Stradling, Adam Langley] + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] - *) + *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI + supporting platforms or when small records were transferred. + [Andy Polyakov, Steve Henson] Changes between 1.0.1c and 1.0.1d [5 Feb 2013] @@ -404,6 +771,63 @@ Add command line options to s_client/s_server. [Steve Henson] + Changes between 1.0.0j and 1.0.0k [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + (This is a backport) + [Rob Stradling <rob.stradling@comodo.com>] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + Changes between 1.0.0i and 1.0.0j [10 May 2012] + + [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after + OpenSSL 1.0.1.] + + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + Changes between 1.0.0h and 1.0.0i [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley <agl@chromium.org> for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness @@ -1394,6 +1818,86 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + Changes between 0.9.8x and 0.9.8y [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + (This is a backport) + [Rob Stradling <rob.stradling@comodo.com>] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + Changes between 0.9.8w and 0.9.8x [10 May 2012] + + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + Changes between 0.9.8v and 0.9.8w [23 Apr 2012] + + *) The fix for CVE-2012-2110 did not take into account that the + 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an + int in OpenSSL 0.9.8, making it still vulnerable. Fix by + rejecting negative len parameter. (CVE-2012-2131) + [Tomas Hoger <thoger@redhat.com>] + + Changes between 0.9.8u and 0.9.8v [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley <agl@chromium.org> for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + + Changes between 0.9.8t and 0.9.8u [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. + [Steve Henson] + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. @@ -1401,7 +1905,7 @@ Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) [Antonio Martin] - + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension Modified: releng/10.0/crypto/openssl/Configure ============================================================================== --- releng/10.0/crypto/openssl/Configure Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Configure Wed Feb 25 05:56:16 2015 (r279264) @@ -178,7 +178,7 @@ my %table=( "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -526,7 +526,7 @@ my %table=( # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target -"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 @@ -720,6 +720,7 @@ my %disabled = ( # "what" => "co "sctp" => "default", "shared" => "default", "store" => "experimental", + "unit-test" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -727,7 +728,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE"; +my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -803,6 +804,11 @@ PROCESS_ARGS: { $disabled{"tls1"} = "option(tls)" } + elsif ($1 eq "ssl3-method") + { + $disabled{"ssl3-method"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } else { $disabled{$1} = "option"; @@ -1766,6 +1772,9 @@ open(OUT,'>crypto/opensslconf.h.new') || print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; +print OUT "#ifdef __cplusplus\n"; +print OUT "extern \"C\" {\n"; +print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; @@ -1870,6 +1879,9 @@ while (<IN>) { print OUT $_; } } close(IN); +print OUT "#ifdef __cplusplus\n"; +print OUT "}\n"; +print OUT "#endif\n"; close(OUT); rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; Modified: releng/10.0/crypto/openssl/FAQ ============================================================================== --- releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/FAQ Wed Feb 25 05:56:16 2015 (r279264) @@ -113,11 +113,6 @@ that came with the version of OpenSSL yo documentation is included in each OpenSSL distribution under the docs directory. -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much -of this still applies to OpenSSL. - There is some documentation about certificate extensions and PKCS#12 in doc/openssl.txt @@ -768,6 +763,9 @@ openssl-security@openssl.org if you don' acknowledging receipt then resend or mail it directly to one of the more active team members (e.g. Steve). +Note that bugs only present in the openssl utility are not in general +considered to be security issues. + [PROG] ======================================================================== * Is OpenSSL thread-safe? Modified: releng/10.0/crypto/openssl/Makefile ============================================================================== --- releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Makefile Wed Feb 25 05:56:16 2015 (r279264) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1e +VERSION=1.0.1l MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= EX_LIBS= EXE_EXT= @@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto build-shared; \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: releng/10.0/crypto/openssl/Makefile.org ============================================================================== --- releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/Makefile.org Wed Feb 25 05:56:16 2015 (r279264) @@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ fi; \ - $(MAKE) -e SHLIBDIRS=crypto build-shared; \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ Modified: releng/10.0/crypto/openssl/NEWS ============================================================================== --- releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:43:02 2015 (r279263) +++ releng/10.0/crypto/openssl/NEWS Wed Feb 25 05:56:16 2015 (r279264) @@ -5,11 +5,67 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + + o Build fixes for the Windows and OpenVMS platforms + + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] + + o Fix for CVE-2014-3512 + o Fix for CVE-2014-3511 + o Fix for CVE-2014-3510 + o Fix for CVE-2014-3507 + o Fix for CVE-2014-3506 + o Fix for CVE-2014-3505 + o Fix for CVE-2014-3509 + o Fix for CVE-2014-5139 + o Fix for CVE-2014-3508 + + Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] + + o Fix for CVE-2014-0224 + o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 + o Fix for CVE-2014-0195 + o Fix for CVE-2014-3470 + o Fix for CVE-2010-5298 + + Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] + + o Fix for CVE-2014-0160 + o Add TLS padding extension workaround for broken servers. + o Fix for CVE-2014-0076 + + Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] + + o Don't include gmt_unix_time in TLS server and client random values + o Fix for TLS record tampering bug CVE-2013-4353 + o Fix for TLS version checking bug CVE-2013-6449 + o Fix for DTLS retransmission bug CVE-2013-6450 + + Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: o Corrected fix for CVE-2013-0169 - Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: + Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]: o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. @@ -17,24 +73,24 @@ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix for TLS AESNI record handling flaw CVE-2012-2686 - Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]: o Fix TLS/DTLS record length checking bug CVE-2012-2333 o Don't attempt to use non-FIPS composite ciphers in FIPS mode. - Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: + Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]: o Fix compilation error on non-x86 platforms. o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 - Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: + Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. - Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]: o TLS/DTLS heartbeat support. o SCTP support. @@ -47,17 +103,30 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. - Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: + Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. - Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: + Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 - Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f: + Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 @@ -65,7 +134,7 @@ o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 o Check for malformed RFC3779 data CVE-2011-4577 - Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: + Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]: o Fix for CRL vulnerability issue CVE-2011-3207 o Fix for ECDH crashes CVE-2011-3210 @@ -73,11 +142,11 @@ o Support ECDH ciphersuites for certificates using SHA2 algorithms. o Various DTLS fixes. - Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 @@ -85,18 +154,18 @@ o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. - Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: + Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]: o Fix for security issue CVE-2010-3864. o Fix for CVE-2010-2939 o Fix WIN32 build system for GOST ENGINE. - Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]: o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. - Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. @@ -119,20 +188,55 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: + + o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) + + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: + + o Fix for DTLS DoS issue CVE-2012-0050 + + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Fix policy check double free error CVE-2011-4109 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + o Check for malformed RFC3779 data CVE-2011-4577 + + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. @@ -140,12 +244,12 @@ o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. o Fix security issues CVE-2010-0740 and CVE-2010-0433. - Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: o Cipher definition fixes. o Workaround for slow RAND_poll() on some WIN32 versions. @@ -157,33 +261,33 @@ o Ticket and SNI coexistence fixes. o Many fixes to DTLS handling. - Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: o Temporary work around for CVE-2009-3555: disable renegotiation. - Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: o Fix various build issues. o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) - Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502250556.t1P5uIsj088883>