Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 8 Apr 2014 21:06:59 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r264278 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/cms ...
Message-ID:  <201404082106.s38L6xdd016035@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue Apr  8 21:06:58 2014
New Revision: 264278
URL: http://svnweb.freebsd.org/changeset/base/264278

Log:
  Merge OpenSSL 1.0.1g.
  
  Approved by:	benl (maintainer)

Modified:
  head/crypto/openssl/CHANGES
  head/crypto/openssl/Configure
  head/crypto/openssl/FAQ
  head/crypto/openssl/Makefile
  head/crypto/openssl/Makefile.org
  head/crypto/openssl/NEWS
  head/crypto/openssl/README
  head/crypto/openssl/apps/apps.c
  head/crypto/openssl/apps/crl.c
  head/crypto/openssl/apps/dgst.c
  head/crypto/openssl/apps/ecparam.c
  head/crypto/openssl/apps/req.c
  head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
  head/crypto/openssl/crypto/asn1/asn1_err.c
  head/crypto/openssl/crypto/bio/bss_log.c
  head/crypto/openssl/crypto/cms/cms_lib.c
  head/crypto/openssl/crypto/cryptlib.c
  head/crypto/openssl/crypto/engine/eng_list.c
  head/crypto/openssl/crypto/evp/bio_b64.c
  head/crypto/openssl/crypto/modes/gcm128.c
  head/crypto/openssl/crypto/opensslv.h
  head/crypto/openssl/crypto/rand/md_rand.c
  head/crypto/openssl/crypto/symhacks.h
  head/crypto/openssl/crypto/x509/by_dir.c
  head/crypto/openssl/crypto/x509/x509_vfy.c
  head/crypto/openssl/doc/apps/config.pod
  head/crypto/openssl/doc/apps/crl.pod
  head/crypto/openssl/doc/apps/ec.pod
  head/crypto/openssl/doc/apps/pkcs12.pod
  head/crypto/openssl/doc/apps/req.pod
  head/crypto/openssl/doc/apps/s_client.pod
  head/crypto/openssl/doc/apps/s_server.pod
  head/crypto/openssl/doc/apps/ts.pod
  head/crypto/openssl/doc/apps/tsget.pod
  head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
  head/crypto/openssl/doc/crypto/ERR_get_error.pod
  head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
  head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
  head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
  head/crypto/openssl/doc/crypto/pem.pod
  head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
  head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
  head/crypto/openssl/e_os.h
  head/crypto/openssl/engines/ccgost/gosthash.c
  head/crypto/openssl/ssl/kssl.h
  head/crypto/openssl/ssl/s23_clnt.c
  head/crypto/openssl/ssl/s3_srvr.c
  head/crypto/openssl/ssl/ssl.h
  head/crypto/openssl/ssl/t1_enc.c
  head/crypto/openssl/ssl/t1_lib.c
  head/crypto/openssl/ssl/tls1.h
  head/crypto/openssl/util/libeay.num
  head/crypto/openssl/util/pl/BC-32.pl
  head/crypto/openssl/util/pl/VC-32.pl
  head/secure/lib/libcrypto/Makefile.inc
  head/secure/lib/libcrypto/amd64/vpaes-x86_64.S
  head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_length.3
  head/secure/lib/libcrypto/man/ASN1_STRING_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  head/secure/lib/libcrypto/man/BIO_ctrl.3
  head/secure/lib/libcrypto/man/BIO_f_base64.3
  head/secure/lib/libcrypto/man/BIO_f_buffer.3
  head/secure/lib/libcrypto/man/BIO_f_cipher.3
  head/secure/lib/libcrypto/man/BIO_f_md.3
  head/secure/lib/libcrypto/man/BIO_f_null.3
  head/secure/lib/libcrypto/man/BIO_f_ssl.3
  head/secure/lib/libcrypto/man/BIO_find_type.3
  head/secure/lib/libcrypto/man/BIO_new.3
  head/secure/lib/libcrypto/man/BIO_new_CMS.3
  head/secure/lib/libcrypto/man/BIO_push.3
  head/secure/lib/libcrypto/man/BIO_read.3
  head/secure/lib/libcrypto/man/BIO_s_accept.3
  head/secure/lib/libcrypto/man/BIO_s_bio.3
  head/secure/lib/libcrypto/man/BIO_s_connect.3
  head/secure/lib/libcrypto/man/BIO_s_fd.3
  head/secure/lib/libcrypto/man/BIO_s_file.3
  head/secure/lib/libcrypto/man/BIO_s_mem.3
  head/secure/lib/libcrypto/man/BIO_s_null.3
  head/secure/lib/libcrypto/man/BIO_s_socket.3
  head/secure/lib/libcrypto/man/BIO_set_callback.3
  head/secure/lib/libcrypto/man/BIO_should_retry.3
  head/secure/lib/libcrypto/man/BN_BLINDING_new.3
  head/secure/lib/libcrypto/man/BN_CTX_new.3
  head/secure/lib/libcrypto/man/BN_CTX_start.3
  head/secure/lib/libcrypto/man/BN_add.3
  head/secure/lib/libcrypto/man/BN_add_word.3
  head/secure/lib/libcrypto/man/BN_bn2bin.3
  head/secure/lib/libcrypto/man/BN_cmp.3
  head/secure/lib/libcrypto/man/BN_copy.3
  head/secure/lib/libcrypto/man/BN_generate_prime.3
  head/secure/lib/libcrypto/man/BN_mod_inverse.3
  head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  head/secure/lib/libcrypto/man/BN_new.3
  head/secure/lib/libcrypto/man/BN_num_bytes.3
  head/secure/lib/libcrypto/man/BN_rand.3
  head/secure/lib/libcrypto/man/BN_set_bit.3
  head/secure/lib/libcrypto/man/BN_swap.3
  head/secure/lib/libcrypto/man/BN_zero.3
  head/secure/lib/libcrypto/man/CMS_add0_cert.3
  head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  head/secure/lib/libcrypto/man/CMS_compress.3
  head/secure/lib/libcrypto/man/CMS_decrypt.3
  head/secure/lib/libcrypto/man/CMS_encrypt.3
  head/secure/lib/libcrypto/man/CMS_final.3
  head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_type.3
  head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  head/secure/lib/libcrypto/man/CMS_sign.3
  head/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
  head/secure/lib/libcrypto/man/CMS_sign_receipt.3
  head/secure/lib/libcrypto/man/CMS_uncompress.3
  head/secure/lib/libcrypto/man/CMS_verify.3
  head/secure/lib/libcrypto/man/CMS_verify_receipt.3
  head/secure/lib/libcrypto/man/CONF_modules_free.3
  head/secure/lib/libcrypto/man/CONF_modules_load_file.3
  head/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
  head/secure/lib/libcrypto/man/DH_generate_key.3
  head/secure/lib/libcrypto/man/DH_generate_parameters.3
  head/secure/lib/libcrypto/man/DH_get_ex_new_index.3
  head/secure/lib/libcrypto/man/DH_new.3
  head/secure/lib/libcrypto/man/DH_set_method.3
  head/secure/lib/libcrypto/man/DH_size.3
  head/secure/lib/libcrypto/man/DSA_SIG_new.3
  head/secure/lib/libcrypto/man/DSA_do_sign.3
  head/secure/lib/libcrypto/man/DSA_dup_DH.3
  head/secure/lib/libcrypto/man/DSA_generate_key.3
  head/secure/lib/libcrypto/man/DSA_generate_parameters.3
  head/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
  head/secure/lib/libcrypto/man/DSA_new.3
  head/secure/lib/libcrypto/man/DSA_set_method.3
  head/secure/lib/libcrypto/man/DSA_sign.3
  head/secure/lib/libcrypto/man/DSA_size.3
  head/secure/lib/libcrypto/man/ERR_GET_LIB.3
  head/secure/lib/libcrypto/man/ERR_clear_error.3
  head/secure/lib/libcrypto/man/ERR_error_string.3
  head/secure/lib/libcrypto/man/ERR_get_error.3
  head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  head/secure/lib/libcrypto/man/ERR_load_strings.3
  head/secure/lib/libcrypto/man/ERR_print_errors.3
  head/secure/lib/libcrypto/man/ERR_put_error.3
  head/secure/lib/libcrypto/man/ERR_remove_state.3
  head/secure/lib/libcrypto/man/ERR_set_mark.3
  head/secure/lib/libcrypto/man/EVP_BytesToKey.3
  head/secure/lib/libcrypto/man/EVP_DigestInit.3
  head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  head/secure/lib/libcrypto/man/EVP_EncryptInit.3
  head/secure/lib/libcrypto/man/EVP_OpenInit.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
  head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  head/secure/lib/libcrypto/man/EVP_PKEY_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  head/secure/lib/libcrypto/man/EVP_SealInit.3
  head/secure/lib/libcrypto/man/EVP_SignInit.3
  head/secure/lib/libcrypto/man/EVP_VerifyInit.3
  head/secure/lib/libcrypto/man/OBJ_nid2obj.3
  head/secure/lib/libcrypto/man/OPENSSL_Applink.3
  head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  head/secure/lib/libcrypto/man/OPENSSL_config.3
  head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  head/secure/lib/libcrypto/man/PKCS12_create.3
  head/secure/lib/libcrypto/man/PKCS12_parse.3
  head/secure/lib/libcrypto/man/PKCS7_decrypt.3
  head/secure/lib/libcrypto/man/PKCS7_encrypt.3
  head/secure/lib/libcrypto/man/PKCS7_sign.3
  head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  head/secure/lib/libcrypto/man/PKCS7_verify.3
  head/secure/lib/libcrypto/man/RAND_add.3
  head/secure/lib/libcrypto/man/RAND_bytes.3
  head/secure/lib/libcrypto/man/RAND_cleanup.3
  head/secure/lib/libcrypto/man/RAND_egd.3
  head/secure/lib/libcrypto/man/RAND_load_file.3
  head/secure/lib/libcrypto/man/RAND_set_rand_method.3
  head/secure/lib/libcrypto/man/RSA_blinding_on.3
  head/secure/lib/libcrypto/man/RSA_check_key.3
  head/secure/lib/libcrypto/man/RSA_generate_key.3
  head/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
  head/secure/lib/libcrypto/man/RSA_new.3
  head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  head/secure/lib/libcrypto/man/RSA_print.3
  head/secure/lib/libcrypto/man/RSA_private_encrypt.3
  head/secure/lib/libcrypto/man/RSA_public_encrypt.3
  head/secure/lib/libcrypto/man/RSA_set_method.3
  head/secure/lib/libcrypto/man/RSA_sign.3
  head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  head/secure/lib/libcrypto/man/RSA_size.3
  head/secure/lib/libcrypto/man/SMIME_read_CMS.3
  head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  head/secure/lib/libcrypto/man/SMIME_write_CMS.3
  head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  head/secure/lib/libcrypto/man/X509_new.3
  head/secure/lib/libcrypto/man/X509_verify_cert.3
  head/secure/lib/libcrypto/man/bio.3
  head/secure/lib/libcrypto/man/blowfish.3
  head/secure/lib/libcrypto/man/bn.3
  head/secure/lib/libcrypto/man/bn_internal.3
  head/secure/lib/libcrypto/man/buffer.3
  head/secure/lib/libcrypto/man/crypto.3
  head/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
  head/secure/lib/libcrypto/man/d2i_DHparams.3
  head/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
  head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
  head/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
  head/secure/lib/libcrypto/man/d2i_X509.3
  head/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
  head/secure/lib/libcrypto/man/d2i_X509_CRL.3
  head/secure/lib/libcrypto/man/d2i_X509_NAME.3
  head/secure/lib/libcrypto/man/d2i_X509_REQ.3
  head/secure/lib/libcrypto/man/d2i_X509_SIG.3
  head/secure/lib/libcrypto/man/des.3
  head/secure/lib/libcrypto/man/dh.3
  head/secure/lib/libcrypto/man/dsa.3
  head/secure/lib/libcrypto/man/ecdsa.3
  head/secure/lib/libcrypto/man/engine.3
  head/secure/lib/libcrypto/man/err.3
  head/secure/lib/libcrypto/man/evp.3
  head/secure/lib/libcrypto/man/hmac.3
  head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  head/secure/lib/libcrypto/man/lh_stats.3
  head/secure/lib/libcrypto/man/lhash.3
  head/secure/lib/libcrypto/man/md5.3
  head/secure/lib/libcrypto/man/mdc2.3
  head/secure/lib/libcrypto/man/pem.3
  head/secure/lib/libcrypto/man/rand.3
  head/secure/lib/libcrypto/man/rc4.3
  head/secure/lib/libcrypto/man/ripemd.3
  head/secure/lib/libcrypto/man/rsa.3
  head/secure/lib/libcrypto/man/sha.3
  head/secure/lib/libcrypto/man/threads.3
  head/secure/lib/libcrypto/man/ui.3
  head/secure/lib/libcrypto/man/ui_compat.3
  head/secure/lib/libcrypto/man/x509.3
  head/secure/lib/libssl/man/SSL_CIPHER_get_name.3
  head/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
  head/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
  head/secure/lib/libssl/man/SSL_CTX_add_session.3
  head/secure/lib/libssl/man/SSL_CTX_ctrl.3
  head/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
  head/secure/lib/libssl/man/SSL_CTX_free.3
  head/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
  head/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
  head/secure/lib/libssl/man/SSL_CTX_new.3
  head/secure/lib/libssl/man/SSL_CTX_sess_number.3
  head/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
  head/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
  head/secure/lib/libssl/man/SSL_CTX_sessions.3
  head/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
  head/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
  head/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
  head/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
  head/secure/lib/libssl/man/SSL_CTX_set_mode.3
  head/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_options.3
  head/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
  head/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
  head/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
  head/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
  head/secure/lib/libssl/man/SSL_CTX_set_timeout.3
  head/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
  head/secure/lib/libssl/man/SSL_CTX_set_verify.3
  head/secure/lib/libssl/man/SSL_CTX_use_certificate.3
  head/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
  head/secure/lib/libssl/man/SSL_SESSION_free.3
  head/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_SESSION_get_time.3
  head/secure/lib/libssl/man/SSL_accept.3
  head/secure/lib/libssl/man/SSL_alert_type_string.3
  head/secure/lib/libssl/man/SSL_clear.3
  head/secure/lib/libssl/man/SSL_connect.3
  head/secure/lib/libssl/man/SSL_do_handshake.3
  head/secure/lib/libssl/man/SSL_free.3
  head/secure/lib/libssl/man/SSL_get_SSL_CTX.3
  head/secure/lib/libssl/man/SSL_get_ciphers.3
  head/secure/lib/libssl/man/SSL_get_client_CA_list.3
  head/secure/lib/libssl/man/SSL_get_current_cipher.3
  head/secure/lib/libssl/man/SSL_get_default_timeout.3
  head/secure/lib/libssl/man/SSL_get_error.3
  head/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
  head/secure/lib/libssl/man/SSL_get_ex_new_index.3
  head/secure/lib/libssl/man/SSL_get_fd.3
  head/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
  head/secure/lib/libssl/man/SSL_get_peer_certificate.3
  head/secure/lib/libssl/man/SSL_get_psk_identity.3
  head/secure/lib/libssl/man/SSL_get_rbio.3
  head/secure/lib/libssl/man/SSL_get_session.3
  head/secure/lib/libssl/man/SSL_get_verify_result.3
  head/secure/lib/libssl/man/SSL_get_version.3
  head/secure/lib/libssl/man/SSL_library_init.3
  head/secure/lib/libssl/man/SSL_load_client_CA_file.3
  head/secure/lib/libssl/man/SSL_new.3
  head/secure/lib/libssl/man/SSL_pending.3
  head/secure/lib/libssl/man/SSL_read.3
  head/secure/lib/libssl/man/SSL_rstate_string.3
  head/secure/lib/libssl/man/SSL_session_reused.3
  head/secure/lib/libssl/man/SSL_set_bio.3
  head/secure/lib/libssl/man/SSL_set_connect_state.3
  head/secure/lib/libssl/man/SSL_set_fd.3
  head/secure/lib/libssl/man/SSL_set_session.3
  head/secure/lib/libssl/man/SSL_set_shutdown.3
  head/secure/lib/libssl/man/SSL_set_verify_result.3
  head/secure/lib/libssl/man/SSL_shutdown.3
  head/secure/lib/libssl/man/SSL_state_string.3
  head/secure/lib/libssl/man/SSL_want.3
  head/secure/lib/libssl/man/SSL_write.3
  head/secure/lib/libssl/man/d2i_SSL_SESSION.3
  head/secure/lib/libssl/man/ssl.3
  head/secure/usr.bin/openssl/man/CA.pl.1
  head/secure/usr.bin/openssl/man/asn1parse.1
  head/secure/usr.bin/openssl/man/ca.1
  head/secure/usr.bin/openssl/man/ciphers.1
  head/secure/usr.bin/openssl/man/cms.1
  head/secure/usr.bin/openssl/man/crl.1
  head/secure/usr.bin/openssl/man/crl2pkcs7.1
  head/secure/usr.bin/openssl/man/dgst.1
  head/secure/usr.bin/openssl/man/dhparam.1
  head/secure/usr.bin/openssl/man/dsa.1
  head/secure/usr.bin/openssl/man/dsaparam.1
  head/secure/usr.bin/openssl/man/ec.1
  head/secure/usr.bin/openssl/man/ecparam.1
  head/secure/usr.bin/openssl/man/enc.1
  head/secure/usr.bin/openssl/man/errstr.1
  head/secure/usr.bin/openssl/man/gendsa.1
  head/secure/usr.bin/openssl/man/genpkey.1
  head/secure/usr.bin/openssl/man/genrsa.1
  head/secure/usr.bin/openssl/man/nseq.1
  head/secure/usr.bin/openssl/man/ocsp.1
  head/secure/usr.bin/openssl/man/openssl.1
  head/secure/usr.bin/openssl/man/passwd.1
  head/secure/usr.bin/openssl/man/pkcs12.1
  head/secure/usr.bin/openssl/man/pkcs7.1
  head/secure/usr.bin/openssl/man/pkcs8.1
  head/secure/usr.bin/openssl/man/pkey.1
  head/secure/usr.bin/openssl/man/pkeyparam.1
  head/secure/usr.bin/openssl/man/pkeyutl.1
  head/secure/usr.bin/openssl/man/rand.1
  head/secure/usr.bin/openssl/man/req.1
  head/secure/usr.bin/openssl/man/rsa.1
  head/secure/usr.bin/openssl/man/rsautl.1
  head/secure/usr.bin/openssl/man/s_client.1
  head/secure/usr.bin/openssl/man/s_server.1
  head/secure/usr.bin/openssl/man/s_time.1
  head/secure/usr.bin/openssl/man/sess_id.1
  head/secure/usr.bin/openssl/man/smime.1
  head/secure/usr.bin/openssl/man/speed.1
  head/secure/usr.bin/openssl/man/spkac.1
  head/secure/usr.bin/openssl/man/ts.1
  head/secure/usr.bin/openssl/man/tsget.1
  head/secure/usr.bin/openssl/man/verify.1
  head/secure/usr.bin/openssl/man/version.1
  head/secure/usr.bin/openssl/man/x509.1
  head/secure/usr.bin/openssl/man/x509v3_config.1
Directory Properties:
  head/crypto/openssl/   (props changed)

Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/CHANGES	Tue Apr  8 21:06:58 2014	(r264278)
@@ -2,6 +2,35 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
  Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
 
   *) Fix for TLS record tampering bug. A carefully crafted invalid 

Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/Configure	Tue Apr  8 21:06:58 2014	(r264278)
@@ -526,7 +526,7 @@ my %table=(
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
 "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 # Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
 
 # Borland C++ 4.5

Modified: head/crypto/openssl/FAQ
==============================================================================
--- head/crypto/openssl/FAQ	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/FAQ	Tue Apr  8 21:06:58 2014	(r264278)
@@ -768,6 +768,9 @@ openssl-security@openssl.org if you don'
 acknowledging receipt then resend or mail it directly to one of the
 more active team members (e.g. Steve).
 
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues. 
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?

Modified: head/crypto/openssl/Makefile
==============================================================================
--- head/crypto/openssl/Makefile	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/Makefile	Tue Apr  8 21:06:58 2014	(r264278)
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1f
+VERSION=1.0.1g
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -304,8 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
 			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
 			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC=$${CC:-$(CC)} build-shared; \
-		touch -c fips_premain_dso$(EXE_EXT); \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \

Modified: head/crypto/openssl/Makefile.org
==============================================================================
--- head/crypto/openssl/Makefile.org	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/Makefile.org	Tue Apr  8 21:06:58 2014	(r264278)
@@ -302,8 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
 			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
 			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
 		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC=$${CC:-$(CC)} build-shared; \
-		touch -c fips_premain_dso$(EXE_EXT); \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \

Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/NEWS	Tue Apr  8 21:06:58 2014	(r264278)
@@ -5,8 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
   Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
 
+      o Don't include gmt_unix_time in TLS server and client random values
       o Fix for TLS record tampering bug CVE-2013-4353
       o Fix for TLS version checking bug CVE-2013-6449
       o Fix for DTLS retransmission bug CVE-2013-6450

Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/README	Tue Apr  8 21:06:58 2014	(r264278)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1f 6 Jan 2014
+ OpenSSL 1.0.1g 7 Apr 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: head/crypto/openssl/apps/apps.c
==============================================================================
--- head/crypto/openssl/apps/apps.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/apps/apps.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -586,12 +586,12 @@ int password_callback(char *buf, int buf
 
 		if (ok >= 0)
 			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-				PW_MIN_LENGTH,BUFSIZ-1);
+				PW_MIN_LENGTH,bufsiz-1);
 		if (ok >= 0 && verify)
 			{
 			buff = (char *)OPENSSL_malloc(bufsiz);
 			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-				PW_MIN_LENGTH,BUFSIZ-1, buf);
+				PW_MIN_LENGTH,bufsiz-1, buf);
 			}
 		if (ok >= 0)
 			do
@@ -2841,7 +2841,7 @@ double app_tminterval(int stop,int usert
 
 	if (proc==NULL)
 		{
-		if (GetVersion() < 0x80000000)
+		if (check_winnt())
 			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
 						GetCurrentProcessId());
 		if (proc==NULL) proc = (HANDLE)-1;

Modified: head/crypto/openssl/apps/crl.c
==============================================================================
--- head/crypto/openssl/apps/crl.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/apps/crl.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
 	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
 	int fingerprint = 0, crlnumber = 0;
 	const char **pp;
 	X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
 			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+#ifndef OPENSSL_NO_MD5
+		else if (strcmp(*argv,"-hash_old") == 0)
+			hash_old= ++num;
+#endif
 		else if (strcmp(*argv,"-nameopt") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
+#ifndef OPENSSL_NO_MD5
+			if (hash_old == i)
+				{
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash_old(
+						X509_CRL_get_issuer(x)));
+				}
+#endif
 			if (lastupdate == i)
 				{
 				BIO_printf(bio_out,"lastUpdate=");

Modified: head/crypto/openssl/apps/dgst.c
==============================================================================
--- head/crypto/openssl/apps/dgst.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/apps/dgst.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
 			goto end;
 			}
 		if (do_verify)
-			r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+			r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
 		else
-			r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+			r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
 		if (!r)
 			{
 			BIO_printf(bio_err, "Error setting context\n");

Modified: head/crypto/openssl/apps/ecparam.c
==============================================================================
--- head/crypto/openssl/apps/ecparam.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/apps/ecparam.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -105,7 +105,7 @@
  *                    in the asn1 der encoding
  *                    possible values: named_curve (default)
  *                                     explicit
- * -no_seed         - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed         - if 'explicit' parameters are chosen do not use the seed
  * -genkey          - generate ec key
  * -rand file       - files to use for random number input
  * -engine e        - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
 		BIO_printf(bio_err, "                                   "
 				" explicit\n");
 		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-				" parameters are choosen do not"
+				" parameters are chosen do not"
 				" use the seed\n");
 		BIO_printf(bio_err, " -genkey           generate ec"
 				" key\n");

Modified: head/crypto/openssl/apps/req.c
==============================================================================
--- head/crypto/openssl/apps/req.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/apps/req.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -644,6 +644,11 @@ bad:
 		if (inrand)
 			app_RAND_load_files(inrand);
 
+		if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+			{
+			newkey=DEFAULT_KEY_LENGTH;
+			}
+
 		if (keyalg)
 			{
 			genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
 				goto end;
 			}
 	
-		if (newkey <= 0)
-			{
-			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-				newkey=DEFAULT_KEY_LENGTH;
-			}
-
 		if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO 
 				keylen = atol(p + 1);
 				*pkeylen = keylen;
 				}
+			else
+				keylen = *pkeylen;
 			}
 		else if (p)
 			paramfile = p + 1;

Modified: head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl	Tue Apr  8 21:06:58 2014	(r264278)
@@ -1060,7 +1060,7 @@ _vpaes_consts:
 .Lk_dsbo:	# decryption sbox final output
 	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
 	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz	"Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz	"Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
 .align	64
 .size	_vpaes_consts,.-_vpaes_consts
 ___

Modified: head/crypto/openssl/crypto/asn1/asn1_err.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/asn1_err.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/asn1/asn1_err.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},

Modified: head/crypto/openssl/crypto/bio/bss_log.c
==============================================================================
--- head/crypto/openssl/crypto/bio/bss_log.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/bio/bss_log.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp,
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-	if (GetVersion() < 0x80000000)
+	if (check_winnt())
 		bp->ptr = RegisterEventSourceA(NULL,name);
 	else
 		bp->ptr = NULL;

Modified: head/crypto/openssl/crypto/cms/cms_lib.c
==============================================================================
--- head/crypto/openssl/crypto/cms/cms_lib.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/cms/cms_lib.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -465,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, 
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return 0;
-	if (!pcerts)
-		return 0;
 	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
 		{
 		cch = sk_CMS_CertificateChoices_value(*pcerts, i);

Modified: head/crypto/openssl/crypto/cryptlib.c
==============================================================================
--- head/crypto/openssl/crypto/cryptlib.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/cryptlib.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -889,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+    if (check_winnt() && OPENSSL_isservice() > 0)
     {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
 	const TCHAR *pmsg=buf;
 	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);

Modified: head/crypto/openssl/crypto/engine/eng_list.c
==============================================================================
--- head/crypto/openssl/crypto/engine/eng_list.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/engine/eng_list.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
 				!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
 				!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
 					load_dir, 0) ||
+				!ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
 				!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
 				goto notfound;
 		return iterator;

Modified: head/crypto/openssl/crypto/evp/bio_b64.c
==============================================================================
--- head/crypto/openssl/crypto/evp/bio_b64.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/evp/bio_b64.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, i
 				}
 
 			/* we fell off the end without starting */
-			if (j == i)
+			if ((j == i) && (num == 0))
 				{
 				/* Is this is one long chunk?, if so, keep on
 				 * reading until a new line. */

Modified: head/crypto/openssl/crypto/modes/gcm128.c
==============================================================================
--- head/crypto/openssl/crypto/modes/gcm128.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/modes/gcm128.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT 
 		GCM_MUL(ctx,Yi);
 
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 			ctr = GETU32(ctx->Yi.c+12);
+#endif
 		else
 			ctr = ctx->Yi.d[3];
 	}
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT 
 	(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
 	++ctr;
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 		PUTU32(ctx->Yi.c+12,ctr);
+#endif
 	else
 		ctx->Yi.d[3] = ctr;
 }
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -947,7 +959,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -969,7 +985,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -988,7 +1008,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1004,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			while (len--) {
@@ -1022,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 		}
@@ -1066,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1103,7 +1139,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1123,7 +1163,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i)
@@ -1141,7 +1185,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			for (i=0; i<16/sizeof(size_t); ++i) {
@@ -1159,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 			while (len--) {
@@ -1180,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT
 			(*block)(ctx->Yi.c,ctx->EKi.c,key);
 			++ctr;
 			if (is_endian.little)
+#ifdef BSWAP4
+				ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 				PUTU32(ctx->Yi.c+12,ctr);
+#endif
 			else
 				ctx->Yi.d[3] = ctr;
 		}
@@ -1225,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1247,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		GHASH(ctx,out,GHASH_CHUNK);
@@ -1262,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		in  += i;
@@ -1282,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		while (len--) {
@@ -1324,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 	}
 
 	if (is_endian.little)
+#ifdef BSWAP4
+		ctr = BSWAP4(ctx->Yi.d[3]);
+#else
 		ctr = GETU32(ctx->Yi.c+12);
+#endif
 	else
 		ctr = ctx->Yi.d[3];
 
@@ -1349,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
 		ctr += GHASH_CHUNK/16;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		out += GHASH_CHUNK;
@@ -1375,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*stream)(in,out,j,key,ctx->Yi.c);
 		ctr += (unsigned int)j;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		out += i;
@@ -1386,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_C
 		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
 		++ctr;
 		if (is_endian.little)
+#ifdef BSWAP4
+			ctx->Yi.d[3] = BSWAP4(ctr);
+#else
 			PUTU32(ctx->Yi.c+12,ctr);
+#endif
 		else
 			ctx->Yi.d[3] = ctr;
 		while (len--) {

Modified: head/crypto/openssl/crypto/opensslv.h
==============================================================================
--- head/crypto/openssl/crypto/opensslv.h	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/opensslv.h	Tue Apr  8 21:06:58 2014	(r264278)
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000106fL
+#define OPENSSL_VERSION_NUMBER	0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f-fips 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1f-freebsd 6 Jan 2014"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1g-freebsd 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

Modified: head/crypto/openssl/crypto/rand/md_rand.c
==============================================================================
--- head/crypto/openssl/crypto/rand/md_rand.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/rand/md_rand.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *
 	EVP_MD_CTX m;
 	int do_not_lock;
 
+	if (!num)
+		return;
+
 	/*
 	 * (Based on the rand(3) manpage)
 	 *

Modified: head/crypto/openssl/crypto/symhacks.h
==============================================================================
--- head/crypto/openssl/crypto/symhacks.h	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/symhacks.h	Tue Apr  8 21:06:58 2014	(r264278)
@@ -204,6 +204,12 @@
 #define SSL_CTX_set_next_protos_advertised_cb	SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
 #define SSL_CTX_set_next_proto_select_cb	SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt

Modified: head/crypto/openssl/crypto/x509/by_dir.c
==============================================================================
--- head/crypto/openssl/crypto/x509/by_dir.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/x509/by_dir.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, con
 
 	s=dir;
 	p=s;
-	for (;;p++)
+	do
 		{
 		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
 			{
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, con
 				return 0;
 				}
 			}
-		if (*p == '\0')
-			break;
-		}
+		} while (*p++ != '\0');
 	return 1;
 	}
 

Modified: head/crypto/openssl/crypto/x509/x509_vfy.c
==============================================================================
--- head/crypto/openssl/crypto/x509/x509_vfy.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/crypto/x509/x509_vfy.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx,
 	 * a certificate was revoked. This has since been changed since 
 	 * critical extension can change the meaning of CRL entries.
 	 */
-	if (crl->flags & EXFLAG_CRITICAL)
+	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+		&& (crl->flags & EXFLAG_CRITICAL))
 		{
-		if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-			return 1;
 		ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
 		ok = ctx->verify_cb(0, ctx);
 		if(!ok)

Modified: head/crypto/openssl/doc/apps/config.pod
==============================================================================
--- head/crypto/openssl/doc/apps/config.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/config.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -119,7 +119,7 @@ variable points to a section containing 
 information.
 
 The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
+B<engine_id> below) and further sections containing configuration information
 specific to each ENGINE.
 
 Each ENGINE specific section is used to set default algorithms, load

Modified: head/crypto/openssl/doc/apps/crl.pod
==============================================================================
--- head/crypto/openssl/doc/apps/crl.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/crl.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -62,6 +62,11 @@ don't output the encoded version of the 
 output a hash of the issuer name. This can be use to lookup CRLs in
 a directory by issuer name.
 
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
 =item B<-issuer>
 
 output the issuer name.

Modified: head/crypto/openssl/doc/apps/ec.pod
==============================================================================
--- head/crypto/openssl/doc/apps/ec.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/ec.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs
 
 This specifies the input format. The B<DER> option with a private key uses
 an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
 The B<PEM> form is the default format: it consists of the B<DER> format base64
 encoded with additional header and footer lines. In the case of a private key
 PKCS#8 format is also accepted.

Modified: head/crypto/openssl/doc/apps/pkcs12.pod
==============================================================================
--- head/crypto/openssl/doc/apps/pkcs12.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/pkcs12.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -67,7 +67,7 @@ by default.
 The filename to write certificates and private keys to, standard output by
 default.  They are all written in PEM format.
 
-=item B<-pass arg>, B<-passin arg>
+=item B<-passin arg>
 
 the PKCS#12 file (i.e. input file) password source. For more information about
 the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
@@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
 
 =item B<-passout arg>
 
-pass phrase source to encrypt any outputed private keys with. For more
+pass phrase source to encrypt any outputted private keys with. For more
 information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
 in L<openssl(1)|openssl(1)>.
 
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
 =item B<-noout>
 
 this option inhibits output of the keys and certificates to the output file

Modified: head/crypto/openssl/doc/apps/req.pod
==============================================================================
--- head/crypto/openssl/doc/apps/req.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/req.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
 
 =item B<-newhdr>
 
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
 request. Some software (Netscape certificate server) and some CAs need this.
 
 =item B<-batch>

Modified: head/crypto/openssl/doc/apps/s_client.pod
==============================================================================
--- head/crypto/openssl/doc/apps/s_client.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/s_client.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -10,6 +10,7 @@ s_client - SSL/TLS client program
 B<openssl> B<s_client>
 [B<-connect host:port>]
 [B<-verify depth>]
+[B<-verify_return_error>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key filename>]
@@ -90,6 +91,11 @@ Currently the verify operation continues
 with a certificate chain can be seen. As a side effect the connection
 will never fail due to a server certificate verify failure.
 
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
 =item B<-CApath directory>
 
 The directory to use for server certificate verification. This directory
@@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot inc
 these will only be supported if its use is disabled, for example by using the
 B<-no_sslv2> option.
 
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
@@ -293,9 +306,6 @@ the techniques used are rather old, the 
 hard to read and not a model of how things should be done. A typical
 SSL client program would be much simpler.
 
-The B<-verify> option should really exit if the server verification
-fails.
-
 The B<-prexit> option is a bit of a hack. We should really report
 information whenever a session is renegotiated.
 

Modified: head/crypto/openssl/doc/apps/s_server.pod
==============================================================================
--- head/crypto/openssl/doc/apps/s_server.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/s_server.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -111,7 +111,7 @@ by using an appropriate certificate.
 
 =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
 
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
 
 =item B<-nocert>
 

Modified: head/crypto/openssl/doc/apps/ts.pod
==============================================================================
--- head/crypto/openssl/doc/apps/ts.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/ts.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -352,7 +352,7 @@ switch always overrides the settings in 
 
 This is the main section and it specifies the name of another section
 that contains all the options for the B<-reply> command. This default
-section can be overriden with the B<-section> command line switch. (Optional)
+section can be overridden with the B<-section> command line switch. (Optional)
 
 =item B<oid_file>
 
@@ -453,7 +453,7 @@ included. Default is no. (Optional)
 =head1 ENVIRONMENT VARIABLES
 
 B<OPENSSL_CONF> contains the path of the configuration file and can be
-overriden by the B<-config> command line option.
+overridden by the B<-config> command line option.
 
 =head1 EXAMPLES
 

Modified: head/crypto/openssl/doc/apps/tsget.pod
==============================================================================
--- head/crypto/openssl/doc/apps/tsget.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/apps/tsget.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -124,7 +124,7 @@ The name of an EGD socket to get random 
 =item [request]...
 
 List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
-requests are specifed only one request will be sent to the server and it will be
+requests are specified only one request will be sent to the server and it will be
 read from the standard input. (Optional)
 
 =back

Modified: head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/BN_BLINDING_new.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -48,7 +48,7 @@ necessary parameters are set, by re-crea
 
 BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
 If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
-returned in B<r> (this is useful if a B<RSA> object is shared amoung
+returned in B<r> (this is useful if a B<RSA> object is shared among
 several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
 inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
 the inverse blinding.

Modified: head/crypto/openssl/doc/crypto/ERR_get_error.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/ERR_get_error.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/ERR_get_error.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_erro
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true. 
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
 
 =head1 RETURN VALUES
 

Modified: head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/EVP_BytesToKey.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encrypti
 
 EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
 the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
+The B<salt> parameter is used as a salt in the derivation: it should point to
 an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
 B<datal> bytes which is used to derive the keying data. B<count> is the
 iteration count to use. The derived key and IV will be written to B<key>

Modified: head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/EVP_EncryptInit.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -152,7 +152,7 @@ does not remain in memory.
 
 EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
 similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
 initialized and they always use the default cipher implementation.
 
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a

Modified: head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -113,7 +113,7 @@ a special status code is set to the veri
 to examine the valid policy tree and perform additional checks or simply
 log it for debugging purposes.
 
-By default some addtional features such as indirect CRLs and CRLs signed by
+By default some additional features such as indirect CRLs and CRLs signed by
 different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
 they are enabled.
 

Modified: head/crypto/openssl/doc/crypto/pem.pod
==============================================================================
--- head/crypto/openssl/doc/crypto/pem.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/crypto/pem.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -201,7 +201,7 @@ handle PKCS#8 format encrypted and unenc
 PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
 write a private key in an EVP_PKEY structure in PKCS#8
 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algoritm to
+algorithms. The B<cipher> argument specifies the encryption algorithm to
 use: unlike all other PEM routines the encryption is applied at the
 PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
 encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.

Modified: head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
==============================================================================
--- head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -169,8 +169,8 @@ that will always continue the TLS/SSL ha
 failure, if wished. The callback realizes a verification depth limit with
 more informational output.
 
-All verification errors are printed, informations about the certificate chain
-are printed on request.
+All verification errors are printed; information about the certificate chain
+is printed on request.
 The example is realized for a server that does allow but not require client
 certificates.
 

Modified: head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
==============================================================================
--- head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/doc/ssl/SSL_set_shutdown.pod	Tue Apr  8 21:06:58 2014	(r264278)
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection 
 
 =over 4
 
-=item 0
+=item Z<>0
 
 No shutdown setting, yet.
 

Modified: head/crypto/openssl/e_os.h
==============================================================================
--- head/crypto/openssl/e_os.h	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/e_os.h	Tue Apr  8 21:06:58 2014	(r264278)
@@ -368,6 +368,13 @@ static unsigned int _strlen31(const char
 #    define DEFAULT_HOME  "C:"
 #  endif
 
+/* Avoid Windows 8 SDK GetVersion deprecated problems */
+#if defined(_MSC_VER) && _MSC_VER>=1800
+#  define check_winnt() (1)
+#else
+#  define check_winnt() (GetVersion() < 0x80000000)
+#endif 
+
 #else /* The non-microsoft world */
 
 #  ifdef OPENSSL_SYS_VMS

Modified: head/crypto/openssl/engines/ccgost/gosthash.c
==============================================================================
--- head/crypto/openssl/engines/ccgost/gosthash.c	Tue Apr  8 21:02:03 2014	(r264277)
+++ head/crypto/openssl/engines/ccgost/gosthash.c	Tue Apr  8 21:06:58 2014	(r264278)
@@ -180,8 +180,6 @@ int start_hash(gost_hash_ctx *ctx)
  */
 int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
 	{
-	const byte *curptr=block;
-	const byte *barrier=block+(length-32);/* Last byte we can safely hash*/
 	if (ctx->left)
 		{
 		/*There are some bytes from previous step*/
@@ -196,24 +194,25 @@ int hash_block(gost_hash_ctx *ctx,const 
 			{
 			return 1;
 			}	
-		curptr=block+add_bytes;
+		block+=add_bytes;
+		length-=add_bytes;
 		hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
 		add_blocks(32,ctx->S,ctx->remainder);
 		ctx->len+=32;
 		ctx->left=0;
 		}
-	while (curptr<=barrier)
+	while (length>=32)
 		{	
-		hash_step(ctx->cipher_ctx,ctx->H,curptr);
+		hash_step(ctx->cipher_ctx,ctx->H,block);
 			
-		add_blocks(32,ctx->S,curptr);
+		add_blocks(32,ctx->S,block);
 		ctx->len+=32;
-		curptr+=32;
+		block+=32;
+		length-=32;
 		}	

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404082106.s38L6xdd016035>