aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--crypto/openssl/CHANGES22
-rwxr-xr-xcrypto/openssl/Configure24
-rw-r--r--crypto/openssl/LICENSE2
-rw-r--r--crypto/openssl/Makefile4
-rw-r--r--crypto/openssl/NEWS5
-rw-r--r--crypto/openssl/README2
-rw-r--r--crypto/openssl/apps/app_rand.c4
-rw-r--r--crypto/openssl/apps/apps.c62
-rw-r--r--crypto/openssl/apps/ca.c237
-rw-r--r--crypto/openssl/apps/ciphers.c2
-rw-r--r--crypto/openssl/apps/cms.c10
-rw-r--r--crypto/openssl/apps/dgst.c2
-rw-r--r--crypto/openssl/apps/dsaparam.c3
-rw-r--r--crypto/openssl/apps/ecparam.c8
-rw-r--r--crypto/openssl/apps/enc.c24
-rw-r--r--crypto/openssl/apps/errstr.c2
-rw-r--r--crypto/openssl/apps/ocsp.c2
-rw-r--r--crypto/openssl/apps/openssl.c6
-rw-r--r--crypto/openssl/apps/passwd.c14
-rw-r--r--crypto/openssl/apps/pkcs12.c10
-rw-r--r--crypto/openssl/apps/pkcs8.c4
-rw-r--r--crypto/openssl/apps/rand.c2
-rw-r--r--crypto/openssl/apps/req.c36
-rw-r--r--crypto/openssl/apps/s_client.c10
-rw-r--r--crypto/openssl/apps/s_server.c10
-rw-r--r--crypto/openssl/apps/s_socket.c6
-rw-r--r--crypto/openssl/apps/s_time.c6
-rw-r--r--crypto/openssl/apps/speed.c12
-rw-r--r--crypto/openssl/apps/x509.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c8
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c4
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h1
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c3
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c4
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c8
-rw-r--r--crypto/openssl/crypto/asn1/asn_mime.c3
-rw-r--r--crypto/openssl/crypto/asn1/t_x509a.c4
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c64
-rw-r--r--crypto/openssl/crypto/asn1/tasn_prn.c2
-rw-r--r--crypto/openssl/crypto/bf/bftest.c6
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c41
-rw-r--r--crypto/openssl/crypto/bio/b_print.c4
-rw-r--r--crypto/openssl/crypto/bio/bio_cb.c2
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c2
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c4
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c10
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c8
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c110
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c79
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c4
-rw-r--r--crypto/openssl/crypto/bn/bntest.c2
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c2
-rw-r--r--crypto/openssl/crypto/bn/exptest.c8
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c2
-rw-r--r--crypto/openssl/crypto/conf/conf_mod.c2
-rw-r--r--crypto/openssl/crypto/des/destest.c4
-rw-r--r--crypto/openssl/crypto/des/ecb_enc.c2
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c4
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c2
-rw-r--r--crypto/openssl/crypto/des/set_key.c2
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c2
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c2
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c10
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c16
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistp224.c15
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistp256.c41
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistp521.c17
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistz256.c2
-rw-r--r--crypto/openssl/crypto/ec/ecp_smpl.c2
-rw-r--r--crypto/openssl/crypto/ec/ectest.c14
-rw-r--r--crypto/openssl/crypto/ecdh/ecdhtest.c2
-rw-r--r--crypto/openssl/crypto/engine/eng_cryptodev.c12
-rw-r--r--crypto/openssl/crypto/engine/eng_table.c7
-rw-r--r--crypto/openssl/crypto/err/err.c4
-rw-r--r--crypto/openssl/crypto/err/err_prn.c2
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c8
-rw-r--r--crypto/openssl/crypto/evp/digest.c8
-rw-r--r--crypto/openssl/crypto/evp/e_aes.c4
-rw-r--r--crypto/openssl/crypto/evp/e_camellia.c4
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c10
-rw-r--r--crypto/openssl/crypto/evp/evp_locl.h4
-rw-r--r--crypto/openssl/crypto/evp/evp_pbe.c4
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c2
-rw-r--r--crypto/openssl/crypto/evp/openbsd_hw.c6
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c2
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c2
-rw-r--r--crypto/openssl/crypto/jpake/jpake.c12
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c6
-rw-r--r--crypto/openssl/crypto/md4/md4.c2
-rw-r--r--crypto/openssl/crypto/mem_dbg.c18
-rw-r--r--crypto/openssl/crypto/o_init.c5
-rw-r--r--crypto/openssl/crypto/o_time.c8
-rw-r--r--crypto/openssl/crypto/objects/o_names.c4
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c28
-rw-r--r--crypto/openssl/crypto/opensslv.h6
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c2
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c8
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c6
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c2
-rw-r--r--crypto/openssl/crypto/rand/rand_unix.c10
-rw-r--r--crypto/openssl/crypto/rsa/rsa_crpt.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_gen.c32
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pss.c4
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c2
-rw-r--r--crypto/openssl/crypto/srp/srp_grps.h28
-rw-r--r--crypto/openssl/crypto/threads/mttest.c2
-rw-r--r--crypto/openssl/crypto/ts/Makefile3
-rw-r--r--crypto/openssl/crypto/ts/ts_rsp_sign.c6
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_vpm.c2
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c4
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c10
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c2
-rw-r--r--crypto/openssl/doc/apps/ca.pod4
-rw-r--r--crypto/openssl/doc/apps/ecparam.pod4
-rw-r--r--crypto/openssl/doc/apps/s_client.pod2
-rw-r--r--crypto/openssl/doc/apps/verify.pod4
-rw-r--r--crypto/openssl/doc/apps/x509.pod18
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_length.pod4
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_mem.pod4
-rw-r--r--crypto/openssl/doc/crypto/BN_zero.pod21
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod14
-rw-r--r--crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod24
-rw-r--r--crypto/openssl/doc/crypto/threads.pod8
-rw-r--r--crypto/openssl/engines/ccgost/README.gost19
-rw-r--r--crypto/openssl/engines/ccgost/gost_eng.c7
-rw-r--r--crypto/openssl/engines/e_atalla.c2
-rw-r--r--crypto/openssl/ssl/Makefile2
-rw-r--r--crypto/openssl/ssl/bad_dtls_test.c2
-rw-r--r--crypto/openssl/ssl/d1_lib.c4
-rw-r--r--crypto/openssl/ssl/d1_pkt.c31
-rw-r--r--crypto/openssl/ssl/fatalerrtest.c6
-rw-r--r--crypto/openssl/ssl/kssl.c17
-rw-r--r--crypto/openssl/ssl/s23_srvr.c4
-rw-r--r--crypto/openssl/ssl/s2_clnt.c6
-rw-r--r--crypto/openssl/ssl/s2_enc.c2
-rw-r--r--crypto/openssl/ssl/s2_lib.c8
-rw-r--r--crypto/openssl/ssl/s2_srvr.c8
-rw-r--r--crypto/openssl/ssl/s3_clnt.c24
-rw-r--r--crypto/openssl/ssl/s3_lib.c8
-rw-r--r--crypto/openssl/ssl/s3_pkt.c38
-rw-r--r--crypto/openssl/ssl/s3_srvr.c4
-rw-r--r--crypto/openssl/ssl/ssl_cert.c10
-rw-r--r--crypto/openssl/ssl/ssl_lib.c6
-rw-r--r--crypto/openssl/ssl/ssl_sess.c8
-rw-r--r--crypto/openssl/ssl/ssltest.c22
-rw-r--r--crypto/openssl/ssl/t1_enc.c10
-rw-r--r--crypto/openssl/ssl/t1_lib.c27
-rw-r--r--crypto/openssl/ssl/t1_trce.c6
-rw-r--r--secure/lib/libcrypto/Makefile.inc4
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.36
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_TIME_set.32
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.32
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.32
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.32
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.32
-rw-r--r--secure/lib/libcrypto/man/BIO_new.32
-rw-r--r--secure/lib/libcrypto/man/BIO_new_CMS.32
-rw-r--r--secure/lib/libcrypto/man/BIO_push.32
-rw-r--r--secure/lib/libcrypto/man/BIO_read.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.36
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.32
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.32
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.32
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.32
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.32
-rw-r--r--secure/lib/libcrypto/man/BN_add.32
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.32
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.32
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.32
-rw-r--r--secure/lib/libcrypto/man/BN_copy.32
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.32
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.32
-rw-r--r--secure/lib/libcrypto/man/BN_new.32
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.32
-rw-r--r--secure/lib/libcrypto/man/BN_rand.32
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.32
-rw-r--r--secure/lib/libcrypto/man/BN_swap.32
-rw-r--r--secure/lib/libcrypto/man/BN_zero.323
-rw-r--r--secure/lib/libcrypto/man/CMS_add0_cert.32
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_recipient_cert.32
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_signer.32
-rw-r--r--secure/lib/libcrypto/man/CMS_compress.32
-rw-r--r--secure/lib/libcrypto/man/CMS_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_final.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_RecipientInfos.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_SignerInfos.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_type.32
-rw-r--r--secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.32
-rw-r--r--secure/lib/libcrypto/man/CMS_sign.32
-rw-r--r--secure/lib/libcrypto/man/CMS_sign_receipt.32
-rw-r--r--secure/lib/libcrypto/man/CMS_uncompress.32
-rw-r--r--secure/lib/libcrypto/man/CMS_verify.32
-rw-r--r--secure/lib/libcrypto/man/CMS_verify_receipt.32
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.32
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.32
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.32
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.32
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/DH_new.32
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.32
-rw-r--r--secure/lib/libcrypto/man/DH_size.32
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.32
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.32
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.32
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.32
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/DSA_new.32
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.32
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.32
-rw-r--r--secure/lib/libcrypto/man/DSA_size.32
-rw-r--r--secure/lib/libcrypto/man/EC_GFp_simple_method.32
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_copy.32
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_new.32
-rw-r--r--secure/lib/libcrypto/man/EC_KEY_new.32
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_add.32
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_new.32
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.32
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.32
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.32
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.32
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.32
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.32
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.32
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.32
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.32
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestSignInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestVerifyInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_EncodeInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.316
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_cmp.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_derive.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_keygen.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_meth_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_print_private.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_sign.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify.32
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify_recover.32
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.32
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.32
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_instrument_bus.32
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.32
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.32
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.32
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.32
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.32
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign_add_signer.32
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.32
-rw-r--r--secure/lib/libcrypto/man/RAND_add.32
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.32
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.32
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.32
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.32
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.32
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.32
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.32
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.32
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/RSA_new.32
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.32
-rw-r--r--secure/lib/libcrypto/man/RSA_print.32
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.32
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.32
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.32
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.32
-rw-r--r--secure/lib/libcrypto/man/RSA_size.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_CMS.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_CMS.32
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.32
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_error.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.32
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.32
-rw-r--r--secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.326
-rw-r--r--secure/lib/libcrypto/man/X509_check_host.32
-rw-r--r--secure/lib/libcrypto/man/X509_check_private_key.32
-rw-r--r--secure/lib/libcrypto/man/X509_new.32
-rw-r--r--secure/lib/libcrypto/man/X509_verify_cert.32
-rw-r--r--secure/lib/libcrypto/man/bio.32
-rw-r--r--secure/lib/libcrypto/man/blowfish.32
-rw-r--r--secure/lib/libcrypto/man/bn.32
-rw-r--r--secure/lib/libcrypto/man/bn_internal.32
-rw-r--r--secure/lib/libcrypto/man/buffer.32
-rw-r--r--secure/lib/libcrypto/man/crypto.32
-rw-r--r--secure/lib/libcrypto/man/d2i_ASN1_OBJECT.32
-rw-r--r--secure/lib/libcrypto/man/d2i_CMS_ContentInfo.32
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.32
-rw-r--r--secure/lib/libcrypto/man/d2i_DSAPublicKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPKParameters.32
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPrivateKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_PrivateKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_ALGOR.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_CRL.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_NAME.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_REQ.32
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_SIG.32
-rw-r--r--secure/lib/libcrypto/man/des.32
-rw-r--r--secure/lib/libcrypto/man/dh.32
-rw-r--r--secure/lib/libcrypto/man/dsa.32
-rw-r--r--secure/lib/libcrypto/man/ec.32
-rw-r--r--secure/lib/libcrypto/man/ecdsa.32
-rw-r--r--secure/lib/libcrypto/man/engine.32
-rw-r--r--secure/lib/libcrypto/man/err.32
-rw-r--r--secure/lib/libcrypto/man/evp.32
-rw-r--r--secure/lib/libcrypto/man/hmac.32
-rw-r--r--secure/lib/libcrypto/man/i2d_CMS_bio_stream.32
-rw-r--r--secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.32
-rw-r--r--secure/lib/libcrypto/man/lh_stats.32
-rw-r--r--secure/lib/libcrypto/man/lhash.32
-rw-r--r--secure/lib/libcrypto/man/md5.32
-rw-r--r--secure/lib/libcrypto/man/mdc2.32
-rw-r--r--secure/lib/libcrypto/man/pem.32
-rw-r--r--secure/lib/libcrypto/man/rand.32
-rw-r--r--secure/lib/libcrypto/man/rc4.32
-rw-r--r--secure/lib/libcrypto/man/ripemd.32
-rw-r--r--secure/lib/libcrypto/man/rsa.32
-rw-r--r--secure/lib/libcrypto/man/sha.32
-rw-r--r--secure/lib/libcrypto/man/threads.310
-rw-r--r--secure/lib/libcrypto/man/ui.32
-rw-r--r--secure/lib/libcrypto/man/ui_compat.32
-rw-r--r--secure/lib/libcrypto/man/x509.32
-rw-r--r--secure/lib/libssl/man/SSL_CIPHER_get_name.32
-rw-r--r--secure/lib/libssl/man/SSL_COMP_add_compression_method.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_new.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_flags.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd.32
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd_argv.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add1_chain_cert.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_session.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_ctrl.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_flush_sessions.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_free.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get0_param.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_ex_new_index.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_verify_mode.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_load_verify_locations.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_new.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_number.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sessions.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_curves.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_store.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cipher_list.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_CA_list.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_generate_session_id.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_info_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_max_cert_list.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_mode.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_msg_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_options.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_read_ahead.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_id_context.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_ssl_version.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_timeout.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_verify.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_certificate.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.32
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_serverinfo.32
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_free.32
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.32
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_time.32
-rw-r--r--secure/lib/libssl/man/SSL_accept.32
-rw-r--r--secure/lib/libssl/man/SSL_alert_type_string.32
-rw-r--r--secure/lib/libssl/man/SSL_check_chain.32
-rw-r--r--secure/lib/libssl/man/SSL_clear.32
-rw-r--r--secure/lib/libssl/man/SSL_connect.32
-rw-r--r--secure/lib/libssl/man/SSL_do_handshake.32
-rw-r--r--secure/lib/libssl/man/SSL_export_keying_material.32
-rw-r--r--secure/lib/libssl/man/SSL_free.32
-rw-r--r--secure/lib/libssl/man/SSL_get_SSL_CTX.32
-rw-r--r--secure/lib/libssl/man/SSL_get_ciphers.32
-rw-r--r--secure/lib/libssl/man/SSL_get_client_CA_list.32
-rw-r--r--secure/lib/libssl/man/SSL_get_current_cipher.32
-rw-r--r--secure/lib/libssl/man/SSL_get_default_timeout.32
-rw-r--r--secure/lib/libssl/man/SSL_get_error.32
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.32
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_new_index.32
-rw-r--r--secure/lib/libssl/man/SSL_get_fd.32
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_cert_chain.32
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_certificate.32
-rw-r--r--secure/lib/libssl/man/SSL_get_psk_identity.32
-rw-r--r--secure/lib/libssl/man/SSL_get_rbio.32
-rw-r--r--secure/lib/libssl/man/SSL_get_session.32
-rw-r--r--secure/lib/libssl/man/SSL_get_verify_result.32
-rw-r--r--secure/lib/libssl/man/SSL_get_version.32
-rw-r--r--secure/lib/libssl/man/SSL_library_init.32
-rw-r--r--secure/lib/libssl/man/SSL_load_client_CA_file.32
-rw-r--r--secure/lib/libssl/man/SSL_new.32
-rw-r--r--secure/lib/libssl/man/SSL_pending.32
-rw-r--r--secure/lib/libssl/man/SSL_read.32
-rw-r--r--secure/lib/libssl/man/SSL_rstate_string.32
-rw-r--r--secure/lib/libssl/man/SSL_session_reused.32
-rw-r--r--secure/lib/libssl/man/SSL_set_bio.32
-rw-r--r--secure/lib/libssl/man/SSL_set_connect_state.32
-rw-r--r--secure/lib/libssl/man/SSL_set_fd.32
-rw-r--r--secure/lib/libssl/man/SSL_set_session.32
-rw-r--r--secure/lib/libssl/man/SSL_set_shutdown.32
-rw-r--r--secure/lib/libssl/man/SSL_set_verify_result.32
-rw-r--r--secure/lib/libssl/man/SSL_shutdown.32
-rw-r--r--secure/lib/libssl/man/SSL_state_string.32
-rw-r--r--secure/lib/libssl/man/SSL_want.32
-rw-r--r--secure/lib/libssl/man/SSL_write.32
-rw-r--r--secure/lib/libssl/man/d2i_SSL_SESSION.32
-rw-r--r--secure/lib/libssl/man/ssl.32
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.12
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.12
-rw-r--r--secure/usr.bin/openssl/man/ca.16
-rw-r--r--secure/usr.bin/openssl/man/ciphers.12
-rw-r--r--secure/usr.bin/openssl/man/cms.12
-rw-r--r--secure/usr.bin/openssl/man/crl.12
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.12
-rw-r--r--secure/usr.bin/openssl/man/dgst.12
-rw-r--r--secure/usr.bin/openssl/man/dhparam.12
-rw-r--r--secure/usr.bin/openssl/man/dsa.12
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.12
-rw-r--r--secure/usr.bin/openssl/man/ec.12
-rw-r--r--secure/usr.bin/openssl/man/ecparam.16
-rw-r--r--secure/usr.bin/openssl/man/enc.12
-rw-r--r--secure/usr.bin/openssl/man/errstr.12
-rw-r--r--secure/usr.bin/openssl/man/gendsa.12
-rw-r--r--secure/usr.bin/openssl/man/genpkey.12
-rw-r--r--secure/usr.bin/openssl/man/genrsa.12
-rw-r--r--secure/usr.bin/openssl/man/nseq.12
-rw-r--r--secure/usr.bin/openssl/man/ocsp.12
-rw-r--r--secure/usr.bin/openssl/man/openssl.12
-rw-r--r--secure/usr.bin/openssl/man/passwd.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.12
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.12
-rw-r--r--secure/usr.bin/openssl/man/pkey.12
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.12
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.12
-rw-r--r--secure/usr.bin/openssl/man/rand.12
-rw-r--r--secure/usr.bin/openssl/man/req.12
-rw-r--r--secure/usr.bin/openssl/man/rsa.12
-rw-r--r--secure/usr.bin/openssl/man/rsautl.12
-rw-r--r--secure/usr.bin/openssl/man/s_client.14
-rw-r--r--secure/usr.bin/openssl/man/s_server.12
-rw-r--r--secure/usr.bin/openssl/man/s_time.12
-rw-r--r--secure/usr.bin/openssl/man/sess_id.12
-rw-r--r--secure/usr.bin/openssl/man/smime.12
-rw-r--r--secure/usr.bin/openssl/man/speed.12
-rw-r--r--secure/usr.bin/openssl/man/spkac.12
-rw-r--r--secure/usr.bin/openssl/man/ts.12
-rw-r--r--secure/usr.bin/openssl/man/tsget.12
-rw-r--r--secure/usr.bin/openssl/man/verify.18
-rw-r--r--secure/usr.bin/openssl/man/version.12
-rw-r--r--secure/usr.bin/openssl/man/x509.122
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.12
526 files changed, 1389 insertions, 1224 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index f2fc31a25c54..cc142508b9a4 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
+
+ *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack. There
+ are no such structures used within SSL/TLS that come from untrusted sources
+ so this is considered safe.
+
+ This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+ project.
+ (CVE-2018-0739)
+ [Matt Caswell]
+
Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state
@@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson]
- *) Add SRP support.
- [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
+ *) A long standing patch to add support for SRP from EdelWeb (Peter
+ Sylvester and Christophe Renou) was integrated.
+ [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+ <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+ Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson]
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 60386d395987..744b493b96f6 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets.
#
@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
-if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
-my $ecc = $cc;
-$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+my %predefined;
+
+# collect compiler pre-defines from gcc or gcc-alike...
+open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
+while (<PIPE>) {
+ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+ $predefined{$1} = defined($2) ? $2 : "";
+}
+close(PIPE);
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
- if ($ecc eq "clang")
+ if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1723,15 +1730,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
index bdfd985a691b..b1fa6f9fdb4d 100644
--- a/crypto/openssl/LICENSE
+++ b/crypto/openssl/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index 9212c2885278..d28f6fac188f 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2n
+VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -73,7 +73,7 @@ NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
+MAKEDEPPROG= cc
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 6f0c5c47b654..5080f79a6cbf 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
+
+ o Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 80de6886a766..a0fce3f5f974 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2n 7 Dec 2017
+ OpenSSL 1.0.2o 27 Mar 2018
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
index 7f40bba76468..0bbf342e7e1a 100644
--- a/crypto/openssl/apps/app_rand.c
+++ b/crypto/openssl/apps/app_rand.c
@@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
#endif
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
@@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0;
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n");
return 0;
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 29de1b75dd60..c5a515229556 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
BUF_strlcpy(buf[0], serialfile, BSIZE);
else {
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif
}
#ifdef RL_DEBUG
@@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+ BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif
dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err;
}
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+ j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+ j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif
#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+ j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
@@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
@@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240];
int l;
- l = BIO_gets(bconn, buf, sizeof buf);
+ l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0);
assert(buf[l - 1] == '\n');
buf[l - 1] = '\0';
@@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
int l;
JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
+ l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
+ assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err);
exit(1);
@@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
int l;
JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
+ l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
+ assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err);
exit(1);
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 9a839969a204..4f9de5492148 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign)
{
- X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
- NULL;
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
@@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
- if (verbose)
- BIO_printf(bio_err,
- "The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /*
- * and add it later on because of the method extensions are added
- * (altName)
- */
-
- if (email_dn)
- dn_subject = subject;
- else {
- X509_NAME_ENTRY *tmpne;
- /*
- * Its best to dup the subject DN and then delete any email addresses
- * because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject))) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
- while ((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress,
- -1)) >= 0) {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial] = BUF_strdup("00");
- else
- row[DB_serial] = BN_bn2hex(serial);
- if (row[DB_serial] == NULL) {
- BIO_printf(bio_err, "Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject) {
- OPENSSL_STRING *crow = row;
-
- rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL) {
- rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
- if (rrow != NULL) {
- BIO_printf(bio_err,
- "ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err,
- " check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL) {
- BIO_printf(bio_err, "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p = "Expired";
- else if (rrow[DB_type][0] == 'R')
- p = "Revoked";
- else if (rrow[DB_type][0] == 'V')
- p = "Valid";
- else
- p = "\ninvalid type, Data base error\n";
- BIO_printf(bio_err, "Type :%s\n", p);;
- if (rrow[DB_type][0] == 'R') {
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Was revoked on:%s\n", p);
- }
- p = rrow[DB_exp_date];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Expires on :%s\n", p);
- p = rrow[DB_serial];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Serial Number :%s\n", p);
- p = rrow[DB_file];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "File name :%s\n", p);
- p = rrow[DB_name];
- if (p == NULL)
- p = "undef";
- BIO_printf(bio_err, "Subject Name :%s\n", p);
- ok = -1; /* This is now a 'bad' error. */
- goto err;
- }
-
/* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,
@@ -2056,10 +1955,124 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
- /* Set the right value for the noemailDN option */
- if (email_dn == 0) {
- if (!X509_set_subject_name(ret, dn_subject))
+ if (verbose)
+ BIO_printf(bio_err,
+ "The subject name appears to be ok, checking data base for clashes\n");
+
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+
+ if (!email_dn) {
+ X509_NAME_ENTRY *tmpne;
+ X509_NAME *dn_subject;
+
+ /*
+ * Its best to dup the subject DN and then delete any email addresses
+ * because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject))) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ while ((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress,
+ -1)) >= 0) {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+
+ if (!X509_set_subject_name(ret, dn_subject)) {
+ X509_NAME_free(dn_subject);
+ goto err;
+ }
+ X509_NAME_free(dn_subject);
+ }
+
+ row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial] = BUF_strdup("00");
+ else
+ row[DB_serial] = BN_bn2hex(serial);
+ if (row[DB_serial] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (row[DB_name][0] == '\0') {
+ /*
+ * An empty subject! We'll use the serial number instead. If
+ * unique_subject is in use then we don't want different entries with
+ * empty subjects matching each other.
+ */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ if (row[DB_name] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
+ }
+ }
+
+ if (db->attributes.unique_subject) {
+ OPENSSL_STRING *crow = row;
+
+ rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ }
+ if (rrow == NULL) {
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err,
+ " check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL) {
+ BIO_printf(bio_err, "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p = "Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p = "Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p = "Valid";
+ else
+ p = "\ninvalid type, Data base error\n";
+ BIO_printf(bio_err, "Type :%s\n", p);;
+ if (rrow[DB_type][0] == 'R') {
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Was revoked on:%s\n", p);
+ }
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Expires on :%s\n", p);
+ p = rrow[DB_serial];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Serial Number :%s\n", p);
+ p = rrow[DB_file];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "File name :%s\n", p);
+ p = rrow[DB_name];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Subject Name :%s\n", p);
+ ok = -1; /* This is now a 'bad' error. */
+ goto err;
}
if (!default_op) {
@@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
- row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+ (row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
@@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
irow = NULL;
ok = 1;
err:
- if (irow != NULL) {
+ if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
- OPENSSL_free(irow);
}
+ OPENSSL_free(irow);
if (CAname != NULL)
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
- X509_NAME_free(dn_subject);
if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm);
if (ok <= 0) {
@@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
+ if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+ /* Entries with empty Subjects actually use the serial number instead */
+ OPENSSL_free(row[DB_name]);
+ row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+ }
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
index 66636d2dfd18..4856141f6f2b 100644
--- a/crypto/openssl/apps/ciphers.c
+++ b/crypto/openssl/apps/ciphers.c
@@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm);
}
#endif
- BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
+ BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c
index f9a63bc0d096..de4ba136e8fa 100644
--- a/crypto/openssl/apps/cms.c
+++ b/crypto/openssl/apps/cms.c
@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate");
- if (!signer)
+ if (!signer) {
+ ret = 2;
goto end;
+ }
key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
- if (!key)
+ if (!key) {
+ ret = 2;
goto end;
+ }
for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM;
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index bc2601e452ef..686fe344fbf5 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname);
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index f2cf553db3ff..3a4a123846c4 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
diff --git a/crypto/openssl/apps/ecparam.c b/crypto/openssl/apps/ecparam.c
index a9bf489cdd4c..8d5b7044489c 100644
--- a/crypto/openssl/apps/ecparam.c
+++ b/crypto/openssl/apps/ecparam.c
@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n");
}
+ if (outformat == FORMAT_ASN1 && genkey)
+ noout = 1;
+
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
@@ -582,6 +585,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
+ if (new_form)
+ EC_KEY_set_conv_form(eckey, form);
+
if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey);
goto end;
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index 66145b3be770..3b7e1eea3d83 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -114,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
static const char magic[] = "Salted__";
- char mbuf[sizeof magic - 1];
+ char mbuf[sizeof(magic) - 1];
char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0;
@@ -154,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
- program_name(argv[0], pname, sizeof pname);
+ program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0)
base64 = 1;
#ifdef ZLIB
@@ -247,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0] = '\0';
- if (!fgets(buf, sizeof buf, infile)) {
+ if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad;
}
@@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) {
char buf[200];
- BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+ BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
@@ -517,31 +517,31 @@ int MAIN(int argc, char **argv)
else {
if (enc) {
if (hsalt) {
- if (!set_hex(hsalt, salt, sizeof salt)) {
+ if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_bytes(salt, sizeof salt) <= 0)
+ } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end;
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
- sizeof magic - 1) != sizeof magic - 1
+ sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
- sizeof salt) != sizeof salt)) {
+ sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
- } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
- sizeof salt) != sizeof salt) {
+ sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
- } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
@@ -564,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
- } else if (!set_hex(hiv, iv, sizeof iv)) {
+ } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
index c2d4fdec35ad..c3fef610fc2d 100644
--- a/crypto/openssl/apps/errstr.c
+++ b/crypto/openssl/apps/errstr.c
@@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) {
- ERR_error_string_n(l, buf, sizeof buf);
+ ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf);
} else {
printf("%s: bad error code\n", argv[i]);
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 5da51df5148c..654eebcbfc15 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
*pcbio = cbio;
for (;;) {
- len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 687314522319..c3da5d6cd0e9 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init();
/* first check the program name */
- program_name(Argv[0], pname, sizeof pname);
+ program_name(Argv[0], pname, sizeof(pname));
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
@@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) {
ret = 0;
p = buf;
- n = sizeof buf;
+ n = sizeof(buf);
i = 0;
for (;;) {
p[0] = '\0';
@@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
- qsort(functions, i, sizeof *functions, SortFnByName);
+ qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL);
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index 798a6d593616..56e10ad3d8f1 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */
char trash[BUFSIZ];
do
- r = BIO_gets(in, trash, sizeof trash);
+ r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n')));
}
@@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(&md, buf, sizeof buf);
+ for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
+ EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i);
n = passwd_len;
@@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
+ (i & 1) ? passwd_len : sizeof(buf));
if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
- (i & 1) ? sizeof buf : passwd_len);
+ (i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL);
}
EVP_MD_CTX_cleanup(&md2);
@@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* transform buf into output string */
- unsigned char buf_perm[sizeof buf];
+ unsigned char buf_perm[sizeof(buf)];
int dest, source;
char *output;
@@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
- assert(16 == sizeof buf_perm);
+ assert(16 == sizeof(buf_perm));
# endif
output = salt_out + salt_len;
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index d0bd97af0eee..0ba4c9a8076a 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password");
# endif
if (EVP_read_pw_string
- (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif
if (!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+ EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password");
# endif
if (!noprompt
- && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+ && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
@@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif
if (!twopass)
- BUF_strlcpy(macpass, pass, sizeof macpass);
+ BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n",
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index 71e31689df08..d7f0720ca128 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else {
p8pass = pass;
if (EVP_read_pw_string
- (pass, sizeof pass, "Enter Encryption Password:", 1))
+ (pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end;
}
app_RAND_load_file(NULL, bio_err, 0);
@@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin;
else {
p8pass = pass;
- EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+ EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
index 96dcb7273a4d..eddb8af8d70a 100644
--- a/crypto/openssl/apps/rand.c
+++ b/crypto/openssl/apps/rand.c
@@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
chunk = num;
if (chunk > (int)sizeof(buf))
- chunk = sizeof buf;
+ chunk = sizeof(buf);
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index ede1d32cae62..7fcab18cd1c9 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -1193,7 +1193,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start;
- if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
+ if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1204,19 +1204,19 @@ static int prompt_info(X509_REQ *req,
def = "";
}
- BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error();
value = NULL;
}
- BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
- BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
+ BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1252,7 +1252,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2;
- if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
+ if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0;
@@ -1264,20 +1264,20 @@ static int prompt_info(X509_REQ *req,
def = "";
}
- BIO_snprintf(buf, sizeof buf, "%s_value", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) {
ERR_clear_error();
value = NULL;
}
- BIO_snprintf(buf, sizeof buf, "%s_min", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error();
n_min = -1;
}
- BIO_snprintf(buf, sizeof buf, "%s_max", type);
+ BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error();
n_max = -1;
@@ -1372,13 +1372,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
- BUF_strlcpy(buf, value, sizeof buf);
- BUF_strlcat(buf, "\n", sizeof buf);
+ BUF_strlcpy(buf, value, sizeof(buf));
+ BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
- if (!fgets(buf, sizeof buf, stdin))
+ if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1391,8 +1391,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
- BUF_strlcpy(buf, def, sizeof buf);
- BUF_strlcat(buf, "\n", sizeof buf);
+ BUF_strlcpy(buf, def, sizeof(buf));
+ BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
@@ -1431,13 +1431,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err);
if (value != NULL) {
- BUF_strlcpy(buf, value, sizeof buf);
- BUF_strlcat(buf, "\n", sizeof buf);
+ BUF_strlcpy(buf, value, sizeof(buf));
+ BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value);
} else {
buf[0] = '\0';
if (!batch) {
- if (!fgets(buf, sizeof buf, stdin))
+ if (!fgets(buf, sizeof(buf), stdin))
return 0;
} else {
buf[0] = '\n';
@@ -1450,8 +1450,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0'))
return (1);
- BUF_strlcpy(buf, def, sizeof buf);
- BUF_strlcat(buf, "\n", sizeof buf);
+ BUF_strlcpy(buf, def, sizeof(buf));
+ BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1);
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index 2a0ead7beffb..c85566855fef 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -2166,10 +2166,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
- buf, sizeof buf);
+ buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
- buf, sizeof buf);
+ buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@@ -2184,9 +2184,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer);
- X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+ X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf);
- X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf);
} else
BIO_printf(bio, "no peer certificate available\n");
@@ -2203,7 +2203,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} else {
BIO_printf(bio, "---\nNo client certificate CA names sent\n");
}
- p = SSL_get_shared_ciphers(s, buf, sizeof buf);
+ p = SSL_get_shared_ciphers(s, buf, sizeof(buf));
if (p != NULL) {
/*
* This works only for SSL 2. In later protocol versions, the
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 98ffc09314a3..83918fb6d39a 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -2008,7 +2008,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ sizeof(s_server_session_id_context));
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
@@ -2019,7 +2019,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ sizeof(s_server_session_id_context));
tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
@@ -2666,14 +2666,14 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer);
- X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+ X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf);
- X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer);
}
- if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
+ if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con);
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 77a7688f8d0c..83624ca84f15 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type)
{
unsigned char ip[4];
- memset(ip, '\0', sizeof ip);
+ memset(ip, '\0', sizeof(ip));
if (!host_ip(host, &(ip[0])))
return 0;
return init_client_ip(sock, ip, port, type);
@@ -360,7 +360,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
# if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
}
# endif
if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
@@ -595,7 +595,7 @@ static struct hostent *GetHostByName(char *name)
if (ret == NULL)
return (NULL);
/* else add to cache */
- if (strlen(name) < sizeof ghbn_cache[0].name) {
+ if (strlen(name) < sizeof(ghbn_cache[0].name)) {
strcpy(ghbn_cache[lowi].name, name);
memcpy((char *)&(ghbn_cache[lowi].ent), ret,
sizeof(struct hostent));
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index 38788f7130c7..0bb2f8cc2aa1 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -422,7 +422,7 @@ int MAIN(int argc, char **argv)
goto end;
if (s_www_path != NULL) {
- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
+ BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
}
if (s_www_path != NULL) {
- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+ BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path);
SSL_write(scon, buf, strlen(buf));
while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
}
@@ -517,7 +517,7 @@ int MAIN(int argc, char **argv)
goto end;
if (s_www_path) {
- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
+ BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index 5383678b9864..aaa982ee1f74 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -2091,7 +2091,7 @@ int MAIN(int argc, char **argv)
RAND_pseudo_bytes(buf, 20);
# ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < DSA_NUM; j++) {
@@ -2170,7 +2170,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1) {
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < EC_NUM; j++) {
@@ -2265,7 +2265,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) {
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1;
}
for (j = 0; j < EC_NUM; j++) {
@@ -2588,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0)
return NULL;
- memset(isdelim, 0, sizeof isdelim);
+ memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1;
while (*delim) {
@@ -2615,7 +2615,7 @@ static int do_multi(int multi)
int *fds;
static char sep[] = ":";
- fds = malloc(multi * sizeof *fds);
+ fds = malloc(multi * sizeof(*fds));
if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1);
@@ -2653,7 +2653,7 @@ static int do_multi(int multi)
char *p;
f = fdopen(fds[n], "r");
- while (fgets(buf, sizeof buf, f)) {
+ while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n');
if (p)
*p = '\0';
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index ad9fc98edfb9..add74d556d68 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -817,10 +817,10 @@ int MAIN(int argc, char **argv)
char *m;
int y, z;
- X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
+ X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(STDout, "/* subject:%s */\n", buf);
m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
- sizeof buf);
+ sizeof(buf));
BIO_printf(STDout, "/* issuer :%s */\n", buf);
z = i2d_X509(x, NULL);
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
index 85118137859f..cb4481597064 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
ASN1_STRING tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length;
- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr;
diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c
index 6935efe09fb5..5b8028aaa3a5 100644
--- a/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/crypto/openssl/crypto/asn1/a_mbstr.c
@@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
- BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+ BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
- BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+ BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index 229a40ffa344..ad6b12a53667 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -89,7 +89,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{
int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp;
- int tmpsize = sizeof ftmp;
+ int tmpsize = sizeof(ftmp);
const char *p;
unsigned long l;
BIGNUM *bl = NULL;
@@ -226,7 +226,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4));
- i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
+ i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1);
if (!p)
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 2d562f93452f..95f041620735 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL)
return -1;
if (c > 0xffff) {
- BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+ BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10))
return -1;
return 10;
}
if (c > 0xff) {
- BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+ BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6))
return -1;
return 6;
@@ -236,7 +236,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
- utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+ utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
@@ -533,7 +533,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
- OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+ OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index 0eeb79cd428c..28831d6b843c 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data,
- (len >= sizeof tmp) ? sizeof tmp : len);
+ (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr;
}
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index 0344482cc247..9cbad7c5ee1a 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
ASN1_STRING x = *(ASN1_STRING *)a;
len = x.length;
- ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
x.data = tmp;
return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
# endif
@@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
struct tm tm;
int offset;
- memset(&tm, '\0', sizeof tm);
+ memset(&tm, '\0', sizeof(tm));
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year = g2(s->data);
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 68e791fcdbe8..35a2b2aa0238 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
# define ASN1_R_MSTRING_WRONG_TAG 140
# define ASN1_R_NESTED_ASN1_STRING 197
+# define ASN1_R_NESTED_TOO_DEEP 219
# define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index fd4ac8d9db80..cfc1512f9d07 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+ {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index e63e82a8b476..b52c3e1264c7 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
- BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
- BIO_snprintf(buf2, sizeof buf2, "%d", offset);
+ BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
+ BIO_snprintf(buf2, sizeof(buf2), "%d", offset);
ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
}
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
index e85e3398b6bb..0b1a689d6831 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
- BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
+ BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
- BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
+ BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
- BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
+ BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30)
- BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
+ BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else
p = ASN1_tag2str(tag);
diff --git a/crypto/openssl/crypto/asn1/asn_mime.c b/crypto/openssl/crypto/asn1/asn_mime.c
index 5170906c62da..02b7c9b7efc6 100644
--- a/crypto/openssl/crypto/asn1/asn_mime.c
+++ b/crypto/openssl/crypto/asn1/asn_mime.c
@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+ sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}
diff --git a/crypto/openssl/crypto/asn1/t_x509a.c b/crypto/openssl/crypto/asn1/t_x509a.c
index f4b8f94cb35a..d1b897a469fd 100644
--- a/crypto/openssl/crypto/asn1/t_x509a.c
+++ b/crypto/openssl/crypto/asn1/t_x509a.c
@@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", ");
else
first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
+ OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr);
}
@@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", ");
else
first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
+ OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr);
}
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
index d49a5d5792a4..e657c36d8ab6 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -65,6 +65,14 @@
#include <openssl/buffer.h>
#include <openssl/err.h>
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
+ ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
+ ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
{
ASN1_TLC c;
asn1_tlc_clear_nc(&c);
- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
}
/*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL
*/
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
+ long len, const ASN1_ITEM *it, int tag, int aclass,
+ char opt, ASN1_TLC *ctx, int depth)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf;
@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
else
asn1_cb = 0;
+ if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
+ goto err;
+ }
+
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
- it->templates, opt, ctx);
+ it->templates, opt, ctx, depth);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
* attempt to read in field, allowing each to be OPTIONAL
*/
- ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+ depth);
if (!ret) {
errtt = seqtt;
goto err;
@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
return 0;
}
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+}
+
/*
* Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest.
@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
+ ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
}
}
} else
- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p;
return 1;
@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
+ ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
break;
}
skfield = NULL;
- if (!ASN1_item_ex_d2i(&skfield, &p, len,
- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+ if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, 0, 0, ctx, depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
}
} else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */
- ret = ASN1_item_ex_d2i(val, &p, len,
- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
- ctx);
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
+ aclass, opt, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return -1;
} else {
/* Nothing special */
- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
+ depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/openssl/crypto/asn1/tasn_prn.c
index f628caddbd05..e93fd11f4740 100644
--- a/crypto/openssl/crypto/asn1/tasn_prn.c
+++ b/crypto/openssl/crypto/asn1/tasn_prn.c
@@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln)
ln = "";
- OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
+ OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0;
return 1;
diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/openssl/crypto/bf/bftest.c
index 0b008f091cbf..bd20a8e2112e 100644
--- a/crypto/openssl/crypto/bf/bftest.c
+++ b/crypto/openssl/crypto/bf/bftest.c
@@ -462,9 +462,9 @@ static int test(void)
len = strlen(cbc_data) + 1;
BF_set_key(&key, 16, cbc_key);
- memset(cbc_in, 0, sizeof cbc_in);
- memset(cbc_out, 0, sizeof cbc_out);
- memcpy(iv, cbc_iv, sizeof iv);
+ memset(cbc_in, 0, sizeof(cbc_in));
+ memset(cbc_out, 0, sizeof(cbc_out));
+ memcpy(iv, cbc_iv, sizeof(iv));
BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
&key, iv, BF_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0) {
diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c
index ccf0e287c4e8..fcfd6995953d 100644
--- a/crypto/openssl/crypto/bio/b_dump.c
+++ b/crypto/openssl/crypto/bio/b_dump.c
@@ -64,7 +64,6 @@
#include "cryptlib.h"
#include "bio_lcl.h"
-#define TRUNCATE
#define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
@@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
{
int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1];
- int i, j, rows, trc;
+ int i, j, rows;
unsigned char ch;
int dump_width;
- trc = 0;
-
-#ifdef TRUNCATE
- for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
- trc++;
-#endif
-
if (indent < 0)
indent = 0;
if (indent) {
@@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
if ((rows * dump_width) < len)
rows++;
for (i = 0; i < rows; i++) {
- BUF_strlcpy(buf, str, sizeof buf);
- BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
- BUF_strlcat(buf, tmp, sizeof buf);
+ BUF_strlcpy(buf, str, sizeof(buf));
+ BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
+ BUF_strlcat(buf, tmp, sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) {
- BUF_strlcat(buf, " ", sizeof buf);
+ BUF_strlcat(buf, " ", sizeof(buf));
} else {
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
- BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch,
+ BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' ');
- BUF_strlcat(buf, tmp, sizeof buf);
+ BUF_strlcat(buf, tmp, sizeof(buf));
}
}
- BUF_strlcat(buf, " ", sizeof buf);
+ BUF_strlcat(buf, " ", sizeof(buf));
for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len)
break;
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
#ifndef CHARSET_EBCDIC
- BIO_snprintf(tmp, sizeof tmp, "%c",
+ BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.');
#else
- BIO_snprintf(tmp, sizeof tmp, "%c",
+ BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
- BUF_strlcat(buf, tmp, sizeof buf);
+ BUF_strlcat(buf, tmp, sizeof(buf));
}
- BUF_strlcat(buf, "\n", sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof(buf));
/*
* if this is the last call then update the ddt_dump thing so that we
* will move the selection point in the debug window
*/
ret += cb((void *)buf, strlen(buf), u);
}
-#ifdef TRUNCATE
- if (trc > 0) {
- BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
- len + trc);
- ret += cb((void *)buf, strlen(buf), u);
- }
-#endif
- return (ret);
+ return ret;
}
#ifndef OPENSSL_NO_FP_API
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index 1c82f53d5a07..47654f85b0b0 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -663,7 +663,7 @@ fmtfp(char **sbuffer,
iconvert[iplace++] = "0123456789"[intpart % 10];
intpart = (intpart / 10);
} while (intpart && (iplace < (int)sizeof(iconvert)));
- if (iplace == sizeof iconvert)
+ if (iplace == sizeof(iconvert))
iplace--;
iconvert[iplace] = 0;
@@ -672,7 +672,7 @@ fmtfp(char **sbuffer,
fconvert[fplace++] = "0123456789"[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
- if (fplace == sizeof fconvert)
+ if (fplace == sizeof(fconvert))
fplace--;
fconvert[fplace] = 0;
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/openssl/crypto/bio/bio_cb.c
index f96294bb4304..2ff52636d2c3 100644
--- a/crypto/openssl/crypto/bio/bio_cb.c
+++ b/crypto/openssl/crypto/bio/bio_cb.c
@@ -76,7 +76,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
if (BIO_CB_RETURN & cmd)
r = ret;
- len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
+ len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio);
/* Ignore errors and continue printing the other information. */
if (len < 0)
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c
index 3dd818772942..096ea4156cd4 100644
--- a/crypto/openssl/crypto/bio/bss_bio.c
+++ b/crypto/openssl/crypto/bio/bss_bio.c
@@ -144,7 +144,7 @@ static int bio_new(BIO *bio)
{
struct bio_bio_st *b;
- b = OPENSSL_malloc(sizeof *b);
+ b = OPENSSL_malloc(sizeof(*b));
if (b == NULL)
return 0;
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c
index 7d15ad29dcd7..bbc6d5ab48bc 100644
--- a/crypto/openssl/crypto/bio/bss_conn.c
+++ b/crypto/openssl/crypto/bio/bss_conn.c
@@ -481,7 +481,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
char buf[16];
unsigned char *p = ptr;
- BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d",
+ BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
p[0], p[1], p[2], p[3]);
if (data->param_hostname != NULL)
OPENSSL_free(data->param_hostname);
@@ -490,7 +490,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
} else if (num == 3) {
char buf[DECIMAL_SIZE(int) + 1];
- BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr);
+ BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr);
if (data->param_port != NULL)
OPENSSL_free(data->param_port);
data->param_port = BUF_strdup(buf);
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index 0cf67e5b770b..bbf906fabba0 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -375,15 +375,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown = (int)num & BIO_CLOSE;
if (num & BIO_FP_APPEND) {
if (num & BIO_FP_READ)
- BUF_strlcpy(p, "a+", sizeof p);
+ BUF_strlcpy(p, "a+", sizeof(p));
else
- BUF_strlcpy(p, "a", sizeof p);
+ BUF_strlcpy(p, "a", sizeof(p));
} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
- BUF_strlcpy(p, "r+", sizeof p);
+ BUF_strlcpy(p, "r+", sizeof(p));
else if (num & BIO_FP_WRITE)
- BUF_strlcpy(p, "w", sizeof p);
+ BUF_strlcpy(p, "w", sizeof(p));
else if (num & BIO_FP_READ)
- BUF_strlcpy(p, "r", sizeof p);
+ BUF_strlcpy(p, "r", sizeof(p));
else {
BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
ret = 0;
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index c4b63e44ba36..40115fc72052 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -727,7 +727,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
top = m->top;
- bits = BN_num_bits(p);
+ /*
+ * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
+ * whether the top bits are zero.
+ */
+ bits = p->top * BN_BITS2;
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index f9c65f9f948a..27b9bdbc3c28 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -144,74 +144,47 @@ const BIGNUM *BN_value_one(void)
int BN_num_bits_word(BN_ULONG l)
{
- static const unsigned char bits[256] = {
- 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
- 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
- 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
- };
-
-#if defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffffffff00000000L) {
- if (l & 0xffff000000000000L) {
- if (l & 0xff00000000000000L) {
- return (bits[(int)(l >> 56)] + 56);
- } else
- return (bits[(int)(l >> 48)] + 48);
- } else {
- if (l & 0x0000ff0000000000L) {
- return (bits[(int)(l >> 40)] + 40);
- } else
- return (bits[(int)(l >> 32)] + 32);
- }
- } else
-#else
-# ifdef SIXTY_FOUR_BIT
- if (l & 0xffffffff00000000LL) {
- if (l & 0xffff000000000000LL) {
- if (l & 0xff00000000000000LL) {
- return (bits[(int)(l >> 56)] + 56);
- } else
- return (bits[(int)(l >> 48)] + 48);
- } else {
- if (l & 0x0000ff0000000000LL) {
- return (bits[(int)(l >> 40)] + 40);
- } else
- return (bits[(int)(l >> 32)] + 32);
- }
- } else
-# endif
-#endif
- {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffff0000L) {
- if (l & 0xff000000L)
- return (bits[(int)(l >> 24L)] + 24);
- else
- return (bits[(int)(l >> 16L)] + 16);
- } else
-#endif
- {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xff00L)
- return (bits[(int)(l >> 8)] + 8);
- else
+ BN_ULONG x, mask;
+ int bits = (l != 0);
+
+#if BN_BITS2 > 32
+ x = l >> 32;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 32 & mask;
+ l ^= (x ^ l) & mask;
#endif
- return (bits[(int)(l)]);
- }
- }
+
+ x = l >> 16;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 16 & mask;
+ l ^= (x ^ l) & mask;
+
+ x = l >> 8;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 8 & mask;
+ l ^= (x ^ l) & mask;
+
+ x = l >> 4;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 4 & mask;
+ l ^= (x ^ l) & mask;
+
+ x = l >> 2;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 2 & mask;
+ l ^= (x ^ l) & mask;
+
+ x = l >> 1;
+ mask = (0 - x) & BN_MASK2;
+ mask = (0 - (mask >> (BN_BITS2 - 1)));
+ bits += 1 & mask;
+
+ return bits;
}
int BN_num_bits(const BIGNUM *a)
@@ -524,9 +497,6 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(a, BN_FLG_CONSTTIME);
-
a->top = b->top;
a->neg = b->neg;
bn_check_top(a);
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c
index 3af9db870bcb..c1703650ef1e 100644
--- a/crypto/openssl/crypto/bn/bn_mont.c
+++ b/crypto/openssl/crypto/bn/bn_mont.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -207,26 +207,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
r->top = max;
n0 = mont->n0[0];
-# ifdef BN_COUNT
- fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
-# endif
+ /*
+ * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
+ * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
+ * includes |carry| which is stored separately.
+ */
for (carry = 0, i = 0; i < nl; i++, rp++) {
-# ifdef __TANDEM
- {
- long long t1;
- long long t2;
- long long t3;
- t1 = rp[0] * (n0 & 0177777);
- t2 = 037777600000l;
- t2 = n0 & t2;
- t3 = rp[0] & 0177777;
- t2 = (t3 * t2) & BN_MASK2;
- t1 = t1 + t2;
- v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
- }
-# else
v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
-# endif
v = (v + carry + rp[nl]) & BN_MASK2;
carry |= (v != rp[nl]);
carry &= (v <= rp[nl]);
@@ -239,46 +226,24 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
ret->neg = r->neg;
rp = ret->d;
- ap = &(r->d[nl]);
-# define BRANCH_FREE 1
-# if BRANCH_FREE
- {
- BN_ULONG *nrp;
- size_t m;
+ /*
+ * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
+ * includes |carry| which is stored separately.
+ */
+ ap = &(r->d[nl]);
- v = bn_sub_words(rp, ap, np, nl) - carry;
- /*
- * if subtraction result is real, then trick unconditional memcpy
- * below to perform in-place "refresh" instead of actual copy.
- */
- m = (0 - (size_t)v);
- nrp =
- (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m));
-
- for (i = 0, nl -= 4; i < nl; i += 4) {
- BN_ULONG t1, t2, t3, t4;
-
- t1 = nrp[i + 0];
- t2 = nrp[i + 1];
- t3 = nrp[i + 2];
- ap[i + 0] = 0;
- t4 = nrp[i + 3];
- ap[i + 1] = 0;
- rp[i + 0] = t1;
- ap[i + 2] = 0;
- rp[i + 1] = t2;
- ap[i + 3] = 0;
- rp[i + 2] = t3;
- rp[i + 3] = t4;
- }
- for (nl += 4; i < nl; i++)
- rp[i] = nrp[i], ap[i] = 0;
+ /*
+ * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
+ * cannot be -1. That would imply the subtraction did not fit in |nl| words,
+ * and we know at most one subtraction is needed.
+ */
+ v = bn_sub_words(rp, ap, np, nl) - carry;
+ v = 0 - v;
+ for (i = 0; i < nl; i++) {
+ rp[i] = (v & ap[i]) | (~v & rp[i]);
+ ap[i] = 0;
}
-# else
- if (bn_sub_words(rp, ap, np, nl) - carry)
- memcpy(rp, ap, nl * sizeof(BN_ULONG));
-# endif
bn_correct_top(r);
bn_correct_top(ret);
bn_check_top(ret);
@@ -382,6 +347,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
R = &(mont->RR); /* grab RR as a temp */
if (!BN_copy(&(mont->N), mod))
goto err; /* Set N */
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
mont->N.neg = 0;
#ifdef MONT_WORD
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index f85a6550a54e..c0b029dad6cd 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -391,10 +391,10 @@ char *BN_options(void)
if (!init) {
init++;
#ifdef BN_LLONG
- BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+ BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
#else
- BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+ BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
#endif
}
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index a327b1a647b2..abe5dbe0b01a 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -148,7 +148,7 @@ int main(int argc, char *argv[])
results = 0;
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
argc--;
argv++;
diff --git a/crypto/openssl/crypto/bn/expspeed.c b/crypto/openssl/crypto/bn/expspeed.c
index 513a568a481f..8ea980cdd201 100644
--- a/crypto/openssl/crypto/bn/expspeed.c
+++ b/crypto/openssl/crypto/bn/expspeed.c
@@ -198,7 +198,7 @@ static int mul_c[NUM_SIZES] =
* static int sizes[NUM_SIZES]={59,179,299,419,539};
*/
-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); }
void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx);
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c
index ac611c2e2614..779ee902036c 100644
--- a/crypto/openssl/crypto/bn/exptest.c
+++ b/crypto/openssl/crypto/bn/exptest.c
@@ -183,9 +183,11 @@ int main(int argc, char *argv[])
unsigned char c;
BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we
- * don't even check its return
- * value (which we should) */
+ /*
+ * Seed or BN_rand may fail, and we don't even check its return
+ * value (which we should)
+ */
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
ERR_load_BN_strings();
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index 75e309aaca81..6237f6a1b6a9 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -423,7 +423,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
OPENSSL_free(section);
if (line != NULL)
*line = eline;
- BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
+ BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
ERR_add_error_data(2, "line ", btmp);
if ((h != conf->data) && (conf->data != NULL)) {
CONF_free(conf->data);
diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/openssl/crypto/conf/conf_mod.c
index e0c9a67ff68f..e2a9a81678ed 100644
--- a/crypto/openssl/crypto/conf/conf_mod.c
+++ b/crypto/openssl/crypto/conf/conf_mod.c
@@ -221,7 +221,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
if (!(flags & CONF_MFLAGS_SILENT)) {
char rcode[DECIMAL_SIZE(ret) + 1];
CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+ BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value,
", retcode=", rcode);
}
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c
index c6be34203853..f2041c1e1118 100644
--- a/crypto/openssl/crypto/des/destest.c
+++ b/crypto/openssl/crypto/des/destest.c
@@ -398,7 +398,7 @@ int main(int argc, char *argv[])
i = strlen((char *)cbc_data) + 1;
/* i=((i+7)/8)*8; */
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- memset(iv2, '\0', sizeof iv2);
+ memset(iv2, '\0', sizeof(iv2));
DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2,
DES_ENCRYPT);
@@ -412,7 +412,7 @@ int main(int argc, char *argv[])
}
*/
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- memset(iv2, '\0', sizeof iv2);
+ memset(iv2, '\0', sizeof(iv2));
DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2,
DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/openssl/crypto/des/ecb_enc.c
index f97fd971dc20..60470d6db748 100644
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@@ -96,7 +96,7 @@ const char *DES_options(void)
size = "int";
else
size = "long";
- BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll,
+ BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll,
size);
init = 0;
}
diff --git a/crypto/openssl/crypto/des/fcrypt.c b/crypto/openssl/crypto/des/fcrypt.c
index 111f1e4617ff..09f5792b1eb6 100644
--- a/crypto/openssl/crypto/des/fcrypt.c
+++ b/crypto/openssl/crypto/des/fcrypt.c
@@ -80,10 +80,10 @@ char *DES_crypt(const char *buf, const char *salt)
e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
/* Convert the cleartext password to ASCII */
- ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+ ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
/* Encrypt it (from/to ASCII) */
ret = DES_fcrypt(e_buf, e_salt, buff);
diff --git a/crypto/openssl/crypto/des/read_pwd.c b/crypto/openssl/crypto/des/read_pwd.c
index 514a7063b4bf..080d3e8dfc4c 100644
--- a/crypto/openssl/crypto/des/read_pwd.c
+++ b/crypto/openssl/crypto/des/read_pwd.c
@@ -434,7 +434,7 @@ static void pushsig(void)
# ifdef SIGACTION
struct sigaction sa;
- memset(&sa, 0, sizeof sa);
+ memset(&sa, 0, sizeof(sa));
sa.sa_handler = recsig;
# endif
diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/openssl/crypto/des/set_key.c
index d9c5e7fcb3bb..0a9ddb4baa7f 100644
--- a/crypto/openssl/crypto/des/set_key.c
+++ b/crypto/openssl/crypto/des/set_key.c
@@ -377,7 +377,7 @@ void private_DES_set_key_unchecked(const_DES_cblock *key,
register int i;
#ifdef OPENBSD_DEV_CRYPTO
- memcpy(schedule->key, key, sizeof schedule->key);
+ memcpy(schedule->key, key, sizeof(schedule->key));
schedule->session = NULL;
#endif
k = &schedule->ks->deslong[0];
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c
index c5d3d87ea549..cb83109c4051 100644
--- a/crypto/openssl/crypto/dh/dhtest.c
+++ b/crypto/openssl/crypto/dh/dhtest.c
@@ -116,7 +116,7 @@ int main(int argc, char *argv[])
CRYPTO_malloc_init();
# endif
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
out = BIO_new(BIO_s_file());
if (out == NULL)
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
index 8a224a8876c3..bee95431dffa 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -157,7 +157,7 @@ int main(int argc, char **argv)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
BIO_printf(bio_err, "test generation of DSA parameters\n");
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
index 3ffa112cc306..3241aa51d9f4 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
return NULL;
}
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
OPENSSL_free(group->seed);
}
- OPENSSL_cleanse(group, sizeof *group);
+ OPENSSL_cleanse(group, sizeof(*group));
OPENSSL_free(group);
}
@@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
/* no explicit entry needed */
return 1;
- d = OPENSSL_malloc(sizeof *d);
+ d = OPENSSL_malloc(sizeof(*d));
if (d == NULL)
return 0;
@@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
return NULL;
}
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point)
point->meth->point_clear_finish(point);
else if (point->meth->point_finish != 0)
point->meth->point_finish(point);
- OPENSSL_cleanse(point, sizeof *point);
+ OPENSSL_cleanse(point, sizeof(*point));
OPENSSL_free(point);
}
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 24ca67a6ef1e..2231f9957ef6 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -169,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_)
for (p = pre->points; *p != NULL; p++) {
EC_POINT_clear_free(*p);
- OPENSSL_cleanse(p, sizeof *p);
+ OPENSSL_cleanse(p, sizeof(*p));
}
OPENSSL_free(pre->points);
}
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
@@ -430,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
totalnum = num + numblocks;
- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space
- * for pivot */
- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+ wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
+ wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
+ /* include space for pivot */
+ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
+ val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
/* Ensure wNAF is initialised in case we end up going to err */
if (wNAF)
@@ -580,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
* 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
* subarray of 'pre_comp->points' if we already have precomputation.
*/
- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+ val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
if (val == NULL) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
diff --git a/crypto/openssl/crypto/ec/ecp_nistp224.c b/crypto/openssl/crypto/ec/ecp_nistp224.c
index fcd754e44881..121f587b58b6 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp224.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp224.c
@@ -48,7 +48,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8;
typedef uint64_t u64;
-typedef int64_t s64;
/******************************************************************************/
/*-
@@ -351,9 +350,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -372,8 +371,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{
felem_bytearray b_in, b_out;
felem_to_bin28(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/******************************************************************************/
@@ -1234,7 +1233,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
static NISTP224_PRE_COMP *nistp224_pre_comp_new()
{
NISTP224_PRE_COMP *ret = NULL;
- ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof *ret);
+ ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) {
ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
@@ -1281,7 +1280,7 @@ static void nistp224_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
@@ -1568,7 +1567,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
/* the scalar for the generator */
if ((scalar != NULL) && (have_pre_comp)) {
- memset(g_secret, 0, sizeof g_secret);
+ memset(g_secret, 0, sizeof(g_secret));
/* reduce scalar to 0 <= scalar < 2^224 */
if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
/*
diff --git a/crypto/openssl/crypto/ec/ecp_nistp256.c b/crypto/openssl/crypto/ec/ecp_nistp256.c
index 1272966fff84..378f0bae0857 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp256.c
@@ -51,7 +51,6 @@ typedef __int128_t int128_t;
typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
-typedef int64_t s64;
/*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
@@ -161,9 +160,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -182,8 +181,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
{
felem_bytearray b_in, b_out;
smallfelem_to_bin32(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/*-
@@ -392,7 +391,7 @@ static void felem_shrink(smallfelem out, const felem in)
{
felem tmp;
u64 a, b, mask;
- s64 high, low;
+ u64 high, low;
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
@@ -433,29 +432,31 @@ static void felem_shrink(smallfelem out, const felem in)
* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough.
*/
- high = tmp[3] >> 64;
+ high = (u64)(tmp[3] >> 64);
/* As tmp[3] < 2^65, high is either 1 or 0 */
- high <<= 63;
- high >>= 63;
+ high = 0 - high;
/*-
* high is:
* all ones if the high word of tmp[3] is 1
- * all zeros if the high word of tmp[3] if 0 */
- low = tmp[3];
- mask = low >> 63;
+ * all zeros if the high word of tmp[3] if 0
+ */
+ low = (u64)tmp[3];
+ mask = 0 - (low >> 63);
/*-
* mask is:
* all ones if the MSB of low is 1
- * all zeros if the MSB of low if 0 */
+ * all zeros if the MSB of low if 0
+ */
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
- low >>= 63;
+ low = 0 - (low >> 63);
/*-
* low is:
* all ones if low was > kPrime3Test
- * all zeros if low was <= kPrime3Test */
+ * all zeros if low was <= kPrime3Test
+ */
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
@@ -889,7 +890,7 @@ static void felem_contract(smallfelem out, const felem in)
equal &= equal << 4;
equal &= equal << 2;
equal &= equal << 1;
- equal = ((s64) equal) >> 63;
+ equal = 0 - (equal >> 63);
all_equal_so_far &= equal;
}
@@ -956,7 +957,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_zero &= is_zero << 4;
is_zero &= is_zero << 2;
is_zero &= is_zero << 1;
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) |
@@ -968,7 +969,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
@@ -1820,7 +1821,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
static NISTP256_PRE_COMP *nistp256_pre_comp_new()
{
NISTP256_PRE_COMP *ret = NULL;
- ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof *ret);
+ ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) {
ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret;
@@ -1867,7 +1868,7 @@ static void nistp256_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
diff --git a/crypto/openssl/crypto/ec/ecp_nistp521.c b/crypto/openssl/crypto/ec/ecp_nistp521.c
index a1dc9946fd17..90989c5a0769 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp521.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp521.c
@@ -49,7 +49,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8;
typedef uint64_t u64;
-typedef int64_t s64;
/*
* The underlying field. P521 operates over GF(2^521-1). We can serialise an
@@ -185,9 +184,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */
- memset(b_out, 0, sizeof b_out);
+ memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn);
- if (num_bytes > sizeof b_out) {
+ if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0;
}
@@ -206,8 +205,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{
felem_bytearray b_in, b_out;
felem_to_bin66(b_in, in);
- flip_endian(b_out, b_in, sizeof b_out);
- return BN_bin2bn(b_out, sizeof b_out, out);
+ flip_endian(b_out, b_in, sizeof(b_out));
+ return BN_bin2bn(b_out, sizeof(b_out), out);
}
/*-
@@ -852,7 +851,7 @@ static limb felem_is_zero(const felem in)
* We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement.
*/
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = ftmp[0] ^ kPrime[0];
is_p |= ftmp[1] ^ kPrime[1];
@@ -865,7 +864,7 @@ static limb felem_is_zero(const felem in)
is_p |= ftmp[8] ^ kPrime[8];
is_p--;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
return is_zero;
@@ -936,7 +935,7 @@ static void felem_contract(felem out, const felem in)
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_p = ~is_p;
/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
@@ -962,7 +961,7 @@ static void felem_contract(felem out, const felem in)
is_greater |= is_greater << 4;
is_greater |= is_greater << 2;
is_greater |= is_greater << 1;
- is_greater = ((s64) is_greater) >> 63;
+ is_greater = 0 - (is_greater >> 63);
out[0] -= kPrime[0] & is_greater;
out[1] -= kPrime[1] & is_greater;
diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c
index 99b8d613c833..9a53a39a25b9 100644
--- a/crypto/openssl/crypto/ec/ecp_nistz256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistz256.c
@@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_)
32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37);
OPENSSL_free(pre->precomp_storage);
}
- OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre);
}
diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c
index 2b848216d78c..e94a7d49368d 100644
--- a/crypto/openssl/crypto/ec/ecp_smpl.c
+++ b/crypto/openssl/crypto/ec/ecp_smpl.c
@@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
if (tmp == NULL || tmp_Z == NULL)
goto err;
- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+ prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
if (prod_Z == NULL)
goto err;
for (i = 0; i < num; i++) {
diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c
index 40a1f003259f..5e1ef5093383 100644
--- a/crypto/openssl/crypto/ec/ectest.c
+++ b/crypto/openssl/crypto/ec/ectest.c
@@ -469,7 +469,7 @@ static void prime_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -482,7 +482,7 @@ static void prime_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -494,7 +494,7 @@ static void prime_field_tests(void)
fprintf(stdout, "%02X", buf[i]);
len =
- EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
if (len == 0)
ABORT;
@@ -1206,7 +1206,7 @@ static void char2_field_tests(void)
# ifdef OPENSSL_EC_BIN_PT_COMP
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -1220,7 +1220,7 @@ static void char2_field_tests(void)
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
- sizeof buf, ctx);
+ sizeof(buf), ctx);
if (len == 0)
ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@@ -1234,7 +1234,7 @@ static void char2_field_tests(void)
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
len =
- EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
if (len == 0)
ABORT;
@@ -1844,7 +1844,7 @@ int main(int argc, char *argv[])
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
prime_field_tests();
puts("");
diff --git a/crypto/openssl/crypto/ecdh/ecdhtest.c b/crypto/openssl/crypto/ecdh/ecdhtest.c
index 2fe2c66443d0..3febf10188ba 100644
--- a/crypto/openssl/crypto/ecdh/ecdhtest.c
+++ b/crypto/openssl/crypto/ecdh/ecdhtest.c
@@ -490,7 +490,7 @@ int main(int argc, char *argv[])
CRYPTO_malloc_init();
# endif
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
out = BIO_new(BIO_s_file());
if (out == NULL)
diff --git a/crypto/openssl/crypto/engine/eng_cryptodev.c b/crypto/openssl/crypto/engine/eng_cryptodev.c
index af59471c4771..d8cac4bdfd31 100644
--- a/crypto/openssl/crypto/engine/eng_cryptodev.c
+++ b/crypto/openssl/crypto/engine/eng_cryptodev.c
@@ -1057,7 +1057,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a)
return (-1);
for (i = 0; i < bytes; i++)
- pd[i] = crp->crp_p[bytes - i - 1];
+ pd[i] = ((char *)crp->crp_p)[bytes - i - 1];
BN_bin2bn(pd, bytes, a);
free(pd);
@@ -1133,7 +1133,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return (ret);
}
- memset(&kop, 0, sizeof kop);
+ memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP;
/* inputs: a^p % m */
@@ -1184,7 +1184,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
return (0);
}
- memset(&kop, 0, sizeof kop);
+ memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP_CRT;
/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
if (bn2crparam(rsa->p, &kop.crk_param[0]))
@@ -1287,7 +1287,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
goto err;
}
- memset(&kop, 0, sizeof kop);
+ memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
@@ -1330,7 +1330,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
struct crypt_kop kop;
int dsaret = 1;
- memset(&kop, 0, sizeof kop);
+ memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
@@ -1403,7 +1403,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
keylen = BN_num_bits(dh->p);
- memset(&kop, 0, sizeof kop);
+ memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DH_COMPUTE_KEY;
/* inputs: dh->priv_key pub_key dh->p key */
diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c
index 27d31f70c855..709393fae57d 100644
--- a/crypto/openssl/crypto/engine/eng_table.c
+++ b/crypto/openssl/crypto/engine/eng_table.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -159,6 +159,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
}
fnd->funct = NULL;
(void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
+ if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
+ sk_ENGINE_free(fnd->sk);
+ OPENSSL_free(fnd);
+ goto end;
+ }
}
/* A registration shouldn't add duplciate entries */
(void)sk_ENGINE_delete_ptr(fnd->sk, e);
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index cfe0e8083f39..e9ef2156e11f 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -602,8 +602,8 @@ static void build_SYS_str_reasons(void)
char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
char *src = strerror(i);
if (src != NULL) {
- strncpy(*dest, src, sizeof *dest);
- (*dest)[sizeof *dest - 1] = '\0';
+ strncpy(*dest, src, sizeof(*dest));
+ (*dest)[sizeof(*dest) - 1] = '\0';
str->string = *dest;
}
}
diff --git a/crypto/openssl/crypto/err/err_prn.c b/crypto/openssl/crypto/err/err_prn.c
index 6e352effe31d..25c808eab73b 100644
--- a/crypto/openssl/crypto/err/err_prn.c
+++ b/crypto/openssl/crypto/err/err_prn.c
@@ -77,7 +77,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
CRYPTO_THREADID_current(&cur);
es = CRYPTO_THREADID_hash(&cur);
while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
- ERR_error_string_n(l, buf, sizeof buf);
+ ERR_error_string_n(l, buf, sizeof(buf));
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : "");
if (cb(buf2, strlen(buf2), u) <= 0)
diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c
index 538b5202643a..5ad5a950352b 100644
--- a/crypto/openssl/crypto/evp/bio_b64.c
+++ b/crypto/openssl/crypto/evp/bio_b64.c
@@ -330,6 +330,14 @@ static int b64_read(BIO *b, char *out, int outl)
(unsigned char *)ctx->tmp, i);
ctx->tmp_len = 0;
}
+ /*
+ * If eof or an error was signalled, then the condition
+ * 'ctx->cont <= 0' will prevent b64_read() from reading
+ * more data on subsequent calls. This assignment was
+ * deleted accidentally in commit 5562cfaca4f3.
+ */
+ ctx->cont = i;
+
ctx->buf_off = 0;
if (i < 0) {
ret_code = 0;
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index 4db179629d04..d4274c5729b7 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -124,12 +124,12 @@
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
- memset(ctx, '\0', sizeof *ctx);
+ memset(ctx, '\0', sizeof(*ctx));
}
EVP_MD_CTX *EVP_MD_CTX_create(void)
{
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx)
EVP_MD_CTX_init(ctx);
@@ -316,7 +316,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
} else
tmp_buf = NULL;
EVP_MD_CTX_cleanup(out);
- memcpy(out, in, sizeof *out);
+ memcpy(out, in, sizeof(*out));
if (in->md_data && out->digest->ctx_size) {
if (tmp_buf)
@@ -402,7 +402,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
#ifdef OPENSSL_FIPS
FIPS_md_ctx_cleanup(ctx);
#endif
- memset(ctx, '\0', sizeof *ctx);
+ memset(ctx, '\0', sizeof(*ctx));
return 1;
}
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c
index b45b364466ac..ccc626f1d81c 100644
--- a/crypto/openssl/crypto/evp/e_aes.c
+++ b/crypto/openssl/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &ctx->num, ctx->encrypt, dat->block);
len -= MAXBITCHUNK;
+ out += MAXBITCHUNK;
+ in += MAXBITCHUNK;
}
if (len)
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
diff --git a/crypto/openssl/crypto/evp/e_camellia.c b/crypto/openssl/crypto/evp/e_camellia.c
index f273f9c9475a..996aed2a676b 100644
--- a/crypto/openssl/crypto/evp/e_camellia.c
+++ b/crypto/openssl/crypto/evp/e_camellia.c
@@ -1,6 +1,6 @@
/* crypto/evp/e_camellia.c */
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -356,6 +356,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &ctx->num, ctx->encrypt, dat->block);
len -= MAXBITCHUNK;
+ out += MAXBITCHUNK;
+ in += MAXBITCHUNK;
}
if (len)
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index be577bac767f..0c740d167902 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -85,7 +85,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
- EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx)
EVP_CIPHER_CTX_init(ctx);
return ctx;
@@ -402,7 +402,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
}
b = ctx->cipher->block_size;
- OPENSSL_assert(b <= sizeof ctx->buf);
+ OPENSSL_assert(b <= sizeof(ctx->buf));
if (b == 1) {
*outl = 0;
return 1;
@@ -454,7 +454,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
b = ctx->cipher->block_size;
- OPENSSL_assert(b <= sizeof ctx->final);
+ OPENSSL_assert(b <= sizeof(ctx->final));
if (ctx->final_used) {
memcpy(out, ctx->final, b);
@@ -520,7 +520,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return (0);
}
- OPENSSL_assert(b <= sizeof ctx->final);
+ OPENSSL_assert(b <= sizeof(ctx->final));
/*
* The following assumes that the ciphertext has been authenticated.
@@ -651,7 +651,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
#endif
EVP_CIPHER_CTX_cleanup(out);
- memcpy(out, in, sizeof *out);
+ memcpy(out, in, sizeof(*out));
if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
diff --git a/crypto/openssl/crypto/evp/evp_locl.h b/crypto/openssl/crypto/evp/evp_locl.h
index 2bb709a065d5..bee7f6d16504 100644
--- a/crypto/openssl/crypto/evp/evp_locl.h
+++ b/crypto/openssl/crypto/evp/evp_locl.h
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -116,7 +116,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl<chunk) chunk=inl;\
while(inl && inl>=chunk)\
{\
- cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
inl-=chunk;\
in +=chunk;\
out+=chunk;\
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c
index 7934c95fad0c..5d2f04bf9eda 100644
--- a/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/crypto/openssl/crypto/evp/evp_pbe.c
@@ -161,9 +161,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj)
- BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
+ BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
else
- i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
+ i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
}
diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c
index 98796427bf49..97a208302785 100644
--- a/crypto/openssl/crypto/evp/evp_test.c
+++ b/crypto/openssl/crypto/evp/evp_test.c
@@ -506,7 +506,7 @@ int main(int argc, char **argv)
int an = 0;
int tn = 0;
- if (!fgets((char *)line, sizeof line, f))
+ if (!fgets((char *)line, sizeof(line), f))
break;
if (line[0] == '#' || line[0] == '\n')
continue;
diff --git a/crypto/openssl/crypto/evp/openbsd_hw.c b/crypto/openssl/crypto/evp/openbsd_hw.c
index 07decf267433..24a358e54306 100644
--- a/crypto/openssl/crypto/evp/openbsd_hw.c
+++ b/crypto/openssl/crypto/evp/openbsd_hw.c
@@ -111,7 +111,7 @@ static int dev_crypto_init(session_op *ses)
close(cryptodev_fd);
}
assert(ses);
- memset(ses, '\0', sizeof *ses);
+ memset(ses, '\0', sizeof(*ses));
return 1;
}
@@ -164,7 +164,7 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
assert(CDATA(ctx));
assert(!dev_failed);
- memset(&cryp, '\0', sizeof cryp);
+ memset(&cryp, '\0', sizeof(cryp));
cryp.ses = CDATA(ctx)->ses;
cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
cryp.flags = 0;
@@ -329,7 +329,7 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len)
return 1;
}
- memset(&cryp, '\0', sizeof cryp);
+ memset(&cryp, '\0', sizeof(cryp));
cryp.ses = ses;
cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
* it */
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c
index f2ae1e5790d0..46fefa9ad584 100644
--- a/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -262,7 +262,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
goto err;
}
keylen = EVP_CIPHER_CTX_key_length(ctx);
- OPENSSL_assert(keylen <= sizeof key);
+ OPENSSL_assert(keylen <= sizeof(key));
/* Decode parameter */
diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c
index 213504e85fee..023ec456f94c 100644
--- a/crypto/openssl/crypto/hmac/hmac.c
+++ b/crypto/openssl/crypto/hmac/hmac.c
@@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx)
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
- OPENSSL_cleanse(ctx, sizeof *ctx);
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
}
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
diff --git a/crypto/openssl/crypto/jpake/jpake.c b/crypto/openssl/crypto/jpake/jpake.c
index 2ba75f0172c1..daf27228352a 100644
--- a/crypto/openssl/crypto/jpake/jpake.c
+++ b/crypto/openssl/crypto/jpake/jpake.c
@@ -108,14 +108,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx)
OPENSSL_free(ctx->p.peer_name);
OPENSSL_free(ctx->p.name);
- memset(ctx, '\0', sizeof *ctx);
+ memset(ctx, '\0', sizeof(*ctx));
}
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret)
{
- JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL)
return NULL;
@@ -460,7 +460,7 @@ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
{
quickhashbn(send->hhk, ctx->key);
- SHA1(send->hhk, sizeof send->hhk, send->hhk);
+ SHA1(send->hhk, sizeof(send->hhk), send->hhk);
return 1;
}
@@ -470,8 +470,8 @@ int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
unsigned char hhk[SHA_DIGEST_LENGTH];
quickhashbn(hhk, ctx->key);
- SHA1(hhk, sizeof hhk, hhk);
- if (memcmp(hhk, received->hhk, sizeof hhk)) {
+ SHA1(hhk, sizeof(hhk), hhk);
+ if (memcmp(hhk, received->hhk, sizeof(hhk))) {
JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS,
JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
return 0;
@@ -499,7 +499,7 @@ int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
unsigned char hk[SHA_DIGEST_LENGTH];
quickhashbn(hk, ctx->key);
- if (memcmp(hk, received->hk, sizeof hk)) {
+ if (memcmp(hk, received->hk, sizeof(hk))) {
JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
return 0;
}
diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/openssl/crypto/md2/md2_dgst.c
index 7f5d9ba69ba2..44193e282b43 100644
--- a/crypto/openssl/crypto/md2/md2_dgst.c
+++ b/crypto/openssl/crypto/md2/md2_dgst.c
@@ -122,9 +122,9 @@ const char *MD2_options(void)
fips_md_init(MD2)
{
c->num = 0;
- memset(c->state, 0, sizeof c->state);
- memset(c->cksm, 0, sizeof c->cksm);
- memset(c->data, 0, sizeof c->data);
+ memset(c->state, 0, sizeof(c->state));
+ memset(c->cksm, 0, sizeof(c->cksm));
+ memset(c->data, 0, sizeof(c->data));
return 1;
}
diff --git a/crypto/openssl/crypto/md4/md4.c b/crypto/openssl/crypto/md4/md4.c
index c9fab6669aff..a79997f8ffcc 100644
--- a/crypto/openssl/crypto/md4/md4.c
+++ b/crypto/openssl/crypto/md4/md4.c
@@ -102,7 +102,7 @@ void do_fp(FILE *f)
fd = fileno(f);
MD4_Init(&c);
for (;;) {
- i = read(fd, buf, sizeof buf);
+ i = read(fd, buf, sizeof(buf));
if (i <= 0)
break;
MD4_Update(&c, buf, (unsigned long)i);
diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/openssl/crypto/mem_dbg.c
index 8525ded78c79..9e1be508951e 100644
--- a/crypto/openssl/crypto/mem_dbg.c
+++ b/crypto/openssl/crypto/mem_dbg.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -633,16 +633,22 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
APP_INFO *amip;
int ami_cnt;
struct tm *lcl = NULL;
+ struct tm result = {0};
CRYPTO_THREADID ti;
-#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
+#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf))
if (m->addr == (char *)l->bio)
return;
if (options & V_CRYPTO_MDEBUG_TIME) {
+# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
+ !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
+ (!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
+ lcl = localtime_r(&m->time, &result);
+# else
lcl = localtime(&m->time);
-
+# endif
BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
bufp += strlen(bufp);
@@ -679,7 +685,7 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
ami_cnt++;
memset(buf, '>', ami_cnt);
- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
+ BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"",
CRYPTO_THREADID_hash(&amip->threadid), amip->file,
amip->line);
@@ -689,10 +695,10 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
buf_len = 128 - 3;
} else {
- BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len);
+ BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len);
buf_len = strlen(buf);
}
- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
+ BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
BIO_puts(l->bio, buf);
diff --git a/crypto/openssl/crypto/o_init.c b/crypto/openssl/crypto/o_init.c
index 185841ea048c..18bb85894d36 100644
--- a/crypto/openssl/crypto/o_init.c
+++ b/crypto/openssl/crypto/o_init.c
@@ -58,6 +58,11 @@
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
# include <openssl/rand.h>
+
+# ifndef OPENSSL_NO_DEPRECATED
+/* the prototype is missing in <openssl/fips.h> */
+void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
+# endif
#endif
/*
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c
index 04d805d9a96d..61927439eaf5 100644
--- a/crypto/openssl/crypto/o_time.c
+++ b/crypto/openssl/crypto/o_time.c
@@ -8,7 +8,7 @@
* 2008.
*/
/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -105,7 +105,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
{
struct tm *ts = NULL;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS)
if (gmtime_r(timer, result) == NULL)
return NULL;
ts = result;
@@ -141,14 +141,14 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
pitem->ileb_64$w_mbo = 1;
pitem->ileb_64$w_code = LNM$_STRING;
pitem->ileb_64$l_mbmo = -1;
- pitem->ileb_64$q_length = sizeof (logvalue);
+ pitem->ileb_64$q_length = sizeof(logvalue);
pitem->ileb_64$pq_bufaddr = logvalue;
pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen;
pitem++;
/* Last item of the item list is null terminated */
pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0;
# else
- pitem->ile3$w_length = sizeof (logvalue);
+ pitem->ile3$w_length = sizeof(logvalue);
pitem->ile3$w_code = LNM$_STRING;
pitem->ile3$ps_bufaddr = logvalue;
pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen;
diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c
index f106905ffa77..b8bdc5c5202e 100644
--- a/crypto/openssl/crypto/objects/o_names.c
+++ b/crypto/openssl/crypto/objects/o_names.c
@@ -312,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type,
d.type = type;
d.names =
- OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names);
+ OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names));
/* Really should return an error if !d.names...but its a void function! */
if (d.names) {
d.n = 0;
OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
- qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
+ qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
for (n = 0; n < d.n; ++n)
fn(d.names[n], arg);
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
index aca382a6e9f3..315afa9dbed3 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
for (i = ADDED_DATA; i <= ADDED_NID; i++)
if (ao[i] != NULL)
OPENSSL_free(ao[i]);
- if (o != NULL)
- OPENSSL_free(o);
- return (NID_undef);
+ ASN1_OBJECT_free(o);
+ return NID_undef;
}
ASN1_OBJECT *OBJ_nid2obj(int n)
@@ -591,7 +590,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
n += i;
OPENSSL_free(bndec);
} else {
- BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l);
+ BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
i = strlen(tbuf);
if (buf && (buf_len > 0)) {
BUF_strlcpy(buf, tbuf, buf_len);
@@ -725,6 +724,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
return (p);
}
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
+ */
int OBJ_create_objects(BIO *in)
{
MS_STATIC char buf[512];
@@ -746,9 +749,9 @@ int OBJ_create_objects(BIO *in)
*(s++) = '\0';
while (isspace((unsigned char)*s))
s++;
- if (*s == '\0')
+ if (*s == '\0') {
s = NULL;
- else {
+ } else {
l = s;
while ((*l != '\0') && !isspace((unsigned char)*l))
l++;
@@ -756,15 +759,18 @@ int OBJ_create_objects(BIO *in)
*(l++) = '\0';
while (isspace((unsigned char)*l))
l++;
- if (*l == '\0')
+ if (*l == '\0') {
l = NULL;
- } else
+ }
+ } else {
l = NULL;
+ }
}
- } else
+ } else {
s = NULL;
- if ((o == NULL) || (*o == '\0'))
- return (num);
+ }
+ if (*o == '\0')
+ return num;
if (!OBJ_create(o, s, l))
return (num);
num++;
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index d5835040e0b7..668757f4a372 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100020efL
+# define OPENSSL_VERSION_NUMBER 0x100020ffL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-freebsd 7 Dec 2017"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-freebsd 27 Mar 2018"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c
index 4d736a1d07e5..0994020d2eac 100644
--- a/crypto/openssl/crypto/pem/pem_info.c
+++ b/crypto/openssl/crypto/pem/pem_info.c
@@ -354,7 +354,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
/* create the right magic header stuff */
OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
- sizeof buf);
+ sizeof(buf));
buf[0] = '\0';
PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 865976bf8cce..4d5f053e4680 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -406,7 +406,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
OPENSSL_cleanse(buf, PEM_BUFSIZE);
OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
- sizeof buf);
+ sizeof(buf));
buf[0] = '\0';
PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
index 6cf8253bc238..6a463680d7ec 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -375,16 +375,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
}
if (bio == NULL) {
- if (PKCS7_is_detached(p7))
+ if (PKCS7_is_detached(p7)) {
bio = BIO_new(BIO_s_null());
- else if (os && os->length > 0)
+ } else if (os && os->length > 0) {
bio = BIO_new_mem_buf(os->data, os->length);
- if (bio == NULL) {
+ } else {
bio = BIO_new(BIO_s_mem());
if (bio == NULL)
goto err;
BIO_set_mem_eof_return(bio, 0);
}
+ if (bio == NULL)
+ goto err;
}
if (out)
BIO_push(out, bio);
diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c
index 29e465b07524..a7af9f9d8671 100644
--- a/crypto/openssl/crypto/rand/md_rand.c
+++ b/crypto/openssl/crypto/rand/md_rand.c
@@ -238,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
md_c[0] = md_count[0];
md_c[1] = md_count[1];
- memcpy(local_md, md, sizeof md);
+ memcpy(local_md, md, sizeof(md));
/* state_index <= state_num <= STATE_SIZE */
state_index += num;
@@ -454,7 +454,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
st_num = state_num;
md_c[0] = md_count[0];
md_c[1] = md_count[1];
- memcpy(local_md, md, sizeof md);
+ memcpy(local_md, md, sizeof(md));
state_index += num_ceil;
if (state_index > state_num)
@@ -480,7 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
goto err;
#ifndef GETPID_IS_MEANINGLESS
if (curr_pid) { /* just in the first iteration to save time */
- if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid))
+ if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof(curr_pid)))
goto err;
curr_pid = 0;
}
diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/openssl/crypto/rand/rand_egd.c
index 737aebfa22fe..66fb14c87efd 100644
--- a/crypto/openssl/crypto/rand/rand_egd.c
+++ b/crypto/openssl/crypto/rand/rand_egd.c
@@ -148,7 +148,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
addr.sun_family = AF_UNIX;
if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
- BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path);
+ BUF_strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1)
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c
index f51b52f1088f..f717b88b44cb 100644
--- a/crypto/openssl/crypto/rand/rand_unix.c
+++ b/crypto/openssl/crypto/rand/rand_unix.c
@@ -181,15 +181,15 @@ int RAND_poll(void)
*/
curr_gid = getgid();
- RAND_add(&curr_gid, sizeof curr_gid, 1);
+ RAND_add(&curr_gid, sizeof(curr_gid), 1);
curr_gid = 0;
curr_pid = getpid();
- RAND_add(&curr_pid, sizeof curr_pid, 1);
+ RAND_add(&curr_pid, sizeof(curr_pid), 1);
curr_pid = 0;
curr_uid = getuid();
- RAND_add(&curr_uid, sizeof curr_uid, 1);
+ RAND_add(&curr_uid, sizeof(curr_uid), 1);
curr_uid = 0;
for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
@@ -217,7 +217,7 @@ int RAND_poll(void)
/* take 8 bits */
v = (unsigned char)(ts.tv_nsec % 256);
- RAND_add(&v, sizeof v, 1);
+ RAND_add(&v, sizeof(v), 1);
v = 0;
}
return 1;
@@ -403,7 +403,7 @@ int RAND_poll(void)
# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
if (n > 0) {
- RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
+ RAND_add(tmpbuf, sizeof(tmpbuf), (double)n);
OPENSSL_cleanse(tmpbuf, n);
}
# endif
diff --git a/crypto/openssl/crypto/rsa/rsa_crpt.c b/crypto/openssl/crypto/rsa/rsa_crpt.c
index 5c416b53fab0..68f2981cc54d 100644
--- a/crypto/openssl/crypto/rsa/rsa_crpt.c
+++ b/crypto/openssl/crypto/rsa/rsa_crpt.c
@@ -219,7 +219,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
* if PRNG is not properly seeded, resort to secret exponent as
* unpredictable seed
*/
- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof(rsa->d->d[0]), 0.0);
}
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c
index a85493d6097b..9ca5dfefb707 100644
--- a/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/crypto/openssl/crypto/rsa/rsa_gen.c
@@ -109,6 +109,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BIGNUM *pr0, *d, *p;
int bitsp, bitsq, ok = -1, n = 0;
BN_CTX *ctx = NULL;
+ unsigned long error = 0;
/*
* When generating ridiculously small keys, we can get stuck
@@ -155,16 +156,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
if (!BN_sub(r2, rsa->p, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1))
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
break;
+ }
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
if (!BN_GENCB_call(cb, 2, n++))
goto err;
}
@@ -177,10 +188,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
} while (BN_cmp(rsa->p, rsa->q) == 0);
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1))
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
break;
+ }
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
if (!BN_GENCB_call(cb, 2, n++))
goto err;
}
diff --git a/crypto/openssl/crypto/rsa/rsa_pss.c b/crypto/openssl/crypto/rsa/rsa_pss.c
index 2c3fd73b0996..3c9250ba5eb3 100644
--- a/crypto/openssl/crypto/rsa/rsa_pss.c
+++ b/crypto/openssl/crypto/rsa/rsa_pss.c
@@ -157,7 +157,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
goto err;
}
if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
- || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes))
|| !EVP_DigestUpdate(&ctx, mHash, hLen))
goto err;
if (maskedDBLen - i) {
@@ -252,7 +252,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
H = EM + maskedDBLen;
EVP_MD_CTX_init(&ctx);
if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
- || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes))
|| !EVP_DigestUpdate(&ctx, mHash, hLen))
goto err;
if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c
index 85c7440b8c68..ed78f01081b1 100644
--- a/crypto/openssl/crypto/rsa/rsa_test.c
+++ b/crypto/openssl/crypto/rsa/rsa_test.c
@@ -226,7 +226,7 @@ int main(int argc, char *argv[])
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */
plen = sizeof(ptext_ex) - 1;
diff --git a/crypto/openssl/crypto/srp/srp_grps.h b/crypto/openssl/crypto/srp/srp_grps.h
index 31312de15c81..f76652cb8b9a 100644
--- a/crypto/openssl/crypto/srp/srp_grps.h
+++ b/crypto/openssl/crypto/srp/srp_grps.h
@@ -21,8 +21,8 @@ static BN_ULONG bn_group_1024_value[] = {
static BIGNUM bn_group_1024 = {
bn_group_1024_value,
- (sizeof bn_group_1024_value) / sizeof(BN_ULONG),
- (sizeof bn_group_1024_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -56,8 +56,8 @@ static BN_ULONG bn_group_1536_value[] = {
static BIGNUM bn_group_1536 = {
bn_group_1536_value,
- (sizeof bn_group_1536_value) / sizeof(BN_ULONG),
- (sizeof bn_group_1536_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -99,8 +99,8 @@ static BN_ULONG bn_group_2048_value[] = {
static BIGNUM bn_group_2048 = {
bn_group_2048_value,
- (sizeof bn_group_2048_value) / sizeof(BN_ULONG),
- (sizeof bn_group_2048_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -158,8 +158,8 @@ static BN_ULONG bn_group_3072_value[] = {
static BIGNUM bn_group_3072 = {
bn_group_3072_value,
- (sizeof bn_group_3072_value) / sizeof(BN_ULONG),
- (sizeof bn_group_3072_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -233,8 +233,8 @@ static BN_ULONG bn_group_4096_value[] = {
static BIGNUM bn_group_4096 = {
bn_group_4096_value,
- (sizeof bn_group_4096_value) / sizeof(BN_ULONG),
- (sizeof bn_group_4096_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -340,8 +340,8 @@ static BN_ULONG bn_group_6144_value[] = {
static BIGNUM bn_group_6144 = {
bn_group_6144_value,
- (sizeof bn_group_6144_value) / sizeof(BN_ULONG),
- (sizeof bn_group_6144_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
@@ -479,8 +479,8 @@ static BN_ULONG bn_group_8192_value[] = {
static BIGNUM bn_group_8192 = {
bn_group_8192_value,
- (sizeof bn_group_8192_value) / sizeof(BN_ULONG),
- (sizeof bn_group_8192_value) / sizeof(BN_ULONG),
+ (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG),
+ (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG),
0,
BN_FLG_STATIC_DATA
};
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
index dbff4a69f3a4..b26ed28aa9f6 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -190,7 +190,7 @@ int main(int argc, char *argv[])
char *ccert = TEST_CLIENT_CERT;
const SSL_METHOD *ssl_method = SSLv23_method();
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
if (bio_err == NULL)
bio_err = BIO_new_fd(2, BIO_NOCLOSE);
diff --git a/crypto/openssl/crypto/ts/Makefile b/crypto/openssl/crypto/ts/Makefile
index cf991efe4641..4a3c0f0017e8 100644
--- a/crypto/openssl/crypto/ts/Makefile
+++ b/crypto/openssl/crypto/ts/Makefile
@@ -217,7 +217,8 @@ ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c
+ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ../o_time.h
+ts_rsp_sign.o: ts_rsp_sign.c
ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h
ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
diff --git a/crypto/openssl/crypto/ts/ts_rsp_sign.c b/crypto/openssl/crypto/ts/ts_rsp_sign.c
index db6ce3241f73..d55e903e836a 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_sign.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_sign.c
@@ -4,7 +4,7 @@
* 2002.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -58,6 +58,7 @@
*/
#include "cryptlib.h"
+#include "o_time.h"
#if defined(OPENSSL_SYS_UNIX)
# include <sys/time.h>
@@ -948,6 +949,7 @@ static ASN1_GENERALIZEDTIME
{
time_t time_sec = (time_t)sec;
struct tm *tm = NULL;
+ struct tm result = {0};
char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
char *p = genTime_str;
char *p_end = genTime_str + sizeof(genTime_str);
@@ -955,7 +957,7 @@ static ASN1_GENERALIZEDTIME
if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
goto err;
- if (!(tm = gmtime(&time_sec)))
+ if (!(tm = OPENSSL_gmtime(&time_sec, &result)))
goto err;
/*
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
index 17d14f58427a..8a43590319fa 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -614,7 +614,7 @@ static void pushsig(void)
# ifdef SIGACTION
struct sigaction sa;
- memset(&sa, 0, sizeof sa);
+ memset(&sa, 0, sizeof(sa));
sa.sa_handler = recsig;
# endif
diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c
index 35db09559133..594031e7722d 100644
--- a/crypto/openssl/crypto/x509/x509_txt.c
+++ b/crypto/openssl/crypto/x509/x509_txt.c
@@ -212,7 +212,7 @@ const char *X509_verify_cert_error_string(long n)
return ("proxy subject name violation");
default:
- BIO_snprintf(buf, sizeof buf, "error number %ld", n);
+ BIO_snprintf(buf, sizeof(buf), "error number %ld", n);
return (buf);
}
}
diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/openssl/crypto/x509/x509_v3.c
index 4a03445a64d2..9a3517e02af1 100644
--- a/crypto/openssl/crypto/x509/x509_v3.c
+++ b/crypto/openssl/crypto/x509/x509_v3.c
@@ -177,7 +177,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
err2:
if (new_ex != NULL)
X509_EXTENSION_free(new_ex);
- if (sk != NULL)
+ if (x != NULL && *x == NULL && sk != NULL)
sk_X509_EXTENSION_free(sk);
return (NULL);
}
diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c
index 1ac15a881a10..7d68a4abbc94 100644
--- a/crypto/openssl/crypto/x509/x509_vpm.c
+++ b/crypto/openssl/crypto/x509/x509_vpm.c
@@ -173,7 +173,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
X509_VERIFY_PARAM *param;
X509_VERIFY_PARAM_ID *paramid;
- param = OPENSSL_malloc(sizeof *param);
+ param = OPENSSL_malloc(sizeof(*param));
if (!param)
return NULL;
memset(param, 0, sizeof(*param));
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c
index a0351faf1119..d4d024c561c8 100644
--- a/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -157,12 +157,12 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
case GEN_IPADD:
p = gen->d.ip->data;
if (gen->d.ip->length == 4)
- BIO_snprintf(oline, sizeof oline,
+ BIO_snprintf(oline, sizeof(oline),
"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
else if (gen->d.ip->length == 16) {
oline[0] = 0;
for (i = 0; i < 8; i++) {
- BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]);
+ BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]);
p += 2;
strcat(oline, htmp);
if (i != 7)
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c
index c1b4c1a89f74..a38848cc1df7 100644
--- a/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -4,7 +4,7 @@
* 1999.
*/
/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -340,8 +340,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
val = sk_CONF_VALUE_value(nval, i);
if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
return 0;
- if (sk)
- X509v3_add_ext(sk, ext, -1);
+ if (sk != NULL) {
+ if (X509v3_add_ext(sk, ext, -1) == NULL) {
+ X509_EXTENSION_free(ext);
+ return 0;
+ }
+ }
X509_EXTENSION_free(ext);
}
return 1;
diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/openssl/crypto/x509v3/v3_info.c
index 7064c725d98d..0c64b0adfcc9 100644
--- a/crypto/openssl/crypto/x509v3/v3_info.c
+++ b/crypto/openssl/crypto/x509v3/v3_info.c
@@ -126,7 +126,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
goto err;
tret = tmp;
vtmp = sk_CONF_VALUE_value(tret, i);
- i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
+ i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
ntmp = OPENSSL_malloc(nlen);
if (ntmp == NULL)
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
index bd1acc88f35c..def1d3f72343 100644
--- a/crypto/openssl/doc/apps/ca.pod
+++ b/crypto/openssl/doc/apps/ca.pod
@@ -424,6 +424,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier,
it's recommended to use the value B<no>, especially if combined with
the B<-selfsign> command line option.
+Note that it is valid in some circumstances for certificates to be created
+without any subject. In the case where there are multiple certificates without
+subjects this does not count as a duplicate.
+
=item B<serial>
a text file containing the next serial number to use in hex. Mandatory.
diff --git a/crypto/openssl/doc/apps/ecparam.pod b/crypto/openssl/doc/apps/ecparam.pod
index ba2f3b9ae274..9482095266dc 100644
--- a/crypto/openssl/doc/apps/ecparam.pod
+++ b/crypto/openssl/doc/apps/ecparam.pod
@@ -86,8 +86,8 @@ currently implemented EC parameters names and exit.
=item B<-conv_form>
This specifies how the points on the elliptic curve are converted
-into octet strings. Possible values are: B<compressed> (the default
-value), B<uncompressed> and B<hybrid>. For more information regarding
+into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
+default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
index d9413a0cf211..d2cad29d218b 100644
--- a/crypto/openssl/doc/apps/s_client.pod
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -250,7 +250,7 @@ use the server's cipher preferences; only used for SSLV2.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", and "ftp".
+supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
=item B<-tlsextdebug>
diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod
index 321d5ac7e126..2516718979f2 100644
--- a/crypto/openssl/doc/apps/verify.pod
+++ b/crypto/openssl/doc/apps/verify.pod
@@ -15,7 +15,7 @@ B<openssl> B<verify>
[B<-ignore_critical>]
[B<-attime timestamp>]
[B<-check_ss_sig>]
-[B<-crlfile file>]
+[B<-CRLfile file>]
[B<-crl_download>]
[B<-crl_check>]
[B<-crl_check_all>]
@@ -69,7 +69,7 @@ current system time. B<timestamp> is the number of seconds since
Verify the signature on the self-signed root CA. This is disabled by default
because it doesn't add any security.
-=item B<-crlfile file>
+=item B<-CRLfile file>
File containing one or more CRL's (in PEM format) to load.
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
index aed22259f045..4c90d7624763 100644
--- a/crypto/openssl/doc/apps/x509.pod
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -225,8 +225,11 @@ non-zero if yes it will expire or zero if not.
=item B<-fingerprint>
-prints out the digest of the DER encoded version of the whole certificate
-(see digest options).
+Calculates and outputs the digest of the DER encoded version of the entire
+certificate (see digest options).
+This is commonly called a "fingerprint". Because of the nature of message
+digests, the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
=item B<-C>
@@ -674,10 +677,6 @@ supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
-Display the certificate MD5 fingerprint:
-
- openssl x509 -in cert.pem -noout -fingerprint
-
Display the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
@@ -731,13 +730,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape
and MSIE do this as do many certificates. So although this is incorrect
it is more likely to display the majority of certificates correctly.
-The B<-fingerprint> option takes the digest of the DER encoded certificate.
-This is commonly called a "fingerprint". Because of the nature of message
-digests the fingerprint of a certificate is unique to that certificate and
-two certificates with the same fingerprint can be considered to be the same.
-
-The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
-
The B<-email> option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
not print the same address more than once.
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
index f651e4f2aee0..4ea6e8c226c0 100644
--- a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
+++ b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
@@ -66,8 +66,8 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by ASN1_STRING_data()
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
-for and IA5String the data will be ASCII, for a BMPString two bytes per
-character in big endian format, UTF8String will be in UTF8 format.
+for an IA5String the data will be ASCII, for a BMPString two bytes per
+character in big endian format, and for an UTF8String it will be in UTF8 format.
Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set().
diff --git a/crypto/openssl/doc/crypto/BIO_s_mem.pod b/crypto/openssl/doc/crypto/BIO_s_mem.pod
index 9f239648d752..7663d8bf5ffd 100644
--- a/crypto/openssl/doc/crypto/BIO_s_mem.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_mem.pod
@@ -50,14 +50,14 @@ zero then it will return B<v> when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
positive return value B<v> should be set to a negative value, typically -1.
-BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
+BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data
and returns the total amount of data available. It is implemented as a macro.
BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
It is a macro.
-BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
+BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B<pp>. It is
a macro.
BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
diff --git a/crypto/openssl/doc/crypto/BN_zero.pod b/crypto/openssl/doc/crypto/BN_zero.pod
index b555ec398859..8aa9c142b725 100644
--- a/crypto/openssl/doc/crypto/BN_zero.pod
+++ b/crypto/openssl/doc/crypto/BN_zero.pod
@@ -14,34 +14,37 @@ operations
const BIGNUM *BN_value_one(void);
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
+ int BN_set_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_get_word(BIGNUM *a);
=head1 DESCRIPTION
+B<BN_ULONG> is a macro that will be an unsigned integral type optimied
+for the most efficient implementation on the local platform.
+
BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
B<w> respectively. BN_zero() and BN_one() are macros.
BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
is useful for use in comparisons and assignment.
-BN_get_word() returns B<a>, if it can be represented as an unsigned
-long.
+BN_get_word() returns B<a>, if it can be represented as a B<BN_ULONG>.
=head1 RETURN VALUES
-BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
-be represented as an unsigned long.
+BN_get_word() returns the value B<a>, or all-bits-set if B<a> cannot
+be represented as a B<BN_ULONG>.
BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
BN_value_one() returns the constant.
=head1 BUGS
-Someone might change the constant.
+If a B<BIGNUM> is equal to the value of all-bits-set, it will collide
+with the error condition returned by BN_get_word() which uses that
+as an error value.
-If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
-unsigned long but this value is also returned on error.
+B<BN_ULONG> should probably be a typedef.
=head1 SEE ALSO
diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
index a2c418e9efd4..4ffd830e2186 100644
--- a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
@@ -38,38 +38,38 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
+ ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
+ ENGINE *impl, const unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
+ int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
+ const unsigned char *key, const unsigned char *iv);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
+ const unsigned char *key, const unsigned char *iv);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv, int enc);
+ const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
diff --git a/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 44792f91a11d..10399ecbafd0 100644
--- a/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to check to see if an
alternative chain can be found that is trusted. With this flag set the behaviour
will match that of OpenSSL versions prior to 1.0.2b.
+The B<X509_V_FLAG_TRUSTED_FIRST> flag causes chain construction to look for
+issuers in the trust store before looking at the untrusted certificates
+provided as part of the the peer chain.
+Though it is not on by default in OpenSSL 1.0.2, applications should generally
+set this flag.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important When some certificates in the trust store have
+explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>).
+
+The B<X509_V_FLAG_PARTIAL_CHAIN> flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root CA certificates.
+This makes it possible to trust certificates issued by an intermediate CA
+without having to trust its ancestor root CA.
+With OpenSSL 1.0.2, chain construction continues as long as there are
+additional trusted issuers in the trust store, and the last trusted issuer
+becomes the trust-anchor.
+Thus, even when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may still be anchored by a root CA.
+
=head1 NOTES
The above functions should be used to manipulate verification parameters
@@ -235,7 +256,8 @@ connections associated with an B<SSL_CTX> structure B<ctx>:
L<X509_verify_cert(3)|X509_verify_cert(3)>,
L<X509_check_host(3)|X509_check_host(3)>,
L<X509_check_email(3)|X509_check_email(3)>,
-L<X509_check_ip(3)|X509_check_ip(3)>
+L<X509_check_ip(3)|X509_check_ip(3)>,
+L<x509(1)|x509(1)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/threads.pod b/crypto/openssl/doc/crypto/threads.pod
index dc0e9391dc20..30c19b815fd8 100644
--- a/crypto/openssl/doc/crypto/threads.pod
+++ b/crypto/openssl/doc/crypto/threads.pod
@@ -63,9 +63,13 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
=head1 DESCRIPTION
-OpenSSL can safely be used in multi-threaded applications provided
-that at least two callback functions are set, locking_function and
+OpenSSL can generally be used safely in multi-threaded applications provided
+that at least two callback functions are set, the locking_function and
threadid_func.
+Note that OpenSSL is not completely thread-safe, and unfortunately not all
+global resources have the necessary locks.
+Further, the thread-safety does not extend to things like multiple threads
+using the same B<SSL> object at the same time.
locking_function(int mode, int n, const char *file, int line) is
needed to perform locking on shared data structures.
diff --git a/crypto/openssl/engines/ccgost/README.gost b/crypto/openssl/engines/ccgost/README.gost
index c96cccc7b40a..80f7900d0987 100644
--- a/crypto/openssl/engines/ccgost/README.gost
+++ b/crypto/openssl/engines/ccgost/README.gost
@@ -193,7 +193,7 @@ Russian clients and RSA/DSA ciphersuites for foreign clients.
openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile
- Note absense of an option that specifies digest algorithm. gost-mac
+ Note absence of an option that specifies digest algorithm. gost-mac
algorithm supports only one digest (which is actually part of
implementation of this mac) and OpenSSL is clever enough to find out
this.
@@ -216,8 +216,8 @@ openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\
7. Testing speed of symmetric ciphers.
To test performance of GOST symmetric ciphers you should use -evp switch
-of the openssl speed command. Engine-provided ciphers couldn't be
-accessed by cipher-specific functions, only via generic evp interface
+of the openssl speed command. Engine-provided ciphers can be accessed only via
+generic evp interface and not by cipher-specific functions.
openssl speed -evp gost89
openssl speed -evp gost89-cnt
@@ -225,7 +225,7 @@ accessed by cipher-specific functions, only via generic evp interface
PROGRAMMING INTERFACES DETAILS
-Applications never should access engine directly. They only use provided
+Applications should never access engine directly. They should only use provided
EVP_PKEY API. But there are some details, which should be taken into
account.
@@ -281,12 +281,11 @@ If UKM is not set by this control command, encrypt operation would
generate random UKM.
-This sources include implementation of GOST 28147-89 and GOST R 34.11-94
-which are completely indepentent from OpenSSL and can be used separately
-(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file
-gostsum.c) is provided as example of such separate usage. This is
-program, simular to md5sum and sha1sum utilities, but calculates GOST R
-34.11-94 hash.
+These sources include implementation of GOST 28147-89 and GOST R 34.11-94
+which are completely independent from OpenSSL and can be used separately
+(files gost89.c, gost89.h, gosthash.c, gosthash.h). Utility gostsum (file
+gostsum.c) is provided as an example of such separate usage. This program is
+similar to md5sum and sha1sum utilities, but calculates GOST R 34.11-94 hash.
Makefile doesn't include rule for compiling gostsum.
Use command
diff --git a/crypto/openssl/engines/ccgost/gost_eng.c b/crypto/openssl/engines/ccgost/gost_eng.c
index 5924791b7735..ea52c4dbe9db 100644
--- a/crypto/openssl/engines/ccgost/gost_eng.c
+++ b/crypto/openssl/engines/ccgost/gost_eng.c
@@ -157,10 +157,6 @@ static int bind_gost(ENGINE *e, const char *id)
return ret;
}
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
- IMPLEMENT_DYNAMIC_CHECK_FN()
-#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
static int gost_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
@@ -278,4 +274,7 @@ void ENGINE_load_gost(void)
ENGINE_free(toadd);
ERR_clear_error();
}
+#else
+IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
+IMPLEMENT_DYNAMIC_CHECK_FN()
#endif
diff --git a/crypto/openssl/engines/e_atalla.c b/crypto/openssl/engines/e_atalla.c
index 6a324e6766b0..7d136fff0736 100644
--- a/crypto/openssl/engines/e_atalla.c
+++ b/crypto/openssl/engines/e_atalla.c
@@ -494,7 +494,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
/* Prepare the key-data */
- memset(&keydata, 0, sizeof keydata);
+ memset(&keydata, 0, sizeof(keydata));
numbytes = BN_num_bytes(m);
memset(exponent->d, 0, numbytes);
memset(modulus->d, 0, numbytes);
diff --git a/crypto/openssl/ssl/Makefile b/crypto/openssl/ssl/Makefile
index 7866a3ccd77b..b0a4ee8577c8 100644
--- a/crypto/openssl/ssl/Makefile
+++ b/crypto/openssl/ssl/Makefile
@@ -269,7 +269,7 @@ d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
d1_srvr.o: ssl_locl.h
-kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+kssl.o: ../crypto/o_time.h ../include/openssl/asn1.h ../include/openssl/bio.h
kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
diff --git a/crypto/openssl/ssl/bad_dtls_test.c b/crypto/openssl/ssl/bad_dtls_test.c
index 34af37d9a9f4..ff754e1e497b 100644
--- a/crypto/openssl/ssl/bad_dtls_test.c
+++ b/crypto/openssl/ssl/bad_dtls_test.c
@@ -19,7 +19,7 @@
* Note that unlike other SSL tests, we don't test against our own SSL
* server method. Firstly because we don't have one; we *only* support
* DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
* are made in generic DTLS code which don't take DTLS1_BAD_VER into
* account, there's plenty of scope for making those changes such that
* they break *both* the client and the server in the same way.
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c
index debd4fd5dcca..95b5033d3d33 100644
--- a/crypto/openssl/ssl/d1_lib.c
+++ b/crypto/openssl/ssl/d1_lib.c
@@ -126,9 +126,9 @@ int dtls1_new(SSL *s)
if (!ssl3_new(s))
return (0);
- if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL)
+ if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL)
return (0);
- memset(d1, 0, sizeof *d1);
+ memset(d1, 0, sizeof(*d1));
/* d1->handshake_epoch=0; */
diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c
index 10586fee5408..f5deddf7706a 100644
--- a/crypto/openssl/ssl/d1_pkt.c
+++ b/crypto/openssl/ssl/d1_pkt.c
@@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -706,8 +706,11 @@ int dtls1_get_record(SSL *s)
n2s(p, rr->length);
- /* Lets check version */
- if (!s->first_packet) {
+ /*
+ * Lets check the version. We tolerate alerts that don't have the exact
+ * version number (e.g. because of protocol version errors)
+ */
+ if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
if (version != s->version) {
/* unexpected version, silently discard */
rr->length = 0;
@@ -1061,7 +1064,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof s->d1->handshake_fragment;
+ dest_maxlen = sizeof(s->d1->handshake_fragment);
dest = s->d1->handshake_fragment;
dest_len = &s->d1->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
@@ -1202,6 +1205,24 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto start;
}
+ /*
+ * If we are a server and get a client hello when renegotiation isn't
+ * allowed send back a no renegotiation alert and carry on.
+ */
+ if (s->server
+ && SSL_is_init_finished(s)
+ && !s->s3->send_connection_binding
+ && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH
+ && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+ && s->s3->previous_client_finished_len != 0
+ && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
+ s->d1->handshake_fragment_len = 0;
+ rr->length = 0;
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ goto start;
+ }
+
+
if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
int alert_level = s->d1->alert_fragment[0];
int alert_descr = s->d1->alert_fragment[1];
@@ -1286,7 +1307,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_DTLS1_READ_BYTES,
SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
diff --git a/crypto/openssl/ssl/fatalerrtest.c b/crypto/openssl/ssl/fatalerrtest.c
index 0288c33fa2eb..f9d66e27b30c 100644
--- a/crypto/openssl/ssl/fatalerrtest.c
+++ b/crypto/openssl/ssl/fatalerrtest.c
@@ -13,8 +13,8 @@
int main(int argc, char *argv[])
{
- SSL_CTX *sctx, *cctx;
- SSL *sssl, *cssl;
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *sssl = NULL, *cssl = NULL;
const char *msg = "Dummy";
BIO *err = NULL, *wbio = NULL;
int ret = 1, len;
@@ -76,7 +76,7 @@ int main(int argc, char *argv[])
}
/* SSL_read()/SSL_write should fail because of a previous fatal error */
- if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) {
+ if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) {
buf[len] = '\0';
printf("Unexpected success reading data: %s\n", buf);
goto err;
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c
index f2839bdcd7f5..18e5f1dcc2b0 100644
--- a/crypto/openssl/ssl/kssl.c
+++ b/crypto/openssl/ssl/kssl.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/krb5_asn.h>
+#include "o_time.h"
#include "kssl_lcl.h"
#ifndef OPENSSL_NO_KRB5
@@ -2026,6 +2027,8 @@ krb5_error_code kssl_check_authent(
int outl, unencbufsize;
struct tm tm_time, *tm_l, *tm_g;
time_t now, tl, tg, tr, tz_offset;
+ struct tm gmt_result = {0};
+ struct tm lt_result = {0};
EVP_CIPHER_CTX_init(&ciph_ctx);
*atimep = 0;
@@ -2082,7 +2085,7 @@ krb5_error_code kssl_check_authent(
}
# endif
enc = kssl_map_enc(enctype);
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
if (enc == NULL) {
/*
@@ -2140,9 +2143,17 @@ krb5_error_code kssl_check_authent(
if (k_gmtime(auth->ctime, &tm_time) &&
((tr = mktime(&tm_time)) != (time_t)(-1))) {
now = time(&now);
+ tm_g = OPENSSL_gmtime(&now, &gmt_result);
+
+# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
+ !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
+ (!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
+ tm_l = localtime_r(&now, &lt_result);
+# else
tm_l = localtime(&now);
+# endif
+
tl = mktime(tm_l);
- tm_g = gmtime(&now);
tg = mktime(tm_g);
tz_offset = tg - tl;
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
index d3f6db15ccee..d2017e7cf086 100644
--- a/crypto/openssl/ssl/s23_srvr.c
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -268,8 +268,8 @@ int ssl23_get_client_hello(SSL *s)
if (!ssl3_setup_buffers(s))
goto err;
- n = ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space)
+ n = ssl23_read_bytes(s, sizeof(buf_space));
+ if (n != sizeof(buf_space))
return (n); /* n == -1 || n == 0 */
p = s->packet;
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 20de1a82178f..3a8345ba2f81 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -523,7 +523,7 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length = s->s2->tmp.conn_id_length;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
return -1;
@@ -708,7 +708,7 @@ static int client_finished(SSL *s)
if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_CLIENT_FINISHED;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -981,7 +981,7 @@ static int get_server_finished(SSL *s)
} else {
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
if ((s->session->session_id_length >
- sizeof s->session->session_id)
+ sizeof(s->session->session_id))
|| (0 !=
memcmp(buf + 1, s->session->session_id,
(unsigned int)s->session->session_id_length))) {
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index 23eef72aa43b..0115d2069ce2 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -99,7 +99,7 @@ int ssl2_enc_init(SSL *s, int client)
num = c->key_len;
s->s2->key_material_length = num * 2;
- OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
+ OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material));
if (ssl2_generate_key_material(s) <= 0)
return 0;
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index cc1360307b94..f03fe69f1e78 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -326,9 +326,9 @@ int ssl2_new(SSL *s)
{
SSL2_STATE *s2;
- if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL)
+ if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL)
goto err;
- memset(s2, 0, sizeof *s2);
+ memset(s2, 0, sizeof(*s2));
# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
# error "assertion failed"
@@ -371,7 +371,7 @@ void ssl2_free(SSL *s)
OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL)
OPENSSL_free(s2->wbuf);
- OPENSSL_cleanse(s2, sizeof *s2);
+ OPENSSL_cleanse(s2, sizeof(*s2));
OPENSSL_free(s2);
s->s2 = NULL;
}
@@ -386,7 +386,7 @@ void ssl2_clear(SSL *s)
rbuf = s2->rbuf;
wbuf = s2->wbuf;
- memset(s2, 0, sizeof *s2);
+ memset(s2, 0, sizeof(*s2));
s2->rbuf = rbuf;
s2->wbuf = wbuf;
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index d3b243c27e02..c30161109c44 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -724,7 +724,7 @@ static int get_client_hello(SSL *s)
p += s->s2->tmp.session_id_length;
/* challenge */
- if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
@@ -872,7 +872,7 @@ static int get_client_finished(SSL *s)
}
/* SSL2_ST_GET_CLIENT_FINISHED_B */
- if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) {
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
@@ -903,7 +903,7 @@ static int server_verify(SSL *s)
if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_SERVER_VERIFY;
- if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ if (s->s2->challenge_length > sizeof(s->s2->challenge)) {
SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
return -1;
}
@@ -925,7 +925,7 @@ static int server_finish(SSL *s)
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_SERVER_FINISHED;
- if (s->session->session_id_length > sizeof s->session->session_id) {
+ if (s->session->session_id_length > sizeof(s->session->session_id)) {
SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
return -1;
}
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index 5b8b2da59f54..bd0929d0e50e 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -984,7 +984,7 @@ int ssl3_get_server_hello(SSL *s)
/* get the session-id */
j = *(p++);
- if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
+ if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
@@ -2561,16 +2561,16 @@ int ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
goto err;
- s->session->master_key_length = sizeof tmp_buf;
+ s->session->master_key_length = sizeof(tmp_buf);
q = p;
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p += 2;
- n = RSA_public_encrypt(sizeof tmp_buf,
+ n = RSA_public_encrypt(sizeof(tmp_buf),
tmp_buf, p, rsa, RSA_PKCS1_PADDING);
# ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1)
@@ -2595,8 +2595,8 @@ int ssl3_send_client_key_exchange(SSL *s)
s->
session->master_key,
tmp_buf,
- sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ sizeof(tmp_buf));
+ OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
}
#endif
#ifndef OPENSSL_NO_KRB5
@@ -2688,7 +2688,7 @@ int ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0] = s->client_version >> 8;
tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0)
goto err;
/*-
@@ -2699,13 +2699,13 @@ int ssl3_send_client_key_exchange(SSL *s)
* EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
- sizeof tmp_buf);
+ sizeof(tmp_buf));
EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
outl += padl;
- if (outl > (int)sizeof epms) {
+ if (outl > (int)sizeof(epms)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
@@ -2723,9 +2723,9 @@ int ssl3_send_client_key_exchange(SSL *s)
s->
session->master_key,
tmp_buf,
- sizeof tmp_buf);
+ sizeof(tmp_buf));
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf));
OPENSSL_cleanse(epms, outl);
}
#endif
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 1014a3fce16f..7e27dae35b0c 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -3018,9 +3018,9 @@ int ssl3_new(SSL *s)
{
SSL3_STATE *s3;
- if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+ if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
goto err;
- memset(s3, 0, sizeof *s3);
+ memset(s3, 0, sizeof(*s3));
memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
@@ -3078,7 +3078,7 @@ void ssl3_free(SSL *s)
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_cleanse(s->s3, sizeof *s->s3);
+ OPENSSL_cleanse(s->s3, sizeof(*s->s3));
OPENSSL_free(s->s3);
s->s3 = NULL;
}
@@ -3142,7 +3142,7 @@ void ssl3_clear(SSL *s)
s->s3->alpn_selected = NULL;
}
#endif
- memset(s->s3, 0, sizeof *s->s3);
+ memset(s->s3, 0, sizeof(*s->s3));
s->s3->rbuf.buf = rp;
s->s3->wbuf.buf = wp;
s->s3->rbuf.len = rlen;
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index b91456843041..6527df8ce228 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1096,10 +1096,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
int i;
SSL3_BUFFER *wb = &(s->s3->wbuf);
-/* XXXX */
if ((s->s3->wpend_tot > (int)len)
- || ((s->s3->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+ || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+ && (s->s3->wpend_buf != buf))
|| (s->s3->wpend_type != type)) {
SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
return (-1);
@@ -1314,11 +1313,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
unsigned int *dest_len = NULL;
if (rr->type == SSL3_RT_HANDSHAKE) {
- dest_maxlen = sizeof s->s3->handshake_fragment;
+ dest_maxlen = sizeof(s->s3->handshake_fragment);
dest = s->s3->handshake_fragment;
dest_len = &s->s3->handshake_fragment_len;
} else if (rr->type == SSL3_RT_ALERT) {
- dest_maxlen = sizeof s->s3->alert_fragment;
+ dest_maxlen = sizeof(s->s3->alert_fragment);
dest = s->s3->alert_fragment;
dest_len = &s->s3->alert_fragment_len;
}
@@ -1421,26 +1420,25 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
*/
goto start;
}
+
/*
* If we are a server and get a client hello when renegotiation isn't
- * allowed send back a no renegotiation alert and carry on. WARNING:
- * experimental code, needs reviewing (steve)
+ * allowed send back a no renegotiation alert and carry on.
*/
- if (s->server &&
- SSL_is_init_finished(s) &&
- !s->s3->send_connection_binding &&
- (s->version > SSL3_VERSION) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
- (s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * s->s3->handshake_fragment_len = 0;
- */
+ if (s->server
+ && SSL_is_init_finished(s)
+ && !s->s3->send_connection_binding
+ && s->version > SSL3_VERSION
+ && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH
+ && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO
+ && s->s3->previous_client_finished_len != 0
+ && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) {
+ s->s3->handshake_fragment_len = 0;
rr->length = 0;
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
goto start;
}
+
if (s->s3->alert_fragment_len >= 2) {
int alert_level = s->s3->alert_fragment[0];
int alert_descr = s->s3->alert_fragment[1];
@@ -1498,7 +1496,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
s->rwstate = SSL_NOTHING;
s->s3->fatal_alert = alert_descr;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr);
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 0fb4845d44fa..96d973cd02bb 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -2510,7 +2510,7 @@ int ssl3_get_client_key_exchange(SSL *s)
/*
* Note that the length is checked again below, ** after decryption
*/
- if (enc_pms.length > sizeof pms) {
+ if (enc_pms.length > sizeof(pms)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
@@ -2563,7 +2563,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (enc == NULL)
goto err;
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ memset(iv, 0, sizeof(iv)); /* per RFC 1510 */
if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 155728d03772..363d2b2d6044 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -636,13 +636,13 @@ SESS_CERT *ssl_sess_cert_new(void)
{
SESS_CERT *ret;
- ret = OPENSSL_malloc(sizeof *ret);
+ ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) {
SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(ret, 0, sizeof *ret);
+ memset(ret, 0, sizeof(*ret));
ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1;
@@ -1018,15 +1018,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
char buf[1024];
int r;
- if (strlen(dir) + strlen(filename) + 2 > sizeof buf) {
+ if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
SSL_R_PATH_TOO_LONG);
goto err;
}
#ifdef OPENSSL_SYS_VMS
- r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename);
+ r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
#else
- r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename);
+ r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
#endif
if (r <= 0 || r >= (int)sizeof(buf))
goto err;
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 3539f4b8d20a..3a6c1b14d4a5 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -343,7 +343,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->verify_depth = ctx->verify_depth;
#endif
s->sid_ctx_length = ctx->sid_ctx_length;
- OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+ OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx));
memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
s->verify_callback = ctx->default_verify_callback;
s->generate_session_id = ctx->generate_session_id;
@@ -437,7 +437,7 @@ SSL *SSL_new(SSL_CTX *ctx)
int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
- if (sid_ctx_len > sizeof ctx->sid_ctx) {
+ if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
@@ -490,7 +490,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
*/
SSL_SESSION r, *p;
- if (id_len > sizeof r.session_id)
+ if (id_len > sizeof(r.session_id))
return 0;
r.ssl_version = ssl->version;
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index 23dd3e7a01c3..6a5ad5374bec 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -529,7 +529,7 @@ int ssl_get_new_session(SSL *s, int session)
ss->session_id_length = 0;
}
- if (s->sid_ctx_length > sizeof ss->sid_ctx) {
+ if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
SSL_SESSION_free(ss);
return 0;
@@ -870,9 +870,9 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
- OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+ OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg));
+ OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+ OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
if (ss->sess_cert != NULL)
ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL)
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index f6a8f195eeb7..b861e4956937 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -1102,7 +1102,7 @@ int main(int argc, char *argv[])
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- RAND_seed(rnd_seed, sizeof rnd_seed);
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
@@ -1673,9 +1673,9 @@ int main(int argc, char *argv[])
{
int session_id_context = 0;
SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
- sizeof session_id_context);
+ sizeof(session_id_context));
SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
- sizeof session_id_context);
+ sizeof(session_id_context));
}
/* Use PSK only if PSK key is given */
@@ -1861,9 +1861,9 @@ int main(int argc, char *argv[])
if (c_ssl && c_ssl->kssl_ctx) {
char localhost[MAXHOSTNAMELEN + 2];
- if (gethostname(localhost, sizeof localhost - 1) == 0) {
- localhost[sizeof localhost - 1] = '\0';
- if (strlen(localhost) == sizeof localhost - 1) {
+ if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
+ localhost[sizeof(localhost) - 1] = '\0';
+ if (strlen(localhost) == sizeof(localhost) - 1) {
BIO_printf(bio_err, "localhost name too long\n");
goto end;
}
@@ -2041,8 +2041,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (cw_num > 0) {
/* Write to server. */
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
+ if (cw_num > (long)sizeof(cbuf))
+ i = sizeof(cbuf);
else
i = (int)cw_num;
r = BIO_write(c_ssl_bio, cbuf, i);
@@ -2118,8 +2118,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
if (sw_num > 0) {
/* Write to client. */
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
+ if (sw_num > (long)sizeof(sbuf))
+ i = sizeof(sbuf);
else
i = (int)sw_num;
r = BIO_write(s_ssl_bio, sbuf, i);
@@ -2630,7 +2630,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
char *s, buf[256];
s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
- sizeof buf);
+ sizeof(buf));
if (s != NULL) {
if (ok)
fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index b6d1ee95a521..50491ff62ff4 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -972,7 +972,7 @@ int tls1_final_finish_mac(SSL *s,
int hashsize = EVP_MD_size(md);
EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
if (!hdgst || hashsize < 0
- || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
+ || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) {
/*
* internal error: 'buf' is too small for this cipersuite!
*/
@@ -990,7 +990,7 @@ int tls1_final_finish_mac(SSL *s,
if (!tls1_PRF(ssl_get_algorithm2(s),
str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
- out, buf2, sizeof buf2))
+ out, buf2, sizeof(buf2)))
err = 1;
EVP_MD_CTX_cleanup(&ctx);
@@ -999,7 +999,7 @@ int tls1_final_finish_mac(SSL *s,
if (err)
return 0;
else
- return sizeof buf2;
+ return sizeof(buf2);
}
int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -1165,8 +1165,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
s->s3->client_random, SSL3_RANDOM_SIZE,
co, col,
s->s3->server_random, SSL3_RANDOM_SIZE,
- so, sol, p, len, s->session->master_key, buff, sizeof buff);
- OPENSSL_cleanse(buff, sizeof buff);
+ so, sol, p, len, s->session->master_key, buff, sizeof(buff));
+ OPENSSL_cleanse(buff, sizeof(buff));
#ifdef SSL_DEBUG
fprintf(stderr, "Premaster Secret:\n");
BIO_dump_fp(stderr, (char *)p, len);
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index 1a4387b78eb9..75c2f4154dfe 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -2284,8 +2284,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned char *sdata = data;
- int ecpointformatlist_length = *(sdata++);
+ int ecpointformatlist_length;
+ if (size == 0)
+ goto err;
+
+ ecpointformatlist_length = *(sdata++);
if (ecpointformatlist_length != size - 1 ||
ecpointformatlist_length < 1)
goto err;
@@ -2711,8 +2715,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
# ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats) {
unsigned char *sdata = data;
- int ecpointformatlist_length = *(sdata++);
+ int ecpointformatlist_length;
+
+ if (size == 0) {
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
+ }
+ ecpointformatlist_length = *(sdata++);
if (ecpointformatlist_length != size - 1) {
*al = TLS1_AD_DECODE_ERROR;
return 0;
@@ -3505,6 +3515,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx;
+ /* Need at least keyname + iv */
+ if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+ return 2;
+
/* Initialize session ticket encryption and HMAC contexts */
HMAC_CTX_init(&hctx);
EVP_CIPHER_CTX_init(&ctx);
@@ -3513,9 +3527,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
&ctx, &hctx, 0);
if (rv < 0)
- return -1;
- if (rv == 0)
+ goto err;
+ if (rv == 0) {
+ HMAC_CTX_cleanup(&hctx);
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
if (rv == 2)
renew_ticket = 1;
} else {
diff --git a/crypto/openssl/ssl/t1_trce.c b/crypto/openssl/ssl/t1_trce.c
index c5e21df77a6b..dc62df8f94cf 100644
--- a/crypto/openssl/ssl/t1_trce.c
+++ b/crypto/openssl/ssl/t1_trce.c
@@ -1247,13 +1247,15 @@ void SSL_trace(int write_p, int version, int content_type,
break;
case SSL3_RT_ALERT:
- if (msglen != 2)
+ if (msglen != 2) {
BIO_puts(bio, " Illegal Alert Length\n");
- else {
+ } else {
BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n",
SSL_alert_type_string_long(msg[0] << 8),
msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
}
+ break;
+
case TLS1_RT_HEARTBEAT:
ssl_print_heartbeat(bio, 4, msg, msglen);
break;
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index 46c9a89aa859..9d9acc8c6bee 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.0.2n
-OPENSSL_DATE= 2017-12-07
+OPENSSL_VER= 1.0.2o
+OPENSSL_DATE= 2018-03-27
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index 2b575def0292..2bad64cf0c46 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index 71b639188d65..9174c28275bf 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_STRING_length 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -198,8 +198,8 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
-for and IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
-character in big endian format, UTF8String will be in \s-1UTF8\s0 format.
+for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
+character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format.
.PP
Similar care should be take to ensure the data is in the correct format
when calling \fIASN1_STRING_set()\fR.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index b955a127241b..66a35c7adf87 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_STRING_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index bf561dd6904b..2cffedb1219a 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3
index 27ced2e3dc0b..07c3bf544a6e 100644
--- a/secure/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TIME_set 3"
-.TH ASN1_TIME_set 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_TIME_set 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index ba5f13a664b4..576cb3203de3 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index 26d4eca5f0ed..bbfb1dec1703 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index 999d63bb91ac..8951748a6a91 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_base64 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index 5243a7680449..90e94cf93c65 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_buffer 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index 79cb033ab7ee..e65a6a13edd8 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_cipher 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index cae30370b232..65b59b721f6e 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_md 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index 01331e7b7238..78e10dfc22db 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_null 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index f05645bf3823..c06ef20731ca 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_f_ssl 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index 96e5284872b2..ee162cee279c 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_find_type 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index ccc679ef2ac6..f4bca990390e 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index 7cb529179e9c..8aca69897668 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new_CMS 3"
-.TH BIO_new_CMS 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_new_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index 0f25913450a6..eb23d337f5e1 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_push 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 0fe5bf37e1d2..715cd542e5e1 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_read 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index 6d9a55bf93dd..b47027e36f93 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_accept 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 73f89249e35f..1ade4dc91b4c 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index 6dc2cfd141ed..ae4ea1284d11 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_connect 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 98a6dfc751fd..55848f442d92 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index fd158d8d8f8e..21b775476862 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index ec628ac2f78a..8a1ffaff570f 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_mem 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,14 +183,14 @@ zero then it will return \fBv\fR when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
positive return value \fBv\fR should be set to a negative value, typically \-1.
.PP
-\&\fIBIO_get_mem_data()\fR sets \fBpp\fR to a pointer to the start of the memory BIOs data
+\&\fIBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data
and returns the total amount of data available. It is implemented as a macro.
.PP
\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
It is a macro.
.PP
-\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is
+\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is
a macro.
.PP
\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index ed2e0629205e..2051d73723b1 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_null 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 86ea612eba75..b563696ab8de 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_s_socket 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index d2e949c4560a..097fe026d861 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_set_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index e7d2b9398dde..e784a38310c2 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BIO_should_retry 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index a1e8091f7fca..bd4824c3409c 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_BLINDING_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index ad8bb6f64681..170e6788f02e 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 3f6b249e5eea..75579158aa7e 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_CTX_start 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index 14c3759a8a64..0cda17135542 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index 45b084087c33..c7ff47a3abb0 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_add_word 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index 1d70d22cf989..ab4d42ef0439 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_bn2bin 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index 36cde109a072..fba6ddb43404 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_cmp 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 88c1a8160325..9161d679e4c4 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_copy 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index 5b2a1da8381b..6873b8b9c764 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_generate_prime 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index dbe452aa034b..e67b91e22db7 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_mod_inverse 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index 193151e02717..45d41070346d 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index 19db7ca70f35..9c032b876ac8 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index f000ac28263e..fb0b7c754972 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 2c331e8b242a..db76b03b2512 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_num_bytes 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index 8afd69e8893e..ea16ba710d2a 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_rand 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 1a54814e5307..2da032de397a 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_set_bit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 55cc5896faad..3fd1d1782731 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_swap 3"
-.TH BN_swap 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_swap 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 93e1136a0364..8915eda458d9 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH BN_zero 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,32 +147,35 @@ operations
\&
\& const BIGNUM *BN_value_one(void);
\&
-\& int BN_set_word(BIGNUM *a, unsigned long w);
-\& unsigned long BN_get_word(BIGNUM *a);
+\& int BN_set_word(BIGNUM *a, BN_ULONG w);
+\& BN_ULONG BN_get_word(BIGNUM *a);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
+\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimied
+for the most efficient implementation on the local platform.
+.PP
\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and
\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros.
.PP
\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
is useful for use in comparisons and assignment.
.PP
-\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as an unsigned
-long.
+\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fIBN_get_word()\fR returns the value \fBa\fR, and 0xffffffffL if \fBa\fR cannot
-be represented as an unsigned long.
+\&\fIBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot
+be represented as a \fB\s-1BN_ULONG\s0\fR.
.PP
\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise.
\&\fIBN_value_one()\fR returns the constant.
.SH "BUGS"
.IX Header "BUGS"
-Someone might change the constant.
+If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide
+with the error condition returned by \fIBN_get_word()\fR which uses that
+as an error value.
.PP
-If a \fB\s-1BIGNUM\s0\fR is equal to 0xffffffffL it can be represented as an
-unsigned long but this value is also returned on error.
+\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbn\fR\|(3), \fIBN_bn2bin\fR\|(3)
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index 9f6da90fab37..8d5164c05bba 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add0_cert 3"
-.TH CMS_add0_cert 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_add0_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index e10012b0931c..56c7244e63bf 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_recipient_cert 3"
-.TH CMS_add1_recipient_cert 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_add1_recipient_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 42604807e8b0..4badcd64bb6d 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_signer 3"
-.TH CMS_add1_signer 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_add1_signer 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index a98906f0c998..3d4099e71aae 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_compress 3"
-.TH CMS_compress 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_compress 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index a8bf494fe65b..bf4651fb2ee1 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_decrypt 3"
-.TH CMS_decrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index a938ce05d24e..229f9a05ca12 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_encrypt 3"
-.TH CMS_encrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index 0d857bfabe08..1955e2d45c14 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_final 3"
-.TH CMS_final 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_final 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index 28246df28e05..52b20526066a 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_RecipientInfos 3"
-.TH CMS_get0_RecipientInfos 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_get0_RecipientInfos 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index d29d9316b8ca..3ddba27716e7 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_SignerInfos 3"
-.TH CMS_get0_SignerInfos 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_get0_SignerInfos 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 1b074c696c1e..00d04b764e33 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_type 3"
-.TH CMS_get0_type 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_get0_type 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index 4cb33ec10c8e..c20127858a8a 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get1_ReceiptRequest 3"
-.TH CMS_get1_ReceiptRequest 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_get1_ReceiptRequest 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index b1b48369b335..c4930c081e6f 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign 3"
-.TH CMS_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index c34310e7085c..8f8b98568613 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign_receipt 3"
-.TH CMS_sign_receipt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_sign_receipt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index bcfdb0a61ff8..c1da3ad006a9 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_uncompress 3"
-.TH CMS_uncompress 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_uncompress 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index 18f4118dbd0f..e0cc2e87b90f 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify 3"
-.TH CMS_verify 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index 09fec963fb6e..1d68ffee9b4b 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify_receipt 3"
-.TH CMS_verify_receipt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS_verify_receipt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index dc16a9b86341..2ac07d1d7c07 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CONF_modules_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 7fd96b03fe9b..766748711ff5 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CONF_modules_load_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 7020a319ade9..9ef5ca9f741e 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index b547fa6136d7..3cabcac64442 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index 404133423c3b..fbb774e2425b 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_generate_parameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index b91703089848..22e73d7dd6e6 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index a25e716ca75c..0958f6cb3bac 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index bc457cead35c..9626dbf27a5c 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index 2286132a5c1c..6aa4520c7a1c 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DH_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 1a32831f6317..10d596f7446f 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_SIG_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index a6daaef58b72..83c6e5a191cc 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_do_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index ae8759d48003..28c6c9ae5c4c 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_dup_DH 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index b0e3c9c29061..f9125858a22b 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 781bc20c706b..2d84d644d968 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_generate_parameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index c6c196a2cb6b..5632bcae9935 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index a19d9164869f..5553dd3dde36 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index 7580418694d1..cea0fc47ea4a 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index d69335dc5995..622b2c237d4c 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index c05ca722640b..1f224722433e 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
index 7ced9947e436..1b5d244cca62 100644
--- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3
+++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GFp_simple_method 3"
-.TH EC_GFp_simple_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_GFp_simple_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3
index 9416a8e615c3..03eddde14841 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_copy.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_copy 3"
-.TH EC_GROUP_copy 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_GROUP_copy 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3
index 1226b2b1dc18..743ca73cb40e 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_new.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_new 3"
-.TH EC_GROUP_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_GROUP_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3
index 956db1ad2f71..39e4a30ac48c 100644
--- a/secure/lib/libcrypto/man/EC_KEY_new.3
+++ b/secure/lib/libcrypto/man/EC_KEY_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_KEY_new 3"
-.TH EC_KEY_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_KEY_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3
index e33a0034b575..f8e12d0b631f 100644
--- a/secure/lib/libcrypto/man/EC_POINT_add.3
+++ b/secure/lib/libcrypto/man/EC_POINT_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_add 3"
-.TH EC_POINT_add 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_POINT_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3
index bfd2fe5584f9..db7a944b73d5 100644
--- a/secure/lib/libcrypto/man/EC_POINT_new.3
+++ b/secure/lib/libcrypto/man/EC_POINT_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_new 3"
-.TH EC_POINT_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC_POINT_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index f6fa30e35368..ca4248df90a5 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_GET_LIB 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index 9164f609ac3f..06941e3f3e3e 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_clear_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index 2a6f6081109e..e330af60d3c6 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_error_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index e03f5751720a..d5d998f2c2c7 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index ca26537421b9..e8e8eecef797 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 44d608b7c62a..94b5f3064f08 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_load_strings 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index 72b5ece1aa78..c003cae8e3cb 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_print_errors 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index d1268cad46c2..4c3c757930b7 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_put_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index 71440d7ee1c9..18c3f0ea9032 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_remove_state 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index 942ee18f7cf8..9455b2e9ea17 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERR_set_mark 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 552bdeae9bb0..694c7ea917d5 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_BytesToKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index d2e0f5725deb..bfae14984a09 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_DigestInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index 6f60d59ba6e7..16b241a8394e 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestSignInit 3"
-.TH EVP_DigestSignInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_DigestSignInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 5b40bfaf5a8f..ac833bc1e065 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestVerifyInit 3"
-.TH EVP_DigestVerifyInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_DigestVerifyInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3
index 5bcb54a644a2..96ae44a8e26e 100644
--- a/secure/lib/libcrypto/man/EVP_EncodeInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncodeInit 3"
-.TH EVP_EncodeInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_EncodeInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 2abbff6dd346..7336deb46a85 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_EncryptInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,38 +171,38 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256
\& void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
\&
\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& ENGINE *impl, unsigned char *key, unsigned char *iv);
+\& ENGINE *impl, const unsigned char *key, const unsigned char *iv);
\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, const unsigned char *in, int inl);
\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl);
\&
\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& ENGINE *impl, unsigned char *key, unsigned char *iv);
+\& ENGINE *impl, const unsigned char *key, const unsigned char *iv);
\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, const unsigned char *in, int inl);
\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
\&
\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-\& int *outl, unsigned char *in, int inl);
+\& int *outl, const unsigned char *in, int inl);
\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
\&
\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& unsigned char *key, unsigned char *iv);
+\& const unsigned char *key, const unsigned char *iv);
\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl);
\&
\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& unsigned char *key, unsigned char *iv);
+\& const unsigned char *key, const unsigned char *iv);
\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
\&
\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-\& unsigned char *key, unsigned char *iv, int enc);
+\& const unsigned char *key, const unsigned char *iv, int enc);
\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
\& int *outl);
\&
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index 02a149102aa1..8380146f0dea 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_OpenInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 85f4851b749a..279a80503aa6 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_ctrl 3"
-.TH EVP_PKEY_CTX_ctrl 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_CTX_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index b3dad356b2b7..79d0479ab43e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_new 3"
-.TH EVP_PKEY_CTX_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
index 71ac6e61507b..689c1d156eb5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_cmp 3"
-.TH EVP_PKEY_cmp 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_cmp 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
index 1164d82e9765..818d97203619 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_decrypt 3"
-.TH EVP_PKEY_decrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
index 5dd6bcc342fa..550103610035 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_derive 3"
-.TH EVP_PKEY_derive 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_derive 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
index c325eac8caba..9c253fda1f5c 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_encrypt 3"
-.TH EVP_PKEY_encrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
index 0d6f8929d80c..4e7d3539c564 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_get_default_digest 3"
-.TH EVP_PKEY_get_default_digest 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_get_default_digest 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
index 5fea7ddf74e0..7c99b1419a8c 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_keygen 3"
-.TH EVP_PKEY_keygen 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_keygen 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
index 93a31c7aec5b..f71569695349 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_meth_new 3"
-.TH EVP_PKEY_meth_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_meth_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 2817453a3759..19b4bc7f98d5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
index 11d4a30235f2..eed2a9a475dc 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_print_private 3"
-.TH EVP_PKEY_print_private 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_print_private 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index 28b947823339..74eef8618732 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
index 82bf19ad308d..61d814211fc1 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_sign 3"
-.TH EVP_PKEY_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
index a9e0e98d810e..e32467a9c5aa 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify 3"
-.TH EVP_PKEY_verify 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
index c579581ee44f..066200720743 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify_recover 3"
-.TH EVP_PKEY_verify_recover 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_PKEY_verify_recover 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index 1d612c3452ea..aa5f9ac21955 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_SealInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index 836227787db4..b55f3a72cacc 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_SignInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index fbd512dc9ab1..fafe44dc44cf 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EVP_VerifyInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
index 92aec4aef6fe..a6b2cead6bd6 100644
--- a/secure/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OBJ_nid2obj 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
index 5e46a71359f1..fe0faeaddf14 100644
--- a/secure/lib/libcrypto/man/OPENSSL_Applink.3
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_Applink 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index 2ee36ee59d5e..bdd3f67e8a18 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
index c1a5f2d43ac9..0b848eb1a1c5 100644
--- a/secure/lib/libcrypto/man/OPENSSL_config.3
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_config 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
index b56cfa671ce3..5f3387a7a236 100644
--- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
index 2da87f72d937..9beae776b82c 100644
--- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
+++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_instrument_bus 3"
-.TH OPENSSL_instrument_bus 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_instrument_bus 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
index a26e41b92c8b..aac91fd3c62b 100644
--- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index c62b1c522e13..6ec18dde850e 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
index 353b286292eb..bbb63229d2a0 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_CMS_stream 3"
-.TH PEM_write_bio_CMS_stream 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PEM_write_bio_CMS_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
index f3fbb87fda37..923718c38bbd 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_PKCS7_stream 3"
-.TH PEM_write_bio_PKCS7_stream 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PEM_write_bio_PKCS7_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
index f7c3d75c9169..da4a868273e7 100644
--- a/secure/lib/libcrypto/man/PKCS12_create.3
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS12_create 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
index f0dae826a683..309de087083a 100644
--- a/secure/lib/libcrypto/man/PKCS12_parse.3
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS12_parse 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
index 4117cf9abf92..6effd8d70b26 100644
--- a/secure/lib/libcrypto/man/PKCS7_decrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
index 0d48045db762..20959a9a6766 100644
--- a/secure/lib/libcrypto/man/PKCS7_encrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index 2f17d90fae5e..c89d9c4ca26b 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
index 8d96cb36c4cc..2885d6f14397 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign_add_signer 3"
-.TH PKCS7_sign_add_signer 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7_sign_add_signer 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
index 1bce3904a4cd..6feb0321356f 100644
--- a/secure/lib/libcrypto/man/PKCS7_verify.3
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index 793e60300541..d1cc20b96616 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_add 3"
-.TH RAND_add 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index e8813f9e6a00..1acb66d96d37 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_bytes 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index fd572cabe3b0..67923f6db25f 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_cleanup 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index 1a903fe10a92..4e84db9491a8 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_egd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index 75f97daf0886..cbdf12cd5237 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_load_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index 2c6385409ad3..90276ca73dd3 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND_set_rand_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index 5868c090298b..531d36156f09 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_blinding_on 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index fd6e7e763948..d5ecf544bfab 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_check_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index 3824ddc4d909..62fc634b68cb 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
index ad63fdf50cf8..67d14bbd7c30 100644
--- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index 1d8a4857f062..95f5fb6d5b90 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_new 3"
-.TH RSA_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index 9800ae9364d4..a3ffe4da43c9 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index 0d40ed13339d..e92aea5aec54 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_print 3"
-.TH RSA_print 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_print 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index 53955a3e9e0f..3003be12d465 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_private_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index b4ce8c73d026..1fd6b458dd2e 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_public_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index c4bd07d703c9..eaef1d8d65cf 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index e94d30993a1a..5d4baf7f4064 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index af2e6e7e2322..0236973f935d 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index f9aaeca6f824..7de679410778 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_size 3"
-.TH RSA_size 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3
index a65680701a47..b577985d91c3 100644
--- a/secure/lib/libcrypto/man/SMIME_read_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_CMS 3"
-.TH SMIME_read_CMS 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SMIME_read_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
index e7fe80ab6c18..1378b60d21d5 100644
--- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3
index 837153819d33..3f74429780cb 100644
--- a/secure/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_CMS 3"
-.TH SMIME_write_CMS 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SMIME_write_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
index 831808e599a1..3488df6a8808 100644
--- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index 3345cd089316..dd40c5a64e31 100644
--- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index 228442997d29..615e410b0ab9 100644
--- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_add_entry_by_txt 3"
-.TH X509_NAME_add_entry_by_txt 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_NAME_add_entry_by_txt 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index 7befdbbf8c98..97675a9484ef 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_get_index_by_NID 3"
-.TH X509_NAME_get_index_by_NID 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_NAME_get_index_by_NID 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
index 088d061cb65e..c3af649c73d0 100644
--- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_print_ex 3"
-.TH X509_NAME_print_ex 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_NAME_print_ex 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 7d7fdbe16aa5..5733e66f1bbc 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_error 3"
-.TH X509_STORE_CTX_get_error 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_STORE_CTX_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
index e964e1f3289e..68dd835d7b8e 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_ex_new_index 3"
-.TH X509_STORE_CTX_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_STORE_CTX_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
index 3f989dcdb8c9..f4ad3f25b84d 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_new 3"
-.TH X509_STORE_CTX_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_STORE_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
index d99d6fc13721..575cefcba2ee 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_set_verify_cb 3"
-.TH X509_STORE_CTX_set_verify_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_STORE_CTX_set_verify_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index e6d6a239093f..e3cf5a0eea70 100644
--- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_set_verify_cb_func 3"
-.TH X509_STORE_set_verify_cb_func 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_STORE_set_verify_cb_func 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 4baab56875c2..4f5f0d98963d 100644
--- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_VERIFY_PARAM_set_flags 3"
-.TH X509_VERIFY_PARAM_set_flags 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_VERIFY_PARAM_set_flags 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -333,6 +333,27 @@ chains. By default, when building a certificate chain, if the first certificate
chain found is not trusted, then OpenSSL will continue to check to see if an
alternative chain can be found that is trusted. With this flag set the behaviour
will match that of OpenSSL versions prior to 1.0.2b.
+.PP
+The \fBX509_V_FLAG_TRUSTED_FIRST\fR flag causes chain construction to look for
+issuers in the trust store before looking at the untrusted certificates
+provided as part of the the peer chain.
+Though it is not on by default in OpenSSL 1.0.2, applications should generally
+set this flag.
+Local issuer certificates are often more likely to satisfy local security
+requirements and lead to a locally trusted root.
+This is especially important When some certificates in the trust store have
+explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fIx509\fR\|(1)).
+.PP
+The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the
+trust store to be treated as trust-anchors, in the same way as the self-signed
+root \s-1CA\s0 certificates.
+This makes it possible to trust certificates issued by an intermediate \s-1CA\s0
+without having to trust its ancestor root \s-1CA.\s0
+With OpenSSL 1.0.2, chain construction continues as long as there are
+additional trusted issuers in the trust store, and the last trusted issuer
+becomes the trust-anchor.
+Thus, even when an intermediate certificate is found in the trust store, the
+verified chain passed to callbacks may still be anchored by a root \s-1CA.\s0
.SH "NOTES"
.IX Header "NOTES"
The above functions should be used to manipulate verification parameters
@@ -364,7 +385,8 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
\&\fIX509_verify_cert\fR\|(3),
\&\fIX509_check_host\fR\|(3),
\&\fIX509_check_email\fR\|(3),
-\&\fIX509_check_ip\fR\|(3)
+\&\fIX509_check_ip\fR\|(3),
+\&\fIx509\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.0.2b
diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3
index 76710ce9c479..2751c4c1fa3a 100644
--- a/secure/lib/libcrypto/man/X509_check_host.3
+++ b/secure/lib/libcrypto/man/X509_check_host.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_check_host 3"
-.TH X509_check_host 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_check_host 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3
index 985d2607cf42..9b63f41a7d24 100644
--- a/secure/lib/libcrypto/man/X509_check_private_key.3
+++ b/secure/lib/libcrypto/man/X509_check_private_key.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_check_private_key 3"
-.TH X509_check_private_key 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_check_private_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
index c4ee7c0d3b27..50ac881586cf 100644
--- a/secure/lib/libcrypto/man/X509_new.3
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_new 3"
-.TH X509_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3
index cbf32389a44b..b420259c5552 100644
--- a/secure/lib/libcrypto/man/X509_verify_cert.3
+++ b/secure/lib/libcrypto/man/X509_verify_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_verify_cert 3"
-.TH X509_verify_cert 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH X509_verify_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
index 49ef7a05cb43..2882cd2977cb 100644
--- a/secure/lib/libcrypto/man/bio.3
+++ b/secure/lib/libcrypto/man/bio.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bio 3"
-.TH bio 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
index cfcddb6a52e8..4d87562b7e77 100644
--- a/secure/lib/libcrypto/man/blowfish.3
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "blowfish 3"
-.TH blowfish 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH blowfish 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
index 6b51f91cb5b5..acd61a52090e 100644
--- a/secure/lib/libcrypto/man/bn.3
+++ b/secure/lib/libcrypto/man/bn.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bn 3"
-.TH bn 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH bn 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
index c2c75704142d..3db340d0a5ae 100644
--- a/secure/lib/libcrypto/man/bn_internal.3
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bn_internal 3"
-.TH bn_internal 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH bn_internal 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
index f0cdf11a4c3c..93e5ccb9004c 100644
--- a/secure/lib/libcrypto/man/buffer.3
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "buffer 3"
-.TH buffer 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH buffer 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
index 7c4de74ad04d..84f0f342c3de 100644
--- a/secure/lib/libcrypto/man/crypto.3
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "crypto 3"
-.TH crypto 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH crypto 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
index 355de3f85270..f46a6aab59e4 100644
--- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ASN1_OBJECT 3"
-.TH d2i_ASN1_OBJECT 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_ASN1_OBJECT 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
index 339e65adfa7e..b82e2f82341a 100644
--- a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
+++ b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_CMS_ContentInfo 3"
-.TH d2i_CMS_ContentInfo 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_CMS_ContentInfo 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index 539aa119c442..c093a1b2e10e 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_DHparams 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
index 37fbe67793ff..993dc593d7c5 100644
--- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DSAPublicKey 3"
-.TH d2i_DSAPublicKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_DSAPublicKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ECPKParameters.3 b/secure/lib/libcrypto/man/d2i_ECPKParameters.3
index 0b14b763d691..ed82da989136 100644
--- a/secure/lib/libcrypto/man/d2i_ECPKParameters.3
+++ b/secure/lib/libcrypto/man/d2i_ECPKParameters.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ECPKParameters 3"
-.TH d2i_ECPKParameters 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_ECPKParameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
index 58e4edf7c5d4..3a26032a042a 100644
--- a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ECPrivateKey 3"
-.TH d2i_ECPrivateKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_ECPrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
index 154faccc784d..5a179191b420 100644
--- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PKCS8PrivateKey 3"
-.TH d2i_PKCS8PrivateKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_PKCS8PrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3
index db2ff9c52810..a56b332f6374 100644
--- a/secure/lib/libcrypto/man/d2i_PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PrivateKey 3"
-.TH d2i_PrivateKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_PrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
index ada1adf7b551..fb1aebc63c9a 100644
--- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index f0dc50683557..71d7de1145dc 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
index 6602c308c6c3..5cafc7895cec 100644
--- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_ALGOR 3"
-.TH d2i_X509_ALGOR 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509_ALGOR 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3
index e36a0caa349f..693b08d18796 100644
--- a/secure/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_CRL 3"
-.TH d2i_X509_CRL 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509_CRL 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3
index f405c04cf0e5..cd055bf458cc 100644
--- a/secure/lib/libcrypto/man/d2i_X509_NAME.3
+++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_NAME 3"
-.TH d2i_X509_NAME 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509_NAME 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3
index 82e43a747903..92d1312f2bb3 100644
--- a/secure/lib/libcrypto/man/d2i_X509_REQ.3
+++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_REQ 3"
-.TH d2i_X509_REQ 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509_REQ 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3
index 358913dcdc80..949ea1ee348e 100644
--- a/secure/lib/libcrypto/man/d2i_X509_SIG.3
+++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_SIG 3"
-.TH d2i_X509_SIG 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_X509_SIG 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
index cc9de07f5507..2e28d332c716 100644
--- a/secure/lib/libcrypto/man/des.3
+++ b/secure/lib/libcrypto/man/des.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "des 3"
-.TH des 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH des 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
index f8e1ce0f702c..4d7d66112055 100644
--- a/secure/lib/libcrypto/man/dh.3
+++ b/secure/lib/libcrypto/man/dh.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "dh 3"
-.TH dh 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH dh 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
index 699cc039557d..239738cb67fd 100644
--- a/secure/lib/libcrypto/man/dsa.3
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "dsa 3"
-.TH dsa 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH dsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ec.3 b/secure/lib/libcrypto/man/ec.3
index 4d9c453f9d25..b6f510de80a7 100644
--- a/secure/lib/libcrypto/man/ec.3
+++ b/secure/lib/libcrypto/man/ec.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ec 3"
-.TH ec 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ec 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3
index 7b9a9c6fb1d0..322a8ab87421 100644
--- a/secure/lib/libcrypto/man/ecdsa.3
+++ b/secure/lib/libcrypto/man/ecdsa.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ecdsa 3"
-.TH ecdsa 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ecdsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3
index 06e610449b23..591e2d0dce61 100644
--- a/secure/lib/libcrypto/man/engine.3
+++ b/secure/lib/libcrypto/man/engine.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "engine 3"
-.TH engine 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH engine 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
index 6ffca104886e..43620d0dd684 100644
--- a/secure/lib/libcrypto/man/err.3
+++ b/secure/lib/libcrypto/man/err.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "err 3"
-.TH err 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH err 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
index 9665c4be7d48..c52844773fc7 100644
--- a/secure/lib/libcrypto/man/evp.3
+++ b/secure/lib/libcrypto/man/evp.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "evp 3"
-.TH evp 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH evp 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
index cde58dc5273a..41a5f67896a6 100644
--- a/secure/lib/libcrypto/man/hmac.3
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "hmac 3"
-.TH hmac 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH hmac 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
index c3c4a8d59314..a0d07fcd937e 100644
--- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_CMS_bio_stream 3"
-.TH i2d_CMS_bio_stream 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH i2d_CMS_bio_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
index 8fc6fbdbead0..0db1097630c6 100644
--- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_PKCS7_bio_stream 3"
-.TH i2d_PKCS7_bio_stream 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH i2d_PKCS7_bio_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
index 4d8da16666ac..186badaf5cc3 100644
--- a/secure/lib/libcrypto/man/lh_stats.3
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "lh_stats 3"
-.TH lh_stats 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH lh_stats 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
index 1c513e6bfbf9..943af862654d 100644
--- a/secure/lib/libcrypto/man/lhash.3
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "lhash 3"
-.TH lhash 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH lhash 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
index 0506c8f0f4aa..5c411ebc6054 100644
--- a/secure/lib/libcrypto/man/md5.3
+++ b/secure/lib/libcrypto/man/md5.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "md5 3"
-.TH md5 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH md5 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
index 473a5d667162..5d3e3d996d9b 100644
--- a/secure/lib/libcrypto/man/mdc2.3
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "mdc2 3"
-.TH mdc2 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH mdc2 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3
index 5f53198889bd..3af1172885be 100644
--- a/secure/lib/libcrypto/man/pem.3
+++ b/secure/lib/libcrypto/man/pem.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "pem 3"
-.TH pem 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH pem 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
index 50220bb9388d..e6573c2bc7c5 100644
--- a/secure/lib/libcrypto/man/rand.3
+++ b/secure/lib/libcrypto/man/rand.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rand 3"
-.TH rand 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH rand 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
index 4d49940bc39b..89f183fd70f5 100644
--- a/secure/lib/libcrypto/man/rc4.3
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rc4 3"
-.TH rc4 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH rc4 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
index c5928ee4286d..0c90a36e9a01 100644
--- a/secure/lib/libcrypto/man/ripemd.3
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ripemd 3"
-.TH ripemd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ripemd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
index d4b31b598b83..3cd20dfd6dc9 100644
--- a/secure/lib/libcrypto/man/rsa.3
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rsa 3"
-.TH rsa 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH rsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
index 36a8d3de6210..98336711ac6f 100644
--- a/secure/lib/libcrypto/man/sha.3
+++ b/secure/lib/libcrypto/man/sha.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "sha 3"
-.TH sha 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH sha 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
index 3e655261e7d6..04d00c323cf9 100644
--- a/secure/lib/libcrypto/man/threads.3
+++ b/secure/lib/libcrypto/man/threads.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "threads 3"
-.TH threads 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH threads 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,9 +196,13 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-OpenSSL can safely be used in multi-threaded applications provided
-that at least two callback functions are set, locking_function and
+OpenSSL can generally be used safely in multi-threaded applications provided
+that at least two callback functions are set, the locking_function and
threadid_func.
+Note that OpenSSL is not completely thread-safe, and unfortunately not all
+global resources have the necessary locks.
+Further, the thread-safety does not extend to things like multiple threads
+using the same \fB\s-1SSL\s0\fR object at the same time.
.PP
locking_function(int mode, int n, const char *file, int line) is
needed to perform locking on shared data structures.
diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3
index 45f8bcdb23c5..f085eb98b5dc 100644
--- a/secure/lib/libcrypto/man/ui.3
+++ b/secure/lib/libcrypto/man/ui.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ui 3"
-.TH ui 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ui 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3
index 746c9b65511c..02cccb66657f 100644
--- a/secure/lib/libcrypto/man/ui_compat.3
+++ b/secure/lib/libcrypto/man/ui_compat.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ui_compat 3"
-.TH ui_compat 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ui_compat 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3
index 720a7b928bd4..7d15f11e487b 100644
--- a/secure/lib/libcrypto/man/x509.3
+++ b/secure/lib/libcrypto/man/x509.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "x509 3"
-.TH x509 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH x509 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
index 1324f34412c4..793093511a40 100644
--- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
index 5f92ed4606de..cef67701e55d 100644
--- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_new.3 b/secure/lib/libssl/man/SSL_CONF_CTX_new.3
index bd628b2c0073..e6032831faa5 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_new 3"
-.TH SSL_CONF_CTX_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
index 0e8c77e4021f..87c436ad7899 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set1_prefix 3"
-.TH SSL_CONF_CTX_set1_prefix 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_CTX_set1_prefix 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
index 1df726d1ff0d..2965c1179dcc 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set_flags 3"
-.TH SSL_CONF_CTX_set_flags 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_CTX_set_flags 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
index 868e2fd7999a..258f29bcb928 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set_ssl_ctx 3"
-.TH SSL_CONF_CTX_set_ssl_ctx 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_CTX_set_ssl_ctx 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_cmd.3 b/secure/lib/libssl/man/SSL_CONF_cmd.3
index e85c899150de..4ccaab0efeb1 100644
--- a/secure/lib/libssl/man/SSL_CONF_cmd.3
+++ b/secure/lib/libssl/man/SSL_CONF_cmd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_cmd 3"
-.TH SSL_CONF_cmd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_cmd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
index 715b014b0e67..98d3b13f34ba 100644
--- a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
+++ b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_cmd_argv 3"
-.TH SSL_CONF_cmd_argv 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CONF_cmd_argv 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
index 92850619229e..7b678086765d 100644
--- a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add1_chain_cert 3"
-.TH SSL_CTX_add1_chain_cert 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_add1_chain_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index 08402d3fea86..7fb818af5b4c 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3
index 4473b61b10d2..509cc0f2a95e 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_session.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_session.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_add_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3
index 690e1af16f92..a08765c0a57b 100644
--- a/secure/lib/libssl/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
index 7794e1e52906..92f3abc00ded 100644
--- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3
index 46400b0cfc38..c3ff8f016016 100644
--- a/secure/lib/libssl/man/SSL_CTX_free.3
+++ b/secure/lib/libssl/man/SSL_CTX_free.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get0_param.3 b/secure/lib/libssl/man/SSL_CTX_get0_param.3
index 6b284646e59c..f877f9e94935 100644
--- a/secure/lib/libssl/man/SSL_CTX_get0_param.3
+++ b/secure/lib/libssl/man/SSL_CTX_get0_param.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get0_param 3"
-.TH SSL_CTX_get0_param 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_get0_param 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
index 469663805c19..009bdb4af66a 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
index d9f50cdc6103..9f2f5947ea42 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
index 2949bdc14527..6920b164c759 100644
--- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3
index ddfce7ad5a0e..731f2987ae0b 100644
--- a/secure/lib/libssl/man/SSL_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CTX_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3
index 35fe697fb036..0a7a9b46da4f 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
index 3df07b0b6e81..bff67fc70d84 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
index 7c472029e409..476ee5e0147c 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3
index e489efe1d1cf..97810a634cb8 100644
--- a/secure/lib/libssl/man/SSL_CTX_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_sessions.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_sessions 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set1_curves.3 b/secure/lib/libssl/man/SSL_CTX_set1_curves.3
index 95ddc4c33507..613a70647113 100644
--- a/secure/lib/libssl/man/SSL_CTX_set1_curves.3
+++ b/secure/lib/libssl/man/SSL_CTX_set1_curves.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set1_curves 3"
-.TH SSL_CTX_set1_curves 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set1_curves 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
index ceef993f7882..b550a6e5a2b7 100644
--- a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set1_verify_cert_store 3"
-.TH SSL_CTX_set1_verify_cert_store 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set1_verify_cert_store 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
index f7822ab28283..16474ed7ce54 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_alpn_select_cb 3"
-.TH SSL_CTX_set_alpn_select_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_alpn_select_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
index e05558aac686..0b72e5b672a6 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_cb 3"
-.TH SSL_CTX_set_cert_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_cert_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
index e3b9572bdbc4..2a1a4c4acea7 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
index bed90ac8a564..8a0308cb3ad9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
index 028e2f3ea881..d8cdf03e234a 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
index 79e3c26377ef..b2fd343e5dd9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
index ba75794c5c7e..e5cbb29d370b 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
index bf7997df4104..b695280f12b6 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_custom_cli_ext 3"
-.TH SSL_CTX_set_custom_cli_ext 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_custom_cli_ext 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
index 545ae5868c0b..698065949109 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
index d031af91cce3..267f20594467 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_generate_session_id 3"
-.TH SSL_CTX_set_generate_session_id 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_generate_session_id 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
index 182edb169585..1a1511e2b3bc 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
index e8418b3315cd..15c099eaab99 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_max_cert_list 3"
-.TH SSL_CTX_set_max_cert_list 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_max_cert_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
index 613191ed4d8e..6c5c5e770840 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
index a091927474fb..6a3d967f481b 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_msg_callback 3"
-.TH SSL_CTX_set_msg_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_msg_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3
index 44a1f5cf7fa3..95fdc58d97c4 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_options.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_options.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_options 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
index b61a8c7192af..38bdf910606e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_psk_client_callback 3"
-.TH SSL_CTX_set_psk_client_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_psk_client_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
index 948a3f5c2e0d..07e4181c805a 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
index d7e8a0d86ef6..59dd6f4e047f 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_read_ahead 3"
-.TH SSL_CTX_set_read_ahead 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_read_ahead 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
index 5a5c5868d3e2..2e31bd63423e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
index c7606d28ef14..7cabb82f8aa3 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
index 085db53f7c98..c23177e11fb5 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
index ef2f37610add..3bcf178860f5 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
index d2be8a15d518..8a86d5fef365 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_servername_callback 3"
-.TH SSL_CTX_set_tlsext_servername_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_tlsext_servername_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
index 1c52098a589b..50d6728c53fb 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_status_cb 3"
-.TH SSL_CTX_set_tlsext_status_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_tlsext_status_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
index 8cb0650c7329..c3b4e7c949c8 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
-.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index c31064e9e009..de1ab332e59f 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
index 2943a4744071..70899d7ec480 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3
index 47c26bc8b5f8..dce190972ef9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
index 7b89a1fdcd8d..f1955d7e3858 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
index aaf2d4012c92..19e29b18abf2 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_psk_identity_hint 3"
-.TH SSL_CTX_use_psk_identity_hint 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_use_psk_identity_hint 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
index ab2c9d47d9ed..de443a93ae8b 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_serverinfo 3"
-.TH SSL_CTX_use_serverinfo 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_CTX_use_serverinfo 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3
index c1b94a44e8c6..ef48478a1ff6 100644
--- a/secure/lib/libssl/man/SSL_SESSION_free.3
+++ b/secure/lib/libssl/man/SSL_SESSION_free.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_SESSION_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
index 22efad4e03d1..a1ceb6dabab1 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3
index fda1d36196e5..bcd8f2e322cd 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3
index 065da1c1121a..d38547210790 100644
--- a/secure/lib/libssl/man/SSL_accept.3
+++ b/secure/lib/libssl/man/SSL_accept.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_accept 3"
-.TH SSL_accept 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_accept 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3
index 703f47c38213..c7596572b096 100644
--- a/secure/lib/libssl/man/SSL_alert_type_string.3
+++ b/secure/lib/libssl/man/SSL_alert_type_string.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_alert_type_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_check_chain.3 b/secure/lib/libssl/man/SSL_check_chain.3
index 042811674f96..4bded8190550 100644
--- a/secure/lib/libssl/man/SSL_check_chain.3
+++ b/secure/lib/libssl/man/SSL_check_chain.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_check_chain 3"
-.TH SSL_check_chain 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_check_chain 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3
index 00043e4b366b..559da961f5d5 100644
--- a/secure/lib/libssl/man/SSL_clear.3
+++ b/secure/lib/libssl/man/SSL_clear.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_clear 3"
-.TH SSL_clear 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_clear 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3
index a638d4aa14d2..b52190cfd28e 100644
--- a/secure/lib/libssl/man/SSL_connect.3
+++ b/secure/lib/libssl/man/SSL_connect.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_connect 3"
-.TH SSL_connect 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_connect 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3
index 13700e3de25a..bc93c5b9d73d 100644
--- a/secure/lib/libssl/man/SSL_do_handshake.3
+++ b/secure/lib/libssl/man/SSL_do_handshake.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_do_handshake 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_export_keying_material.3 b/secure/lib/libssl/man/SSL_export_keying_material.3
index 4c7b1eab22ff..8381da9f0d20 100644
--- a/secure/lib/libssl/man/SSL_export_keying_material.3
+++ b/secure/lib/libssl/man/SSL_export_keying_material.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_export_keying_material 3"
-.TH SSL_export_keying_material 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_export_keying_material 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3
index 283a2d7742de..ec66ebb5d41f 100644
--- a/secure/lib/libssl/man/SSL_free.3
+++ b/secure/lib/libssl/man/SSL_free.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_free 3"
-.TH SSL_free 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
index ad7d10f2b13c..d8d3f070651d 100644
--- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3
index c83c72406f93..791a2f3d71e8 100644
--- a/secure/lib/libssl/man/SSL_get_ciphers.3
+++ b/secure/lib/libssl/man/SSL_get_ciphers.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_ciphers 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3
index 8d63e6eb8719..f4480faa7333 100644
--- a/secure/lib/libssl/man/SSL_get_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3
index e9e4b894c173..32c6912136b6 100644
--- a/secure/lib/libssl/man/SSL_get_current_cipher.3
+++ b/secure/lib/libssl/man/SSL_get_current_cipher.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_current_cipher 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3
index 60c856723a63..3a7a56179b16 100644
--- a/secure/lib/libssl/man/SSL_get_default_timeout.3
+++ b/secure/lib/libssl/man/SSL_get_default_timeout.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_default_timeout 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3
index e97713148397..fc15c86e3b61 100644
--- a/secure/lib/libssl/man/SSL_get_error.3
+++ b/secure/lib/libssl/man/SSL_get_error.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
index 76d558698d54..2e20589aeae3 100644
--- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3
index 9e3c09b5abfc..0506a54daec6 100644
--- a/secure/lib/libssl/man/SSL_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3
index ff83fc2692d8..cb9195eb29d9 100644
--- a/secure/lib/libssl/man/SSL_get_fd.3
+++ b/secure/lib/libssl/man/SSL_get_fd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
index 1f3780decb94..07fc26240974 100644
--- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3
index 40845fd6085a..45d8722c6648 100644
--- a/secure/lib/libssl/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3
index c63355f085ab..93fddb3cd533 100644
--- a/secure/lib/libssl/man/SSL_get_psk_identity.3
+++ b/secure/lib/libssl/man/SSL_get_psk_identity.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_psk_identity 3"
-.TH SSL_get_psk_identity 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_psk_identity 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3
index c33067f3c6ce..0b0c24426dda 100644
--- a/secure/lib/libssl/man/SSL_get_rbio.3
+++ b/secure/lib/libssl/man/SSL_get_rbio.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_rbio 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3
index 372de1385b1e..91688beb8c5f 100644
--- a/secure/lib/libssl/man/SSL_get_session.3
+++ b/secure/lib/libssl/man/SSL_get_session.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3
index dae29fcd8b3c..c29d41dc588e 100644
--- a/secure/lib/libssl/man/SSL_get_verify_result.3
+++ b/secure/lib/libssl/man/SSL_get_verify_result.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_verify_result 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3
index 1099d4317afd..deaef2126d20 100644
--- a/secure/lib/libssl/man/SSL_get_version.3
+++ b/secure/lib/libssl/man/SSL_get_version.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_get_version 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3
index 61dd91df1eb8..16aa9be5eb96 100644
--- a/secure/lib/libssl/man/SSL_library_init.3
+++ b/secure/lib/libssl/man/SSL_library_init.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_library_init 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3
index 7bc810c8be9a..89d02845a1cd 100644
--- a/secure/lib/libssl/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3
index aa5ee6865cb1..706806444fc7 100644
--- a/secure/lib/libssl/man/SSL_new.3
+++ b/secure/lib/libssl/man/SSL_new.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_new 3"
-.TH SSL_new 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3
index 3324178886ed..79d09c2a0e1a 100644
--- a/secure/lib/libssl/man/SSL_pending.3
+++ b/secure/lib/libssl/man/SSL_pending.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_pending 3"
-.TH SSL_pending 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_pending 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3
index fe111569e658..d495796f1537 100644
--- a/secure/lib/libssl/man/SSL_read.3
+++ b/secure/lib/libssl/man/SSL_read.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_read 3"
-.TH SSL_read 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_read 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3
index 71ca77bbdaa0..f7aa9042d291 100644
--- a/secure/lib/libssl/man/SSL_rstate_string.3
+++ b/secure/lib/libssl/man/SSL_rstate_string.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_rstate_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3
index 6aa7ca9148df..8f2794042161 100644
--- a/secure/lib/libssl/man/SSL_session_reused.3
+++ b/secure/lib/libssl/man/SSL_session_reused.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_session_reused 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3
index 4469ea7414ec..bd1324cca52c 100644
--- a/secure/lib/libssl/man/SSL_set_bio.3
+++ b/secure/lib/libssl/man/SSL_set_bio.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3
index 88585a1a6907..de2e9588d968 100644
--- a/secure/lib/libssl/man/SSL_set_connect_state.3
+++ b/secure/lib/libssl/man/SSL_set_connect_state.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_connect_state 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3
index 957dbe3b07b9..80538f7b57dd 100644
--- a/secure/lib/libssl/man/SSL_set_fd.3
+++ b/secure/lib/libssl/man/SSL_set_fd.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3
index 2aede177041c..819560b1b456 100644
--- a/secure/lib/libssl/man/SSL_set_session.3
+++ b/secure/lib/libssl/man/SSL_set_session.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3
index 0c9521ac576a..68c03d0d12e6 100644
--- a/secure/lib/libssl/man/SSL_set_shutdown.3
+++ b/secure/lib/libssl/man/SSL_set_shutdown.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3
index 9bcf3ad62043..21959ce76bae 100644
--- a/secure/lib/libssl/man/SSL_set_verify_result.3
+++ b/secure/lib/libssl/man/SSL_set_verify_result.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_set_verify_result 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3
index 784664c4b40b..39ed256f42d3 100644
--- a/secure/lib/libssl/man/SSL_shutdown.3
+++ b/secure/lib/libssl/man/SSL_shutdown.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3
index 139d88559b2f..dc9569d4a0d0 100644
--- a/secure/lib/libssl/man/SSL_state_string.3
+++ b/secure/lib/libssl/man/SSL_state_string.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_state_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3
index 29f112d7f80a..2624eca61ff7 100644
--- a/secure/lib/libssl/man/SSL_want.3
+++ b/secure/lib/libssl/man/SSL_want.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_want 3"
-.TH SSL_want 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_want 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3
index 3c525016122c..d08d417612b0 100644
--- a/secure/lib/libssl/man/SSL_write.3
+++ b/secure/lib/libssl/man/SSL_write.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_write 3"
-.TH SSL_write 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SSL_write 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3
index 0a36a33c7eff..5dd653875fe3 100644
--- a/secure/lib/libssl/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3
index e1642385e105..249c1fd45e06 100644
--- a/secure/lib/libssl/man/ssl.3
+++ b/secure/lib/libssl/man/ssl.3
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ssl 3"
-.TH ssl 3 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ssl 3 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index 41cac6d74a8c..e13d6ac7363f 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CA.PL 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index 38b267ab3d47..039e2a87c2d5 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ASN1PARSE 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index bde6eaf6e62c..8e1d70174af5 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CA 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -487,6 +487,10 @@ The default value is \fByes\fR, to be compatible with older (pre 0.9.8)
versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier,
it's recommended to use the value \fBno\fR, especially if combined with
the \fB\-selfsign\fR command line option.
+.Sp
+Note that it is valid in some circumstances for certificates to be created
+without any subject. In the case where there are multiple certificates without
+subjects this does not count as a duplicate.
.IP "\fBserial\fR" 4
.IX Item "serial"
a text file containing the next serial number to use in hex. Mandatory.
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index cd4208bfc3af..0b40ca33d1aa 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CIPHERS 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index b706320cc5d1..d2baab39998f 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CMS 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index ea23739bb9aa..ab3f41b06c9a 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CRL 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 218d99615755..aa63b54e463d 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH CRL2PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index 40a09595dea5..c0fcc3c0d6bf 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DGST 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index fc367d0e5e2c..40dbe0876c31 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DHPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 88cf1a314f2f..4e276e2a3523 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index cc45835fa792..4e360a08f0b5 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH DSAPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index 7fd9c8b81017..5d2baf59cfcf 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH EC 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index 05bfac7121d7..8353f0c9e527 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ECPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -204,8 +204,8 @@ currently implemented \s-1EC\s0 parameters names and exit.
.IP "\fB\-conv_form\fR" 4
.IX Item "-conv_form"
This specifies how the points on the elliptic curve are converted
-into octet strings. Possible values are: \fBcompressed\fR (the default
-value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding
+into octet strings. Possible values are: \fBcompressed\fR, \fBuncompressed\fR (the
+default value) and \fBhybrid\fR. For more information regarding
the point conversion forms please read the X9.62 standard.
\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled
by default for binary curves and can be enabled by defining
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 675527553639..700e9e8ef57a 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ENC 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 4c2decf72121..c46d27042abf 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH ERRSTR 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index ee5e364f9d6e..a6bce3c05a47 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH GENDSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 6b5e0619a8fc..601085bbb888 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH GENPKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index d03b7b6f71a5..97882690823a 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH GENRSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index 4f922cbfb39d..fa6501eec012 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH NSEQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 687d141f9bc7..49dce4d6182f 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OCSP 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index e42194e3e7c2..3077b771318b 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH OPENSSL 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index 1453f37990bd..b44fdc448b11 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PASSWD 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index e3da119029fa..3e6bcd5f1614 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS12 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index cfeffec39dd8..c0f558785194 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index c1afce3a9087..e2cceef8ad26 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKCS8 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 9f6d1e4a0fd7..4e5961d6f371 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index 12e5a077d691..c9a76a05f95a 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKEYPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index c9391882e4eb..49ad7b480996 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH PKEYUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index 031c87ced038..82f6f745e041 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RAND 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index ff6c6809df23..156f37e061a5 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH REQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 3c5e6f25108a..132fb6fc9042 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 929251e3cef2..5dc33a736f09 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH RSAUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index da81fac50daa..e9feb289d679 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH S_CLIENT 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -345,7 +345,7 @@ use the server's cipher preferences; only used for \s-1SSLV2.\s0
.IX Item "-starttls protocol"
send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
\&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only
-supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R".
+supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R" and \*(L"xmpp\*(R".
.IP "\fB\-tlsextdebug\fR" 4
.IX Item "-tlsextdebug"
print out a hex dump of any \s-1TLS\s0 extensions received from the server.
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index 237da7d4c1a7..dd571d601ef6 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH S_SERVER 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index a369c9d522ef..41d790d21f79 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH S_TIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index fa299a40aad8..1cad84657be9 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SESS_ID 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index 0c67f064b3c1..c91a00ebf932 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SMIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 9d10579aeca2..0b27152159d6 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SPEED 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index 12b6751d2cd2..1d5ca44be1ee 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH SPKAC 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 02a6836dea95..40ec82db3dbf 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2017-12-07" "1.0.2n" "OpenSSL"
+.TH TS 1 "2018-03-27" "1.0.2o" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a