Index: head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc (revision 48363)
@@ -0,0 +1,238 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:12.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple OpenSSL vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2016-03-10
+Credits: OpenSSL Project
+Affects: All supported versions of FreeBSD.
+Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3)
+ 2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13)
+ 2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30)
+ 2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE)
+ 2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
+CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
+ CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II. Problem Description
+
+A cross-protocol attack was discovered that could lead to decryption of TLS
+sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
+Bleichenbacher RSA padding oracle. Note that traffic between clients and
+non-vulnerable servers can be decrypted provided another server supporting
+SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP
+or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability
+is known as DROWN. [CVE-2016-0800]
+
+A double free bug was discovered when OpenSSL parses malformed DSA private
+keys and could lead to a DoS attack or memory corruption for applications that
+receive DSA private keys from untrusted sources. This scenario is considered
+rare. [CVE-2016-0705]
+
+The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
+management semantics; the returned pointer was sometimes newly allocated, and
+sometimes owned by the callee. The calling code has no way of distinguishing
+these two cases. [CVE-2016-0798]
+
+In the BN_hex2bn function, the number of hex digits is calculated using an int
+value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
+values of |i| this can result in |bn_expand| not allocating any memory because
+|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
+leading to a subsequent NULL pointer dereference. For very large values of
+|i|, the calculation |i * 4| could be a positive value smaller than |i|. In
+this case memory is allocated to the internal BIGNUM data field, but it is
+insufficiently sized leading to heap corruption. A similar issue exists in
+BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is
+ever called by user applications with very large untrusted hex/dec data. This
+is anticipated to be a rare occurrence. [CVE-2016-0797]
+
+The internal |fmtstr| function used in processing a "%s" formatted string in
+the BIO_*printf functions could overflow while calculating the length of
+a string and cause an out-of-bounds read when printing very long strings.
+[CVE-2016-0799]
+
+A side-channel attack was found which makes use of cache-bank conflicts on the
+Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA
+keys. [CVE-2016-0702]
+
+s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
+If clear-key bytes are present for these ciphers, they displace encrypted-key
+bytes. [CVE-2016-0703]
+
+s2_srvr.c overwrites the wrong bytes in the master key when applying
+Bleichenbacher protection for export cipher suites. [CVE-2016-0704]
+
+III. Impact
+
+Servers that have SSLv2 protocol enabled are vulnerable to the "DROWN" attack
+which allows a remote attacker to fast attack many recorded TLS connections
+made to the server, even when the client did not make any SSLv2 connections
+themselves.
+
+An attacker who can supply malformed DSA private keys to OpenSSL applications
+may be able to cause memory corruption which would lead to a Denial of
+Service condition. [CVE-2016-0705]
+
+An attacker connecting with an invalid username can cause memory leak, which
+could eventually lead to a Denial of Service condition. [CVE-2016-0798]
+
+An attacker who can inject malformed data into an application may be able
+to cause memory corruption which would lead to a Denial of Service
+condition. [CVE-2016-0797, CVE-2016-0799]
+
+A local attacker who has control of code in a thread running on the same
+hyper-threaded core as the victim thread which is performing decryptions
+could recover RSA keys. [CVE-2016-0702]
+
+An eavesdropper who can intercept SSLv2 handshake can conduct an efficient
+divide-and-conquer key recovery attack and use the server as an oracle to
+determine the SSLv2 master-key, using only 16 connections to the server
+and negligible computation. [CVE-2016-0703]
+
+An attacker can use the Bleichenbacher oracle, which enables more efficient
+variant of the DROWN attack. [CVE-2016-0704]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all deamons using the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all deamons using the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz.asc
+# gpg --verify openssl-9.3.patch.xz.asc
+
+Note that the initial patch version contains a serious regression that
+would lead to crash. The following patch must be applied to address it.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch.asc
+# gpg --verify openssl-9.3-fix.patch.asc
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz.asc
+# gpg --verify openssl-10.1.patch.xz.asc
+
+[FreeBSD 10.2]
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch.asc
+# gpg --verify openssl-10.2.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r296598
+releng/9.3/ r296611
+stable/10/ r296371
+releng/10.1/ r296341
+releng/10.2/ r296341
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAEBCgAGBQJW4UchAAoJEO1n7NZdz2rnNC8P/2YSnc2DaOH37BZXKBKCt2iv
+rzTlQ6Cdr2n3r0k6Ayp1MonEfndWl9d86us6Z5ssfMrNsmJGWZv3Yj1Y8H12HE8+
+ZhHCJ44ZYbyaDSe/vigG1S+xYILKP6uOxJYPWH5lXD9Yr20dHIJ8s3e9Jsai8aY2
+aXMSVz67t84QJUoxAf5yEDsmY2drA5myppkRCRB1Xcb3qVebgwwQ4XkB+rJjjNjg
+rG0DFbTxLnStr/geEDC+WdeAzLH6D035gFRkHL6uIOfOX8UcYNnf4pVXUgymWJzI
+E/su+Cij/ckhV6UuOyNvKgN8uEs5XCny/10LKHqpPDhcYY6L8Dg47rI+2acOdFUi
+5+79rx7+gUs71zC4D6hFCldUqOVpNYDRBYhX+MNqYkLn5XYEffbckv5zSkg53+aE
+Rf1G90VcC+yHRFu2hgCTOGXsayOAJhvCRTnuqLncKpznFSRD+1a3XUm2zS79gfpN
+f/uYIYmPbE1/uCU4StAlemdiH5vhYoWsP8tkBJsL8s6jMbV1REqukPJUPdDSaJmj
+rHLvige7yr1QTWYBQ1ghRXJml+3xDSst/RZzqn+QelsDoUwa1wJa6kc5Ki74eXmi
+XyuklOME8cbfUc8TPLqv4Lqbvr0nGK71jT0M7zG+eQTJsUls5EFBPhWL/6+SU29I
+Lb+5Q4Wn9Qlmxfj0Nm3U
+=f6Cw
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-16:13.bind.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:13.bind.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:13.bind.asc (revision 48363)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:13.bind Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple BIND vulnerabilities
+
+Category: contrib
+Module: bind
+Announced: 2016-03-10
+Credits: ISC
+Affects: FreeBSD 9.x
+Corrected: 2016-03-10 07:47:55 UTC (stable/9, 9.3-STABLE)
+ 2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
+CVE Name: CVE-2016-1285, CVE-2016-1286
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II. Problem Description
+
+Testing by ISC has uncovered a defect in control channel input handling
+which can cause named to exit due to an assertion failure in sexpr.c
+or alist.c when a malformed packet is sent to named's control channel
+(the interface which allows named to be controlled using the "rndc"
+server control utility). [CVE-2016-1285]
+
+An error when parsing signature records for DNAME records having specific
+properties can lead to named exiting due to an assertion failure in
+resolver.c or db.c. [CVE-2016-1286]
+
+III. Impact
+
+A remote attacker can deliberately trigger the failed assertion if the
+DNS server accepts remote rndc commands regardless if authentication
+is configured. Note that this is not enabled by default. [CVE-2016-1285]
+
+A remote attacker who can cause a server to make a query deliberately
+chosen to generate a response containing a signature record which
+would trigger a failed assertion and cause named to stop. Disabling
+DNSsec does not provide protection against this vulnerability.
+[CVE-2016-1286]
+
+IV. Workaround
+
+No workaround is available, but hosts not running named(8) are not
+vulnerable.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The named service has to be restarted after the update. A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The named service has to be restarted after the update. A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the named(8) daemon, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r296608
+releng/9.3/ r296611
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAEBCgAGBQJW4UdUAAoJEO1n7NZdz2rnmRwQAIXDSu/gX5A+CFv6+9/2ak+H
+3JOMO8p7KSKWhc1Hh7uqTUEy04lmpUylzK6Kj3h5PDNVaObxCcqsCAdy9xLYv8Q6
+scBLeaDRPnwVQ1Mb/pkx1pdKSG7oKjY00PY0/hTKOVJUC1tJIoiAX8ExFqt53UKc
+LHjzrFrHh/0lBebYj8jmqW8Pxhi8nluuwWhtrwFgiG/XR15k69TRjPHnLOfXVwqs
+ORJb/8pVHYsNkGP3JB1xWMVs1nKLjzc7+Gm43OmLCa6QeLgQWqYmguoUl0FEHpoI
+nPqlukYT3V9BfMR+fwoNXXUjgjiK66onvS/O3yhyCPCrRgnw0ZVVSF2jbPUhT638
+p1QwN9snoTzxY0CpCjcjpZvf9Zhfyzc8UFnl2hm0rmAuCiOPBTeJ16AG3a8S40vF
+/xoq4P6gNxUTQrPpGmG3Z/tfUQsxIpzib9D6ncDD5feuRyLB9y/MQSK1wxZjXDjk
+2Bmaqk5foXNJfNEViNfJ4yy2qqED114ZpPIcDbSyIX9HeiKBo9BTEZ7Q9nEUHurN
+GcnvimUuhk+hYJDEsELDSGDSLT6aMaD/hXVTMQeQwxQKh7QDFfzJsUlA44tqB56V
+sn6VfIiA++K/JAFrAExD2FhtaIlOsUx24dUYkhcfNuVVBm3lgGCECeKGFxdNu2SM
+kRc1+1ihyNRolL47E3s/
+=OncW
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-SA-16:13.bind.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/x-xz
Property changes on: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-xz
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc
===================================================================
--- head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc (nonexistent)
+++ head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc (revision 48363)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAABCgAGBQJW4Uc7AAoJEO1n7NZdz2rnFUkQAOUocmwrJu8r9mDZ0qrpdz9k
+qR3UyO3MY6HAdo+j1Sa5t7QaKKM/Ddp+zAMgoNCkb7vzr0wn5HcXcmEzQ4TrCBW9
+igFZSyqR6KRWjgJ5HbzkynIJ14983/vAkrVh6t1lU2Z9sBn3g0+I+GW7WLumCxt9
+eXk+eqrHeWK/RfUNdTeQxBU4ZLgre85xiRJXEBJdoqnpfcvfQ7TtCL9O6tFPg1TX
+ZoMPx8g2+SsNXyBkULWuntim4w+zF+eNo9XxRAIvmLzZki5fXIvb10lH6VZQJMKL
+RP36m++1a6zI47xRBH7JoVdHcINAfCPdKmHNtcX34lEsCnF2N1bpUkcWlL9H1G0Q
+qEXp6wuVttiB5TNC+tNCqui68F3QnZEzvgCBRDDBA9Qi8KZa6+B4jHAhGE0lVBBR
+wYvYYlKgh0T/Tm0b2OWqlgV948A4uYa3jXUf3sLlH8VsUhLioL8L3Ou0dUqGWn9L
+w1QZwey+6q7aGu5DTxfkD32fTJOkQET4Mjri9+aQSbGv25//4T9JRx3NYW+tX8KG
+1rdLcI+f9SiBNtudI0nbSfKis6GKfTtgW+nNEXMc6WffRrQvx1/CDKmpAbjM/Tjc
+jm+n4JS5UosWQKHmz9AahsKJSnJbiFH2PrRwADrdtcruxwj9apHm6RajPqOWHqsb
+DF+5gvdzOebBGCd0C13t
+=6ui0
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-10.2.patch
===================================================================
--- head/share/security/patches/SA-16:12/openssl-10.2.patch (nonexistent)
+++ head/share/security/patches/SA-16:12/openssl-10.2.patch (revision 48363)
@@ -0,0 +1,2963 @@
+--- crypto/openssl/apps/s_server.c.orig
++++ crypto/openssl/apps/s_server.c
+@@ -416,6 +416,8 @@
+ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+ {
+ srpsrvparm *p = (srpsrvparm *) arg;
++ int ret = SSL3_AL_FATAL;
++
+ if (p->login == NULL && p->user == NULL) {
+ p->login = SSL_get_srp_username(s);
+ BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+@@ -424,21 +426,25 @@
+
+ if (p->user == NULL) {
+ BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+- return SSL3_AL_FATAL;
++ goto err;
+ }
++
+ if (SSL_set_srp_server_param
+ (s, p->user->N, p->user->g, p->user->s, p->user->v,
+ p->user->info) < 0) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+- return SSL3_AL_FATAL;
++ goto err;
+ }
+ BIO_printf(bio_err,
+ "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+ p->login, p->user->info);
+- /* need to check whether there are memory leaks */
++ ret = SSL_ERROR_NONE;
++
++err:
++ SRP_user_pwd_free(p->user);
+ p->user = NULL;
+ p->login = NULL;
+- return SSL_ERROR_NONE;
++ return ret;
+ }
+
+ #endif
+@@ -2244,9 +2250,10 @@
+ #ifndef OPENSSL_NO_SRP
+ while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during write\n");
++ SRP_user_pwd_free(srp_callback_parm.user);
+ srp_callback_parm.user =
+- SRP_VBASE_get_by_user(srp_callback_parm.vb,
+- srp_callback_parm.login);
++ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
++ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+@@ -2300,9 +2307,10 @@
+ #ifndef OPENSSL_NO_SRP
+ while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
++ SRP_user_pwd_free(srp_callback_parm.user);
+ srp_callback_parm.user =
+- SRP_VBASE_get_by_user(srp_callback_parm.vb,
+- srp_callback_parm.login);
++ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
++ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+@@ -2387,9 +2395,10 @@
+ while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+ srp_callback_parm.login);
++ SRP_user_pwd_free(srp_callback_parm.user);
+ srp_callback_parm.user =
+- SRP_VBASE_get_by_user(srp_callback_parm.vb,
+- srp_callback_parm.login);
++ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
++ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+@@ -2616,9 +2625,10 @@
+ && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+ srp_callback_parm.login);
++ SRP_user_pwd_free(srp_callback_parm.user);
+ srp_callback_parm.user =
+- SRP_VBASE_get_by_user(srp_callback_parm.vb,
+- srp_callback_parm.login);
++ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
++ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+@@ -2654,6 +2664,22 @@
+ goto err;
+ } else {
+ BIO_printf(bio_s_out, "read R BLOCK\n");
++#ifndef OPENSSL_NO_SRP
++ if (BIO_should_io_special(io)
++ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
++ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
++ SRP_user_pwd_free(srp_callback_parm.user);
++ srp_callback_parm.user =
++ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
++ srp_callback_parm.login);
++ if (srp_callback_parm.user)
++ BIO_printf(bio_s_out, "LOOKUP done %s\n",
++ srp_callback_parm.user->info);
++ else
++ BIO_printf(bio_s_out, "LOOKUP not successful\n");
++ continue;
++ }
++#endif
+ #if defined(OPENSSL_SYS_NETWARE)
+ delay(1000);
+ #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+--- crypto/openssl/crypto/bio/b_print.c.orig
++++ crypto/openssl/crypto/bio/b_print.c
+@@ -125,16 +125,16 @@
+ # define LLONG long
+ #endif
+
+-static void fmtstr(char **, char **, size_t *, size_t *,
+- const char *, int, int, int);
+-static void fmtint(char **, char **, size_t *, size_t *,
+- LLONG, int, int, int, int);
+-static void fmtfp(char **, char **, size_t *, size_t *,
+- LDOUBLE, int, int, int);
+-static void doapr_outch(char **, char **, size_t *, size_t *, int);
+-static void _dopr(char **sbuffer, char **buffer,
+- size_t *maxlen, size_t *retlen, int *truncated,
+- const char *format, va_list args);
++static int fmtstr(char **, char **, size_t *, size_t *,
++ const char *, int, int, int);
++static int fmtint(char **, char **, size_t *, size_t *,
++ LLONG, int, int, int, int);
++static int fmtfp(char **, char **, size_t *, size_t *,
++ LDOUBLE, int, int, int);
++static int doapr_outch(char **, char **, size_t *, size_t *, int);
++static int _dopr(char **sbuffer, char **buffer,
++ size_t *maxlen, size_t *retlen, int *truncated,
++ const char *format, va_list args);
+
+ /* format read states */
+ #define DP_S_DEFAULT 0
+@@ -165,7 +165,7 @@
+ #define char_to_int(p) (p - '0')
+ #define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+-static void
++static int
+ _dopr(char **sbuffer,
+ char **buffer,
+ size_t *maxlen,
+@@ -196,7 +196,8 @@
+ if (ch == '%')
+ state = DP_S_FLAGS;
+ else
+- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
++ return 0;
+ ch = *format++;
+ break;
+ case DP_S_FLAGS:
+@@ -302,8 +303,9 @@
+ value = va_arg(args, int);
+ break;
+ }
+- fmtint(sbuffer, buffer, &currlen, maxlen,
+- value, 10, min, max, flags);
++ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
++ max, flags))
++ return 0;
+ break;
+ case 'X':
+ flags |= DP_F_UP;
+@@ -326,9 +328,10 @@
+ value = (LLONG) va_arg(args, unsigned int);
+ break;
+ }
+- fmtint(sbuffer, buffer, &currlen, maxlen, value,
+- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+- min, max, flags);
++ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
++ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
++ min, max, flags))
++ return 0;
+ break;
+ case 'f':
+ if (cflags == DP_C_LDOUBLE)
+@@ -335,8 +338,9 @@
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+- fmtfp(sbuffer, buffer, &currlen, maxlen,
+- fvalue, min, max, flags);
++ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
++ flags))
++ return 0;
+ break;
+ case 'E':
+ flags |= DP_F_UP;
+@@ -355,8 +359,9 @@
+ fvalue = va_arg(args, double);
+ break;
+ case 'c':
+- doapr_outch(sbuffer, buffer, &currlen, maxlen,
+- va_arg(args, int));
++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
++ va_arg(args, int)))
++ return 0;
+ break;
+ case 's':
+ strvalue = va_arg(args, char *);
+@@ -366,13 +371,15 @@
+ else
+ max = *maxlen;
+ }
+- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+- flags, min, max);
++ if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
++ flags, min, max))
++ return 0;
+ break;
+ case 'p':
+ value = (long)va_arg(args, void *);
+- fmtint(sbuffer, buffer, &currlen, maxlen,
+- value, 16, min, max, flags | DP_F_NUM);
++ if (!fmtint(sbuffer, buffer, &currlen, maxlen,
++ value, 16, min, max, flags | DP_F_NUM))
++ return 0;
+ break;
+ case 'n': /* XXX */
+ if (cflags == DP_C_SHORT) {
+@@ -394,7 +401,8 @@
+ }
+ break;
+ case '%':
+- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
++ return 0;
+ break;
+ case 'w':
+ /* not supported yet, treat as next char */
+@@ -418,46 +426,56 @@
+ *truncated = (currlen > *maxlen - 1);
+ if (*truncated)
+ currlen = *maxlen - 1;
+- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
++ return 0;
+ *retlen = currlen - 1;
+- return;
++ return 1;
+ }
+
+-static void
++static int
+ fmtstr(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen, const char *value, int flags, int min, int max)
+ {
+- int padlen, strln;
++ int padlen;
++ size_t strln;
+ int cnt = 0;
+
+ if (value == 0)
+ value = "";
+- for (strln = 0; value[strln]; ++strln) ;
++
++ strln = strlen(value);
++ if (strln > INT_MAX)
++ strln = INT_MAX;
++
+ padlen = min - strln;
+- if (padlen < 0)
++ if (min < 0 || padlen < 0)
+ padlen = 0;
+ if (flags & DP_F_MINUS)
+ padlen = -padlen;
+
+ while ((padlen > 0) && (cnt < max)) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ --padlen;
+ ++cnt;
+ }
+ while (*value && (cnt < max)) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
++ return 0;
+ ++cnt;
+ }
+ while ((padlen < 0) && (cnt < max)) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ ++padlen;
+ ++cnt;
+ }
++ return 1;
+ }
+
+-static void
++static int
+ fmtint(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+@@ -517,17 +535,20 @@
+
+ /* spaces */
+ while (spadlen > 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ --spadlen;
+ }
+
+ /* sign */
+ if (signvalue)
+- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
++ return 0;
+
+ /* prefix */
+ while (*prefix) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
++ return 0;
+ prefix++;
+ }
+
+@@ -534,20 +555,24 @@
+ /* zeros */
+ if (zpadlen > 0) {
+ while (zpadlen > 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
++ return 0;
+ --zpadlen;
+ }
+ }
+ /* digits */
+- while (place > 0)
+- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
++ while (place > 0) {
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
++ return 0;
++ }
+
+ /* left justified spaces */
+ while (spadlen < 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ ++spadlen;
+ }
+- return;
++ return 1;
+ }
+
+ static LDOUBLE abs_val(LDOUBLE value)
+@@ -578,7 +603,7 @@
+ return intpart;
+ }
+
+-static void
++static int
+ fmtfp(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+@@ -657,24 +682,29 @@
+
+ if ((flags & DP_F_ZERO) && (padlen > 0)) {
+ if (signvalue) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
++ return 0;
+ --padlen;
+ signvalue = 0;
+ }
+ while (padlen > 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
++ return 0;
+ --padlen;
+ }
+ }
+ while (padlen > 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ --padlen;
+ }
+- if (signvalue)
+- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
++ if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
++ return 0;
+
+- while (iplace > 0)
+- doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
++ while (iplace > 0) {
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
++ return 0;
++ }
+
+ /*
+ * Decimal point. This should probably use locale to find the correct
+@@ -681,23 +711,32 @@
+ * char to print out.
+ */
+ if (max > 0 || (flags & DP_F_NUM)) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
++ return 0;
+
+- while (fplace > 0)
+- doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
++ while (fplace > 0) {
++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
++ fconvert[--fplace]))
++ return 0;
++ }
+ }
+ while (zpadlen > 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
++ return 0;
+ --zpadlen;
+ }
+
+ while (padlen < 0) {
+- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
++ return 0;
+ ++padlen;
+ }
++ return 1;
+ }
+
+-static void
++#define BUFFER_INC 1024
++
++static int
+ doapr_outch(char **sbuffer,
+ char **buffer, size_t *currlen, size_t *maxlen, int c)
+ {
+@@ -708,13 +747,14 @@
+ assert(*currlen <= *maxlen);
+
+ if (buffer && *currlen == *maxlen) {
+- *maxlen += 1024;
++ if (*maxlen > INT_MAX - BUFFER_INC)
++ return 0;
++
++ *maxlen += BUFFER_INC;
+ if (*buffer == NULL) {
+ *buffer = OPENSSL_malloc(*maxlen);
+- if (!*buffer) {
+- /* Panic! Can't really do anything sensible. Just return */
+- return;
+- }
++ if (*buffer == NULL)
++ return 0;
+ if (*currlen > 0) {
+ assert(*sbuffer != NULL);
+ memcpy(*buffer, *sbuffer, *currlen);
+@@ -721,11 +761,11 @@
+ }
+ *sbuffer = NULL;
+ } else {
+- *buffer = OPENSSL_realloc(*buffer, *maxlen);
+- if (!*buffer) {
+- /* Panic! Can't really do anything sensible. Just return */
+- return;
+- }
++ char *tmpbuf;
++ tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
++ if (tmpbuf == NULL)
++ return 0;
++ *buffer = tmpbuf;
+ }
+ }
+
+@@ -736,7 +776,7 @@
+ (*buffer)[(*currlen)++] = (char)c;
+ }
+
+- return;
++ return 1;
+ }
+
+ /***************************************************************************/
+@@ -768,7 +808,11 @@
+
+ dynbuf = NULL;
+ CRYPTO_push_info("doapr()");
+- _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
++ if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
++ args)) {
++ OPENSSL_free(dynbuf);
++ return -1;
++ }
+ if (dynbuf) {
+ ret = BIO_write(bio, dynbuf, (int)retlen);
+ OPENSSL_free(dynbuf);
+@@ -803,7 +847,8 @@
+ size_t retlen;
+ int truncated;
+
+- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
++ if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
++ return -1;
+
+ if (truncated)
+ /*
+--- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl.orig
++++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+@@ -66,7 +66,8 @@
+ .align 16
+ .Lmul_enter:
+ mov ${num}d,${num}d
+- mov `($win64?56:8)`(%rsp),%r10d # load 7th argument
++ movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument
++ lea .Linc(%rip),%r10
+ push %rbx
+ push %rbp
+ push %r12
+@@ -73,53 +74,105 @@
+ push %r13
+ push %r14
+ push %r15
+-___
+-$code.=<<___ if ($win64);
+- lea -0x28(%rsp),%rsp
+- movaps %xmm6,(%rsp)
+- movaps %xmm7,0x10(%rsp)
++
+ .Lmul_alloca:
+-___
+-$code.=<<___;
+ mov %rsp,%rax
+ lea 2($num),%r11
+ neg %r11
+- lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2))
++ lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8)
+ and \$-1024,%rsp # minimize TLB usage
+
+ mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
+ .Lmul_body:
+- mov $bp,%r12 # reassign $bp
++ lea 128($bp),%r12 # reassign $bp (+size optimization)
+ ___
+ $bp="%r12";
+ $STRIDE=2**5*8; # 5 is "window size"
+ $N=$STRIDE/4; # should match cache line size
+ $code.=<<___;
+- mov %r10,%r11
+- shr \$`log($N/8)/log(2)`,%r10
+- and \$`$N/8-1`,%r11
+- not %r10
+- lea .Lmagic_masks(%rip),%rax
+- and \$`2**5/($N/8)-1`,%r10 # 5 is "window size"
+- lea 96($bp,%r11,8),$bp # pointer within 1st cache line
+- movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which
+- movq 8(%rax,%r10,8),%xmm5 # cache line contains element
+- movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument
+- movq 24(%rax,%r10,8),%xmm7
++ movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000
++ movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002
++ lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
++ and \$-16,%r10
+
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
++ pshufd \$0,%xmm5,%xmm5 # broadcast index
++ movdqa %xmm1,%xmm4
++ movdqa %xmm1,%xmm2
++___
++########################################################################
++# calculate mask by comparing 0..31 to index and save result to stack
++#
++$code.=<<___;
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0 # compare to 1,0
++ .byte 0x67
++ movdqa %xmm4,%xmm3
++___
++for($k=0;$k<$STRIDE/16-4;$k+=4) {
++$code.=<<___;
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1 # compare to 3,2
++ movdqa %xmm0,`16*($k+0)+112`(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2 # compare to 5,4
++ movdqa %xmm1,`16*($k+1)+112`(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3 # compare to 7,6
++ movdqa %xmm2,`16*($k+2)+112`(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,`16*($k+3)+112`(%r10)
++ movdqa %xmm4,%xmm3
++___
++}
++$code.=<<___; # last iteration can be optimized
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,`16*($k+0)+112`(%r10)
++
++ paddd %xmm2,%xmm3
++ .byte 0x67
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,`16*($k+1)+112`(%r10)
++
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,`16*($k+2)+112`(%r10)
++ pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register
++
++ pand `16*($k+1)-128`($bp),%xmm1
++ pand `16*($k+2)-128`($bp),%xmm2
++ movdqa %xmm3,`16*($k+3)+112`(%r10)
++ pand `16*($k+3)-128`($bp),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++___
++for($k=0;$k<$STRIDE/16-4;$k+=4) {
++$code.=<<___;
++ movdqa `16*($k+0)-128`($bp),%xmm4
++ movdqa `16*($k+1)-128`($bp),%xmm5
++ movdqa `16*($k+2)-128`($bp),%xmm2
++ pand `16*($k+0)+112`(%r10),%xmm4
++ movdqa `16*($k+3)-128`($bp),%xmm3
++ pand `16*($k+1)+112`(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand `16*($k+2)+112`(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand `16*($k+3)+112`(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++___
++}
++$code.=<<___;
+ por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
++ pshufd \$0x4e,%xmm0,%xmm1
++ por %xmm1,%xmm0
+ lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
+-
+ movq %xmm0,$m0 # m0=bp[0]
+
+ mov ($n0),$n0 # pull n0[0] value
+@@ -128,29 +181,14 @@
+ xor $i,$i # i=0
+ xor $j,$j # j=0
+
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+-
+ mov $n0,$m1
+ mulq $m0 # ap[0]*bp[0]
+ mov %rax,$lo0
+ mov ($np),%rax
+
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq $lo0,$m1 # "tp[0]"*n0
+ mov %rdx,$hi0
+
+- por %xmm2,%xmm0
+- lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
+-
+ mulq $m1 # np[0]*m1
+ add %rax,$lo0 # discarded
+ mov 8($ap),%rax
+@@ -183,8 +221,6 @@
+ cmp $num,$j
+ jne .L1st
+
+- movq %xmm0,$m0 # bp[1]
+-
+ add %rax,$hi1
+ mov ($ap),%rax # ap[0]
+ adc \$0,%rdx
+@@ -204,33 +240,46 @@
+ jmp .Louter
+ .align 16
+ .Louter:
++ lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization)
++ and \$-16,%rdx
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++___
++for($k=0;$k<$STRIDE/16;$k+=4) {
++$code.=<<___;
++ movdqa `16*($k+0)-128`($bp),%xmm0
++ movdqa `16*($k+1)-128`($bp),%xmm1
++ movdqa `16*($k+2)-128`($bp),%xmm2
++ movdqa `16*($k+3)-128`($bp),%xmm3
++ pand `16*($k+0)-128`(%rdx),%xmm0
++ pand `16*($k+1)-128`(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand `16*($k+2)-128`(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand `16*($k+3)-128`(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++___
++}
++$code.=<<___;
++ por %xmm5,%xmm4
++ pshufd \$0x4e,%xmm4,%xmm0
++ por %xmm4,%xmm0
++ lea $STRIDE($bp),$bp
++ movq %xmm0,$m0 # m0=bp[i]
++
+ xor $j,$j # j=0
+ mov $n0,$m1
+ mov (%rsp),$lo0
+
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+-
+ mulq $m0 # ap[0]*bp[i]
+ add %rax,$lo0 # ap[0]*bp[i]+tp[0]
+ mov ($np),%rax
+ adc \$0,%rdx
+
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq $lo0,$m1 # tp[0]*n0
+ mov %rdx,$hi0
+
+- por %xmm2,%xmm0
+- lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
+-
+ mulq $m1 # np[0]*m1
+ add %rax,$lo0 # discarded
+ mov 8($ap),%rax
+@@ -266,8 +315,6 @@
+ cmp $num,$j
+ jne .Linner
+
+- movq %xmm0,$m0 # bp[i+1]
+-
+ add %rax,$hi1
+ mov ($ap),%rax # ap[0]
+ adc \$0,%rdx
+@@ -321,13 +368,7 @@
+
+ mov 8(%rsp,$num,8),%rsi # restore %rsp
+ mov \$1,%rax
+-___
+-$code.=<<___ if ($win64);
+- movaps (%rsi),%xmm6
+- movaps 0x10(%rsi),%xmm7
+- lea 0x28(%rsi),%rsi
+-___
+-$code.=<<___;
++
+ mov (%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+@@ -348,7 +389,8 @@
+ bn_mul4x_mont_gather5:
+ .Lmul4x_enter:
+ mov ${num}d,${num}d
+- mov `($win64?56:8)`(%rsp),%r10d # load 7th argument
++ movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument
++ lea .Linc(%rip),%r10
+ push %rbx
+ push %rbp
+ push %r12
+@@ -355,55 +397,108 @@
+ push %r13
+ push %r14
+ push %r15
+-___
+-$code.=<<___ if ($win64);
+- lea -0x28(%rsp),%rsp
+- movaps %xmm6,(%rsp)
+- movaps %xmm7,0x10(%rsp)
++
+ .Lmul4x_alloca:
+-___
+-$code.=<<___;
+ mov %rsp,%rax
+ lea 4($num),%r11
+ neg %r11
+- lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+4))
++ lea -256(%rsp,%r11,8),%rsp # tp=alloca(8*(num+4)+256)
+ and \$-1024,%rsp # minimize TLB usage
+
+ mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
+ .Lmul4x_body:
+ mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
+- mov %rdx,%r12 # reassign $bp
++ lea 128(%rdx),%r12 # reassign $bp (+size optimization)
+ ___
+ $bp="%r12";
+ $STRIDE=2**5*8; # 5 is "window size"
+ $N=$STRIDE/4; # should match cache line size
+ $code.=<<___;
+- mov %r10,%r11
+- shr \$`log($N/8)/log(2)`,%r10
+- and \$`$N/8-1`,%r11
+- not %r10
+- lea .Lmagic_masks(%rip),%rax
+- and \$`2**5/($N/8)-1`,%r10 # 5 is "window size"
+- lea 96($bp,%r11,8),$bp # pointer within 1st cache line
+- movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which
+- movq 8(%rax,%r10,8),%xmm5 # cache line contains element
+- movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument
+- movq 24(%rax,%r10,8),%xmm7
++ movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000
++ movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002
++ lea 32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization)
+
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
++ pshufd \$0,%xmm5,%xmm5 # broadcast index
++ movdqa %xmm1,%xmm4
++ .byte 0x67,0x67
++ movdqa %xmm1,%xmm2
++___
++########################################################################
++# calculate mask by comparing 0..31 to index and save result to stack
++#
++$code.=<<___;
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0 # compare to 1,0
++ .byte 0x67
++ movdqa %xmm4,%xmm3
++___
++for($k=0;$k<$STRIDE/16-4;$k+=4) {
++$code.=<<___;
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1 # compare to 3,2
++ movdqa %xmm0,`16*($k+0)+112`(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2 # compare to 5,4
++ movdqa %xmm1,`16*($k+1)+112`(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3 # compare to 7,6
++ movdqa %xmm2,`16*($k+2)+112`(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,`16*($k+3)+112`(%r10)
++ movdqa %xmm4,%xmm3
++___
++}
++$code.=<<___; # last iteration can be optimized
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,`16*($k+0)+112`(%r10)
++
++ paddd %xmm2,%xmm3
++ .byte 0x67
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,`16*($k+1)+112`(%r10)
++
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,`16*($k+2)+112`(%r10)
++ pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register
++
++ pand `16*($k+1)-128`($bp),%xmm1
++ pand `16*($k+2)-128`($bp),%xmm2
++ movdqa %xmm3,`16*($k+3)+112`(%r10)
++ pand `16*($k+3)-128`($bp),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++___
++for($k=0;$k<$STRIDE/16-4;$k+=4) {
++$code.=<<___;
++ movdqa `16*($k+0)-128`($bp),%xmm4
++ movdqa `16*($k+1)-128`($bp),%xmm5
++ movdqa `16*($k+2)-128`($bp),%xmm2
++ pand `16*($k+0)+112`(%r10),%xmm4
++ movdqa `16*($k+3)-128`($bp),%xmm3
++ pand `16*($k+1)+112`(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand `16*($k+2)+112`(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand `16*($k+3)+112`(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++___
++}
++$code.=<<___;
+ por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
++ pshufd \$0x4e,%xmm0,%xmm1
++ por %xmm1,%xmm0
+ lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
++ movq %xmm0,$m0 # m0=bp[0]
+
+- movq %xmm0,$m0 # m0=bp[0]
+ mov ($n0),$n0 # pull n0[0] value
+ mov ($ap),%rax
+
+@@ -410,29 +505,14 @@
+ xor $i,$i # i=0
+ xor $j,$j # j=0
+
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+-
+ mov $n0,$m1
+ mulq $m0 # ap[0]*bp[0]
+ mov %rax,$A[0]
+ mov ($np),%rax
+
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq $A[0],$m1 # "tp[0]"*n0
+ mov %rdx,$A[1]
+
+- por %xmm2,%xmm0
+- lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
+-
+ mulq $m1 # np[0]*m1
+ add %rax,$A[0] # discarded
+ mov 8($ap),%rax
+@@ -550,8 +630,6 @@
+ mov $N[1],-16(%rsp,$j,8) # tp[j-1]
+ mov %rdx,$N[0]
+
+- movq %xmm0,$m0 # bp[1]
+-
+ xor $N[1],$N[1]
+ add $A[0],$N[0]
+ adc \$0,$N[1]
+@@ -561,12 +639,34 @@
+ lea 1($i),$i # i++
+ .align 4
+ .Louter4x:
++ lea 32+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization)
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++___
++for($k=0;$k<$STRIDE/16;$k+=4) {
++$code.=<<___;
++ movdqa `16*($k+0)-128`($bp),%xmm0
++ movdqa `16*($k+1)-128`($bp),%xmm1
++ movdqa `16*($k+2)-128`($bp),%xmm2
++ movdqa `16*($k+3)-128`($bp),%xmm3
++ pand `16*($k+0)-128`(%rdx),%xmm0
++ pand `16*($k+1)-128`(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand `16*($k+2)-128`(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand `16*($k+3)-128`(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++___
++}
++$code.=<<___;
++ por %xmm5,%xmm4
++ pshufd \$0x4e,%xmm4,%xmm0
++ por %xmm4,%xmm0
++ lea $STRIDE($bp),$bp
++ movq %xmm0,$m0 # m0=bp[i]
++
+ xor $j,$j # j=0
+- movq `0*$STRIDE/4-96`($bp),%xmm0
+- movq `1*$STRIDE/4-96`($bp),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($bp),%xmm2
+- pand %xmm5,%xmm1
+
+ mov (%rsp),$A[0]
+ mov $n0,$m1
+@@ -575,18 +675,9 @@
+ mov ($np),%rax
+ adc \$0,%rdx
+
+- movq `3*$STRIDE/4-96`($bp),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq $A[0],$m1 # tp[0]*n0
+ mov %rdx,$A[1]
+
+- por %xmm2,%xmm0
+- lea $STRIDE($bp),$bp
+- por %xmm3,%xmm0
+-
+ mulq $m1 # np[0]*m1
+ add %rax,$A[0] # "$N[0]", discarded
+ mov 8($ap),%rax
+@@ -718,7 +809,6 @@
+ mov $N[0],-24(%rsp,$j,8) # tp[j-1]
+ mov %rdx,$N[0]
+
+- movq %xmm0,$m0 # bp[i+1]
+ mov $N[1],-16(%rsp,$j,8) # tp[j-1]
+
+ xor $N[1],$N[1]
+@@ -809,13 +899,7 @@
+ $code.=<<___;
+ mov 8(%rsp,$num,8),%rsi # restore %rsp
+ mov \$1,%rax
+-___
+-$code.=<<___ if ($win64);
+- movaps (%rsi),%xmm6
+- movaps 0x10(%rsi),%xmm7
+- lea 0x28(%rsi),%rsi
+-___
+-$code.=<<___;
++
+ mov (%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+@@ -830,8 +914,8 @@
+ }}}
+
+ {
+-my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
+- ("%rdi","%rsi","%rdx","%rcx"); # Unix order
++my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order
++ ("%rdi","%rsi","%rdx","%ecx"); # Unix order
+ my $out=$inp;
+ my $STRIDE=2**5*8;
+ my $N=$STRIDE/4;
+@@ -859,53 +943,89 @@
+ .type bn_gather5,\@abi-omnipotent
+ .align 16
+ bn_gather5:
+-___
+-$code.=<<___ if ($win64);
+-.LSEH_begin_bn_gather5:
++.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases
+ # I can't trust assembler to use specific encoding:-(
+- .byte 0x48,0x83,0xec,0x28 #sub \$0x28,%rsp
+- .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp)
+- .byte 0x0f,0x29,0x7c,0x24,0x10 #movdqa %xmm7,0x10(%rsp)
++ .byte 0x4c,0x8d,0x14,0x24 # lea (%rsp),%r10
++ .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 # sub $0x108,%rsp
++ lea .Linc(%rip),%rax
++ and \$-16,%rsp # shouldn't be formally required
++
++ movd $idx,%xmm5
++ movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000
++ movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002
++ lea 128($tbl),%r11 # size optimization
++ lea 128(%rsp),%rax # size optimization
++
++ pshufd \$0,%xmm5,%xmm5 # broadcast $idx
++ movdqa %xmm1,%xmm4
++ movdqa %xmm1,%xmm2
+ ___
++########################################################################
++# calculate mask by comparing 0..31 to $idx and save result to stack
++#
++for($i=0;$i<$STRIDE/16;$i+=4) {
+ $code.=<<___;
+- mov $idx,%r11
+- shr \$`log($N/8)/log(2)`,$idx
+- and \$`$N/8-1`,%r11
+- not $idx
+- lea .Lmagic_masks(%rip),%rax
+- and \$`2**5/($N/8)-1`,$idx # 5 is "window size"
+- lea 96($tbl,%r11,8),$tbl # pointer within 1st cache line
+- movq 0(%rax,$idx,8),%xmm4 # set of masks denoting which
+- movq 8(%rax,$idx,8),%xmm5 # cache line contains element
+- movq 16(%rax,$idx,8),%xmm6 # denoted by 7th argument
+- movq 24(%rax,$idx,8),%xmm7
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0 # compare to 1,0
++___
++$code.=<<___ if ($i);
++ movdqa %xmm3,`16*($i-1)-128`(%rax)
++___
++$code.=<<___;
++ movdqa %xmm4,%xmm3
++
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1 # compare to 3,2
++ movdqa %xmm0,`16*($i+0)-128`(%rax)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2 # compare to 5,4
++ movdqa %xmm1,`16*($i+1)-128`(%rax)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3 # compare to 7,6
++ movdqa %xmm2,`16*($i+2)-128`(%rax)
++ movdqa %xmm4,%xmm2
++___
++}
++$code.=<<___;
++ movdqa %xmm3,`16*($i-1)-128`(%rax)
+ jmp .Lgather
+-.align 16
++
++.align 32
+ .Lgather:
+- movq `0*$STRIDE/4-96`($tbl),%xmm0
+- movq `1*$STRIDE/4-96`($tbl),%xmm1
+- pand %xmm4,%xmm0
+- movq `2*$STRIDE/4-96`($tbl),%xmm2
+- pand %xmm5,%xmm1
+- movq `3*$STRIDE/4-96`($tbl),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
+- lea $STRIDE($tbl),$tbl
+- por %xmm3,%xmm0
+-
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++___
++for($i=0;$i<$STRIDE/16;$i+=4) {
++$code.=<<___;
++ movdqa `16*($i+0)-128`(%r11),%xmm0
++ movdqa `16*($i+1)-128`(%r11),%xmm1
++ movdqa `16*($i+2)-128`(%r11),%xmm2
++ pand `16*($i+0)-128`(%rax),%xmm0
++ movdqa `16*($i+3)-128`(%r11),%xmm3
++ pand `16*($i+1)-128`(%rax),%xmm1
++ por %xmm0,%xmm4
++ pand `16*($i+2)-128`(%rax),%xmm2
++ por %xmm1,%xmm5
++ pand `16*($i+3)-128`(%rax),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++___
++}
++$code.=<<___;
++ por %xmm5,%xmm4
++ lea $STRIDE(%r11),%r11
++ pshufd \$0x4e,%xmm4,%xmm0
++ por %xmm4,%xmm0
+ movq %xmm0,($out) # m0=bp[0]
+ lea 8($out),$out
+ sub \$1,$num
+ jnz .Lgather
+-___
+-$code.=<<___ if ($win64);
+- movaps (%rsp),%xmm6
+- movaps 0x10(%rsp),%xmm7
+- lea 0x28(%rsp),%rsp
+-___
+-$code.=<<___;
++
++ lea (%r10),%rsp
+ ret
+ .LSEH_end_bn_gather5:
+ .size bn_gather5,.-bn_gather5
+@@ -913,9 +1033,9 @@
+ }
+ $code.=<<___;
+ .align 64
+-.Lmagic_masks:
+- .long 0,0, 0,0, 0,0, -1,-1
+- .long 0,0, 0,0, 0,0, 0,0
++.Linc:
++ .long 0,0, 1,1
++ .long 2,2, 2,2
+ .asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by "
+ ___
+
+@@ -954,7 +1074,7 @@
+ cmp %r10,%rbx # context->RipR13
+ mov %r14,232($context) # restore context->R14
+ mov %r15,240($context) # restore context->R15
+- movups %xmm0,512($context) # restore context->Xmm6
+- movups %xmm1,528($context) # restore context->Xmm7
+
+ .Lcommon_seh_tail:
+ mov 8(%rax),%rdi
+@@ -1057,10 +1173,9 @@
+ .rva .Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[]
+ .align 8
+ .LSEH_info_bn_gather5:
+- .byte 0x01,0x0d,0x05,0x00
+- .byte 0x0d,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7
+- .byte 0x08,0x68,0x00,0x00 #movaps (rsp),xmm6
+- .byte 0x04,0x42,0x00,0x00 #sub rsp,0x28
++ .byte 0x01,0x0b,0x03,0x0a
++ .byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108
++ .byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp), set_frame r10
+ .align 8
+ ___
+ }
+--- crypto/openssl/crypto/bn/bn.h.orig
++++ crypto/openssl/crypto/bn/bn.h
+@@ -125,6 +125,7 @@
+ #ifndef HEADER_BN_H
+ # define HEADER_BN_H
+
++# include
+ # include
+ # ifndef OPENSSL_NO_FP_API
+ # include /* FILE */
+@@ -739,8 +740,17 @@
+
+ /* library internal functions */
+
+-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
++# define bn_expand(a,bits) \
++ ( \
++ bits > (INT_MAX - BN_BITS2 + 1) ? \
++ NULL \
++ : \
++ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
++ (a) \
++ : \
++ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
++ )
++
+ # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+ BIGNUM *bn_expand2(BIGNUM *a, int words);
+ # ifndef OPENSSL_NO_DEPRECATED
+--- crypto/openssl/crypto/bn/bn_exp.c.orig
++++ crypto/openssl/crypto/bn/bn_exp.c
+@@ -110,6 +110,7 @@
+ */
+
+ #include "cryptlib.h"
++#include "constant_time_locl.h"
+ #include "bn_lcl.h"
+
+ #include
+@@ -535,15 +536,17 @@
+
+ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+- int width)
++ int window)
+ {
+- size_t i, j;
++ int i, j;
++ int width = 1 << window;
++ BN_ULONG *table = (BN_ULONG *)buf;
+
+ if (top > b->top)
+ top = b->top; /* this works because 'buf' is explicitly
+ * zeroed */
+- for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+- buf[j] = ((unsigned char *)b->d)[i];
++ for (i = 0, j = idx; i < top; i++, j += width) {
++ table[j] = b->d[i];
+ }
+
+ return 1;
+@@ -551,15 +554,51 @@
+
+ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+- int width)
++ int window)
+ {
+- size_t i, j;
++ int i, j;
++ int width = 1 << window;
++ volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+- for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+- ((unsigned char *)b->d)[i] = buf[j];
++ if (window <= 3) {
++ for (i = 0; i < top; i++, table += width) {
++ BN_ULONG acc = 0;
++
++ for (j = 0; j < width; j++) {
++ acc |= table[j] &
++ ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
++ }
++
++ b->d[i] = acc;
++ }
++ } else {
++ int xstride = 1 << (window - 2);
++ BN_ULONG y0, y1, y2, y3;
++
++ i = idx >> (window - 2); /* equivalent of idx / xstride */
++ idx &= xstride - 1; /* equivalent of idx % xstride */
++
++ y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
++ y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
++ y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
++ y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
++
++ for (i = 0; i < top; i++, table += width) {
++ BN_ULONG acc = 0;
++
++ for (j = 0; j < xstride; j++) {
++ acc |= ( (table[j + 0 * xstride] & y0) |
++ (table[j + 1 * xstride] & y1) |
++ (table[j + 2 * xstride] & y2) |
++ (table[j + 3 * xstride] & y3) )
++ & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
++ }
++
++ b->d[i] = acc;
++ }
+ }
+
+ b->top = top;
+@@ -782,9 +821,9 @@
+ } else
+ #endif
+ {
+- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+ goto err;
+- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+ goto err;
+
+ /*
+@@ -796,15 +835,15 @@
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+ goto err;
+- if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+- (&tmp, top, powerbuf, 2, numPowers))
++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
++ window))
+ goto err;
+ for (i = 3; i < numPowers; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
+ goto err;
+- if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+- (&tmp, top, powerbuf, i, numPowers))
++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
++ window))
+ goto err;
+ }
+ }
+@@ -812,8 +851,8 @@
+ bits--;
+ for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+- (&tmp, top, powerbuf, wvalue, numPowers))
++ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
++ window))
+ goto err;
+
+ /*
+@@ -833,8 +872,8 @@
+ /*
+ * Fetch the appropriate pre-computed value from the pre-buf
+ */
+- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+- (&am, top, powerbuf, wvalue, numPowers))
++ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
++ window))
+ goto err;
+
+ /* Multiply the result into the intermediate result */
+--- crypto/openssl/crypto/bn/bn_print.c.orig
++++ crypto/openssl/crypto/bn/bn_print.c
+@@ -58,6 +58,7 @@
+
+ #include
+ #include
++#include
+ #include "cryptlib.h"
+ #include
+ #include "bn_lcl.h"
+@@ -189,8 +190,12 @@
+ a++;
+ }
+
+- for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
++ for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
++ continue;
+
++ if (i > INT_MAX/4)
++ goto err;
++
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
+@@ -204,7 +209,7 @@
+ BN_zero(ret);
+ }
+
+- /* i is the number of hex digests; */
++ /* i is the number of hex digits */
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+@@ -260,8 +265,12 @@
+ a++;
+ }
+
+- for (i = 0; isdigit((unsigned char)a[i]); i++) ;
++ for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
++ continue;
+
++ if (i > INT_MAX/4)
++ goto err;
++
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
+@@ -278,7 +287,7 @@
+ BN_zero(ret);
+ }
+
+- /* i is the number of digests, a bit of an over expand; */
++ /* i is the number of digits, a bit of an over expand */
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+--- crypto/openssl/crypto/dsa/dsa_ameth.c.orig
++++ crypto/openssl/crypto/dsa/dsa_ameth.c
+@@ -191,6 +191,8 @@
+ STACK_OF(ASN1_TYPE) *ndsa = NULL;
+ DSA *dsa = NULL;
+
++ int ret = 0;
++
+ if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+ return 0;
+ X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+@@ -262,23 +264,21 @@
+ }
+
+ EVP_PKEY_assign_DSA(pkey, dsa);
+- BN_CTX_free(ctx);
+- if (ndsa)
+- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+- else
+- ASN1_STRING_clear_free(privkey);
+
+- return 1;
++ ret = 1;
++ goto done;
+
+ decerr:
+ DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dsaerr:
++ DSA_free(dsa);
++ done:
+ BN_CTX_free(ctx);
+- if (privkey)
++ if (ndsa)
++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
++ else
+ ASN1_STRING_clear_free(privkey);
+- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+- DSA_free(dsa);
+- return 0;
++ return ret;
+ }
+
+ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+--- crypto/openssl/crypto/perlasm/x86_64-xlate.pl.orig
++++ crypto/openssl/crypto/perlasm/x86_64-xlate.pl
+@@ -121,7 +121,7 @@
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /^v/) { # VEX
+ $self->{sz} = "";
+- } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
++ } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
+ $self->{sz} = "";
+ } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
+ $self->{op} = $1;
+--- crypto/openssl/crypto/srp/srp.h.orig
++++ crypto/openssl/crypto/srp/srp.h
+@@ -82,16 +82,21 @@
+ DECLARE_STACK_OF(SRP_gN_cache)
+
+ typedef struct SRP_user_pwd_st {
++ /* Owned by us. */
+ char *id;
+ BIGNUM *s;
+ BIGNUM *v;
++ /* Not owned by us. */
+ const BIGNUM *g;
+ const BIGNUM *N;
++ /* Owned by us. */
+ char *info;
+ } SRP_user_pwd;
+
+ DECLARE_STACK_OF(SRP_user_pwd)
+
++void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
++
+ typedef struct SRP_VBASE_st {
+ STACK_OF(SRP_user_pwd) *users_pwd;
+ STACK_OF(SRP_gN_cache) *gN_cache;
+@@ -115,7 +120,12 @@
+ SRP_VBASE *SRP_VBASE_new(char *seed_key);
+ int SRP_VBASE_free(SRP_VBASE *vb);
+ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
++
++/* This method ignores the configured seed and fails for an unknown user. */
+ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
++/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
++SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
++
+ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+ char **verifier, const char *N, const char *g);
+ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+--- crypto/openssl/crypto/srp/srp_vfy.c.orig
++++ crypto/openssl/crypto/srp/srp_vfy.c
+@@ -185,7 +185,7 @@
+ return olddst;
+ }
+
+-static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
++void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+ {
+ if (user_pwd == NULL)
+ return;
+@@ -247,6 +247,24 @@
+ return (vinfo->s != NULL && vinfo->v != NULL);
+ }
+
++static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
++{
++ SRP_user_pwd *ret;
++
++ if (src == NULL)
++ return NULL;
++ if ((ret = SRP_user_pwd_new()) == NULL)
++ return NULL;
++
++ SRP_user_pwd_set_gN(ret, src->g, src->N);
++ if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
++ || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
++ SRP_user_pwd_free(ret);
++ return NULL;
++ }
++ return ret;
++}
++
+ SRP_VBASE *SRP_VBASE_new(char *seed_key)
+ {
+ SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
+@@ -468,21 +486,50 @@
+
+ }
+
+-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
++static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
+ {
+ int i;
+ SRP_user_pwd *user;
+- unsigned char digv[SHA_DIGEST_LENGTH];
+- unsigned char digs[SHA_DIGEST_LENGTH];
+- EVP_MD_CTX ctxt;
+
+ if (vb == NULL)
+ return NULL;
++
+ for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
+ user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+ if (strcmp(user->id, username) == 0)
+ return user;
+ }
++
++ return NULL;
++}
++
++/*
++ * This method ignores the configured seed and fails for an unknown user.
++ * Ownership of the returned pointer is not released to the caller.
++ * In other words, caller must not free the result.
++ */
++SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
++{
++ return find_user(vb, username);
++}
++
++/*
++ * Ownership of the returned pointer is released to the caller.
++ * In other words, caller must free the result once done.
++ */
++SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
++{
++ SRP_user_pwd *user;
++ unsigned char digv[SHA_DIGEST_LENGTH];
++ unsigned char digs[SHA_DIGEST_LENGTH];
++ EVP_MD_CTX ctxt;
++
++ if (vb == NULL)
++ return NULL;
++
++ if ((user = find_user(vb, username)) != NULL)
++ return srp_user_pwd_dup(user);
++
+ if ((vb->seed_key == NULL) ||
+ (vb->default_g == NULL) || (vb->default_N == NULL))
+ return NULL;
+--- crypto/openssl/ssl/s2_lib.c.orig
++++ crypto/openssl/ssl/s2_lib.c
+@@ -156,6 +156,7 @@
+ 128,
+ },
+
++# if 0
+ /* RC4_128_EXPORT40_WITH_MD5 */
+ {
+ 1,
+@@ -171,6 +172,7 @@
+ 40,
+ 128,
+ },
++# endif
+
+ /* RC2_128_CBC_WITH_MD5 */
+ {
+@@ -188,6 +190,7 @@
+ 128,
+ },
+
++# if 0
+ /* RC2_128_CBC_EXPORT40_WITH_MD5 */
+ {
+ 1,
+@@ -203,6 +206,7 @@
+ 40,
+ 128,
+ },
++# endif
+
+ # ifndef OPENSSL_NO_IDEA
+ /* IDEA_128_CBC_WITH_MD5 */
+@@ -222,6 +226,7 @@
+ },
+ # endif
+
++# if 0
+ /* DES_64_CBC_WITH_MD5 */
+ {
+ 1,
+@@ -237,6 +242,7 @@
+ 56,
+ 56,
+ },
++# endif
+
+ /* DES_192_EDE3_CBC_WITH_MD5 */
+ {
+--- crypto/openssl/ssl/s3_lib.c.orig
++++ crypto/openssl/ssl/s3_lib.c
+@@ -203,6 +203,7 @@
+ },
+
+ /* Cipher 03 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_40_MD5,
+@@ -217,6 +218,7 @@
+ 40,
+ 128,
+ },
++#endif
+
+ /* Cipher 04 */
+ {
+@@ -251,6 +253,7 @@
+ },
+
+ /* Cipher 06 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_RC2_40_MD5,
+@@ -265,6 +268,7 @@
+ 40,
+ 128,
+ },
++#endif
+
+ /* Cipher 07 */
+ #ifndef OPENSSL_NO_IDEA
+@@ -285,6 +289,7 @@
+ #endif
+
+ /* Cipher 08 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_DES_40_CBC_SHA,
+@@ -299,8 +304,10 @@
+ 40,
+ 56,
+ },
++#endif
+
+ /* Cipher 09 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_DES_64_CBC_SHA,
+@@ -315,6 +322,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 0A */
+ {
+@@ -334,6 +342,7 @@
+
+ /* The DH ciphers */
+ /* Cipher 0B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 0,
+ SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+@@ -348,8 +357,10 @@
+ 40,
+ 56,
+ },
++#endif
+
+ /* Cipher 0C */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+@@ -364,6 +375,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 0D */
+ {
+@@ -382,6 +394,7 @@
+ },
+
+ /* Cipher 0E */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+@@ -396,8 +409,10 @@
+ 40,
+ 56,
+ },
++#endif
+
+ /* Cipher 0F */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+@@ -412,6 +427,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 10 */
+ {
+@@ -431,6 +447,7 @@
+
+ /* The Ephemeral DH ciphers */
+ /* Cipher 11 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+@@ -445,8 +462,10 @@
+ 40,
+ 56,
+ },
++#endif
+
+ /* Cipher 12 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+@@ -461,6 +480,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 13 */
+ {
+@@ -479,6 +499,7 @@
+ },
+
+ /* Cipher 14 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+@@ -493,8 +514,10 @@
+ 40,
+ 56,
+ },
++#endif
+
+ /* Cipher 15 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+@@ -509,6 +532,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 16 */
+ {
+@@ -527,6 +551,7 @@
+ },
+
+ /* Cipher 17 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_40_MD5,
+@@ -541,6 +566,7 @@
+ 40,
+ 128,
+ },
++#endif
+
+ /* Cipher 18 */
+ {
+@@ -559,6 +585,7 @@
+ },
+
+ /* Cipher 19 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_ADH_DES_40_CBC_SHA,
+@@ -573,8 +600,10 @@
+ 40,
+ 128,
+ },
++#endif
+
+ /* Cipher 1A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_ADH_DES_64_CBC_SHA,
+@@ -589,6 +618,7 @@
+ 56,
+ 56,
+ },
++#endif
+
+ /* Cipher 1B */
+ {
+@@ -660,6 +690,7 @@
+ #ifndef OPENSSL_NO_KRB5
+ /* The Kerberos ciphers*/
+ /* Cipher 1E */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_64_CBC_SHA,
+@@ -674,6 +705,7 @@
+ 56,
+ 56,
+ },
++# endif
+
+ /* Cipher 1F */
+ {
+@@ -724,6 +756,7 @@
+ },
+
+ /* Cipher 22 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_64_CBC_MD5,
+@@ -738,6 +771,7 @@
+ 56,
+ 56,
+ },
++# endif
+
+ /* Cipher 23 */
+ {
+@@ -788,6 +822,7 @@
+ },
+
+ /* Cipher 26 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_SHA,
+@@ -802,8 +837,10 @@
+ 40,
+ 56,
+ },
++# endif
+
+ /* Cipher 27 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+@@ -818,8 +855,10 @@
+ 40,
+ 128,
+ },
++# endif
+
+ /* Cipher 28 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_SHA,
+@@ -834,8 +873,10 @@
+ 40,
+ 128,
+ },
++# endif
+
+ /* Cipher 29 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_MD5,
+@@ -850,8 +891,10 @@
+ 40,
+ 56,
+ },
++# endif
+
+ /* Cipher 2A */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+@@ -866,8 +909,10 @@
+ 40,
+ 128,
+ },
++# endif
+
+ /* Cipher 2B */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_MD5,
+@@ -882,6 +927,7 @@
+ 40,
+ 128,
+ },
++# endif
+ #endif /* OPENSSL_NO_KRB5 */
+
+ /* New AES ciphersuites */
+@@ -1305,6 +1351,7 @@
+ # endif
+
+ /* Cipher 62 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+@@ -1319,8 +1366,10 @@
+ 56,
+ 56,
+ },
++# endif
+
+ /* Cipher 63 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+@@ -1335,8 +1384,10 @@
+ 56,
+ 56,
+ },
++# endif
+
+ /* Cipher 64 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+@@ -1351,8 +1402,10 @@
+ 56,
+ 128,
+ },
++# endif
+
+ /* Cipher 65 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+@@ -1367,6 +1420,7 @@
+ 56,
+ 128,
+ },
++# endif
+
+ /* Cipher 66 */
+ {
+--- crypto/openssl/ssl/ssl_lib.c.orig
++++ crypto/openssl/ssl/ssl_lib.c
+@@ -1896,6 +1896,13 @@
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
++ /*
++ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
++ * explicitly clear this option via either of SSL_CTX_clear_options() or
++ * SSL_clear_options().
++ */
++ ret->options |= SSL_OP_NO_SSLv2;
++
+ return (ret);
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+--- crypto/openssl/util/libeay.num.orig
++++ crypto/openssl/util/libeay.num
+@@ -1807,6 +1807,8 @@
+ X509_REQ_digest 2362 EXIST::FUNCTION:EVP
+ X509_CRL_digest 2391 EXIST::FUNCTION:EVP
+ ASN1_STRING_clear_free 2392 EXIST::FUNCTION:
++SRP_VBASE_get1_by_user 2393 EXIST::FUNCTION:SRP
++SRP_user_pwd_free 2394 EXIST::FUNCTION:SRP
+ d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
+ X509_ALGOR_cmp 2398 EXIST::FUNCTION:
+ EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
+--- secure/lib/libcrypto/amd64/x86_64-mont5.S.orig
++++ secure/lib/libcrypto/amd64/x86_64-mont5.S
+@@ -14,7 +14,8 @@
+ .align 16
+ .Lmul_enter:
+ movl %r9d,%r9d
+- movl 8(%rsp),%r10d
++ movd 8(%rsp),%xmm5
++ leaq .Linc(%rip),%r10
+ pushq %rbx
+ pushq %rbp
+ pushq %r12
+@@ -21,40 +22,145 @@
+ pushq %r13
+ pushq %r14
+ pushq %r15
++
++.Lmul_alloca:
+ movq %rsp,%rax
+ leaq 2(%r9),%r11
+ negq %r11
+- leaq (%rsp,%r11,8),%rsp
++ leaq -264(%rsp,%r11,8),%rsp
+ andq $-1024,%rsp
+
+ movq %rax,8(%rsp,%r9,8)
+ .Lmul_body:
+- movq %rdx,%r12
+- movq %r10,%r11
+- shrq $3,%r10
+- andq $7,%r11
+- notq %r10
+- leaq .Lmagic_masks(%rip),%rax
+- andq $3,%r10
+- leaq 96(%r12,%r11,8),%r12
+- movq 0(%rax,%r10,8),%xmm4
+- movq 8(%rax,%r10,8),%xmm5
+- movq 16(%rax,%r10,8),%xmm6
+- movq 24(%rax,%r10,8),%xmm7
++ leaq 128(%rdx),%r12
++ movdqa 0(%r10),%xmm0
++ movdqa 16(%r10),%xmm1
++ leaq 24-112(%rsp,%r9,8),%r10
++ andq $-16,%r10
+
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
++ pshufd $0,%xmm5,%xmm5
++ movdqa %xmm1,%xmm4
++ movdqa %xmm1,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++.byte 0x67
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,112(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,128(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,144(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,160(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,176(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,192(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,208(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,224(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,240(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,256(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,272(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,288(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,304(%r10)
++
++ paddd %xmm2,%xmm3
++.byte 0x67
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,320(%r10)
++
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,336(%r10)
++ pand 64(%r12),%xmm0
++
++ pand 80(%r12),%xmm1
++ pand 96(%r12),%xmm2
++ movdqa %xmm3,352(%r10)
++ pand 112(%r12),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa -128(%r12),%xmm4
++ movdqa -112(%r12),%xmm5
++ movdqa -96(%r12),%xmm2
++ pand 112(%r10),%xmm4
++ movdqa -80(%r12),%xmm3
++ pand 128(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 144(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 160(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa -64(%r12),%xmm4
++ movdqa -48(%r12),%xmm5
++ movdqa -32(%r12),%xmm2
++ pand 176(%r10),%xmm4
++ movdqa -16(%r12),%xmm3
++ pand 192(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 208(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 224(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa 0(%r12),%xmm4
++ movdqa 16(%r12),%xmm5
++ movdqa 32(%r12),%xmm2
++ pand 240(%r10),%xmm4
++ movdqa 48(%r12),%xmm3
++ pand 256(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 272(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 288(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
+ por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
++ pshufd $78,%xmm0,%xmm1
++ por %xmm1,%xmm0
+ leaq 256(%r12),%r12
+- por %xmm3,%xmm0
+-
+ .byte 102,72,15,126,195
+
+ movq (%r8),%r8
+@@ -63,29 +169,14 @@
+ xorq %r14,%r14
+ xorq %r15,%r15
+
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+-
+ movq %r8,%rbp
+ mulq %rbx
+ movq %rax,%r10
+ movq (%rcx),%rax
+
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq %r10,%rbp
+ movq %rdx,%r11
+
+- por %xmm2,%xmm0
+- leaq 256(%r12),%r12
+- por %xmm3,%xmm0
+-
+ mulq %rbp
+ addq %rax,%r10
+ movq 8(%rsi),%rax
+@@ -118,8 +209,6 @@
+ cmpq %r9,%r15
+ jne .L1st
+
+-.byte 102,72,15,126,195
+-
+ addq %rax,%r13
+ movq (%rsi),%rax
+ adcq $0,%rdx
+@@ -139,33 +228,76 @@
+ jmp .Louter
+ .align 16
+ .Louter:
++ leaq 24+128(%rsp,%r9,8),%rdx
++ andq $-16,%rdx
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++ movdqa -128(%r12),%xmm0
++ movdqa -112(%r12),%xmm1
++ movdqa -96(%r12),%xmm2
++ movdqa -80(%r12),%xmm3
++ pand -128(%rdx),%xmm0
++ pand -112(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand -96(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand -80(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa -64(%r12),%xmm0
++ movdqa -48(%r12),%xmm1
++ movdqa -32(%r12),%xmm2
++ movdqa -16(%r12),%xmm3
++ pand -64(%rdx),%xmm0
++ pand -48(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand -32(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand -16(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 0(%r12),%xmm0
++ movdqa 16(%r12),%xmm1
++ movdqa 32(%r12),%xmm2
++ movdqa 48(%r12),%xmm3
++ pand 0(%rdx),%xmm0
++ pand 16(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand 32(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand 48(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 64(%r12),%xmm0
++ movdqa 80(%r12),%xmm1
++ movdqa 96(%r12),%xmm2
++ movdqa 112(%r12),%xmm3
++ pand 64(%rdx),%xmm0
++ pand 80(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand 96(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand 112(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ por %xmm5,%xmm4
++ pshufd $78,%xmm4,%xmm0
++ por %xmm4,%xmm0
++ leaq 256(%r12),%r12
++.byte 102,72,15,126,195
++
+ xorq %r15,%r15
+ movq %r8,%rbp
+ movq (%rsp),%r10
+
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+-
+ mulq %rbx
+ addq %rax,%r10
+ movq (%rcx),%rax
+ adcq $0,%rdx
+
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq %r10,%rbp
+ movq %rdx,%r11
+
+- por %xmm2,%xmm0
+- leaq 256(%r12),%r12
+- por %xmm3,%xmm0
+-
+ mulq %rbp
+ addq %rax,%r10
+ movq 8(%rsi),%rax
+@@ -201,8 +333,6 @@
+ cmpq %r9,%r15
+ jne .Linner
+
+-.byte 102,72,15,126,195
+-
+ addq %rax,%r13
+ movq (%rsi),%rax
+ adcq $0,%rdx
+@@ -256,6 +386,7 @@
+
+ movq 8(%rsp,%r9,8),%rsi
+ movq $1,%rax
++
+ movq (%rsi),%r15
+ movq 8(%rsi),%r14
+ movq 16(%rsi),%r13
+@@ -271,7 +402,8 @@
+ bn_mul4x_mont_gather5:
+ .Lmul4x_enter:
+ movl %r9d,%r9d
+- movl 8(%rsp),%r10d
++ movd 8(%rsp),%xmm5
++ leaq .Linc(%rip),%r10
+ pushq %rbx
+ pushq %rbp
+ pushq %r12
+@@ -278,42 +410,148 @@
+ pushq %r13
+ pushq %r14
+ pushq %r15
++
++.Lmul4x_alloca:
+ movq %rsp,%rax
+ leaq 4(%r9),%r11
+ negq %r11
+- leaq (%rsp,%r11,8),%rsp
++ leaq -256(%rsp,%r11,8),%rsp
+ andq $-1024,%rsp
+
+ movq %rax,8(%rsp,%r9,8)
+ .Lmul4x_body:
+ movq %rdi,16(%rsp,%r9,8)
+- movq %rdx,%r12
+- movq %r10,%r11
+- shrq $3,%r10
+- andq $7,%r11
+- notq %r10
+- leaq .Lmagic_masks(%rip),%rax
+- andq $3,%r10
+- leaq 96(%r12,%r11,8),%r12
+- movq 0(%rax,%r10,8),%xmm4
+- movq 8(%rax,%r10,8),%xmm5
+- movq 16(%rax,%r10,8),%xmm6
+- movq 24(%rax,%r10,8),%xmm7
++ leaq 128(%rdx),%r12
++ movdqa 0(%r10),%xmm0
++ movdqa 16(%r10),%xmm1
++ leaq 32-112(%rsp,%r9,8),%r10
+
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
++ pshufd $0,%xmm5,%xmm5
++ movdqa %xmm1,%xmm4
++.byte 0x67,0x67
++ movdqa %xmm1,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++.byte 0x67
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,112(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,128(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,144(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,160(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,176(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,192(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,208(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,224(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,240(%r10)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,256(%r10)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,272(%r10)
++ movdqa %xmm4,%xmm2
++
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,288(%r10)
++ movdqa %xmm4,%xmm3
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,304(%r10)
++
++ paddd %xmm2,%xmm3
++.byte 0x67
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,320(%r10)
++
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,336(%r10)
++ pand 64(%r12),%xmm0
++
++ pand 80(%r12),%xmm1
++ pand 96(%r12),%xmm2
++ movdqa %xmm3,352(%r10)
++ pand 112(%r12),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa -128(%r12),%xmm4
++ movdqa -112(%r12),%xmm5
++ movdqa -96(%r12),%xmm2
++ pand 112(%r10),%xmm4
++ movdqa -80(%r12),%xmm3
++ pand 128(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 144(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 160(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa -64(%r12),%xmm4
++ movdqa -48(%r12),%xmm5
++ movdqa -32(%r12),%xmm2
++ pand 176(%r10),%xmm4
++ movdqa -16(%r12),%xmm3
++ pand 192(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 208(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 224(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
++ movdqa 0(%r12),%xmm4
++ movdqa 16(%r12),%xmm5
++ movdqa 32(%r12),%xmm2
++ pand 240(%r10),%xmm4
++ movdqa 48(%r12),%xmm3
++ pand 256(%r10),%xmm5
++ por %xmm4,%xmm0
++ pand 272(%r10),%xmm2
++ por %xmm5,%xmm1
++ pand 288(%r10),%xmm3
++ por %xmm2,%xmm0
++ por %xmm3,%xmm1
+ por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
++ pshufd $78,%xmm0,%xmm1
++ por %xmm1,%xmm0
+ leaq 256(%r12),%r12
+- por %xmm3,%xmm0
++.byte 102,72,15,126,195
+
+-.byte 102,72,15,126,195
+ movq (%r8),%r8
+ movq (%rsi),%rax
+
+@@ -320,29 +558,14 @@
+ xorq %r14,%r14
+ xorq %r15,%r15
+
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+-
+ movq %r8,%rbp
+ mulq %rbx
+ movq %rax,%r10
+ movq (%rcx),%rax
+
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq %r10,%rbp
+ movq %rdx,%r11
+
+- por %xmm2,%xmm0
+- leaq 256(%r12),%r12
+- por %xmm3,%xmm0
+-
+ mulq %rbp
+ addq %rax,%r10
+ movq 8(%rsi),%rax
+@@ -460,8 +683,6 @@
+ movq %rdi,-16(%rsp,%r15,8)
+ movq %rdx,%r13
+
+-.byte 102,72,15,126,195
+-
+ xorq %rdi,%rdi
+ addq %r10,%r13
+ adcq $0,%rdi
+@@ -471,12 +692,64 @@
+ leaq 1(%r14),%r14
+ .align 4
+ .Louter4x:
++ leaq 32+128(%rsp,%r9,8),%rdx
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++ movdqa -128(%r12),%xmm0
++ movdqa -112(%r12),%xmm1
++ movdqa -96(%r12),%xmm2
++ movdqa -80(%r12),%xmm3
++ pand -128(%rdx),%xmm0
++ pand -112(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand -96(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand -80(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa -64(%r12),%xmm0
++ movdqa -48(%r12),%xmm1
++ movdqa -32(%r12),%xmm2
++ movdqa -16(%r12),%xmm3
++ pand -64(%rdx),%xmm0
++ pand -48(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand -32(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand -16(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 0(%r12),%xmm0
++ movdqa 16(%r12),%xmm1
++ movdqa 32(%r12),%xmm2
++ movdqa 48(%r12),%xmm3
++ pand 0(%rdx),%xmm0
++ pand 16(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand 32(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand 48(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 64(%r12),%xmm0
++ movdqa 80(%r12),%xmm1
++ movdqa 96(%r12),%xmm2
++ movdqa 112(%r12),%xmm3
++ pand 64(%rdx),%xmm0
++ pand 80(%rdx),%xmm1
++ por %xmm0,%xmm4
++ pand 96(%rdx),%xmm2
++ por %xmm1,%xmm5
++ pand 112(%rdx),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ por %xmm5,%xmm4
++ pshufd $78,%xmm4,%xmm0
++ por %xmm4,%xmm0
++ leaq 256(%r12),%r12
++.byte 102,72,15,126,195
++
+ xorq %r15,%r15
+- movq -96(%r12),%xmm0
+- movq -32(%r12),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%r12),%xmm2
+- pand %xmm5,%xmm1
+
+ movq (%rsp),%r10
+ movq %r8,%rbp
+@@ -485,18 +758,9 @@
+ movq (%rcx),%rax
+ adcq $0,%rdx
+
+- movq 96(%r12),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+-
+ imulq %r10,%rbp
+ movq %rdx,%r11
+
+- por %xmm2,%xmm0
+- leaq 256(%r12),%r12
+- por %xmm3,%xmm0
+-
+ mulq %rbp
+ addq %rax,%r10
+ movq 8(%rsi),%rax
+@@ -628,7 +892,6 @@
+ movq %r13,-24(%rsp,%r15,8)
+ movq %rdx,%r13
+
+-.byte 102,72,15,126,195
+ movq %rdi,-16(%rsp,%r15,8)
+
+ xorq %rdi,%rdi
+@@ -712,6 +975,7 @@
+ movdqu %xmm2,16(%rdi,%r14,1)
+ movq 8(%rsp,%r9,8),%rsi
+ movq $1,%rax
++
+ movq (%rsi),%r15
+ movq 8(%rsi),%r14
+ movq 16(%rsi),%r13
+@@ -744,42 +1008,167 @@
+ .type bn_gather5,@function
+ .align 16
+ bn_gather5:
+- movq %rcx,%r11
+- shrq $3,%rcx
+- andq $7,%r11
+- notq %rcx
+- leaq .Lmagic_masks(%rip),%rax
+- andq $3,%rcx
+- leaq 96(%rdx,%r11,8),%rdx
+- movq 0(%rax,%rcx,8),%xmm4
+- movq 8(%rax,%rcx,8),%xmm5
+- movq 16(%rax,%rcx,8),%xmm6
+- movq 24(%rax,%rcx,8),%xmm7
++.LSEH_begin_bn_gather5:
++
++.byte 0x4c,0x8d,0x14,0x24
++.byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00
++ leaq .Linc(%rip),%rax
++ andq $-16,%rsp
++
++ movd %ecx,%xmm5
++ movdqa 0(%rax),%xmm0
++ movdqa 16(%rax),%xmm1
++ leaq 128(%rdx),%r11
++ leaq 128(%rsp),%rax
++
++ pshufd $0,%xmm5,%xmm5
++ movdqa %xmm1,%xmm4
++ movdqa %xmm1,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm4,%xmm3
++
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,-128(%rax)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,-112(%rax)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,-96(%rax)
++ movdqa %xmm4,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,-80(%rax)
++ movdqa %xmm4,%xmm3
++
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,-64(%rax)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,-48(%rax)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,-32(%rax)
++ movdqa %xmm4,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,-16(%rax)
++ movdqa %xmm4,%xmm3
++
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,0(%rax)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,16(%rax)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,32(%rax)
++ movdqa %xmm4,%xmm2
++ paddd %xmm0,%xmm1
++ pcmpeqd %xmm5,%xmm0
++ movdqa %xmm3,48(%rax)
++ movdqa %xmm4,%xmm3
++
++ paddd %xmm1,%xmm2
++ pcmpeqd %xmm5,%xmm1
++ movdqa %xmm0,64(%rax)
++ movdqa %xmm4,%xmm0
++
++ paddd %xmm2,%xmm3
++ pcmpeqd %xmm5,%xmm2
++ movdqa %xmm1,80(%rax)
++ movdqa %xmm4,%xmm1
++
++ paddd %xmm3,%xmm0
++ pcmpeqd %xmm5,%xmm3
++ movdqa %xmm2,96(%rax)
++ movdqa %xmm4,%xmm2
++ movdqa %xmm3,112(%rax)
+ jmp .Lgather
+-.align 16
++
++.align 32
+ .Lgather:
+- movq -96(%rdx),%xmm0
+- movq -32(%rdx),%xmm1
+- pand %xmm4,%xmm0
+- movq 32(%rdx),%xmm2
+- pand %xmm5,%xmm1
+- movq 96(%rdx),%xmm3
+- pand %xmm6,%xmm2
+- por %xmm1,%xmm0
+- pand %xmm7,%xmm3
+- por %xmm2,%xmm0
+- leaq 256(%rdx),%rdx
+- por %xmm3,%xmm0
+-
++ pxor %xmm4,%xmm4
++ pxor %xmm5,%xmm5
++ movdqa -128(%r11),%xmm0
++ movdqa -112(%r11),%xmm1
++ movdqa -96(%r11),%xmm2
++ pand -128(%rax),%xmm0
++ movdqa -80(%r11),%xmm3
++ pand -112(%rax),%xmm1
++ por %xmm0,%xmm4
++ pand -96(%rax),%xmm2
++ por %xmm1,%xmm5
++ pand -80(%rax),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa -64(%r11),%xmm0
++ movdqa -48(%r11),%xmm1
++ movdqa -32(%r11),%xmm2
++ pand -64(%rax),%xmm0
++ movdqa -16(%r11),%xmm3
++ pand -48(%rax),%xmm1
++ por %xmm0,%xmm4
++ pand -32(%rax),%xmm2
++ por %xmm1,%xmm5
++ pand -16(%rax),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 0(%r11),%xmm0
++ movdqa 16(%r11),%xmm1
++ movdqa 32(%r11),%xmm2
++ pand 0(%rax),%xmm0
++ movdqa 48(%r11),%xmm3
++ pand 16(%rax),%xmm1
++ por %xmm0,%xmm4
++ pand 32(%rax),%xmm2
++ por %xmm1,%xmm5
++ pand 48(%rax),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ movdqa 64(%r11),%xmm0
++ movdqa 80(%r11),%xmm1
++ movdqa 96(%r11),%xmm2
++ pand 64(%rax),%xmm0
++ movdqa 112(%r11),%xmm3
++ pand 80(%rax),%xmm1
++ por %xmm0,%xmm4
++ pand 96(%rax),%xmm2
++ por %xmm1,%xmm5
++ pand 112(%rax),%xmm3
++ por %xmm2,%xmm4
++ por %xmm3,%xmm5
++ por %xmm5,%xmm4
++ leaq 256(%r11),%r11
++ pshufd $78,%xmm4,%xmm0
++ por %xmm4,%xmm0
+ movq %xmm0,(%rdi)
+ leaq 8(%rdi),%rdi
+ subq $1,%rsi
+ jnz .Lgather
++
++ leaq (%r10),%rsp
+ .byte 0xf3,0xc3
+ .LSEH_end_bn_gather5:
+ .size bn_gather5,.-bn_gather5
+ .align 64
+-.Lmagic_masks:
+-.long 0,0, 0,0, 0,0, -1,-1
+-.long 0,0, 0,0, 0,0, 0,0
++.Linc:
++.long 0,0, 1,1
++.long 2,2, 2,2
+ .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
Property changes on: head/share/security/patches/SA-16:12/openssl-10.2.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-10.2.patch.asc
===================================================================
--- head/share/security/patches/SA-16:12/openssl-10.2.patch.asc (nonexistent)
+++ head/share/security/patches/SA-16:12/openssl-10.2.patch.asc (revision 48363)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAABCgAGBQJW4Uc6AAoJEO1n7NZdz2rnrIoP/2/UGUonUC5BKXx4zf32rNSh
+TbyYxBTZiQAEqhUaK3H8B/F0ez3gmhv7KN4mXBy0IzCNzCrstq467EaCIhzeYVwR
+xwvKUwJptE75YjsqqGR5g6gr2AL9bSNdSt9nOCsRfYlvqU67V0VaLu4daxuok6Wz
+V6T7kySTJlFWNKyLtL1GZwX8CU2C1r63+dzQHF/vNKCnHXott6zgvS2NjAfIOs8z
+OFXh5RTEdZuyXzyTPd62SZGpZRVfvVIr/oZPOeVvQWbpUSN5UZjFHxA0l47rOJ/Z
+3qZENsxm43JKpUOE7dw16mD/0GVT+lXNmwei4KBNzQPnCeuDCF391uq2Xy5c2d3C
+af+PFH5305IgleKGV7yNfJ16AD+gQiOPORMcv4gtFiw8HN9hzXf0phKOfS6QEkW8
+PgVFJz171iQsV0dRugCeNcGegRthLDJ02U+aZ345wH10cYCvIJnzr4tEQqsTz6sb
+ZavJz62PWf1IpACdjJbEV+h16uHgqMXw9WImEhsjhIrtScvxfPzJVqAlkFbKJHPU
+oRm4iDmz5NTIUDEgTGP5NhqeE5+r/6uqhwVl7iCdKRVwy19XgixIJUC3ltfP3oPl
+eMq8Of5358n/vjB1h5gWJi+fIuLn+5NiRAAUu+kcXSdPuNb98DCKYXnD2plf2v1j
+GUydikj+tgEMgvW/+BaZ
+=X7i6
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-16:12/openssl-10.2.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-9.3-fix.patch
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes on: head/share/security/patches/SA-16:12/openssl-9.3-fix.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc
===================================================================
--- head/share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc (nonexistent)
+++ head/share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc (revision 48363)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAABCgAGBQJW4Uc6AAoJEO1n7NZdz2rnlbcQAOE5i1wKTaq6tM3neMf7CRfd
+lsb+VIHnaPu4kZFhUKxCx0XhdaZ1UF/lB0x4VMOb8GKwLcz7r/0vjym0ibuyW+T6
+/8oPzpZAsVM8KQEs4YzJDOPbG/Pq2TQJyvDSo1QtupyckaQlRMy9mPwWxxnrP6qQ
+poxqDP3UHYx8bl4PtTzYIX9b14d3ZFfcdyTrHGOQhhyCN76EBMRyfmGQqpXrOxcn
+BsHO94a/slwjB+8OL6InUe91y8hVVazC2zT+KkDP8IAx61Z0y0lHJaQd3eRB+shm
+i67XBoOV+m12y4pI+ic3/Yg/BH9OwMMd+msJ83V/8bA6EmG7+AkuTEKcWXrCpHeX
+zWG6HbycZM2vuPdUG6j7ofZlCanNI8uMlVk4rCRi7zAcj0jSMRX1sjukwITt2nJ2
+32uIdAdGNJ1+6bjMgiAGGYzjaq7YFWrS6lMQsYTswJ5dQFxYhT0yqxbrWtgG6Dqw
+GIWoUrcSvPtVjqOa48lH2G+gny0vOvuElb7OZYNmRmIWbR2YBolKjBE1Oz665OkV
+9xfRAMdDMKAkLZAai+0HB5HNuoe9/M+jmQc+wBV94aH0KwW7E38HW1Njs7HSEuoT
+YpD5ZA7VoLKKtZqzpoJH6qVrIyTc7T0hRYLI6IWE5xOX9mSRRSeMGshuzE4L0tce
+TAsjrzJeJx/kCH7VmUIt
+=enos
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-9.3.patch.xz
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/x-xz
Property changes on: head/share/security/patches/SA-16:12/openssl-9.3.patch.xz
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-xz
\ No newline at end of property
Index: head/share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc
===================================================================
--- head/share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc (nonexistent)
+++ head/share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc (revision 48363)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAABCgAGBQJW4Uc7AAoJEO1n7NZdz2rnjuwP/0FNSZquQqyi82z9F21XXrZO
+X/jXgY4YGYRuUj08G9rnGV1i7dBzVwILP+8dssDvYH/I+GvH4LxP2ZlAoB2eH6a5
+zfXw4t8qx82gHDlSmB1Dl4x/Dp0KDHTVuyL4ndJ62mhdYEuYbp5nwGV91qJXSAKh
+2gDqhT6OPQBVwMFE8aBAqzgjGATuix5Nghz0a0Y2U/rwTBo/lC2kEIUtwYijHlOp
+ec9RKA4xGkZXQRPKZHKpNO55nLa/eCK2xNBj/mfFoPj2wObvc0oKBAKVHrHxanlZ
+GzS1N4Q+Wez9wD4kwC4lHRf7sGu7S9wctRrguh30NFvfmV/ohDqrV9q9xJi4x7DR
+kURN9AWm0i//jme62APHonfLRixBFb224tMeA8I9Ukq1vXLmiEhof1UH6XluuuMd
+I7hqnsJI0OnnrMVOxUohWNLJKqwf/CrotSya0QA7V++zNXGTe1qhiQy6dzCnKv33
+FRq4eHN7gvMFbWJEHrfD0lDL4w+uHgpF98X65mPUDHgdTu1gB1UapTIdHZq0liCB
+KshW62lZnKWiKc1ruiJTRGW/lkRRxGmsIjkXu8z84+No6RVqnDrKEcnjIShTKI4W
+QTWKvsli19xWzMV8Z0uEFI1ZytnT6quaEladlcV1twvDTIvMYmti3LePncy6ll4Y
+l1lvgiSD5ZryDIirSEpz
+=4aXD
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:13/bind.patch
===================================================================
--- head/share/security/patches/SA-16:13/bind.patch (nonexistent)
+++ head/share/security/patches/SA-16:13/bind.patch (revision 48363)
@@ -0,0 +1,428 @@
+--- contrib/bind9/bin/named/control.c.orig
++++ contrib/bind9/bin/named/control.c
+@@ -69,7 +69,7 @@
+ #endif
+
+ data = isccc_alist_lookup(message, "_data");
+- if (data == NULL) {
++ if (!isccc_alist_alistp(data)) {
+ /*
+ * No data section.
+ */
+--- contrib/bind9/bin/named/controlconf.c.orig
++++ contrib/bind9/bin/named/controlconf.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (C) 2004-2008, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001-2003 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+@@ -396,7 +396,7 @@
+ * Limit exposure to replay attacks.
+ */
+ _ctrl = isccc_alist_lookup(request, "_ctrl");
+- if (_ctrl == NULL) {
++ if (!isccc_alist_alistp(_ctrl)) {
+ log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ goto cleanup_request;
+ }
+--- contrib/bind9/bin/rndc/rndc.c.orig
++++ contrib/bind9/bin/rndc/rndc.c
+@@ -252,8 +252,8 @@
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ data = isccc_alist_lookup(response, "_data");
+- if (data == NULL)
+- fatal("no data section in response");
++ if (!isccc_alist_alistp(data))
++ fatal("bad or missing data section in response");
+ result = isccc_cc_lookupstring(data, "err", &errormsg);
+ if (result == ISC_R_SUCCESS) {
+ failed = ISC_TRUE;
+@@ -316,8 +316,8 @@
+ DO("parse message", isccc_cc_fromwire(&source, &response, &secret));
+
+ _ctrl = isccc_alist_lookup(response, "_ctrl");
+- if (_ctrl == NULL)
+- fatal("_ctrl section missing");
++ if (!isccc_alist_alistp(_ctrl))
++ fatal("bad or missing ctrl section in response");
+ nonce = 0;
+ if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+ nonce = 0;
+--- contrib/bind9/lib/dns/resolver.c.orig
++++ contrib/bind9/lib/dns/resolver.c
+@@ -5385,14 +5385,11 @@
+ }
+
+ static inline isc_result_t
+-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+- dns_name_t *oname, dns_fixedname_t *fixeddname)
++dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
++ unsigned int nlabels, dns_fixedname_t *fixeddname)
+ {
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+- unsigned int nlabels;
+- int order;
+- dns_namereln_t namereln;
+ dns_rdata_dname_t dname;
+ dns_fixedname_t prefix;
+
+@@ -5407,21 +5404,6 @@
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+- /*
+- * Get the prefix of qname.
+- */
+- namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
+- if (namereln != dns_namereln_subdomain) {
+- char qbuf[DNS_NAME_FORMATSIZE];
+- char obuf[DNS_NAME_FORMATSIZE];
+-
+- dns_rdata_freestruct(&dname);
+- dns_name_format(qname, qbuf, sizeof(qbuf));
+- dns_name_format(oname, obuf, sizeof(obuf));
+- log_formerr(fctx, "unrelated DNAME in answer: "
+- "%s is not in %s", qbuf, obuf);
+- return (DNS_R_FORMERR);
+- }
+ dns_fixedname_init(&prefix);
+ dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
+ dns_fixedname_init(fixeddname);
+@@ -6034,13 +6016,13 @@
+ answer_response(fetchctx_t *fctx) {
+ isc_result_t result;
+ dns_message_t *message;
+- dns_name_t *name, *qname, tname, *ns_name;
++ dns_name_t *name, *dname = NULL, *qname, tname, *ns_name;
+ dns_rdataset_t *rdataset, *ns_rdataset;
+ isc_boolean_t done, external, chaining, aa, found, want_chaining;
+ isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
+ unsigned int aflag;
+ dns_rdatatype_t type;
+- dns_fixedname_t dname, fqname;
++ dns_fixedname_t fdname, fqname;
+ dns_view_t *view;
+
+ FCTXTRACE("answer_response");
+@@ -6068,10 +6050,15 @@
+ view = fctx->res->view;
+ result = dns_message_firstname(message, DNS_SECTION_ANSWER);
+ while (!done && result == ISC_R_SUCCESS) {
++ dns_namereln_t namereln;
++ int order;
++ unsigned int nlabels;
++
+ name = NULL;
+ dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
+ external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
+- if (dns_name_equal(name, qname)) {
++ namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
++ if (namereln == dns_namereln_equal) {
+ wanted_chaining = ISC_FALSE;
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+@@ -6196,10 +6183,11 @@
+ */
+ INSIST(!external);
+ if (aflag ==
+- DNS_RDATASETATTR_ANSWER)
++ DNS_RDATASETATTR_ANSWER) {
+ have_answer = ISC_TRUE;
+- name->attributes |=
+- DNS_NAMEATTR_ANSWER;
++ name->attributes |=
++ DNS_NAMEATTR_ANSWER;
++ }
+ rdataset->attributes |= aflag;
+ if (aa)
+ rdataset->trust =
+@@ -6254,6 +6242,8 @@
+ if (wanted_chaining)
+ chaining = ISC_TRUE;
+ } else {
++ dns_rdataset_t *dnameset = NULL;
++
+ /*
+ * Look for a DNAME (or its SIG). Anything else is
+ * ignored.
+@@ -6261,32 +6251,56 @@
+ wanted_chaining = ISC_FALSE;
+ for (rdataset = ISC_LIST_HEAD(name->list);
+ rdataset != NULL;
+- rdataset = ISC_LIST_NEXT(rdataset, link)) {
+- isc_boolean_t found_dname = ISC_FALSE;
+- dns_name_t *dname_name;
++ rdataset = ISC_LIST_NEXT(rdataset, link))
++ {
++ /*
++ * Only pass DNAME or RRSIG(DNAME).
++ */
++ if (rdataset->type != dns_rdatatype_dname &&
++ (rdataset->type != dns_rdatatype_rrsig ||
++ rdataset->covers != dns_rdatatype_dname))
++ continue;
+
+- found = ISC_FALSE;
++ /*
++ * If we're not chaining, then the DNAME and
++ * its signature should not be external.
++ */
++ if (!chaining && external) {
++ char qbuf[DNS_NAME_FORMATSIZE];
++ char obuf[DNS_NAME_FORMATSIZE];
++
++ dns_name_format(name, qbuf,
++ sizeof(qbuf));
++ dns_name_format(&fctx->domain, obuf,
++ sizeof(obuf));
++ log_formerr(fctx, "external DNAME or "
++ "RRSIG covering DNAME "
++ "in answer: %s is "
++ "not in %s", qbuf, obuf);
++ return (DNS_R_FORMERR);
++ }
++
++ if (namereln != dns_namereln_subdomain) {
++ char qbuf[DNS_NAME_FORMATSIZE];
++ char obuf[DNS_NAME_FORMATSIZE];
++
++ dns_name_format(qname, qbuf,
++ sizeof(qbuf));
++ dns_name_format(name, obuf,
++ sizeof(obuf));
++ log_formerr(fctx, "unrelated DNAME "
++ "in answer: %s is "
++ "not in %s", qbuf, obuf);
++ return (DNS_R_FORMERR);
++ }
++
+ aflag = 0;
+ if (rdataset->type == dns_rdatatype_dname) {
+- /*
+- * We're looking for something else,
+- * but we found a DNAME.
+- *
+- * If we're not chaining, then the
+- * DNAME should not be external.
+- */
+- if (!chaining && external) {
+- log_formerr(fctx,
+- "external DNAME");
+- return (DNS_R_FORMERR);
+- }
+- found = ISC_TRUE;
+ want_chaining = ISC_TRUE;
+ POST(want_chaining);
+ aflag = DNS_RDATASETATTR_ANSWER;
+- result = dname_target(fctx, rdataset,
+- qname, name,
+- &dname);
++ result = dname_target(rdataset, qname,
++ nlabels, &fdname);
+ if (result == ISC_R_NOSPACE) {
+ /*
+ * We can't construct the
+@@ -6298,90 +6312,73 @@
+ } else if (result != ISC_R_SUCCESS)
+ return (result);
+ else
+- found_dname = ISC_TRUE;
++ dnameset = rdataset;
+
+- dname_name = dns_fixedname_name(&dname);
++ dname = dns_fixedname_name(&fdname);
+ if (!is_answertarget_allowed(view,
+- qname,
+- rdataset->type,
+- dname_name,
+- &fctx->domain)) {
++ qname, rdataset->type,
++ dname, &fctx->domain)) {
+ return (DNS_R_SERVFAIL);
+ }
+- } else if (rdataset->type == dns_rdatatype_rrsig
+- && rdataset->covers ==
+- dns_rdatatype_dname) {
++ } else {
+ /*
+ * We've found a signature that
+ * covers the DNAME.
+ */
+- found = ISC_TRUE;
+ aflag = DNS_RDATASETATTR_ANSWERSIG;
+ }
+
+- if (found) {
++ /*
++ * We've found an answer to our
++ * question.
++ */
++ name->attributes |= DNS_NAMEATTR_CACHE;
++ rdataset->attributes |= DNS_RDATASETATTR_CACHE;
++ rdataset->trust = dns_trust_answer;
++ if (!chaining) {
+ /*
+- * We've found an answer to our
+- * question.
++ * This data is "the" answer to
++ * our question only if we're
++ * not chaining.
+ */
+- name->attributes |=
+- DNS_NAMEATTR_CACHE;
+- rdataset->attributes |=
+- DNS_RDATASETATTR_CACHE;
+- rdataset->trust = dns_trust_answer;
+- if (!chaining) {
+- /*
+- * This data is "the" answer
+- * to our question only if
+- * we're not chaining.
+- */
+- INSIST(!external);
+- if (aflag ==
+- DNS_RDATASETATTR_ANSWER)
+- have_answer = ISC_TRUE;
++ INSIST(!external);
++ if (aflag == DNS_RDATASETATTR_ANSWER) {
++ have_answer = ISC_TRUE;
+ name->attributes |=
+ DNS_NAMEATTR_ANSWER;
+- rdataset->attributes |= aflag;
+- if (aa)
+- rdataset->trust =
+- dns_trust_authanswer;
+- } else if (external) {
+- rdataset->attributes |=
+- DNS_RDATASETATTR_EXTERNAL;
+ }
+-
+- /*
+- * DNAME chaining.
+- */
+- if (found_dname) {
+- /*
+- * Copy the dname into the
+- * qname fixed name.
+- *
+- * Although we check for
+- * failure of the copy
+- * operation, in practice it
+- * should never fail since
+- * we already know that the
+- * result fits in a fixedname.
+- */
+- dns_fixedname_init(&fqname);
+- result = dns_name_copy(
+- dns_fixedname_name(&dname),
+- dns_fixedname_name(&fqname),
+- NULL);
+- if (result != ISC_R_SUCCESS)
+- return (result);
+- wanted_chaining = ISC_TRUE;
+- name->attributes |=
+- DNS_NAMEATTR_CHAINING;
+- rdataset->attributes |=
+- DNS_RDATASETATTR_CHAINING;
+- qname = dns_fixedname_name(
+- &fqname);
+- }
++ rdataset->attributes |= aflag;
++ if (aa)
++ rdataset->trust =
++ dns_trust_authanswer;
++ } else if (external) {
++ rdataset->attributes |=
++ DNS_RDATASETATTR_EXTERNAL;
+ }
+ }
++
++ /*
++ * DNAME chaining.
++ */
++ if (dnameset != NULL) {
++ /*
++ * Copy the dname into the qname fixed name.
++ *
++ * Although we check for failure of the copy
++ * operation, in practice it should never fail
++ * since we already know that the result fits
++ * in a fixedname.
++ */
++ dns_fixedname_init(&fqname);
++ qname = dns_fixedname_name(&fqname);
++ result = dns_name_copy(dname, qname, NULL);
++ if (result != ISC_R_SUCCESS)
++ return (result);
++ wanted_chaining = ISC_TRUE;
++ name->attributes |= DNS_NAMEATTR_CHAINING;
++ dnameset->attributes |=
++ DNS_RDATASETATTR_CHAINING;
++ }
+ if (wanted_chaining)
+ chaining = ISC_TRUE;
+ }
+--- contrib/bind9/lib/isccc/cc.c.orig
++++ contrib/bind9/lib/isccc/cc.c
+@@ -287,10 +287,10 @@
+ * Extract digest.
+ */
+ _auth = isccc_alist_lookup(alist, "_auth");
+- if (_auth == NULL)
++ if (!isccc_alist_alistp(_auth))
+ return (ISC_R_FAILURE);
+ hmd5 = isccc_alist_lookup(_auth, "hmd5");
+- if (hmd5 == NULL)
++ if (!isccc_sexpr_binaryp(hmd5))
+ return (ISC_R_FAILURE);
+ /*
+ * Compute digest.
+@@ -545,7 +545,7 @@
+ REQUIRE(ackp != NULL && *ackp == NULL);
+
+ _ctrl = isccc_alist_lookup(message, "_ctrl");
+- if (_ctrl == NULL ||
++ if (!isccc_alist_alistp(_ctrl) ||
+ isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
+ return (ISC_R_FAILURE);
+@@ -590,7 +590,7 @@
+ isccc_sexpr_t *_ctrl;
+
+ _ctrl = isccc_alist_lookup(message, "_ctrl");
+- if (_ctrl == NULL)
++ if (!isccc_alist_alistp(_ctrl))
+ return (ISC_FALSE);
+ if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+@@ -603,7 +603,7 @@
+ isccc_sexpr_t *_ctrl;
+
+ _ctrl = isccc_alist_lookup(message, "_ctrl");
+- if (_ctrl == NULL)
++ if (!isccc_alist_alistp(_ctrl))
+ return (ISC_FALSE);
+ if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
+ return (ISC_TRUE);
+@@ -623,7 +623,7 @@
+
+ _ctrl = isccc_alist_lookup(message, "_ctrl");
+ _data = isccc_alist_lookup(message, "_data");
+- if (_ctrl == NULL || _data == NULL ||
++ if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
+ isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
+ return (ISC_R_FAILURE);
+@@ -812,7 +812,7 @@
+ isccc_sexpr_t *_ctrl;
+
+ _ctrl = isccc_alist_lookup(message, "_ctrl");
+- if (_ctrl == NULL ||
++ if (!isccc_alist_alistp(_ctrl) ||
+ isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
+ isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
+ return (ISC_R_FAILURE);
Property changes on: head/share/security/patches/SA-16:13/bind.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:13/bind.patch.asc
===================================================================
--- head/share/security/patches/SA-16:13/bind.patch.asc (nonexistent)
+++ head/share/security/patches/SA-16:13/bind.patch.asc (revision 48363)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.11 (FreeBSD)
+
+iQIcBAABCgAGBQJW4UdnAAoJEO1n7NZdz2rnkqEP/jy9S6RFnw/Xs6JOtzCU2ytH
+d4KQZcqcrR7imlvRu04HJVgYQHXdLOu6matartTAx5pXrLpN6R0KvPMhNdA5A03z
+eGkJ9/O6eeA4y4dRa37mhXt18XAdUPJStxdCayFo30eef9RHNE6vvd0v0WJ1pree
+RTHsDo/gmztdjP9cFT+FqX6rcfZT9rtlfgoEeJLCtGauWFSwQLSWf+FbYT+z/9Te
+sVOANzu8lhmsOiRJlX+c5AsrkcAdtkRCd8NuzSasvACsSJNEZe6lKpCLV/mo5EQ0
+ab6juv5TbRAB6FFlkTmt5sKnaPnzRkoYQ6NBP+MIkJwEFfRkr+vIN+HL8Nkppi8f
+NYuchcREi3xh36Kngcxf+XlAUwLJUfphy5ozzQd1SRDwo8Ne18uQkvCFv80tVXAP
+0NdRo3HhdFUCgsZNZkwDjQ62XEsZAvXmkdAi9K3cUttDFGLcMUxoiat1vyr+D8x2
+suHMf2TMnqMkt7Kemu4oIUpFBKPv39MNS/jpCKloXpg0+pe9rzA+0kJI+Oavv8Ug
+bibRdKfZBxUYwXAK7UB40Rr3iN8dD5DP7E+sW3IvZW5BKug4tg4BqsEeV5oBij5t
+4pjudghKkBlZcRJFsUuwdIY6NDj0b07AwfCg3cPl0QL5KPZMpywCLQ/5Wu2ZtLMh
+xro5vBX3tMouYg1Pqgcj
+=EOBy
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/SA-16:13/bind.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/advisories.xml
===================================================================
--- head/share/xml/advisories.xml (revision 48362)
+++ head/share/xml/advisories.xml (revision 48363)
@@ -1,4090 +1,4106 @@
$FreeBSD$
2016
+ 3
+
+
+ 10
+
+
+ FreeBSD-SA-16:13.bind
+
+
+
+ FreeBSD-SA-16:12.openssl
+
+
+
+
+
1
30
FreeBSD-SA-16:11.openssl
27
FreeBSD-SA-16:10.linux
FreeBSD-SA-16:09.ntp
FreeBSD-SA-16:08.bind
14
FreeBSD-SA-16:07.openssh
FreeBSD-SA-16:06.bsnmpd
FreeBSD-SA-16:05.tcp
FreeBSD-SA-16:04.linux
FreeBSD-SA-16:03.linux
FreeBSD-SA-16:02.ntp
FreeBSD-SA-16:01.sctp
2015
12
16
FreeBSD-SA-15:27.bind
6
FreeBSD-SA-15:26.openssl
10
26
FreeBSD-SA-15:25.ntp
9
29
FreeBSD-SA-15:24.rpcbind
2
FreeBSD-SA-15:23.bind
8
25
FreeBSD-SA-15:22.openssh
FreeBSD-SA-15:21.amd64
18
FreeBSD-SA-15:20.expat
5
FreeBSD-SA-15:19.routed
FreeBSD-SA-15:18.bsdpatch
7
28
FreeBSD-SA-15:17.bind
FreeBSD-SA-15:16.openssh
FreeBSD-SA-15:15.tcp
FreeBSD-SA-15:14.bsdpatch
21
FreeBSD-SA-15:13.tcp
9
FreeBSD-SA-15:12.openssl
7
FreeBSD-SA-15:11.bind
6
12
FreeBSD-SA-15:10.openssl
4
7
FreeBSD-SA-15:09.ipv6
FreeBSD-SA-15:08.bsdinstall
FreeBSD-SA-15:07.ntp
3
19
FreeBSD-SA-15:06.openssl
2
25
FreeBSD-SA-15:05.bind
FreeBSD-SA-15:04.igmp
1
27
FreeBSD-SA-15:03.sctp
FreeBSD-SA-15:02.kmem
14
FreeBSD-SA-15:01.openssl
2014
12
23
FreeBSD-SA-14:31.ntp
17
FreeBSD-SA-14:30.unbound
10
FreeBSD-SA-14:29.bind
FreeBSD-SA-14:28.file
FreeBSD-SA-14:27.stdio
11
04
FreeBSD-SA-14:26.ftp
FreeBSD-SA-14:25.setlogin
FreeBSD-SA-14:24.sshd
10
21
FreeBSD-SA-14:23.openssl
FreeBSD-SA-14:22.namei
FreeBSD-SA-14:21.routed
FreeBSD-SA-14:20.rtsold
9
16
FreeBSD-SA-14:19.tcp
9
FreeBSD-SA-14:18.openssl
7
8
FreeBSD-SA-14:17.kmem
6
24
FreeBSD-SA-14:16.file
FreeBSD-SA-14:15.iconv
5
FreeBSD-SA-14:14.openssl
3
FreeBSD-SA-14:13.pam
FreeBSD-SA-14:12.ktrace
FreeBSD-SA-14:11.sendmail
5
13
FreeBSD-SA-14:10.openssl
4
30
FreeBSD-SA-14:09.openssl
FreeBSD-SA-14:08.tcp
FreeBSD-SA-14:07.devfs
08
FreeBSD-SA-14:06.openssl
FreeBSD-SA-14:05.nfsserver
1
14
FreeBSD-SA-14:04.bind
FreeBSD-SA-14:03.openssl
FreeBSD-SA-14:02.ntpd
FreeBSD-SA-14:01.bsnmpd
2013
11
19
FreeBSD-SA-13:14.openssh
9
10
FreeBSD-SA-13:13.nullfs
FreeBSD-SA-13:12.ifioctl
FreeBSD-SA-13:11.sendfile
8
22
FreeBSD-SA-13:10.sctp
FreeBSD-SA-13:09.ip_multicast
7
26
FreeBSD-SA-13:08.nfsserver
FreeBSD-SA-13:07.bind
6
18
FreeBSD-SA-13:06.mmap
4
29
FreeBSD-SA-13:05.nfsserver
2
FreeBSD-SA-13:04.bind
FreeBSD-SA-13:03.openssl
2
19
FreeBSD-SA-13:02.libc
FreeBSD-SA-13:01.bind
2012
11
22
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
8
6
FreeBSD-SA-12:05.bind
6
12
FreeBSD-SA-12:04.sysret
FreeBSD-SA-12:03.bind
5
30
FreeBSD-SA-12:02.crypt
30
FreeBSD-SA-12:01.openssl
2011
12
23
FreeBSD-SA-11:10.pam
FreeBSD-SA-11:09.pam_ssh
FreeBSD-SA-11:08.telnetd
FreeBSD-SA-11:07.chroot
FreeBSD-SA-11:06.bind
9
28
FreeBSD-SA-11:05.unix
FreeBSD-SA-11:04.compress
FreeBSD-SA-11:03.bind
5
28
FreeBSD-SA-11:02.bind
4
20
FreeBSD-SA-11:01.mountd
2010
11
29
FreeBSD-SA-10:10.openssl
10
FreeBSD-SA-10:09.pseudofs
9
20
FreeBSD-SA-10:08.bzip2
7
13
FreeBSD-SA-10:07.mbuf
5
27
FreeBSD-SA-10:06.nfsclient
FreeBSD-SA-10:05.opie
FreeBSD-SA-10:04.jail
1
6
FreeBSD-SA-10:03.zfs
FreeBSD-SA-10:02.ntpd
FreeBSD-SA-10:01.bind
2009
12
3
FreeBSD-SA-09:17.freebsd-update
FreeBSD-SA-09:16.rtld
FreeBSD-SA-09:15.ssl
10
2
FreeBSD-SA-09:14.devfs
FreeBSD-SA-09:13.pipe
7
29
FreeBSD-SA-09:12.bind
6
10
FreeBSD-SA-09:11.ntpd
FreeBSD-SA-09:10.ipv6
FreeBSD-SA-09:09.pipe
4
22
FreeBSD-SA-09:08.openssl
FreeBSD-SA-09:07.libc
3
23
FreeBSD-SA-09:06.ktimer
2
16
FreeBSD-SA-09:05.telnetd
1
13
FreeBSD-SA-09:04.bind
FreeBSD-SA-09:03.ntpd
7
FreeBSD-SA-09:02.openssl
FreeBSD-SA-09:01.lukemftpd
2008
12
23
FreeBSD-SA-08:13.protosw
FreeBSD-SA-08:12.ftpd
11
24
FreeBSD-SA-08:11.arc4random
10
2
FreeBSD-SA-08:10.nd6
9
3
FreeBSD-SA-08:09.icmp6
FreeBSD-SA-08:08.nmount
FreeBSD-SA-08:07.amd64
7
13
FreeBSD-SA-08:06.bind
4
17
FreeBSD-SA-08:05.openssh
2
14
FreeBSD-SA-08:04.ipsec
FreeBSD-SA-08:03.sendfile
1
18
FreeBSD 6.3-RELEASE
14
FreeBSD-SA-08:02.libc
FreeBSD-SA-08:01.pty
2007
11
29
FreeBSD-SA-07:10.gtar
FreeBSD-SA-07:09.random
10
3
FreeBSD-SA-07:08.openssl
8
1
FreeBSD-SA-07:07.bind
FreeBSD-SA-07:06.tcpdump
7
12
FreeBSD-SA-07:05.libarchive
5
23
FreeBSD-SA-07:04.file
4
26
FreeBSD-SA-07:03.ipv6
2
9
FreeBSD-SA-07:02.bind
1
15
FreeBSD 6.2-RELEASE
11
FreeBSD-SA-07:01.jail
2006
12
6
FreeBSD-SA-06:26.gtar
FreeBSD-SA-06:25.kmem
11
8
FreeBSD-SA-06:24.libarchive
9
30
FreeBSD-SA-06:22.openssh
28
FreeBSD-SA-06:23.openssl
19
FreeBSD-SA-06:21.gzip
6
FreeBSD-SA-06:20.bind
FreeBSD-SA-06:19.openssl
8
23
FreeBSD-SA-06:18.ppp
6
14
FreeBSD-SA-06:17.sendmail
5
31
FreeBSD-SA-06:16.smbfs
FreeBSD-SA-06:15.ypserv
25
FreeBSD 5.5-RELEASE
9
FreeBSD 6.1-RELEASE
4
19
FreeBSD-SA-06:14.fpu
3
22
FreeBSD-SA-06:13.sendmail
FreeBSD-SA-06:12.opie
FreeBSD-SA-06:11.ipsec
1
FreeBSD-SA-06:10.nfs
FreeBSD-SA-06:09.openssh
2
1
FreeBSD-SA-06:08.sack
1
25
FreeBSD-SA-06:07.pf
FreeBSD-SA-06:06.kmem
18
FreeBSD-SA-06:05.80211
11
FreeBSD-SA-06:04.ipfw
FreeBSD-SA-06:03.cpio
FreeBSD-SA-06:02.ee
FreeBSD-SA-06:01.texindex
2005
11
4
FreeBSD 6.0-RELEASE
10
11
FreeBSD-SA-05:21.openssl
9
7
FreeBSD-SA-05:20.cvsbug
7
27
FreeBSD-SA-05:19.ipsec
FreeBSD-SA-05:18.zlib
20
FreeBSD-SA-05:17.devfs
6
FreeBSD-SA-05:16.zlib
6
29
FreeBSD-SA-05:15.tcp
FreeBSD-SA-05:14.bzip2
FreeBSD-SA-05:13.ipfw
9
FreeBSD-SA-05:12.bind9
FreeBSD-SA-05:11.gzip
FreeBSD-SA-05:10.tcpdump
5
13
FreeBSD-SA-05:09.htt
9
FreeBSD 5.4-RELEASE
6
FreeBSD-SA-05:08.kmem
FreeBSD-SA-05:07.ldt
FreeBSD-SA-05:06.iir
4
22
FreeBSD-SA-05:05.cvs
15
FreeBSD-SA-05:04.ifconf
6
FreeBSD-SA-05:03.amd64
4
FreeBSD-SA-05:02.sendfile
3
28
FreeBSD-SA-05:01.telnet
1
25
FreeBSD 4.11-RELEASE
2004
12
1
FreeBSD-SA-04:17.procfs
11
18
FreeBSD-SA-04:16.fetch
6
FreeBSD 5.3-RELEASE
10
4
FreeBSD-SA-04:15.syscons
9
19
FreeBSD-SA-04:14.cvs
6
30
FreeBSD-SA-04:13.linux
7
FreeBSD-SA-04:12.jailroute
5
27
FreeBSD 4.10-RELEASE
19
FreeBSD-SA-04:11.msync
19
FreeBSD-SA-04:10.cvs
5
FreeBSD-SA-04:09.kadmind
FreeBSD-SA-04:08.heimdal
4
15
FreeBSD-SA-04:07.cvs
3
29
FreeBSD-SA-04:06.ipv6
17
FreeBSD-SA-04:05.openssl
2
FreeBSD-SA-04:04.tcp
2
26
FreeBSD 5.2.1-RELEASE
25
FreeBSD-SA-04:03.jail
05
FreeBSD-SA-04:02.shmat
1
30
FreeBSD-SA-04:01.mksnap_ffs
12
FreeBSD 5.2-RELEASE
2003
11
28
FreeBSD-SA-03:19.bind
10
27
FreeBSD 4.9-RELEASE
5
FreeBSD-SA-03:15.openssh
3
FreeBSD-SA-03:18.openssl
FreeBSD-SA-03:17.procfs
2
FreeBSD-SA-03:16.filedesc
9
23
FreeBSD-SA-03:14.arp
17
FreeBSD-SA-03:13.sendmail
16
FreeBSD-SA-03:12.openssh
8
26
FreeBSD-SA-03:11.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170
10
FreeBSD-SA-03:10.ibcs2
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164
FreeBSD-SA-03:09.signal
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163
3
FreeBSD-SA-03:08.realpath
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158
6
9
FreeBSD 5.1-RELEASE
4
8
FreeBSD-SN-03:02
7
FreeBSD-SN-03:01
3
FreeBSD 4.8-RELEASE
3
30
FreeBSD-SA-03:07.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122
21
FreeBSD-SA-03:06.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118
20
FreeBSD-SA-03:05.xdr
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117
3
FreeBSD-SA-03:04.sendmail
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112
2
24
FreeBSD-SA-03:03.syncookies
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106
FreeBSD-SA-03:02.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105
04
FreeBSD-SA-03:01.cvs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100
1
19
FreeBSD 5.0-RELEASE
07
FreeBSD-SA-02:44.filedesc
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090
2002
11
15
FreeBSD-SA-02:43.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084
FreeBSD-SA-02:41.smrsh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082
12
FreeBSD-SA-02:42.resolv
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083
FreeBSD-SA-02:40.kadmind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081
10
10
FreeBSD 4.7-RELEASE
FreeBSD-SN-02:06
9
16
FreeBSD-SA-02:39.libkvm
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051
8
28
FreeBSD-SN-02:05
19
FreeBSD-SA-02:38.signed-error
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041
15
FreeBSD 4.6.2-RELEASE
05
FreeBSD-SA-02:37.kqueue
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033
FreeBSD-SA-02:36.nfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032
FreeBSD-SA-02:35.ffs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031
FreeBSD-SA-02:33.openssl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023
01
FreeBSD-SA-02:34.rpc
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024
7
31
FreeBSD-SA-02:32.pppd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022
15
FreeBSD-SA-02:31.openssh
12
FreeBSD-SA-02:30.ktrace
FreeBSD-SA-02:29.tcpdump
6
26
FreeBSD-SA-02:28.resolv
19
FreeBSD-SN-02:04
15
FreeBSD 4.6-RELEASE
5
29
FreeBSD-SA-02:27.rc
FreeBSD-SA-02:26.accept
28
FreeBSD-SN-02:03
20
FreeBSD-SA-02:25.bzip2
FreeBSD-SA-02:24.k5su
13
FreeBSD-SN-02:02
4
22
FreeBSD-SA-02:23.stdio
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021
18
FreeBSD-SA-02:22.mmap
17
FreeBSD-SA-02:21.tcpip
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980
16
FreeBSD-SA-02:20.syncache
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979
3
30
FreeBSD-SN-02:01
26
FreeBSD-SA-02:19.squid
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960
18
FreeBSD-SA-02:18.zlib
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978
12
FreeBSD-SA-02:17.mod_frontpage
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954
FreeBSD-SA-02:16.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953
FreeBSD-SA-02:15.cyrus-sasl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952
FreeBSD-SA-02:14.pam-pgsql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951
07
FreeBSD-SA-02:13.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945
2
21
FreeBSD-SA-02:12.squid
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938
12
FreeBSD-SA-02:11.snmp
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936
06
FreeBSD-SA-02:10.rsync
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928
FreeBSD-SA-02:09.fstatfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927
1
29
FreeBSD 4.5-RELEASE
24
FreeBSD-SA-02:08.exec
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923
18
FreeBSD-SA-02:07.k5su
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912
16
FreeBSD-SA-02:06.sudo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909
04
FreeBSD-SA-02:05.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894
FreeBSD-SA-02:04.mutt
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893
FreeBSD-SA-02:03.mod_auth_pgsql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892
FreeBSD-SA-02:02.pw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891
FreeBSD-SA-02:01.pkg_add
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898
2001
12
04
FreeBSD-SA-01:64.wu-ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870
02
FreeBSD-SA-01:63.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871
10
08
FreeBSD-SA-01:62.uucp
FreeBSD-SA-01:61.squid
9
24
FreeBSD-SA-01:60.procmail
20
FreeBSD 4.4-RELEASE
04
FreeBSD-SA-01:59.rmuser
8
30
FreeBSD-SA-01:58.lpd
27
FreeBSD-SA-01:57.sendmail
23
FreeBSD-SA-01:56.tcp_wrappers
21
FreeBSD-SA-01:55.procfs
20
FreeBSD-SA-01:54.ports-telnetd
17
FreeBSD-SA-01:53.ipfw
06
FreeBSD-SA-01:52.fragment
7
30
FreeBSD-SA-01:51.openssl
27
FreeBSD-SA-01:50.windowmaker
23
FreeBSD-SA-01:49.telnetd
17
FreeBSD-SA-01:48.tcpdump
10
FreeBSD-SA-01:47.xinetd
FreeBSD-SA-01:46.w3m
FreeBSD-SA-01:45.samba
FreeBSD-SA-01:44.gnupg
FreeBSD-SA-01:43.fetchmail
FreeBSD-SA-01:42.signal
09
FreeBSD-SA-01:41.hanterm
6
04
FreeBSD-SA-01:40.fts
5
02
FreeBSD-SA-01:39.tcp-isn
4
23
FreeBSD-SA-01:38.sudo
FreeBSD-SA-01:37.slrn
FreeBSD-SA-01:36.samba
FreeBSD-SA-01:35.licq
FreeBSD-SA-01:34.hylafax
20
FreeBSD 4.3-RELEASE
17
FreeBSD-SA-01:33.ftpd-glob
16
FreeBSD-SA-01:32.ipfilter
06
FreeBSD-SA-01:31.ntpd
3
22
FreeBSD-SA-01:30.ufs-ext2fs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738
12
FreeBSD-SA-01:29.rwhod
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732
FreeBSD-SA-01:28.timed
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731
FreeBSD-SA-01:27.cfengine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730
FreeBSD-SA-01:26.interbase
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729
FreeBSD-SA-01:23.icecast
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728
2
14
FreeBSD-SA-01:25.kerberosIV
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716
12
FreeBSD-SA-01:24.ssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715
07
FreeBSD-SA-01:22.dc20ctrl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714
FreeBSD-SA-01:21.ja-elvis
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713
FreeBSD-SA-01:20.mars_nwe
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712
FreeBSD-SA-01:19.ja-klock
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707
1
31
FreeBSD-SA-01:18.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706
29
FreeBSD-SA-01:17.exmh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705
FreeBSD-SA-01:16.mysql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704
FreeBSD-SA-01:15.tinyproxy
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703
FreeBSD-SA-01:14.micq
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702
FreeBSD-SA-01:13.sort
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701
FreeBSD-SA-01:12.periodic
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700
FreeBSD-SA-01:11.inetd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699
23
FreeBSD-SA-01:10.bind
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698
FreeBSD-SA-01:09.crontab
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697
FreeBSD-SA-01:08.ipfw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696
FreeBSD-SA-01:07.xfree86
15
FreeBSD-SA-01:06.zope
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669
FreeBSD-SA-01:05.stunnel
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668
FreeBSD-SA-01:04.joe
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667
FreeBSD-SA-01:03.bash1
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666
FreeBSD-SA-01:02.syslog-ng
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665
FreeBSD-SA-01:01.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664
2000
12
20
FreeBSD-SA-00:81.ethereal
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651
FreeBSD-SA-00:80.halflifeserver
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650
FreeBSD-SA-00:79.oops
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649
FreeBSD-SA-00:78.bitchx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648
18
FreeBSD-SA-00:77.procfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647
11
20
FreeBSD-SA-00:76.tcsh-csh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628
FreeBSD-SA-00:75.php
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627
FreeBSD-SA-00:74.gaim
FreeBSD-SA-00:73.thttpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626
FreeBSD-SA-00:72.curl
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625
FreeBSD-SA-00:71.mgetty
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624
14
FreeBSD-SA-00:70.ppp-nat
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623
FreeBSD-SA-00:69.telnetd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622
13
FreeBSD-SA-00:68.ncurses
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621
10
FreeBSD-SA-00:67.gnupg
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620
06
FreeBSD-SA-00:66.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619
FreeBSD-SA-00:65.xfce
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618
FreeBSD-SA-00:64.global
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617
01
FreeBSD-SA-00:63.getnameinfo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589
FreeBSD-SA-00:62.top
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616
10
31
FreeBSD-SA-00:61.tcpdump
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615
30
FreeBSD-SA-00:60.boa
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586
FreeBSD-SA-00:59.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585
FreeBSD-SA-00:58.chpass
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584
13
FreeBSD-SA-00:57.muh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570
FreeBSD-SA-00:56.lprng
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569
FreeBSD-SA-00:55.xpdf
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568
FreeBSD-SA-00:54.fingerd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567
06
FreeBSD-SA-00:52.tcp-iss
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561
9
27
FreeBSD-SA-00:53.catopen
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562
13
FreeBSD-SA-00:51.mailman
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550
FreeBSD-SA-00:50.listmanager
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549
FreeBSD-SA-00:49.eject
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548
FreeBSD-SA-00:48.xchat
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547
FreeBSD-SA-00:47.pine
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546
FreeBSD-SA-00:46.screen
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545
8
31
FreeBSD-SA-00:45.esound
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526
28
FreeBSD-SA-00:44.xlock
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523
FreeBSD-SA-00:43.brouted
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520
FreeBSD-SA-00:42.linux
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530
FreeBSD-SA-00:41.elf
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527
FreeBSD-SA-00:40.mopd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521
FreeBSD-SA-00:39.netscape
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528
14
FreeBSD-SA-00:38.zope
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525
FreeBSD-SA-00:37.cvsweb
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524
FreeBSD-SA-00:36.ntop
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531
FreeBSD-SA-00:35.proftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522
FreeBSD-SA-00:34.dhclient
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529
7
12
FreeBSD-SA-00:33.kerberosIV
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488
05
FreeBSD-SA-00:32.bitchx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487
FreeBSD-SA-00:31.canna
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486
FreeBSD-SA-00:30.openssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485
FreeBSD-SA-00:29.wu-ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489
FreeBSD-SA-00:28.majordomo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484
FreeBSD-SA-00:27.XFree86-4
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483
FreeBSD-SA-00:26.popper
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482
FreeBSD-SA-00:24.libedit
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481
6
19
FreeBSD-SA-00:23.ip-options
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480
12
FreeBSD-SA-00:25.alpha-random
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473
07
FreeBSD-SA-00:22.apsfilter
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461
FreeBSD-SA-00:21.ssh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459
5
26
FreeBSD-SA-00:20.krb5
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452
23
FreeBSD-SA-00:19.semconfig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451
09
FreeBSD-SA-00:18.gnapster.knapster
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429
FreeBSD-SA-00:17.libmytinfo
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442
FreeBSD-SA-00:16.golddig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439
4
24
FreeBSD-SA-00:15.imap-uw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438
FreeBSD-SA-00:14.imap-uw
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441
19
FreeBSD-SA-00:13.generic-nqs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437
10
FreeBSD-SA-00:12.healthd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436
FreeBSD-SA-00:11.ircii
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440
3
15
FreeBSD-SA-00:10.orville-write
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408
FreeBSD-SA-00:09.mtr
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408
FreeBSD-SA-00:08.lynx
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407
FreeBSD-SA-00:07.mh
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411
01
FreeBSD-SA-00:06.htdig
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403
2
28
FreeBSD-SA-00:05.mysql
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402
19
FreeBSD-SA-00:04.delegate
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392
FreeBSD-SA-00:03.asmon
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391
1
24
FreeBSD-SA-00:02.procfs
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380
19
FreeBSD-SA-00:01.make
1999
9
16
FreeBSD-SA-99:06.amd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318
15
FreeBSD-SA-99:05.fts
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313
FreeBSD-SA-99:04.core
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312
05
FreeBSD-SA-99:03.ftpd
http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311
04
FreeBSD-SA-99:02.profil
FreeBSD-SA-99:01.chflags
1998
11
04
FreeBSD-SA-98:08.fragment
10
13
FreeBSD-SA-98:07.rst
6
10
FreeBSD-SA-98:06.icmp
04
FreeBSD-SA-98:05.nfs
02
FreeBSD-SA-98:04.mmap
5
14
FreeBSD-SA-98:03.ttcp
3
12
FreeBSD-SA-98:02.mmap
1997
12
09
FreeBSD-SA-97:06.f00f
01
FreeBSD-SA-98:01.land
10
29
FreeBSD-SA-97:05.open
8
19
FreeBSD-SA-97:04.procfs
4
07
FreeBSD-SA-97:03.sysinstall
3
26
FreeBSD-SA-97:02.lpd
2
05
FreeBSD-SA-97:01.setlocale
1
18
FreeBSD-SA-96:21.talkd
1996
12
16
FreeBSD-SA-96:20.stack-overflow
10
FreeBSD-SA-96:19.modstat
11
25
FreeBSD-SA-96:18.lpr
7
16
FreeBSD-SA-96:17.rzsz
12
FreeBSD-SA-96:16.rdist
04
FreeBSD-SA-96:15.ppp
6
28
FreeBSD-SA-96:12.perl
24
FreeBSD-SA-96:14.ipfw
05
FreeBSD-SA-96:13.comsat
5
21
FreeBSD-SA-96:11.man
17
FreeBSD-SA-96:10.mount_union
FreeBSD-SA-96:09.vfsload
4
22
FreeBSD-SA-96:02.apache
21
FreeBSD-SA-96:08.syslog
FreeBSD-SA-96:01.sliplogin
20
FreeBSD-SA-96:03.sendmail-suggestion