Update to OpenSSL-1.0.0j.
authorPeter Avalos <pavalos@dragonflybsd.org>
Sun, 13 May 2012 20:22:28 +0000 (13:22 -0700)
committerPeter Avalos <pavalos@dragonflybsd.org>
Sun, 13 May 2012 20:22:28 +0000 (13:22 -0700)
This diverges from master, but I thought it was important to get the
latest updates to the 1.0.0 version that's still in
DragonFly_RELEASE_3_0.

      o Fix DTLS record length checking bug CVE-2012-2333
      o Fix for ASN1 overflow bug CVE-2012-2110
      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
      o Corrected fix for CVE-2011-4619
      o Various DTLS fixes.

383 files changed:
crypto/openssl/CHANGES
crypto/openssl/FAQ
crypto/openssl/NEWS
crypto/openssl/README
crypto/openssl/apps/apps.c
crypto/openssl/apps/s_client.c
crypto/openssl/apps/s_server.c
crypto/openssl/crypto/asn1/a_d2i_fp.c
crypto/openssl/crypto/asn1/asn_mime.c
crypto/openssl/crypto/asn1/tasn_prn.c
crypto/openssl/crypto/asn1/x_name.c
crypto/openssl/crypto/asn1/x_pubkey.c
crypto/openssl/crypto/bio/b_sock.c
crypto/openssl/crypto/bio/bio.h
crypto/openssl/crypto/bio/bio_lib.c
crypto/openssl/crypto/bio/bss_dgram.c
crypto/openssl/crypto/buffer/buffer.c
crypto/openssl/crypto/cms/cms.h
crypto/openssl/crypto/cms/cms_enc.c
crypto/openssl/crypto/cms/cms_env.c
crypto/openssl/crypto/cms/cms_lcl.h
crypto/openssl/crypto/cms/cms_smime.c
crypto/openssl/crypto/engine/eng_cryptodev.c
crypto/openssl/crypto/mem.c
crypto/openssl/crypto/opensslv.h
crypto/openssl/crypto/perlasm/x86_64-xlate.pl
crypto/openssl/crypto/pkcs12/p12_kiss.c
crypto/openssl/crypto/pkcs7/pk7_doit.c
crypto/openssl/crypto/pkcs7/pk7_smime.c
crypto/openssl/crypto/ui/ui_openssl.c
crypto/openssl/crypto/x509/x509_lu.c
crypto/openssl/crypto/x509/x509_vfy.c
crypto/openssl/crypto/x509v3/v3_asid.c
crypto/openssl/doc/crypto/EVP_DigestInit.pod
crypto/openssl/engines/ccgost/gost_pmeth.c
crypto/openssl/engines/e_capi.c
crypto/openssl/ssl/bio_ssl.c
crypto/openssl/ssl/d1_both.c
crypto/openssl/ssl/d1_clnt.c
crypto/openssl/ssl/d1_enc.c
crypto/openssl/ssl/d1_lib.c
crypto/openssl/ssl/d1_pkt.c
crypto/openssl/ssl/d1_srvr.c
crypto/openssl/ssl/s3_srvr.c
crypto/openssl/ssl/ssl.h
crypto/openssl/ssl/ssl_err.c
crypto/openssl/ssl/ssl_locl.h
secure/lib/libcrypto/Makefile.inc
secure/lib/libcrypto/Makefile.man
secure/lib/libcrypto/man/ASN1_OBJECT_new.3
secure/lib/libcrypto/man/ASN1_STRING_length.3
secure/lib/libcrypto/man/ASN1_STRING_new.3
secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
secure/lib/libcrypto/man/ASN1_generate_nconf.3
secure/lib/libcrypto/man/BIO_ctrl.3
secure/lib/libcrypto/man/BIO_f_base64.3
secure/lib/libcrypto/man/BIO_f_buffer.3
secure/lib/libcrypto/man/BIO_f_cipher.3
secure/lib/libcrypto/man/BIO_f_md.3
secure/lib/libcrypto/man/BIO_f_null.3
secure/lib/libcrypto/man/BIO_f_ssl.3
secure/lib/libcrypto/man/BIO_find_type.3
secure/lib/libcrypto/man/BIO_new.3
secure/lib/libcrypto/man/BIO_new_CMS.3
secure/lib/libcrypto/man/BIO_push.3
secure/lib/libcrypto/man/BIO_read.3
secure/lib/libcrypto/man/BIO_s_accept.3
secure/lib/libcrypto/man/BIO_s_bio.3
secure/lib/libcrypto/man/BIO_s_connect.3
secure/lib/libcrypto/man/BIO_s_fd.3
secure/lib/libcrypto/man/BIO_s_file.3
secure/lib/libcrypto/man/BIO_s_mem.3
secure/lib/libcrypto/man/BIO_s_null.3
secure/lib/libcrypto/man/BIO_s_socket.3
secure/lib/libcrypto/man/BIO_set_callback.3
secure/lib/libcrypto/man/BIO_should_retry.3
secure/lib/libcrypto/man/BN_BLINDING_new.3
secure/lib/libcrypto/man/BN_CTX_new.3
secure/lib/libcrypto/man/BN_CTX_start.3
secure/lib/libcrypto/man/BN_add.3
secure/lib/libcrypto/man/BN_add_word.3
secure/lib/libcrypto/man/BN_bn2bin.3
secure/lib/libcrypto/man/BN_cmp.3
secure/lib/libcrypto/man/BN_copy.3
secure/lib/libcrypto/man/BN_generate_prime.3
secure/lib/libcrypto/man/BN_mod_inverse.3
secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
secure/lib/libcrypto/man/BN_new.3
secure/lib/libcrypto/man/BN_num_bytes.3
secure/lib/libcrypto/man/BN_rand.3
secure/lib/libcrypto/man/BN_set_bit.3
secure/lib/libcrypto/man/BN_swap.3
secure/lib/libcrypto/man/BN_zero.3
secure/lib/libcrypto/man/CMS_add0_cert.3
secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
secure/lib/libcrypto/man/CMS_compress.3
secure/lib/libcrypto/man/CMS_decrypt.3
secure/lib/libcrypto/man/CMS_encrypt.3
secure/lib/libcrypto/man/CMS_final.3
secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
secure/lib/libcrypto/man/CMS_get0_type.3
secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
secure/lib/libcrypto/man/CMS_sign.3
secure/lib/libcrypto/man/CMS_sign_add1_signer.3
secure/lib/libcrypto/man/CMS_sign_receipt.3
secure/lib/libcrypto/man/CMS_uncompress.3
secure/lib/libcrypto/man/CMS_verify.3
secure/lib/libcrypto/man/CMS_verify_receipt.3
secure/lib/libcrypto/man/CONF_modules_free.3
secure/lib/libcrypto/man/CONF_modules_load_file.3
secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
secure/lib/libcrypto/man/DH_generate_key.3
secure/lib/libcrypto/man/DH_generate_parameters.3
secure/lib/libcrypto/man/DH_get_ex_new_index.3
secure/lib/libcrypto/man/DH_new.3
secure/lib/libcrypto/man/DH_set_method.3
secure/lib/libcrypto/man/DH_size.3
secure/lib/libcrypto/man/DSA_SIG_new.3
secure/lib/libcrypto/man/DSA_do_sign.3
secure/lib/libcrypto/man/DSA_dup_DH.3
secure/lib/libcrypto/man/DSA_generate_key.3
secure/lib/libcrypto/man/DSA_generate_parameters.3
secure/lib/libcrypto/man/DSA_get_ex_new_index.3
secure/lib/libcrypto/man/DSA_new.3
secure/lib/libcrypto/man/DSA_set_method.3
secure/lib/libcrypto/man/DSA_sign.3
secure/lib/libcrypto/man/DSA_size.3
secure/lib/libcrypto/man/ERR_GET_LIB.3
secure/lib/libcrypto/man/ERR_clear_error.3
secure/lib/libcrypto/man/ERR_error_string.3
secure/lib/libcrypto/man/ERR_get_error.3
secure/lib/libcrypto/man/ERR_load_crypto_strings.3
secure/lib/libcrypto/man/ERR_load_strings.3
secure/lib/libcrypto/man/ERR_print_errors.3
secure/lib/libcrypto/man/ERR_put_error.3
secure/lib/libcrypto/man/ERR_remove_state.3
secure/lib/libcrypto/man/ERR_set_mark.3
secure/lib/libcrypto/man/EVP_BytesToKey.3
secure/lib/libcrypto/man/EVP_DigestInit.3
secure/lib/libcrypto/man/EVP_DigestSignInit.3
secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
secure/lib/libcrypto/man/EVP_EncryptInit.3
secure/lib/libcrypto/man/EVP_OpenInit.3
secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
secure/lib/libcrypto/man/EVP_PKEY_cmp.3
secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
secure/lib/libcrypto/man/EVP_PKEY_derive.3
secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
secure/lib/libcrypto/man/EVP_PKEY_keygen.3
secure/lib/libcrypto/man/EVP_PKEY_new.3
secure/lib/libcrypto/man/EVP_PKEY_print_private.3
secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
secure/lib/libcrypto/man/EVP_PKEY_sign.3
secure/lib/libcrypto/man/EVP_PKEY_verify.3
secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3
secure/lib/libcrypto/man/EVP_SealInit.3
secure/lib/libcrypto/man/EVP_SignInit.3
secure/lib/libcrypto/man/EVP_VerifyInit.3
secure/lib/libcrypto/man/OBJ_nid2obj.3
secure/lib/libcrypto/man/OPENSSL_Applink.3
secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
secure/lib/libcrypto/man/OPENSSL_config.3
secure/lib/libcrypto/man/OPENSSL_ia32cap.3
secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
secure/lib/libcrypto/man/PKCS12_create.3
secure/lib/libcrypto/man/PKCS12_parse.3
secure/lib/libcrypto/man/PKCS7_decrypt.3
secure/lib/libcrypto/man/PKCS7_encrypt.3
secure/lib/libcrypto/man/PKCS7_sign.3
secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
secure/lib/libcrypto/man/PKCS7_verify.3
secure/lib/libcrypto/man/RAND_add.3
secure/lib/libcrypto/man/RAND_bytes.3
secure/lib/libcrypto/man/RAND_cleanup.3
secure/lib/libcrypto/man/RAND_egd.3
secure/lib/libcrypto/man/RAND_load_file.3
secure/lib/libcrypto/man/RAND_set_rand_method.3
secure/lib/libcrypto/man/RSA_blinding_on.3
secure/lib/libcrypto/man/RSA_check_key.3
secure/lib/libcrypto/man/RSA_generate_key.3
secure/lib/libcrypto/man/RSA_get_ex_new_index.3
secure/lib/libcrypto/man/RSA_new.3
secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
secure/lib/libcrypto/man/RSA_print.3
secure/lib/libcrypto/man/RSA_private_encrypt.3
secure/lib/libcrypto/man/RSA_public_encrypt.3
secure/lib/libcrypto/man/RSA_set_method.3
secure/lib/libcrypto/man/RSA_sign.3
secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
secure/lib/libcrypto/man/RSA_size.3
secure/lib/libcrypto/man/SMIME_read_CMS.3
secure/lib/libcrypto/man/SMIME_read_PKCS7.3
secure/lib/libcrypto/man/SMIME_write_CMS.3
secure/lib/libcrypto/man/SMIME_write_PKCS7.3
secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
secure/lib/libcrypto/man/X509_NAME_print_ex.3
secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
secure/lib/libcrypto/man/X509_STORE_CTX_new.3
secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
secure/lib/libcrypto/man/X509_new.3
secure/lib/libcrypto/man/X509_verify_cert.3
secure/lib/libcrypto/man/bio.3
secure/lib/libcrypto/man/blowfish.3
secure/lib/libcrypto/man/bn.3
secure/lib/libcrypto/man/bn_internal.3
secure/lib/libcrypto/man/buffer.3
secure/lib/libcrypto/man/crypto.3
secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
secure/lib/libcrypto/man/d2i_DHparams.3
secure/lib/libcrypto/man/d2i_DSAPublicKey.3
secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
secure/lib/libcrypto/man/d2i_RSAPublicKey.3
secure/lib/libcrypto/man/d2i_X509.3
secure/lib/libcrypto/man/d2i_X509_ALGOR.3
secure/lib/libcrypto/man/d2i_X509_CRL.3
secure/lib/libcrypto/man/d2i_X509_NAME.3
secure/lib/libcrypto/man/d2i_X509_REQ.3
secure/lib/libcrypto/man/d2i_X509_SIG.3
secure/lib/libcrypto/man/des.3
secure/lib/libcrypto/man/des_modes.7
secure/lib/libcrypto/man/dh.3
secure/lib/libcrypto/man/dsa.3
secure/lib/libcrypto/man/ecdsa.3
secure/lib/libcrypto/man/engine.3
secure/lib/libcrypto/man/err.3
secure/lib/libcrypto/man/evp.3
secure/lib/libcrypto/man/hmac.3
secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
secure/lib/libcrypto/man/lh_stats.3
secure/lib/libcrypto/man/lhash.3
secure/lib/libcrypto/man/md5.3
secure/lib/libcrypto/man/mdc2.3
secure/lib/libcrypto/man/pem.3
secure/lib/libcrypto/man/rand.3
secure/lib/libcrypto/man/rc4.3
secure/lib/libcrypto/man/ripemd.3
secure/lib/libcrypto/man/rsa.3
secure/lib/libcrypto/man/sha.3
secure/lib/libcrypto/man/threads.3
secure/lib/libcrypto/man/ui.3
secure/lib/libcrypto/man/ui_compat.3
secure/lib/libcrypto/man/x509.3
secure/lib/libssl/man/SSL_CIPHER_get_name.3
secure/lib/libssl/man/SSL_COMP_add_compression_method.3
secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
secure/lib/libssl/man/SSL_CTX_add_session.3
secure/lib/libssl/man/SSL_CTX_ctrl.3
secure/lib/libssl/man/SSL_CTX_flush_sessions.3
secure/lib/libssl/man/SSL_CTX_free.3
secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
secure/lib/libssl/man/SSL_CTX_new.3
secure/lib/libssl/man/SSL_CTX_sess_number.3
secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
secure/lib/libssl/man/SSL_CTX_sessions.3
secure/lib/libssl/man/SSL_CTX_set_cert_store.3
secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
secure/lib/libssl/man/SSL_CTX_set_info_callback.3
secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
secure/lib/libssl/man/SSL_CTX_set_mode.3
secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
secure/lib/libssl/man/SSL_CTX_set_options.3
secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
secure/lib/libssl/man/SSL_CTX_set_timeout.3
secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
secure/lib/libssl/man/SSL_CTX_set_verify.3
secure/lib/libssl/man/SSL_CTX_use_certificate.3
secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
secure/lib/libssl/man/SSL_SESSION_free.3
secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
secure/lib/libssl/man/SSL_SESSION_get_time.3
secure/lib/libssl/man/SSL_accept.3
secure/lib/libssl/man/SSL_alert_type_string.3
secure/lib/libssl/man/SSL_clear.3
secure/lib/libssl/man/SSL_connect.3
secure/lib/libssl/man/SSL_do_handshake.3
secure/lib/libssl/man/SSL_free.3
secure/lib/libssl/man/SSL_get_SSL_CTX.3
secure/lib/libssl/man/SSL_get_ciphers.3
secure/lib/libssl/man/SSL_get_client_CA_list.3
secure/lib/libssl/man/SSL_get_current_cipher.3
secure/lib/libssl/man/SSL_get_default_timeout.3
secure/lib/libssl/man/SSL_get_error.3
secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
secure/lib/libssl/man/SSL_get_ex_new_index.3
secure/lib/libssl/man/SSL_get_fd.3
secure/lib/libssl/man/SSL_get_peer_cert_chain.3
secure/lib/libssl/man/SSL_get_peer_certificate.3
secure/lib/libssl/man/SSL_get_psk_identity.3
secure/lib/libssl/man/SSL_get_rbio.3
secure/lib/libssl/man/SSL_get_session.3
secure/lib/libssl/man/SSL_get_verify_result.3
secure/lib/libssl/man/SSL_get_version.3
secure/lib/libssl/man/SSL_library_init.3
secure/lib/libssl/man/SSL_load_client_CA_file.3
secure/lib/libssl/man/SSL_new.3
secure/lib/libssl/man/SSL_pending.3
secure/lib/libssl/man/SSL_read.3
secure/lib/libssl/man/SSL_rstate_string.3
secure/lib/libssl/man/SSL_session_reused.3
secure/lib/libssl/man/SSL_set_bio.3
secure/lib/libssl/man/SSL_set_connect_state.3
secure/lib/libssl/man/SSL_set_fd.3
secure/lib/libssl/man/SSL_set_session.3
secure/lib/libssl/man/SSL_set_shutdown.3
secure/lib/libssl/man/SSL_set_verify_result.3
secure/lib/libssl/man/SSL_shutdown.3
secure/lib/libssl/man/SSL_state_string.3
secure/lib/libssl/man/SSL_want.3
secure/lib/libssl/man/SSL_write.3
secure/lib/libssl/man/d2i_SSL_SESSION.3
secure/lib/libssl/man/ssl.3
secure/usr.bin/openssl/man/CA.pl.1
secure/usr.bin/openssl/man/asn1parse.1
secure/usr.bin/openssl/man/ca.1
secure/usr.bin/openssl/man/ciphers.1
secure/usr.bin/openssl/man/cms.1
secure/usr.bin/openssl/man/config.5
secure/usr.bin/openssl/man/crl.1
secure/usr.bin/openssl/man/crl2pkcs7.1
secure/usr.bin/openssl/man/dgst.1
secure/usr.bin/openssl/man/dhparam.1
secure/usr.bin/openssl/man/dsa.1
secure/usr.bin/openssl/man/dsaparam.1
secure/usr.bin/openssl/man/ec.1
secure/usr.bin/openssl/man/ecparam.1
secure/usr.bin/openssl/man/enc.1
secure/usr.bin/openssl/man/errstr.1
secure/usr.bin/openssl/man/gendsa.1
secure/usr.bin/openssl/man/genpkey.1
secure/usr.bin/openssl/man/genrsa.1
secure/usr.bin/openssl/man/nseq.1
secure/usr.bin/openssl/man/ocsp.1
secure/usr.bin/openssl/man/openssl.1
secure/usr.bin/openssl/man/passwd.1
secure/usr.bin/openssl/man/pkcs12.1
secure/usr.bin/openssl/man/pkcs7.1
secure/usr.bin/openssl/man/pkcs8.1
secure/usr.bin/openssl/man/pkey.1
secure/usr.bin/openssl/man/pkeyparam.1
secure/usr.bin/openssl/man/pkeyutl.1
secure/usr.bin/openssl/man/rand.1
secure/usr.bin/openssl/man/req.1
secure/usr.bin/openssl/man/rsa.1
secure/usr.bin/openssl/man/rsautl.1
secure/usr.bin/openssl/man/s_client.1
secure/usr.bin/openssl/man/s_server.1
secure/usr.bin/openssl/man/s_time.1
secure/usr.bin/openssl/man/sess_id.1
secure/usr.bin/openssl/man/smime.1
secure/usr.bin/openssl/man/speed.1
secure/usr.bin/openssl/man/spkac.1
secure/usr.bin/openssl/man/ts.1
secure/usr.bin/openssl/man/tsget.1
secure/usr.bin/openssl/man/verify.1
secure/usr.bin/openssl/man/version.1
secure/usr.bin/openssl/man/x509.1
secure/usr.bin/openssl/man/x509v3_config.5

index 67ff293..f34af9c 100644 (file)
@@ -2,6 +2,49 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.0i and 1.0.0j [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in DTLS
+     to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+ Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be reenabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
  Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
 
   *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
index 2a271ed..bb6f7e2 100644 (file)
@@ -10,6 +10,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why aren't tools like 'autoconf' and 'libtool' used?
 * What is an 'engine' version?
 * How do I check the authenticity of the OpenSSL distribution?
+* How does the versioning scheme work?
 
 [LEGAL] Legal questions
 
@@ -82,7 +83,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0g was released on Jan 18th, 2012.
+OpenSSL 1.0.1c was released on May 10th, 2012.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -108,7 +109,9 @@ In addition, you can read the most current versions at
 <URL: http://www.openssl.org/docs/>. Note that the online documents refer
 to the very latest development versions of OpenSSL and may include features
 not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using.
+that came with the version of OpenSSL you are using. The pod format
+documentation is included in each OpenSSL distribution under the docs
+directory.
 
 For information on parts of libcrypto that are not yet documented, you
 might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@@ -173,6 +176,19 @@ just do:
 
    pgp TARBALL.asc
 
+* How does the versioning scheme work?
+
+After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter 
+releases (e.g. 1.0.1a) can only contain bug and security fixes and no
+new features. Minor releases change the last number (e.g. 1.0.2) and 
+can contain new features that retain binary compatibility. Changes to
+the middle number are considered major releases and neither source nor
+binary compatibility is guaranteed.
+
+Therefore the answer to the common question "when will feature X be
+backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
+in the next minor release.
+
 [LEGAL] =======================================================================
 
 * Do I need patent licenses to use OpenSSL?
@@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.)
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
+extensions documentation (in ca(1), req(1), x509v3_config(5) )
 
 
 * Why can't I create certificate requests?
index 1264201..9ccbf53 100644 (file)
@@ -5,6 +5,20 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
   Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
 
       o Fix for DTLS DoS issue CVE-2012-0050
index 6144ddf..83c6de1 100644 (file)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0g 18 Jan 2012
+ OpenSSL 1.0.0j 10 May 2012
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
index feb7ed4..cf68911 100644 (file)
  *
  */
 
-#ifndef _POSIX_C_SOURCE
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
 #define _POSIX_C_SOURCE 2      /* On VMS, you need to define this to get
                                   the declaration of fileno().  The value
                                   2 is to make sure no function defined
@@ -1215,7 +1215,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *desc)
        {
        STACK_OF(X509) *certs;
-       load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
+       if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+               return NULL;
        return certs;
        }       
 
@@ -1223,7 +1224,8 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
        const char *pass, ENGINE *e, const char *desc)
        {
        STACK_OF(X509_CRL) *crls;
-       load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
+       if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+               return NULL;
        return crls;
        }       
 
index 53be0f8..948e664 100644 (file)
@@ -440,13 +440,7 @@ int MAIN(int argc, char **argv)
        char *jpake_secret = NULL;
 #endif
 
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
-       meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
-       meth=SSLv2_client_method();
-#endif
 
        apps_startup();
        c_Pause=0;
@@ -749,14 +743,13 @@ bad:
                        goto end;
                        }
                psk_identity = "JPAKE";
+               if (cipher)
+                       {
+                       BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+                       goto end;
+                       }
+               cipher = "PSK";
                }
-
-       if (cipher)
-               {
-               BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-               goto end;
-               }
-       cipher = "PSK";
 #endif
 
        OpenSSL_add_ssl_algorithms();
index a3a04d4..60c08be 100644 (file)
@@ -872,13 +872,7 @@ int MAIN(int argc, char *argv[])
        /* by default do not send a PSK identity hint */
        static char *psk_identity_hint=NULL;
 #endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
-       meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
-       meth=SSLv2_server_method();
-#endif
 
        local_argc=argc;
        local_argv=argv;
index ece40bc..52b2ebd 100644 (file)
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1_mac.h>
@@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
        BUF_MEM *b;
        unsigned char *p;
        int i;
-       int ret=-1;
        ASN1_const_CTX c;
-       int want=HEADER_SIZE;
+       size_t want=HEADER_SIZE;
        int eos=0;
-#if defined(__GNUC__) && defined(__ia64)
-       /* pathetic compiler bug in all known versions as of Nov. 2002 */
-       long off=0;
-#else
-       int off=0;
-#endif
-       int len=0;
+       size_t off=0;
+       size_t len=0;
 
        b=BUF_MEM_new();
        if (b == NULL)
@@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                        {
                        want-=(len-off);
 
-                       if (!BUF_MEM_grow_clean(b,len+want))
+                       if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
                                {
                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
                                goto err;
@@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                goto err;
                                }
                        if (i > 0)
+                               {
+                               if (len+i < len)
+                                       {
+                                       ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+                                       goto err;
+                                       }
                                len+=i;
+                               }
                        }
                /* else data already loaded */
 
@@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                        {
                        /* no data body so go round again */
                        eos++;
+                       if (eos < 0)
+                               {
+                               ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
+                               goto err;
+                               }
                        want=HEADER_SIZE;
                        }
                else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
@@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                else 
                        {
                        /* suck in c.slen bytes of data */
-                       want=(int)c.slen;
+                       want=c.slen;
                        if (want > (len-off))
                                {
                                want-=(len-off);
+                               if (want > INT_MAX /* BIO_read takes an int length */ ||
+                                       len+want < len)
+                                               {
+                                               ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+                                               goto err;
+                                               }
                                if (!BUF_MEM_grow_clean(b,len+want))
                                        {
                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
@@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                                    ASN1_R_NOT_ENOUGH_DATA);
                                                goto err;
                                                }
+                                       /* This can't overflow because
+                                        * |len+want| didn't overflow. */
                                        len+=i;
-                                       want -= i;
+                                       want-=i;
                                        }
                                }
-                       off+=(int)c.slen;
+                       if (off + c.slen < off)
+                               {
+                               ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+                               goto err;
+                               }
+                       off+=c.slen;
                        if (eos <= 0)
                                {
                                break;
@@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                        }
                }
 
+       if (off > INT_MAX)
+               {
+               ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+               goto err;
+               }
+
        *pb = b;
        return off;
 err:
        if (b != NULL) BUF_MEM_free(b);
-       return(ret);
+       return -1;
        }
index bbc4952..54a704a 100644 (file)
@@ -377,8 +377,12 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
        BIO *tmpbio;
        const ASN1_AUX *aux = it->funcs;
        ASN1_STREAM_ARG sarg;
+       int rv = 1;
 
-       if (!(flags & SMIME_DETACHED))
+       /* If data is not deteched or resigning then the output BIO is
+        * already set up to finalise when it is written through.
+        */
+       if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
                {
                SMIME_crlf_copy(data, out, flags);
                return 1;
@@ -405,7 +409,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 
        /* Finalize structure */
        if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-               return 0;
+               rv = 0;
 
        /* Now remove any digests prepended to the BIO */
 
@@ -416,7 +420,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
                sarg.ndef_bio = tmpbio;
                }
 
-       return 1;
+       return rv;
 
        }
 
@@ -486,9 +490,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
                        ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
@@ -858,12 +862,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
 static int mime_hdr_cmp(const MIME_HEADER * const *a,
                        const MIME_HEADER * const *b)
 {
+       if (!(*a)->name || !(*b)->name)
+               return !!(*a)->name - !!(*b)->name;
+
        return(strcmp((*a)->name, (*b)->name));
 }
 
 static int mime_param_cmp(const MIME_PARAM * const *a,
                        const MIME_PARAM * const *b)
 {
+       if (!(*a)->param_name || !(*b)->param_name)
+               return !!(*a)->param_name - !!(*b)->param_name;
        return(strcmp((*a)->param_name, (*b)->param_name));
 }
 
index 4536980..542a091 100644 (file)
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,
        return 1;
        }
 
-static int asn1_print_boolean_ctx(BIO *out, const int bool,
+static int asn1_print_boolean_ctx(BIO *out, int boolval,
                                                        const ASN1_PCTX *pctx)
        {
        const char *str;
-       switch (bool)
+       switch (boolval)
                {
                case -1:
                str = "BOOL ABSENT";
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
                {
                case V_ASN1_BOOLEAN:
                        {
-                       int bool = *(int *)fld;
-                       if (bool == -1)
-                               bool = it->size;
-                       ret = asn1_print_boolean_ctx(out, bool, pctx);
+                       int boolval = *(int *)fld;
+                       if (boolval == -1)
+                               boolval = it->size;
+                       ret = asn1_print_boolean_ctx(out, boolval, pctx);
                        }
                break;
 
index 49be08b..d7c2318 100644 (file)
@@ -399,8 +399,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        /* If type not in bitmask just copy string across */
        if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
                {
-               out->type = in->type;
-               if (!ASN1_STRING_set(out, in->data, in->length))
+               if (!ASN1_STRING_copy(out, in))
                        return 0;
                return 1;
                }
index d42b6a2..627ec87 100644 (file)
@@ -171,7 +171,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                goto error;
                }
 
-       key->pkey = ret;
+       /* Check to see if another thread set key->pkey first */
+       CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+       if (key->pkey)
+               {
+               EVP_PKEY_free(ret);
+               ret = key->pkey;
+               }
+       else
+               key->pkey = ret;
+       CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
        return ret;
index d47310d..41f958b 100644 (file)
@@ -960,7 +960,6 @@ int BIO_set_tcp_ndelay(int s, int on)
 #endif
        return(ret == 0);
        }
-#endif
 
 int BIO_socket_nbio(int s, int mode)
        {
@@ -973,3 +972,4 @@ int BIO_socket_nbio(int s, int mode)
 #endif
        return(ret == 0);
        }
+#endif
index ab47abc..3c39d18 100644 (file)
@@ -146,6 +146,7 @@ extern "C" {
 /* #endif */
 
 #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
 #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
                                              * MTU. want to use this
index e12bc3a..9c9646a 100644 (file)
@@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio)
 
 BIO *BIO_dup_chain(BIO *in)
        {
-       BIO *ret=NULL,*eoc=NULL,*bio,*new;
+       BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;
 
        for (bio=in; bio != NULL; bio=bio->next_bio)
                {
-               if ((new=BIO_new(bio->method)) == NULL) goto err;
-               new->callback=bio->callback;
-               new->cb_arg=bio->cb_arg;
-               new->init=bio->init;
-               new->shutdown=bio->shutdown;
-               new->flags=bio->flags;
+               if ((new_bio=BIO_new(bio->method)) == NULL) goto err;
+               new_bio->callback=bio->callback;
+               new_bio->cb_arg=bio->cb_arg;
+               new_bio->init=bio->init;
+               new_bio->shutdown=bio->shutdown;
+               new_bio->flags=bio->flags;
 
                /* This will let SSL_s_sock() work with stdin/stdout */
-               new->num=bio->num;
+               new_bio->num=bio->num;
 
-               if (!BIO_dup_state(bio,(char *)new))
+               if (!BIO_dup_state(bio,(char *)new_bio))
                        {
-                       BIO_free(new);
+                       BIO_free(new_bio);
                        goto err;
                        }
 
                /* copy app data */
-               if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+               if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
                                        &bio->ex_data))
                        goto err;
 
                if (ret == NULL)
                        {
-                       eoc=new;
+                       eoc=new_bio;
                        ret=eoc;
                        }
                else
                        {
-                       BIO_push(eoc,new);
-                       eoc=new;
+                       BIO_push(eoc,new_bio);
+                       eoc=new_bio;
                        }
                }
        return(ret);
index 71ebe98..ad9c372 100644 (file)
@@ -547,6 +547,27 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                ret = 0;
 #endif
                break;
+       case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+               switch (data->peer.sa.sa_family)
+                       {
+                       case AF_INET:
+                               ret = 576 - 20 - 8;
+                               break;
+#if OPENSSL_USE_IPV6
+                       case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+                               if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+                                       ret = 576 - 20 - 8;
+                               else
+#endif
+                                       ret = 1280 - 40 - 8;
+                               break;
+#endif
+                       default:
+                               ret = 576 - 20 - 8;
+                               break;
+                       }
+               break;
        case BIO_CTRL_DGRAM_GET_MTU:
                return data->mtu;
                break;
index 620ea8d..40361f9 100644 (file)
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
 BUF_MEM *BUF_MEM_new(void)
        {
        BUF_MEM *ret;
@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
                str->length=len;
                return(len);
                }
+       /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+       if (len > LIMIT_BEFORE_EXPANSION)
+               {
+               BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
        n=(len+3)/3*4;
        if (str->data == NULL)
                ret=OPENSSL_malloc(n);
@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
                str->length=len;
                return(len);
                }
+       /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+       if (len > LIMIT_BEFORE_EXPANSION)
+               {
+               BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
        n=(len+3)/3*4;
        if (str->data == NULL)
                ret=OPENSSL_malloc(n);
index 09c45d0..ba378e8 100644 (file)
@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 #define CMS_PARTIAL                    0x4000
 #define CMS_REUSE_DIGEST               0x8000
 #define CMS_USE_KEYID                  0x10000
+#define CMS_DEBUG_DECRYPT              0x20000
 
 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
 
index bab2623..f873ce3 100644 (file)
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        const EVP_CIPHER *ciph;
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+       unsigned char *tkey = NULL;
+       size_t tkeylen;
 
        int ok = 0;
 
@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
                goto err;
                }
-
-
-       if (enc && !ec->key)
+       tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+       /* Generate random session key */
+       if (!enc || !ec->key)
                {
-               /* Generate random key */
-               if (!ec->keylen)
-                       ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
-               ec->key = OPENSSL_malloc(ec->keylen);
-               if (!ec->key)
+               tkey = OPENSSL_malloc(tkeylen);
+               if (!tkey)
                        {
                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-               if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+               if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
                        goto err;
-               keep_key = 1;
                }
-       else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+
+       if (!ec->key)
+               {
+               ec->key = tkey;
+               ec->keylen = tkeylen;
+               tkey = NULL;
+               if (enc)
+                       keep_key = 1;
+               else
+                       ERR_clear_error();
+               
+               }
+
+       if (ec->keylen != tkeylen)
                {
                /* If necessary set key length */
                if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
                        {
-                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-                               CMS_R_INVALID_KEY_LENGTH);
-                       goto err;
+                       /* Only reveal failure if debugging so we don't
+                        * leak information which may be useful in MMA.
+                        */
+                       if (enc || ec->debug)
+                               {
+                               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                               CMS_R_INVALID_KEY_LENGTH);
+                               goto err;
+                               }
+                       else
+                               {
+                               /* Use random key */
+                               OPENSSL_cleanse(ec->key, ec->keylen);
+                               OPENSSL_free(ec->key);
+                               ec->key = tkey;
+                               ec->keylen = tkeylen;
+                               tkey = NULL;
+                               ERR_clear_error();
+                               }
                        }
                }
 
@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                OPENSSL_free(ec->key);
                ec->key = NULL;
                }
+       if (tkey)
+               {
+               OPENSSL_cleanse(tkey, tkeylen);
+               OPENSSL_free(tkey);
+               }
        if (ok)
                return b;
        BIO_free(b);
index b3237d4..b398f69 100644 (file)
@@ -371,6 +371,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
        unsigned char *ek = NULL;
        size_t eklen;
        int ret = 0;
+       CMS_EncryptedContentInfo *ec;
+       ec = cms->d.envelopedData->encryptedContentInfo;
 
        if (ktri->pkey == NULL)
                {
@@ -417,8 +419,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 
        ret = 1;
 
-       cms->d.envelopedData->encryptedContentInfo->key = ek;
-       cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
+       if (ec->key)
+               {
+               OPENSSL_cleanse(ec->key, ec->keylen);
+               OPENSSL_free(ec->key);
+               }
+
+       ec->key = ek;
+       ec->keylen = eklen;
 
        err:
        if (pctx)
index c8ecfa7..2d8f54b 100644 (file)
@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
        const EVP_CIPHER *cipher;
        unsigned char *key;
        size_t keylen;
+       /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+       int debug;
        };
 
 struct CMS_RecipientInfo_st
index 4a799eb..83edea8 100644 (file)
@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
        int i, r;
+       int debug = 0;
        ris = CMS_get0_RecipientInfos(cms);
+       if (ris)
+               debug = cms->d.envelopedData->encryptedContentInfo->debug;
        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
                {
                ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        CMS_RecipientInfo_set0_pkey(ri, pk);
                        r = CMS_RecipientInfo_decrypt(cms, ri);
                        CMS_RecipientInfo_set0_pkey(ri, NULL);
-                       if (r > 0)
-                               return 1;
                        if (cert)
                                {
+                               /* If not debugging clear any error and
+                                * return success to avoid leaking of
+                                * information useful to MMA
+                                */
+                               if (!debug)
+                                       {
+                                       ERR_clear_error();
+                                       return 1;
+                                       }
+                               if (r > 0)
+                                       return 1;
                                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
                                                CMS_R_DECRYPT_ERROR);
                                return 0;
                                }
-                       ERR_clear_error();
+                       /* If no cert and not debugging don't leave loop
+                        * after first successful decrypt. Always attempt
+                        * to decrypt all recipients to avoid leaking timing
+                        * of a successful decrypt.
+                        */
+                       else if (r > 0 && debug)
+                               return 1;
                        }
                }
+       /* If no cert and not debugging always return success */
+       if (!cert && !debug)
+               {
+               ERR_clear_error();
+               return 1;
+               }
 
        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
        return 0;
@@ -694,9 +718,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                }
        if (!dcont && !check_content(cms))
                return 0;
+       if (flags & CMS_DEBUG_DECRYPT)
+               cms->d.envelopedData->encryptedContentInfo->debug = 1;
+       else
+               cms->d.envelopedData->encryptedContentInfo->debug = 0;
+       if (!pk && !cert && !dcont && !out)
+               return 1;
        if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
                return 0;
-
        cont = CMS_dataInit(cms, dcont);
        if (!cont)
                return 0;
index ee79d53..0d12654 100644 (file)
@@ -79,8 +79,6 @@ struct dev_crypto_state {
        unsigned char digest_res[HASH_MAX_LEN];
        char *mac_data;
        int mac_len;
-
-       int copy;
 #endif
 };
 
@@ -200,6 +198,7 @@ get_dev_crypto(void)
 
        if ((fd = open_dev_crypto()) == -1)
                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
        if (ioctl(fd, CRIOGET, &retfd) == -1)
                return (-1);
 
@@ -208,9 +207,19 @@ get_dev_crypto(void)
                close(retfd);
                return (-1);
        }
+#else
+        retfd = fd;
+#endif
        return (retfd);
 }
 
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+       close(fd);
+#endif
+}
+
 /* Caching version for asym operations */
 static int
 get_asym_dev_crypto(void)
@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (count > 0)
                *cnids = nids;
@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = digests[i].nid;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (count > 0)
                *cnids = nids;
@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        sess->cipher = cipher;
 
        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-               close(state->d_fd);
+               put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                return (0);
        }
@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        } else {
                ret = 1;
        }
-       close(state->d_fd);
+       put_dev_crypto(state->d_fd);
        state->d_fd = -1;
 
        return (ret);
@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
        sess->mac = digest;
 
        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-               close(state->d_fd);
+               put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                printf("cryptodev_digest_init: Open session failed\n");
                return (0);
@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
                /* if application doesn't support one buffer */
                memset(&cryp, 0, sizeof(cryp));
-
                cryp.ses = sess->ses;
                cryp.flags = 0;
                cryp.len = state->mac_len;
                cryp.src = state->mac_data;
                cryp.dst = NULL;
                cryp.mac = (caddr_t)md;
-
                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
                        printf("cryptodev_digest_final: digest failed\n");
                        return (0);
@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
 
+       if (state == NULL)
+         return 0;
+
        if (state->d_fd < 0) {
                printf("cryptodev_digest_cleanup: illegal input\n");
                return (0);
@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
                state->mac_len = 0;
        }
 
-       if (state->copy)
-               return 1;
-
        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
                printf("cryptodev_digest_cleanup: failed to close session\n");
                ret = 0;
        } else {
                ret = 1;
        }
-       close(state->d_fd);     
+       put_dev_crypto(state->d_fd);    
        state->d_fd = -1;
 
        return (ret);
@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
 {
        struct dev_crypto_state *fstate = from->md_data;
        struct dev_crypto_state *dstate = to->md_data;
+       struct session_op *sess;
+       int digest;
 
-       memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+       if (dstate == NULL || fstate == NULL)
+         return 1;
 
-       if (fstate->mac_len != 0) {
-               dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-               memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+               memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+
+       sess = &dstate->d_sess;
+
+       digest = digest_nid_to_cryptodev(to->digest->type);
+
+       sess->mackey = dstate->dummy_mac_key;
+       sess->mackeylen = digest_key_length(to->digest->type);
+       sess->mac = digest;
+
+       dstate->d_fd = get_dev_crypto();
+
+       if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+               put_dev_crypto(dstate->d_fd);
+               dstate->d_fd = -1;
+               printf("cryptodev_digest_init: Open session failed\n");
+               return (0);
        }
 
-       dstate->copy = 1;
+       if (fstate->mac_len != 0) {
+               if (fstate->mac_data != NULL)
+                       {
+                       dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                       memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                       dstate->mac_len = fstate->mac_len;
+                       }
+       }
 
        return 1;
 }
@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
         * find out what asymmetric crypto algorithms we support
         */
        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-               close(fd);
+               put_dev_crypto(fd);
                ENGINE_free(engine);
                return;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
index 6f80dd3..ae40de3 100644 (file)
@@ -361,6 +361,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 
        if (num <= 0) return NULL;
 
+       /* We don't support shrinking the buffer. Note the memcpy that copies
+        * |old_len| bytes to the new buffer, below. */
+       if (num < old_len) return NULL;
+
        if (realloc_debug_func != NULL)
                realloc_debug_func(str, NULL, num, file, line, 0);
        ret=malloc_ex_func(num,file,line);
index a368f6f..42d1de3 100644 (file)
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x1000007fL
+#define OPENSSL_VERSION_NUMBER 0x100000afL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0g-fips 18 Jan 2012"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0j-fips 10 May 2012"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0g 18 Jan 2012"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0j 10 May 2012"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
index e47116b..544fa93 100755 (executable)
@@ -62,12 +62,8 @@ my $flavour = shift;
 my $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
 
-{ my ($stddev,$stdino,@junk)=stat(STDOUT);
-  my ($outdev,$outino,@junk)=stat($output);
-
-    open STDOUT,">$output" || die "can't open $output: $!"
-       if ($stddev!=$outdev || $stdino!=$outino);
-}
+open STDOUT,">$output" || die "can't open $output: $!"
+       if (defined($output));
 
 my $gas=1;     $gas=0 if ($output =~ /\.asm$/);
 my $elf=1;     $elf=0 if (!$gas);
@@ -555,7 +551,8 @@ my %globals;
                                            $v.=" READONLY";
                                            $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
                                        } elsif ($line=~/\.CRT\$/i) {
-                                           $v.=" READONLY DWORD";
+                                           $v.=" READONLY ";
+                                           $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
                                        }
                                    }
                                    $current_segment = $line;
index 292cc3e..206b1b0 100644 (file)
@@ -167,7 +167,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
        if (cert && *cert)
                X509_free(*cert);
        if (x)
-               X509_free(*cert);
+               X509_free(x);
        if (ocerts)
                sk_X509_pop_free(ocerts, X509_free);
        return 0;
index 3bf1a36..2ec83ed 100644 (file)
@@ -204,11 +204,11 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
        unsigned char *ek = NULL;
        size_t eklen;
 
-       int ret = 0;
+       int ret = -1;
 
        pctx = EVP_PKEY_CTX_new(pkey, NULL);
        if (!pctx)
-               return 0;
+               return -1;
 
        if (EVP_PKEY_decrypt_init(pctx) <= 0)
                goto err;
@@ -235,12 +235,19 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
                                ri->enc_key->data, ri->enc_key->length) <= 0)
                {
+               ret = 0;
                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
                goto err;
                }
 
        ret = 1;
 
+       if (*pek)
+               {
+               OPENSSL_cleanse(*pek, *peklen);
+               OPENSSL_free(*pek);
+               }
+
        *pek = ek;
        *peklen = eklen;
 
@@ -423,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        STACK_OF(X509_ALGOR) *md_sk=NULL;
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
+       unsigned char *ek = NULL, *tkey = NULL;
+       int eklen = 0, tkeylen = 0;
 
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
@@ -500,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                int max;
                X509_OBJECT ret;
 #endif
-               unsigned char *ek = NULL;
-               int eklen;
 
                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
                        {
@@ -534,29 +541,28 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        }
 
                /* If we haven't got a certificate try each ri in turn */
-
                if (pcert == NULL)
                        {
+                       /* Always attempt to decrypt all rinfo even
+                        * after sucess as a defence against MMA timing
+                        * attacks.
+                        */
                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                               
                                if (pkcs7_decrypt_rinfo(&ek, &eklen,
-                                                       ri, pkey) > 0)
-                                       break;
+                                                       ri, pkey) < 0)
+                                       goto err;
                                ERR_clear_error();
-                               ri = NULL;
-                               }
-                       if (ri == NULL)
-                               {
-                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                     PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
-                               goto err;
                                }
                        }
                else
                        {
-                       if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
+                       /* Only exit on fatal errors, not decrypt failure */
+                       if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
                                goto err;
+                       ERR_clear_error();
                        }
 
                evp_ctx=NULL;
@@ -565,6 +571,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        goto err;
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
+               /* Generate random key as MMA defence */
+               tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+               tkey = OPENSSL_malloc(tkeylen);
+               if (!tkey)
+                       goto err;
+               if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+                       goto err;
+               if (ek == NULL)
+                       {
+                       ek = tkey;
+                       eklen = tkeylen;
+                       tkey = NULL;
+                       }
 
                if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
                        /* Some S/MIME clients don't use the same key
@@ -573,11 +592,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                         */
                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
                                {
-                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                       PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-                               goto err;
+                               /* Use random key as MMA defence */
+                               OPENSSL_cleanse(ek, eklen);
+                               OPENSSL_free(ek);
+                               ek = tkey;
+                               eklen = tkeylen;
+                               tkey = NULL;
                                }
                } 
+               /* Clear errors so we don't leak information useful in MMA */
+               ERR_clear_error();
                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
                        goto err;
 
@@ -585,6 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        {
                        OPENSSL_cleanse(ek,eklen);
                        OPENSSL_free(ek);
+                       ek = NULL;
+                       }
+               if (tkey)
+                       {
+                       OPENSSL_cleanse(tkey,tkeylen);
+                       OPENSSL_free(tkey);
+                       tkey = NULL;
                        }
 
                if (out == NULL)
@@ -627,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        if (0)
                {
 err:
+               if (ek)
+                       {
+                       OPENSSL_cleanse(ek,eklen);
+                       OPENSSL_free(ek);
+                       }
+               if (tkey)
+                       {
+                       OPENSSL_cleanse(tkey,tkeylen);
+                       OPENSSL_free(tkey);
+                       }
                if (out != NULL) BIO_free_all(out);
                if (btmp != NULL) BIO_free_all(btmp);
                if (etmp != NULL) BIO_free_all(etmp);
index 86742d0..a5104f8 100644 (file)
@@ -573,15 +573,34 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                        return 0;
                }
                ret = SMIME_text(bread, data);
+               if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                       {
+                       if (!BIO_get_cipher_status(tmpmem))
+                               ret = 0;
+                       }
                BIO_free_all(bread);
                return ret;
        } else {
                for(;;) {
                        i = BIO_read(tmpmem, buf, sizeof(buf));
-                       if(i <= 0) break;
-                       BIO_write(data, buf, i);
+                       if(i <= 0)
+                               {
+                               ret = 1;
+                               if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                                       {
+                                       if (!BIO_get_cipher_status(tmpmem))
+                                               ret = 0;
+                                       }
+                                       
+                               break;
+                               }
+                       if (BIO_write(data, buf, i) != i)
+                               {
+                               ret = 0;
+                               break;
+                               }
                }
                BIO_free_all(tmpmem);
-               return 1;
+               return ret;
        }
 }
index 1bc25f4..5832a73 100644 (file)
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
-#ifndef _POSIX_C_SOURCE
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
 #define _POSIX_C_SOURCE 2
 #endif
 #include <signal.h>
index 3a6e04a..38525a8 100644 (file)
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
        if (ctx == NULL) return;
        if (    (ctx->method != NULL) &&
                (ctx->method->free != NULL))
-               ctx->method->free(ctx);
+               (*ctx->method->free)(ctx);
        OPENSSL_free(ctx);
        }
 
index 701ec56..b0779db 100644 (file)
@@ -153,7 +153,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
 int X509_verify_cert(X509_STORE_CTX *ctx)
        {
        X509 *x,*xtmp,*chain_ss=NULL;
-       X509_NAME *xn;
        int bad_chain = 0;
        X509_VERIFY_PARAM *param = ctx->param;
        int depth,i,ok=0;
@@ -205,7 +204,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                         */
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx, x,x)) break;
 
                /* If we were passed a cert chain, use it first */
@@ -242,7 +240,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
        i=sk_X509_num(ctx->chain);
        x=sk_X509_value(ctx->chain,i-1);
-       xn = X509_get_subject_name(x);
        if (ctx->check_issued(ctx, x, x))
                {
                /* we have a self signed certificate */
@@ -291,7 +288,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                if (depth < num) break;
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx,x,x)) break;
 
                ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -310,7 +306,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
 
        /* we now have our chain, lets check it... */
-       xn=X509_get_issuer_name(x);
 
        /* Is last certificate looked up self signed? */
        if (!ctx->check_issued(ctx,x,x))
index 3f434c0..1587e8e 100644 (file)
@@ -358,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
       goto done;
   }
 
+  /*
+   * Check for inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+       goto done;
+    }
+  }
+
   ret = 1;
 
  done:
@@ -392,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     return 1;
 
   /*
-   * We have a list.  Sort it.
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+             X509V3_R_EXTENSION_VALUE_ERROR);
+    return 0;
+  }
+
+  /*
+   * We have a non-empty list.  Sort it.
    */
-  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
   /*
@@ -415,6 +438,13 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
     /*
+     * Punt inverted ranges.
+     */
+    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+       ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+
+    /*
      * Check for overlaps.
      */
     if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
@@ -465,12 +495,26 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
        break;
       }
       ASIdOrRange_free(b);
-      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
       i--;
       continue;
     }
   }
 
+  /*
+   * Check for final inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+       goto done;
+    }
+  }
+
   OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
   ret = 1;
@@ -498,6 +542,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
                               struct v3_ext_ctx *ctx,
                               STACK_OF(CONF_VALUE) *values)
 {
+  ASN1_INTEGER *min = NULL, *max = NULL;
   ASIdentifiers *asid = NULL;
   int i;
 
@@ -508,7 +553,6 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 
   for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
     CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    ASN1_INTEGER *min = NULL, *max = NULL;
     int i1, i2, i3, is_range, which;
 
     /*
@@ -578,18 +622,19 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
       max = s2i_ASN1_INTEGER(NULL, s + i2);
       OPENSSL_free(s);
       if (min == NULL || max == NULL) {
-       ASN1_INTEGER_free(min);
-       ASN1_INTEGER_free(max);
        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
        goto err;
       }
+      if (ASN1_INTEGER_cmp(min, max) > 0) {
+       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
+       goto err;
+      }
     }
     if (!v3_asid_add_id_or_range(asid, which, min, max)) {
-      ASN1_INTEGER_free(min);
-      ASN1_INTEGER_free(max);
       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
       goto err;
     }
+    min = max = NULL;
   }
 
   /*
@@ -601,6 +646,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 
  err:
   ASIdentifiers_free(asid);
+  ASN1_INTEGER_free(min);
+  ASN1_INTEGER_free(max);
   return NULL;
 }
 
index 5b477ac..367691c 100644 (file)
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256,
+EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
 EVP digest routines
 
@@ -33,16 +34,15 @@ EVP digest routines
 
  int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
 
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+ #define EVP_MAX_MD_SIZE 64    /* SHA512 */
 
+ int EVP_MD_type(const EVP_MD *md);
+ int EVP_MD_pkey_type(const EVP_MD *md);       
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_block_size(const EVP_MD *md);
 
- #define EVP_MD_type(e)                        ((e)->type)
- #define EVP_MD_pkey_type(e)           ((e)->pkey_type)
- #define EVP_MD_size(e)                        ((e)->md_size)
- #define EVP_MD_block_size(e)          ((e)->block_size)
-
- #define EVP_MD_CTX_md(e)              (e)->digest)
- #define EVP_MD_CTX_size(e)            EVP_MD_size((e)->digest)
+ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ #define EVP_MD_CTX_size(e)            EVP_MD_size(EVP_MD_CTX_md(e))
  #define EVP_MD_CTX_block_size(e)      EVP_MD_block_size((e)->digest)
  #define EVP_MD_CTX_type(e)            EVP_MD_type((e)->digest)
 
@@ -56,6 +56,11 @@ EVP digest routines
  const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
+ const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
+
  const EVP_MD *EVP_get_digestbyname(const char *name);
  #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
  #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -124,12 +129,14 @@ B<EVP_MD_CTX>.
 
 EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
 with this digest. For example EVP_sha1() is associated with RSA so this will
-return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
+return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
+are no longer linked this function is only retained for compatibility
+reasons.
 
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+and RIPEMD160 digest algorithms respectively. 
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
 algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
@@ -171,8 +178,8 @@ The B<EVP> interface to message digests should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 
-SHA1 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
+New applications should use the SHA2 digest algorithms such as SHA256. 
+The other digest algorithms are still in common use.
 
 For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
 set to NULL to use the default digest implementation.
@@ -187,6 +194,19 @@ implementations of digests to be specified.
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
 memory leaks will occur. 
 
+Stack allocation of EVP_MD_CTX structures is common, for example:
+
+ EVP_MD_CTX mctx;
+ EVP_MD_CTX_init(&mctx);
+
+This will cause binary compatibility issues if the size of EVP_MD_CTX
+structure changes (this will only happen with a major release of OpenSSL).
+Applications wishing to avoid this should use EVP_MD_CTX_create() instead:
+
+ EVP_MD_CTX *mctx;
+ mctx = EVP_MD_CTX_create();
+
+
 =head1 EXAMPLE
 
 This example digests the data "Test Message\n" and "Hello World\n", using the
@@ -197,7 +217,7 @@ digest name passed on the command line.
 
  main(int argc, char *argv[])
  {
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
  const EVP_MD *md;
  char mess1[] = "Test Message\n";
  char mess2[] = "Hello World\n";
@@ -218,12 +238,12 @@ digest name passed on the command line.
        exit(1);
  }
 
EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit_ex(&mdctx, md, NULL);
- EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
- EVP_MD_CTX_cleanup(&mdctx);
mdctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(mdctx, md, NULL);
+ EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+ EVP_MD_CTX_destroy(mdctx);
 
  printf("Digest is: ");
  for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
index 4a05853..0bd08e9 100644 (file)
@@ -521,6 +521,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
                                {
                                GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
                                        GOST_R_INVALID_MAC_KEY_LENGTH);
+                               OPENSSL_free(keybuf);
                                return 0;       
                                }
                        ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
index 24b620f..fa0624f 100644 (file)
@@ -442,28 +442,36 @@ static int capi_init(ENGINE *e)
        CAPI_CTX *ctx;
        const RSA_METHOD *ossl_rsa_meth;
        const DSA_METHOD *ossl_dsa_meth;
-       capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+       if (capi_idx < 0)
+               {
+               capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               if (capi_idx < 0)
+                       goto memerr;
+
+               cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+               /* Setup RSA_METHOD */
+               rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               ossl_rsa_meth = RSA_PKCS1_SSLeay();
+               capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+               capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+               capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+               capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+               /* Setup DSA Method */
+               dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               ossl_dsa_meth = DSA_OpenSSL();
+               capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+               capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+               capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+               }
 
        ctx = capi_ctx_new();
-       if (!ctx || (capi_idx < 0))
+       if (!ctx)
                goto memerr;
 
        ENGINE_set_ex_data(e, capi_idx, ctx);
-       /* Setup RSA_METHOD */
-       rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       ossl_rsa_meth = RSA_PKCS1_SSLeay();
-       capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
-       capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
-       capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
-       capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
-
-       /* Setup DSA Method */
-       dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       ossl_dsa_meth = DSA_OpenSSL();
-       capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
-       capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
-       capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
 
 #ifdef OPENSSL_CAPIENG_DIALOG
        {
@@ -1155,6 +1163,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
                {
                CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
                capi_addlasterror();
+               CryptReleaseContext(hprov, 0);
                return 0;
                }
        CAPI_trace(ctx, "Got max container len %d\n", buflen);
@@ -1572,6 +1581,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
                        }
                CryptReleaseContext(hprov, 0);
                }
+       if (ctx->cspname)
+               OPENSSL_free(ctx->cspname);
        ctx->cspname = BUF_strdup(pname);
        ctx->csptype = type;
        return 1;
@@ -1581,9 +1592,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
        {
        LPSTR pname;
        DWORD type;
+       int res;
        if (capi_get_provname(ctx, &pname, &type, idx) != 1)
                return 0;
-       return capi_ctx_set_provname(ctx, pname, type, 0);
+       res = capi_ctx_set_provname(ctx, pname, type, 0);
+       OPENSSL_free(pname);
+       return res;
        }
 
 static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
index eedac8a..e9552ca 100644 (file)
@@ -538,6 +538,7 @@ err:
 
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
        {
+#ifndef OPENSSL_NO_SOCK
        BIO *ret=NULL,*con=NULL,*ssl=NULL;
 
        if ((con=BIO_new(BIO_s_connect())) == NULL)
@@ -549,6 +550,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
        return(ret);
 err:
        if (con != NULL) BIO_free(con);
+#endif
        return(NULL);
        }
 
index 9f898d6..2f95880 100644 (file)
@@ -227,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
        unsigned int len, frag_off, mac_size, blocksize;
 
        /* AHA!  Figure out the MTU, and stick to the right size */
-       if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+       if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                {
                s->d1->mtu = 
                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
                /* I've seen the kernel return bogus numbers when it doesn't know
                 * (initial write), so just make sure we have a reasonable number */
-               if ( s->d1->mtu < dtls1_min_mtu())
+               if (s->d1->mtu < dtls1_min_mtu())
                        {
                        s->d1->mtu = 0;
                        s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
index 089fa4c..074b7f3 100644 (file)
@@ -260,7 +260,6 @@ int dtls1_connect(SSL *s)
                        if (ret <= 0) goto end;
                        else
                                {
-                               dtls1_stop_timer(s);
                                if (s->hit)
                                        s->state=SSL3_ST_CR_FINISHED_A;
                                else
@@ -354,6 +353,7 @@ int dtls1_connect(SSL *s)
                case SSL3_ST_CR_SRVR_DONE_B:
                        ret=ssl3_get_server_done(s);
                        if (ret <= 0) goto end;
+                       dtls1_stop_timer(s);
                        if (s->s3->tmp.cert_req)
                                s->state=SSL3_ST_CW_CERT_A;
                        else
index becbab9..07a5e97 100644 (file)
@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
                                }
                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
                         * All of them must have value 'padding_length'. */
-                       if (i > (int)rec->length)
+                       if (i + bs > (int)rec->length)
                                {
                                /* Incorrect padding. SSLerr() and ssl3_alert are done
                                 * by caller: we don't want to reveal whether this is
index c3b77c8..8479932 100644 (file)
@@ -381,6 +381,7 @@ void dtls1_double_timeout(SSL *s)
 void dtls1_stop_timer(SSL *s)
        {
        /* Reset everything */
+       memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
        s->d1->timeout_duration = 1;
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@ -388,10 +389,28 @@ void dtls1_stop_timer(SSL *s)
        dtls1_clear_record_buffer(s);
        }
 
-int dtls1_handle_timeout(SSL *s)
+int dtls1_check_timeout_num(SSL *s)
        {
-       DTLS1_STATE *state;
+       s->d1->timeout.num_alerts++;
+
+       /* Reduce MTU after 2 unsuccessful retransmissions */
+       if (s->d1->timeout.num_alerts > 2)
+               {
+               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               }
+
+       if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+               {
+               /* fail the connection, enough alerts have been sent */
+               SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
+               return -1;
+               }
 
+       return 0;
+       }
+
+int dtls1_handle_timeout(SSL *s)
+       {
        /* if no timer is expired, don't do anything */
        if (!dtls1_is_timer_expired(s))
                {
@@ -399,19 +418,14 @@ int dtls1_handle_timeout(SSL *s)
                }
 
        dtls1_double_timeout(s);
-       state = s->d1;
-       state->timeout.num_alerts++;
-       if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
-               {
-               /* fail the connection, enough alerts have been sent */
-               SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
+
+       if (dtls1_check_timeout_num(s) < 0)
                return -1;
-               }
 
-       state->timeout.read_timeouts++;
-       if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+       s->d1->timeout.read_timeouts++;
+       if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
                {
-               state->timeout.read_timeouts = 1;
+               s->d1->timeout.read_timeouts = 1;
                }
 
        dtls1_start_timer(s);
index de30a50..6d24573 100644 (file)
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
        unsigned char *priority);
 static int dtls1_process_record(SSL *s);
-static void dtls1_clear_timeouts(SSL *s);
 
 /* copy buffered record into SSL structure */
 static int
@@ -682,7 +681,6 @@ again:
                goto again;   /* get another record */
                }
 
-       dtls1_clear_timeouts(s);  /* done waiting */
        return(1);
 
        }
@@ -1152,6 +1150,9 @@ start:
                 */
                if (msg_hdr.type == SSL3_MT_FINISHED)
                        {
+                       if (dtls1_check_timeout_num(s) < 0)
+                               return -1;
+
                        dtls1_retransmit_buffered_messages(s);
                        rr->length = 0;
                        goto start;
@@ -1765,10 +1766,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 
        memset(seq, 0x00, seq_bytes);
        }
-
-
-static void
-dtls1_clear_timeouts(SSL *s)
-       {
-       memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
-       }
index 149983b..41fac4c 100644 (file)
@@ -485,15 +485,16 @@ int dtls1_accept(SSL *s)
                        ret = ssl3_check_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                       dtls1_stop_timer(s);
                        if (ret == 2)
+                               {
+                               dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                               }
                        else {
                                /* could be sent for a DH cert, even if we
                                 * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                               dtls1_stop_timer(s);
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -503,7 +504,6 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
                        s->state=SSL3_ST_SR_CERT_VRFY_A;
                        s->init_num=0;
 
@@ -540,7 +540,6 @@ int dtls1_accept(SSL *s)
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
 
                        s->state=SSL3_ST_SR_FINISHED_A;
                        s->init_num=0;
@@ -772,7 +771,7 @@ int dtls1_send_server_hello(SSL *s)
                p=s->s3->server_random;
                Time=(unsigned long)time(NULL);                 /* Time */
                l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
index d734c35..6db4a25 100644 (file)
@@ -756,14 +756,6 @@ int ssl3_check_client_hello(SSL *s)
        int ok;
        long n;
 
-       /* We only allow the client to restart the handshake once per
-        * negotiation. */
-       if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-               {
-               SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
-               return -1;
-               }
-
        /* this function is called when we really expect a Certificate message,
         * so permit appropriate message length */
        n=s->method->ssl_get_message(s,
@@ -776,6 +768,13 @@ int ssl3_check_client_hello(SSL *s)
        s->s3->tmp.reuse_message = 1;
        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
                {
+               /* We only allow the client to restart the handshake once per
+                * negotiation. */
+               if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+                       {
+                       SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+                       return -1;
+                       }
                /* Throw away what we have done so far in the current handshake,
                 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
@@ -2729,7 +2728,7 @@ int ssl3_get_cert_verify(SSL *s)
        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
                {
                s->s3->tmp.reuse_message=1;
-               if ((peer != NULL) && (type | EVP_PKT_SIGN))
+               if ((peer != NULL) && (type & EVP_PKT_SIGN))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
index 8f922ee..5c8aec0 100644 (file)
@@ -1825,6 +1825,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_ACCEPT                              246
 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                     295
 #define SSL_F_DTLS1_BUFFER_RECORD                       247
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                   305
 #define SSL_F_DTLS1_CLIENT_HELLO                        248
 #define SSL_F_DTLS1_CONNECT                             249
 #define SSL_F_DTLS1_ENC                                         250
index e9be771..3f79c74 100644 (file)
@@ -80,6 +80,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
 {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF),        "DTLS1_ADD_CERT_TO_BUF"},
 {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),  "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM),      "DTLS1_CHECK_TIMEOUT_NUM"},
 {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),   "DTLS1_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_DTLS1_CONNECT),        "DTLS1_CONNECT"},
 {ERR_FUNC(SSL_F_DTLS1_ENC),    "DTLS1_ENC"},
index cea622a..4e4e79b 100644 (file)
@@ -943,6 +943,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
+int dtls1_check_timeout_num(SSL *s);
 int dtls1_handle_timeout(SSL *s);
 const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
 void dtls1_start_timer(SSL *s);
index 81679b2..d1e68da 100644 (file)
@@ -1,8 +1,8 @@
 # $FreeBSD: src/secure/lib/libcrypto/Makefile.inc,v 1.7.2.11 2003/02/20 15:07:32 nectar Exp $
 # $DragonFly: src/secure/lib/libcrypto/Makefile.inc,v 1.18 2008/09/27 21:04:45 pavalos Exp $
 
-OSSLVERSION=   1.0.0g
-OSSLDATE=      2012-01-18
+OSSLVERSION=   1.0.0j
+OSSLDATE=      2012-05-10
 LCRYPTO_SRC=   ${.CURDIR}/../../../crypto/openssl
 LCRYPTO_DOC=   ${LCRYPTO_SRC}/doc
 
index 8d38806..7c49d9f 100644 (file)
@@ -368,6 +368,10 @@ MLINKS+= EVP_DigestInit.3 EVP_md2.3
 MLINKS+= EVP_DigestInit.3 EVP_md5.3
 MLINKS+= EVP_DigestInit.3 EVP_sha.3
 MLINKS+= EVP_DigestInit.3 EVP_sha1.3
+MLINKS+= EVP_DigestInit.3 EVP_sha224.3
+MLINKS+= EVP_DigestInit.3 EVP_sha256.3
+MLINKS+= EVP_DigestInit.3 EVP_sha384.3
+MLINKS+= EVP_DigestInit.3 EVP_sha512.3
 MLINKS+= EVP_DigestInit.3 EVP_dss.3
 MLINKS+= EVP_DigestInit.3 EVP_dss1.3
 MLINKS+= EVP_DigestInit.3 EVP_mdc2.3
index 11edc41..a4a9627 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7fe53d2..25b2df8 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ASN1_STRING_length 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index e09f221..e8a89bd 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ASN1_STRING_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 43877ab..1cfa669 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0e37c5f..acbcaa5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c53f9a4..e7ba2a2 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_ctrl 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1d24770..93c574b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_base64 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0cb823a..1de2526 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_buffer 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1aecd4b..1864aa7 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_cipher 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 987b078..0d6198b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_md 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0dd20a0..ff7259a 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_null 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 8e081fa..ea4e80b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_f_ssl 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 299f284..60793f0 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_find_type 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d3ad39f..1b574cd 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_new 3"
-.TH BIO_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ca285c4..91ade15 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_new_CMS 3"
-.TH BIO_new_CMS 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_new_CMS 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 88925cd..308fff3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_push 3"
-.TH BIO_push 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_push 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ccadb81..da5e7b5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_read 3"
-.TH BIO_read 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_read 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1777afb..6018dd2 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_accept 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ebd2962..3f925bf 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_bio 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d63772f..4762041 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_connect 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ee317b5..3899385 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_fd 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 8085619..3869564 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_file 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 92e8ce2..fa63b41 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_mem 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index de1c209..0bffde5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_null 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5a3f7ac..e6439ba 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_s_socket 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 4067a05..bff3803 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_set_callback 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7c666b7..db402e0 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BIO_should_retry 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 51cfcfa..13f9428 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_BLINDING_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c682cb1..2cc9b33 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_CTX_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1795eb4..a4fd450 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_CTX_start 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5a58882..dfc7c88 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_add 3"
-.TH BN_add 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_add 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 8101a72..244ea0e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_add_word 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5047e62..7307f4c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_bn2bin 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d820870..6b812b8 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_cmp 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c06da36..e0e2a8f 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_copy 3"
-.TH BN_copy 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_copy 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d379ff8..e6e1790 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_generate_prime 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0e2657e..128d03a 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_mod_inverse 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0475625..bad08c0 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d1e7913..670445e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 76cdc90..0a2b551 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_new 3"
-.TH BN_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f87669d..f8ca2eb 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_num_bytes 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f2dbfad..ec754bf 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_rand 3"
-.TH BN_rand 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_rand 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a8bec4c..4210926 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_set_bit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c12601e..e17ab64 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_swap 3"
-.TH BN_swap 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_swap 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c0c46fe..27e418e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "BN_zero 3"
-.TH BN_zero 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH BN_zero 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index dc58a09..c56e35c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_add0_cert 3"
-.TH CMS_add0_cert 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_add0_cert 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 313911e..91409fb 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_add1_recipient_cert 3"
-.TH CMS_add1_recipient_cert 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_add1_recipient_cert 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index cdb6c83..34c8f98 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_compress 3"
-.TH CMS_compress 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_compress 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index b3165b5..1208ccb 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_decrypt 3"
-.TH CMS_decrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_decrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ab2b82a..6ac1554 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_encrypt 3"
-.TH CMS_encrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_encrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7c51f73..e493ef4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_final 3"
-.TH CMS_final 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_final 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 3eb4738..804a571 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_get0_RecipientInfos 3"
-.TH CMS_get0_RecipientInfos 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_get0_RecipientInfos 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index babb86e..a2de526 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_get0_SignerInfos 3"
-.TH CMS_get0_SignerInfos 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_get0_SignerInfos 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index b32f6f3..75322c4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_get0_type 3"
-.TH CMS_get0_type 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_get0_type 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index e4089a7..0223529 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_get1_ReceiptRequest 3"
-.TH CMS_get1_ReceiptRequest 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_get1_ReceiptRequest 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d9b37d2..74bfb44 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_sign 3"
-.TH CMS_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 9869463..ef1e107 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_sign_add1_signer 3"
-.TH CMS_sign_add1_signer 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_sign_add1_signer 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 78e1249..b1aa7e8 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_sign_receipt 3"
-.TH CMS_sign_receipt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_sign_receipt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 418aa59..f55a3b9 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_uncompress 3"
-.TH CMS_uncompress 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_uncompress 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 00ac9ea..dfc7ff8 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_verify 3"
-.TH CMS_verify 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_verify 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f5d1664..debb4a6 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CMS_verify_receipt 3"
-.TH CMS_verify_receipt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CMS_verify_receipt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f5fe848..5005425 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CONF_modules_free 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f58a0f2..9901f9e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CONF_modules_load_file 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a65b26c..2f07cea 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index b0f4052..0a66bb3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_generate_key 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index da82aba..2b7b945 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_generate_parameters 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index cc07559..83b4a50 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 290c6ac..37eb57a 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_new 3"
-.TH DH_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5901b0a..d78d1a6 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_set_method 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 6ba15ba..74e7129 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DH_size 3"
-.TH DH_size 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DH_size 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 324f55a..589cc6d 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_SIG_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0702c13..6834ba8 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_do_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 769f267..28948ed 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_dup_DH 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a099bbc..918d5c4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_generate_key 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0cf8143..a299049 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_generate_parameters 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 51a23b8..121f383 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 188b2d6..8aa2357 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_new 3"
-.TH DSA_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 245eae8..6204e2d 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_set_method 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f3d166e..450cb79 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 2036b33..5ae98a0 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "DSA_size 3"
-.TH DSA_size 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH DSA_size 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ffc87e3..0efdd3b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_GET_LIB 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index b08fdeb..f83c5a5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_clear_error 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 6abd5f5..4ad6aff 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_error_string 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 48d36ed..872c225 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_get_error 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index fccbf6f..ddae6bb 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 484e770..35b7625 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_load_strings 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d8ce430..39b65d3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_print_errors 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 2426f97..da52164 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_put_error 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 8120d36..b0a9f87 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_remove_state 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1d17c10..dc439a2 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH ERR_set_mark 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 055809d..d2257c1 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_BytesToKey 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 51bb214..09db171 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_DigestInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -134,7 +134,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256,
+EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
 EVP digest routines
 .SH "SYNOPSIS"
@@ -161,16 +162,15 @@ EVP digest routines
 \&
 \& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
 \&
-\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+\& #define EVP_MAX_MD_SIZE 64     /* SHA512 */
 \&
+\& int EVP_MD_type(const EVP_MD *md);
+\& int EVP_MD_pkey_type(const EVP_MD *md);        
+\& int EVP_MD_size(const EVP_MD *md);
+\& int EVP_MD_block_size(const EVP_MD *md);
 \&
-\& #define EVP_MD_type(e)                 ((e)\->type)
-\& #define EVP_MD_pkey_type(e)            ((e)\->pkey_type)
-\& #define EVP_MD_size(e)                 ((e)\->md_size)
-\& #define EVP_MD_block_size(e)           ((e)\->block_size)
-\&
-\& #define EVP_MD_CTX_md(e)               (e)\->digest)
-\& #define EVP_MD_CTX_size(e)             EVP_MD_size((e)\->digest)
+\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+\& #define EVP_MD_CTX_size(e)             EVP_MD_size(EVP_MD_CTX_md(e))
 \& #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)\->digest)
 \& #define EVP_MD_CTX_type(e)             EVP_MD_type((e)\->digest)
 \&
@@ -184,6 +184,11 @@ EVP digest routines
 \& const EVP_MD *EVP_mdc2(void);
 \& const EVP_MD *EVP_ripemd160(void);
 \&
+\& const EVP_MD *EVP_sha224(void);
+\& const EVP_MD *EVP_sha256(void);
+\& const EVP_MD *EVP_sha384(void);
+\& const EVP_MD *EVP_sha512(void);
+\&
 \& const EVP_MD *EVP_get_digestbyname(const char *name);
 \& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 \& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -252,12 +257,14 @@ normally used when setting \s-1ASN1\s0 OIDs.
 .PP
 \&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
 with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
-return \fBNID_sha1WithRSAEncryption\fR. This \*(L"link\*(R" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
+return \fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms
+are no longer linked this function is only retained for compatibility
+reasons.
 .PP
-\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR
-return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest
-algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case.
+\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR,
+\&\fIEVP_sha384()\fR, \fIEVP_sha512()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR
+structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MDC2\s0
+and \s-1RIPEMD160\s0 digest algorithms respectively.
 .PP
 \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
 algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is 
@@ -297,8 +304,8 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 .PP
-\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
+New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. 
+The other digest algorithms are still in common use.
 .PP
 For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
 set to \s-1NULL\s0 to use the default digest implementation.
@@ -312,6 +319,22 @@ implementations of digests to be specified.
 .PP
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
 memory leaks will occur.
+.PP
+Stack allocation of \s-1EVP_MD_CTX\s0 structures is common, for example:
+.PP
+.Vb 2
+\& EVP_MD_CTX mctx;
+\& EVP_MD_CTX_init(&mctx);
+.Ve
+.PP
+This will cause binary compatibility issues if the size of \s-1EVP_MD_CTX\s0
+structure changes (this will only happen with a major release of OpenSSL).
+Applications wishing to avoid this should use \fIEVP_MD_CTX_create()\fR instead:
+.PP
+.Vb 2
+\& EVP_MD_CTX *mctx;
+\& mctx = EVP_MD_CTX_create();
+.Ve
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
@@ -323,7 +346,7 @@ digest name passed on the command line.
 \&
 \& main(int argc, char *argv[])
 \& {
-\& EVP_MD_CTX mdctx;
+\& EVP_MD_CTX *mdctx;
 \& const EVP_MD *md;
 \& char mess1[] = "Test Message\en";
 \& char mess2[] = "Hello World\en";
@@ -344,12 +367,12 @@ digest name passed on the command line.
 \&        exit(1);
 \& }
 \&
-\& EVP_MD_CTX_init(&mdctx);
-\& EVP_DigestInit_ex(&mdctx, md, NULL);
-\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
-\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
-\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
-\& EVP_MD_CTX_cleanup(&mdctx);
+\& mdctx = EVP_MD_CTX_create();
+\& EVP_DigestInit_ex(mdctx, md, NULL);
+\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+\& EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+\& EVP_MD_CTX_destroy(mdctx);
 \&
 \& printf("Digest is: ");
 \& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
index 0fdb2ec..7a583db 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_DigestSignInit 3"
-.TH EVP_DigestSignInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_DigestSignInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 72045ff..859ee87 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_DigestVerifyInit 3"
-.TH EVP_DigestVerifyInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_DigestVerifyInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d52edde..6caf337 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_EncryptInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 8ae8f42..76756d9 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_OpenInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index b0af2a3..f9d71f4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_ctrl 3"
-.TH EVP_PKEY_CTX_ctrl 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_CTX_ctrl 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7794b46..1f65348 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_CTX_new 3"
-.TH EVP_PKEY_CTX_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_CTX_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7cd8333..c62ca21 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_cmp 3"
-.TH EVP_PKEY_cmp 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_cmp 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index e19625e..94b34c3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_decrypt 3"
-.TH EVP_PKEY_decrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_decrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index eabb094..6435811 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_derive 3"
-.TH EVP_PKEY_derive 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_derive 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index de12687..4a319a1 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_encrypt 3"
-.TH EVP_PKEY_encrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_encrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 88053c0..095dfc3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_get_default_digest 3"
-.TH EVP_PKEY_get_default_digest 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_get_default_digest 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f384349..21ba471 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_keygen 3"
-.TH EVP_PKEY_keygen 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_keygen 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ef02dbb..2411ca4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a599634..a1d35cd 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_print_private 3"
-.TH EVP_PKEY_print_private 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_print_private 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 456bbca..cf9a0fd 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index fda5209..5546d1b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_sign 3"
-.TH EVP_PKEY_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index e5121fb..fd0dd4c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_verify 3"
-.TH EVP_PKEY_verify 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_verify 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ecd5643..f923666 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_verifyrecover 3"
-.TH EVP_PKEY_verifyrecover 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_PKEY_verifyrecover 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index bf5ac5c..59dbeb2 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_SealInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5e38866..9cb18de 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_SignInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 62e9ffb..f51b0b4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH EVP_VerifyInit 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a75eaf4..b85d999 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OBJ_nid2obj 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 3d70a1a..830379e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OPENSSL_Applink 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 9d45cff..65efdc9 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index f21fa93..ac08871 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OPENSSL_config 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 3c0cc9f..c8be22a 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 03800d4..bab66d4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0132ca6..4154555 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 48e97c5..5528cd2 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PEM_write_bio_CMS_stream 3"
-.TH PEM_write_bio_CMS_stream 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PEM_write_bio_CMS_stream 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 9ac8027..441b37b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PEM_write_bio_PKCS7_stream 3"
-.TH PEM_write_bio_PKCS7_stream 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PEM_write_bio_PKCS7_stream 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 939c842..037308c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS12_create 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index a3ffbed..8143d5f 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS12_parse 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1bd45fc..6864175 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS7_decrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 15fd8b8..f963a09 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS7_encrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c10cc07..c79982b 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS7_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1d904e0..2a4f29c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_sign_add_signer 3"
-.TH PKCS7_sign_add_signer 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS7_sign_add_signer 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index fb68edc..c8db3d5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH PKCS7_verify 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 182c53a..b6ef31e 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_add 3"
-.TH RAND_add 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_add 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index bd77673..cd90ba3 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_bytes 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 2f5da64..c375dd4 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_cleanup 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5893c5d..559fe09 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_egd 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index db8b0f0..60c4d91 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_load_file 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 649402d..1b42911 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RAND_set_rand_method 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 08d8abf..949c2be 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_blinding_on 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 1aac8e7..da6ca5c 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_check_key 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index c635b5b..e1973f5 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_generate_key 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 78f86e8..7fb26dd 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 5870432..6fcc716 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_new 3"
-.TH RSA_new 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_new 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index e57bca1..8bda2f1 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 3fda8ce..b1dfc72 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_print 3"
-.TH RSA_print 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_print 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ce3244c..26770ef 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_private_encrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 7dad6c1..b72bc19 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_public_encrypt 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 6ca3f3a..3551acf 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_set_method 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index dca17d2..246516d 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_sign 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index ce1a6a2..0eb4e28 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 2f4bf52..d5f80a0 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "RSA_size 3"
-.TH RSA_size 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH RSA_size 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 85d7d0f..9ac3a21 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "SMIME_read_CMS 3"
-.TH SMIME_read_CMS 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH SMIME_read_CMS 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index d4fdd0c..8d59c77 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index fb4f39f..fbcd845 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "SMIME_write_CMS 3"
-.TH SMIME_write_CMS 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH SMIME_write_CMS 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 0f13a9e..098adea 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
index 2bfaad1..810d2fa 100644 (file)
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2012-01-18" "1.0.0g" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2012-05-10" "1.0.0j" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l