Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssl/dist import SNAP-20091226



details:   https://anonhg.NetBSD.org/src/rev/05d10b5fd326
branches:  trunk
changeset: 750342:05d10b5fd326
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Dec 26 23:29:52 2009 +0000

description:
import SNAP-20091226

diffstat:

 crypto/external/bsd/openssl/dist/CHANGES                                        |  186 ++-
 crypto/external/bsd/openssl/dist/Configure                                      |   62 +-
 crypto/external/bsd/openssl/dist/FAQ                                            |   12 +
 crypto/external/bsd/openssl/dist/Makefile.org                                   |   56 +-
 crypto/external/bsd/openssl/dist/Makefile.shared                                |    4 +-
 crypto/external/bsd/openssl/dist/README                                         |   25 +-
 crypto/external/bsd/openssl/dist/TABLE                                          |  109 +-
 crypto/external/bsd/openssl/dist/apps/CA.sh                                     |  121 +-
 crypto/external/bsd/openssl/dist/apps/Makefile                                  |   43 +-
 crypto/external/bsd/openssl/dist/apps/apps.c                                    |  134 +-
 crypto/external/bsd/openssl/dist/apps/apps.h                                    |   13 +-
 crypto/external/bsd/openssl/dist/apps/cms.c                                     |   37 +-
 crypto/external/bsd/openssl/dist/apps/dgst.c                                    |    9 +
 crypto/external/bsd/openssl/dist/apps/dsa.c                                     |    2 +-
 crypto/external/bsd/openssl/dist/apps/enc.c                                     |    7 +-
 crypto/external/bsd/openssl/dist/apps/install.com                               |    2 +-
 crypto/external/bsd/openssl/dist/apps/openssl.c                                 |    3 +-
 crypto/external/bsd/openssl/dist/apps/pkcs8.c                                   |    1 -
 crypto/external/bsd/openssl/dist/apps/privkey.pem                               |   34 +-
 crypto/external/bsd/openssl/dist/apps/req.c                                     |    6 +-
 crypto/external/bsd/openssl/dist/apps/rsa.c                                     |    2 +-
 crypto/external/bsd/openssl/dist/apps/s_apps.h                                  |    3 +
 crypto/external/bsd/openssl/dist/apps/s_cb.c                                    |  224 ++-
 crypto/external/bsd/openssl/dist/apps/s_client.c                                |   42 +-
 crypto/external/bsd/openssl/dist/apps/s_server.c                                |   49 +-
 crypto/external/bsd/openssl/dist/apps/smime.c                                   |    2 +-
 crypto/external/bsd/openssl/dist/apps/ts.c                                      |    4 +-
 crypto/external/bsd/openssl/dist/apps/tsget                                     |   13 +-
 crypto/external/bsd/openssl/dist/apps/verify.c                                  |  165 +-
 crypto/external/bsd/openssl/dist/apps/x509.c                                    |    2 +-
 crypto/external/bsd/openssl/dist/config                                         |    8 +-
 crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86.pl                    |   35 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_digest.c                         |    6 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_dup.c                            |    2 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_mbstr.c                          |    2 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_object.c                         |   11 +
 crypto/external/bsd/openssl/dist/crypto/asn1/a_sign.c                           |   12 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/a_verify.c                         |   16 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/ameth_lib.c                        |    4 +
 crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h                             |    8 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c                         |    4 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_gen.c                         |   10 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c                         |    2 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/d2i_pu.c                           |   10 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/n_pkey.c                           |   38 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/p5_pbev2.c                         |  143 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/t_x509.c                           |   11 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/tasn_new.c                         |    6 +-
 crypto/external/bsd/openssl/dist/crypto/bio/bio.h                               |    3 +
 crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c                         |  146 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bn_mul.c                             |    8 +-
 crypto/external/bsd/openssl/dist/crypto/bn/bntest.c                             |    2 +-
 crypto/external/bsd/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl             |    2 +-
 crypto/external/bsd/openssl/dist/crypto/cast/c_cfb64.c                          |    3 +-
 crypto/external/bsd/openssl/dist/crypto/cast/c_ecb.c                            |    3 +-
 crypto/external/bsd/openssl/dist/crypto/cast/c_enc.c                            |   13 +-
 crypto/external/bsd/openssl/dist/crypto/cast/c_ofb64.c                          |    3 +-
 crypto/external/bsd/openssl/dist/crypto/cms/Makefile                            |    6 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms.h                               |   19 +
 crypto/external/bsd/openssl/dist/crypto/cms/cms_asn1.c                          |    9 +
 crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c                           |   10 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c                           |   13 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_ess.c                           |    4 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_lcl.h                           |   10 +
 crypto/external/bsd/openssl/dist/crypto/cms/cms_lib.c                           |    5 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c                          |  453 +++++
 crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c                            |    5 +-
 crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c                         |   24 +
 crypto/external/bsd/openssl/dist/crypto/cryptlib.c                              |    2 +-
 crypto/external/bsd/openssl/dist/crypto/crypto-lib.com                          |    2 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh.h                                 |    3 +-
 crypto/external/bsd/openssl/dist/crypto/dh/dh_asn1.c                            |    5 +
 crypto/external/bsd/openssl/dist/crypto/dsa/Makefile                            |    5 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h                               |    2 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_asn1.c                          |    5 +
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_gen.c                           |   10 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_pmeth.c                         |    3 +-
 crypto/external/bsd/openssl/dist/crypto/dsa/dsa_sign.c                          |    2 +
 crypto/external/bsd/openssl/dist/crypto/ec/ec_pmeth.c                           |    2 +-
 crypto/external/bsd/openssl/dist/crypto/ecdsa/Makefile                          |    9 +-
 crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c                        |   54 +-
 crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_sign.c                        |    2 +
 crypto/external/bsd/openssl/dist/crypto/engine/eng_aesni.c                      |    4 +-
 crypto/external/bsd/openssl/dist/crypto/engine/eng_ctrl.c                       |    8 +-
 crypto/external/bsd/openssl/dist/crypto/err/err_all.c                           |    2 +
 crypto/external/bsd/openssl/dist/crypto/evp/Makefile                            |   20 +-
 crypto/external/bsd/openssl/dist/crypto/evp/bio_enc.c                           |   33 +-
 crypto/external/bsd/openssl/dist/crypto/evp/bio_md.c                            |   11 +-
 crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c                            |  103 +-
 crypto/external/bsd/openssl/dist/crypto/evp/c_allc.c                            |    2 +
 crypto/external/bsd/openssl/dist/crypto/evp/digest.c                            |   22 +-
 crypto/external/bsd/openssl/dist/crypto/evp/e_rc2.c                             |    3 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp.h                               |   76 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c                           |    8 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp_key.c                           |   27 +-
 crypto/external/bsd/openssl/dist/crypto/evp/evp_lib.c                           |    6 +
 crypto/external/bsd/openssl/dist/crypto/evp/evp_locl.h                          |    4 +
 crypto/external/bsd/openssl/dist/crypto/evp/evp_pbe.c                           |   19 +
 crypto/external/bsd/openssl/dist/crypto/evp/m_sigver.c                          |    3 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt.c                           |   32 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt2.c                          |   89 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p_lib.c                             |    3 +
 crypto/external/bsd/openssl/dist/crypto/evp/p_open.c                            |    3 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p_seal.c                            |    3 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p_sign.c                            |    6 +-
 crypto/external/bsd/openssl/dist/crypto/evp/p_verify.c                          |    6 +-
 crypto/external/bsd/openssl/dist/crypto/hmac/hm_pmeth.c                         |   14 +-
 crypto/external/bsd/openssl/dist/crypto/hmac/hmac.h                             |   10 +-
 crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.c                       |   11 +-
 crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.h                       |   16 +-
 crypto/external/bsd/openssl/dist/crypto/objects/obj_mac.h                       |    4 +
 crypto/external/bsd/openssl/dist/crypto/objects/obj_mac.num                     |    1 +
 crypto/external/bsd/openssl/dist/crypto/objects/objects.txt                     |    1 +
 crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp.h                             |    3 +
 crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_ht.c                          |   56 +-
 crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_lib.c                         |    3 +-
 crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_prn.c                         |    4 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pem.h                               |    6 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c                           |   27 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pem_seal.c                          |   17 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pem_sign.c                          |    8 +-
 crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c                            |   58 +-
 crypto/external/bsd/openssl/dist/crypto/perlasm/x86_64-xlate.pl                 |    5 +-
 crypto/external/bsd/openssl/dist/crypto/perlasm/x86masm.pl                      |    2 +-
 crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_key.c                        |   19 +-
 crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_mutl.c                       |   12 +-
 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c                        |   24 +-
 crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c                          |   88 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand.h                             |    4 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_win.c                         |   24 +
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c                           |   13 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c                          |   26 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_pss.c                           |   35 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-586.pl                     |  102 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-alpha.pl                   |  314 +++
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-armv4-large.pl             |   12 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-ia64.pl                    |  192 +-
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-mips.pl                    |  281 +++
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-parisc.pl                  |  259 +++
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-x86_64.pl                  |  317 ++--
 crypto/external/bsd/openssl/dist/crypto/sha/asm/sha512-parisc.pl                |  790 ++++++++++
 crypto/external/bsd/openssl/dist/crypto/sha/sha512.c                            |    2 +-
 crypto/external/bsd/openssl/dist/crypto/symhacks.h                              |    2 +
 crypto/external/bsd/openssl/dist/crypto/ts/ts_rsp_verify.c                      |    9 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509.h                             |    3 +
 crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c                         |   22 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_lu.c                          |   14 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c                         |   37 +-
 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h                         |    6 +
 crypto/external/bsd/openssl/dist/crypto/x509v3/v3_alt.c                         |    1 +
 crypto/external/bsd/openssl/dist/crypto/x509v3/v3_ocsp.c                        |   20 +-
 crypto/external/bsd/openssl/dist/crypto/x509v3/v3_skey.c                        |    3 +-
 crypto/external/bsd/openssl/dist/demos/x509/mkcert.c                            |    2 +-
 crypto/external/bsd/openssl/dist/demos/x509/mkreq.c                             |    2 +-
 crypto/external/bsd/openssl/dist/doc/apps/ciphers.pod                           |    4 +-
 crypto/external/bsd/openssl/dist/doc/apps/cms.pod                               |    2 +-
 crypto/external/bsd/openssl/dist/doc/apps/enc.pod                               |   10 +-
 crypto/external/bsd/openssl/dist/doc/apps/openssl.pod                           |    2 +-
 crypto/external/bsd/openssl/dist/doc/apps/smime.pod                             |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/ASN1_generate_nconf.pod             |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/BIO_f_md.pod                        |    4 +-
 crypto/external/bsd/openssl/dist/doc/crypto/BIO_new_CMS.pod                     |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/BN_BLINDING_new.pod                 |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/CMS_compress.pod                    |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/CMS_encrypt.pod                     |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/CMS_sign.pod                        |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/DSA_get_ex_new_index.pod            |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestInit.pod                  |    6 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestSignInit.pod              |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod            |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_CTX_ctrl.pod               |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_CTX_new.pod                |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_decrypt.pod                |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_derive.pod                 |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_encrypt.pod                |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_get_default_digest.pod     |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_keygen.pod                 |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_print_private.pod          |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_sign.pod                   |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_verify.pod                 |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/EVP_PKEY_verifyrecover.pod          |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/OPENSSL_ia32cap.pod                 |    6 +-
 crypto/external/bsd/openssl/dist/doc/crypto/PEM_write_bio_CMS_stream.pod        |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/PEM_write_bio_PKCS7_stream.pod      |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/PKCS7_encrypt.pod                   |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/PKCS7_sign.pod                      |   10 +-
 crypto/external/bsd/openssl/dist/doc/crypto/PKCS7_sign_add_signer.pod           |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/X509_STORE_CTX_get_error.pod        |  303 +++
 crypto/external/bsd/openssl/dist/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod |   41 +
 crypto/external/bsd/openssl/dist/doc/crypto/X509_STORE_CTX_new.pod              |  122 +
 crypto/external/bsd/openssl/dist/doc/crypto/X509_STORE_CTX_set_verify_cb.pod    |  161 ++
 crypto/external/bsd/openssl/dist/doc/crypto/X509_STORE_set_verify_cb_func.pod   |   54 +
 crypto/external/bsd/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod     |  171 ++
 crypto/external/bsd/openssl/dist/doc/crypto/X509_verify_cert.pod                |   53 +
 crypto/external/bsd/openssl/dist/doc/crypto/bn_internal.pod                     |   28 +-
 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod                        |   12 +-
 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509_CRL.pod                    |    4 +-
 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509_REQ.pod                    |    4 +-
 crypto/external/bsd/openssl/dist/doc/crypto/hmac.pod                            |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/i2d_CMS_bio_stream.pod              |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/i2d_PKCS7_bio_stream.pod            |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/lhash.pod                           |    2 +-
 crypto/external/bsd/openssl/dist/doc/crypto/threads.pod                         |    2 +-
 crypto/external/bsd/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod                |    2 +-
 crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_options.pod                |   75 +-
 crypto/external/bsd/openssl/dist/e_os.h                                         |   12 +
 crypto/external/bsd/openssl/dist/e_os2.h                                        |    6 +
 crypto/external/bsd/openssl/dist/engines/Makefile                               |    9 +-
 crypto/external/bsd/openssl/dist/engines/ccgost/gost_crypt.c                    |    2 +-
 crypto/external/bsd/openssl/dist/engines/ccgost/gosthash.c                      |    3 +-
 crypto/external/bsd/openssl/dist/engines/e_sureware.c                           |   15 +-
 crypto/external/bsd/openssl/dist/ssl/Makefile                                   |    4 +-
 crypto/external/bsd/openssl/dist/ssl/d1_both.c                                  |   67 +-
 crypto/external/bsd/openssl/dist/ssl/d1_clnt.c                                  |   69 +-
 crypto/external/bsd/openssl/dist/ssl/d1_enc.c                                   |    2 +-
 crypto/external/bsd/openssl/dist/ssl/d1_lib.c                                   |   71 +
 crypto/external/bsd/openssl/dist/ssl/d1_pkt.c                                   |   89 +-
 crypto/external/bsd/openssl/dist/ssl/d1_srvr.c                                  |  195 ++-
 crypto/external/bsd/openssl/dist/ssl/dtls1.h                                    |   15 +-
 crypto/external/bsd/openssl/dist/ssl/s23_clnt.c                                 |   28 +-
 crypto/external/bsd/openssl/dist/ssl/s23_srvr.c                                 |   27 +-
 crypto/external/bsd/openssl/dist/ssl/s2_srvr.c                                  |    2 +-
 crypto/external/bsd/openssl/dist/ssl/s3_both.c                                  |   54 +-
 crypto/external/bsd/openssl/dist/ssl/s3_clnt.c                                  |   45 +-
 crypto/external/bsd/openssl/dist/ssl/ssl.h                                      |   52 +-
 crypto/external/bsd/openssl/dist/ssl/ssl3.h                                     |   11 +
 crypto/external/bsd/openssl/dist/ssl/ssl_asn1.c                                 |   30 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_err.c                                  |   13 +
 crypto/external/bsd/openssl/dist/ssl/ssl_lib.c                                  |   56 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_locl.h                                 |   24 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c                                  |    2 +-
 crypto/external/bsd/openssl/dist/ssl/ssl_sess.c                                 |    5 +
 crypto/external/bsd/openssl/dist/ssl/ssl_txt.c                                  |    2 +
 crypto/external/bsd/openssl/dist/ssl/t1_clnt.c                                  |   14 +-
 crypto/external/bsd/openssl/dist/ssl/t1_enc.c                                   |   29 +-
 crypto/external/bsd/openssl/dist/ssl/t1_lib.c                                   |  182 +-
 crypto/external/bsd/openssl/dist/ssl/t1_meth.c                                  |   15 +-
 crypto/external/bsd/openssl/dist/ssl/t1_reneg.c                                 |  288 +++
 crypto/external/bsd/openssl/dist/ssl/t1_srvr.c                                  |   14 +-
 crypto/external/bsd/openssl/dist/ssl/tls1.h                                     |    7 +
 crypto/external/bsd/openssl/dist/test/Makefile                                  |   21 +-
 crypto/external/bsd/openssl/dist/test/cms-test.pl                               |    4 +-
 crypto/external/bsd/openssl/dist/util/ck_errf.pl                                |   20 +-
 crypto/external/bsd/openssl/dist/util/cygwin.sh                                 |    4 +-
 crypto/external/bsd/openssl/dist/util/libeay.num                                |    8 +
 crypto/external/bsd/openssl/dist/util/mk1mf.pl                                  |    5 +-
 crypto/external/bsd/openssl/dist/util/pl/VC-32.pl                               |   33 +-
 crypto/external/bsd/openssl/dist/util/shlib_wrap.sh                             |    4 +-
 248 files changed, 7059 insertions(+), 1554 deletions(-)

diffs (truncated from 14979 to 300 lines):

diff -r 3c7ff7b62988 -r 05d10b5fd326 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES  Sat Dec 26 23:14:32 2009 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES  Sat Dec 26 23:29:52 2009 +0000
@@ -2,12 +2,65 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8k and 1.0  [xx XXX xxxx]
-
-  *) Delete MD2 from algorithm tables. This follows the recommendation in 
-     several standards that it is not used in new applications due to
-     several cryptographic weaknesses. The algorithm is also disabled in
-     the default configuration.
+ Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+  *) Experiemental password based recipient info support for CMS library:
+     implementing RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+     return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+     BIO_set_cipher() and some obscure PEM functions were changed so they
+     can now return an error. The RAND changes required a change to the
+     RAND_METHOD structure.
+     [Steve Henson]
+
+  *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+     a gcc attribute to warn if the result of a function is ignored. This
+     is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+     whose return value is often ignored. 
+     [Steve Henson]
+
+ Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia%diku.dk@localhost>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Disable MD2 in the default configuration.
      [Steve Henson]
 
   *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
@@ -20,9 +73,9 @@
      or they could free up already freed BIOs.
      [Steve Henson]
 
-  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
-     OPENSSL_asc2uni the original names were too generic and cause name
-     clashes on Netware.
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
      [Guenter <lists%gknw.net@localhost>]
 
   *) Add ECDHE and PSK support to DTLS.
@@ -812,12 +865,89 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
+ Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
+
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect (but not renegotiate) with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by draft-ietf-tls-renegotiation.
+     Some renegotiating TLS clients will continue a connection gracefully
+     when they receive the alert. Unfortunately OpenSSL mishandled
+     this alert and would hang waiting for a server hello which it will never
+     receive. Now we treat a received no_renegotiation alert as a fatal 
+     error. This is because applications requesting a renegotiation might well
+     expect it to succeed and would have no code in place to handle the server
+     denying it so the only safe thing to do is to terminate the connection.
+     [Steve Henson]
+
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+
+  *) Implement draft-ietf-tls-renegotiation. Re-enable
+     renegotiation but require the extension as needed. Unfortunately,
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
+     bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr%networkresonance.com@localhost>, Ben Laurie, Steve Henson]
+
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia%diku.dk@localhost>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
 
   *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
      and restored.
      [Steve Henson]
 
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists%gknw.net@localhost>]
+
   *) Fix the server certificate chain building code to use X509_verify_cert(),
      it used to have an ad-hoc builder which was unable to cope with anything
      other than a simple chain.
@@ -836,7 +966,7 @@
      left. Additionally every future messege was buffered, even if the
      sequence number made no sense and would be part of another handshake.
      So only messages with sequence numbers less than 10 in advance will be
-     buffered.
+     buffered.  (CVE-2009-1378)
      [Robin Seggelmann, discovered by Daniel Mentz]    
 
   *) Records are buffered if they arrive with a future epoch to be
@@ -845,10 +975,11 @@
      a DOS attack with sending records with future epochs until there is no
      memory left. This patch adds the pqueue_size() function to detemine
      the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
      [Robin Seggelmann, discovered by Daniel Mentz]    
 
   *) Keep a copy of frag->msg_header.frag_len so it can be used after the
-     parent structure is freed.
+     parent structure is freed.  (CVE-2009-1379)
      [Daniel Mentz]    
 
   *) Handle non-blocking I/O properly in SSL_shutdown() call.
@@ -857,6 +988,16 @@
   *) Add 2.5.4.* OIDs
      [Ilya O. <vrghost%gmail.com@localhost>]
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by
@@ -895,12 +1036,12 @@
 
   *) Support NumericString type for name components.
      [Steve Henson]
-  
+
   *) Allow CC in the environment to override the automatically chosen
      compiler. Note that nothing is done to ensure flags work with the
      chosen compiler.
      [Ben Laurie]
-  
+
  Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
 
   *) Properly check EVP_VerifyFinal() and similar return values
@@ -941,6 +1082,10 @@
 
  Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
 
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
+
   *) Fix a state transitition in s3_srvr.c and d1_srvr.c
      (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
      [Nagendra Modadugu]
@@ -2344,19 +2489,6 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
-
-  *) In the SSL/TLS server implementation, be strict about session ID
-     context matching (which matters if an application uses a single
-     external cache for different purposes).  Previously,
-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
-     set.  This did ensure strict client verification, but meant that,
-     with applications using a single external cache for quite
-     different requirements, clients could circumvent ciphersuite
-     restrictions for a given session ID context by starting a session
-     in a different context.
-     [Bodo Moeller]
-
  Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
 
   *) Cleanse PEM buffers before freeing them since they may contain 
diff -r 3c7ff7b62988 -r 05d10b5fd326 crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure        Sat Dec 26 23:14:32 2009 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure        Sat Dec 26 23:29:52 2009 +0000
@@ -104,6 +104,8 @@
 
 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK 
-DOPENSSL_NO_DEPRECATED";
 
+my $strict_warnings = 0;
+
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
@@ -170,9 +172,9 @@
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",  "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes 
-Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes 
-Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 
-mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE 
-DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG 
${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb 
-g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -186,7 +188,7 @@
 "debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o 
x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o 
wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",                "cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -212,11 +214,11 @@
 # actually recommend to consider using gcc shared build even with vendor
 # compiler:-)




Home | Main Index | Thread Index | Old Index