From owner-svn-src-projects@freebsd.org  Mon Oct  1 18:16:37 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 748BF10A6449
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Mon,  1 Oct 2018 18:16:37 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 28FE385AB8;
 Mon,  1 Oct 2018 18:16:37 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 234F7247AD;
 Mon,  1 Oct 2018 18:16:37 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91IGbCq000442;
 Mon, 1 Oct 2018 18:16:37 GMT (envelope-from jkim@FreeBSD.org)
Received: (from jkim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91IGbKo000440;
 Mon, 1 Oct 2018 18:16:37 GMT (envelope-from jkim@FreeBSD.org)
Message-Id: <201810011816.w91IGbKo000440@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jkim set sender to
 jkim@FreeBSD.org using -f
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Mon, 1 Oct 2018 18:16:37 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339070 - projects/openssl111/secure/lib/libcrypto
X-SVN-Group: projects
X-SVN-Commit-Author: jkim
X-SVN-Commit-Paths: projects/openssl111/secure/lib/libcrypto
X-SVN-Commit-Revision: 339070
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Oct 2018 18:16:37 -0000

Author: jkim
Date: Mon Oct  1 18:16:36 2018
New Revision: 339070
URL: https://svnweb.freebsd.org/changeset/base/339070

Log:
  Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile.
  
  Especially, head does not support old toolchains because of ifunc support.

Modified:
  projects/openssl111/secure/lib/libcrypto/Makefile.inc

Modified: projects/openssl111/secure/lib/libcrypto/Makefile.inc
==============================================================================
--- projects/openssl111/secure/lib/libcrypto/Makefile.inc	Mon Oct  1 18:15:25 2018	(r339069)
+++ projects/openssl111/secure/lib/libcrypto/Makefile.inc	Mon Oct  1 18:16:36 2018	(r339070)
@@ -21,16 +21,9 @@ CFLAGS+=	-DL_ENDIAN
 CFLAGS+=	-DB_ENDIAN
 .endif
 
-.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "arm"
+.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
+    ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
 ASM_${MACHINE_CPUARCH}=
-.elif ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386"
-_ASM_AVX!=	{ \
-		    echo vzeroall | \
-		    ${CC} -x assembler -o /dev/null -c - 2> /dev/null; \
-		} && echo yes || echo no
-.if ${_ASM_AVX} == yes
-ASM_${MACHINE_CPUARCH}=
-.endif
 .endif
 
 .if defined(ASM_${MACHINE_CPUARCH})

From owner-svn-src-projects@freebsd.org  Mon Oct  1 20:51:27 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E91B410AA351
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Mon,  1 Oct 2018 20:51:26 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9F0208C9C1;
 Mon,  1 Oct 2018 20:51:26 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 99F4826177;
 Mon,  1 Oct 2018 20:51:26 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91KpQGt094483;
 Mon, 1 Oct 2018 20:51:26 GMT (envelope-from jkim@FreeBSD.org)
Received: (from jkim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91KpQdk094482;
 Mon, 1 Oct 2018 20:51:26 GMT (envelope-from jkim@FreeBSD.org)
Message-Id: <201810012051.w91KpQdk094482@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jkim set sender to
 jkim@FreeBSD.org using -f
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Mon, 1 Oct 2018 20:51:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339078 - projects/openssl111/contrib/sendmail/src
X-SVN-Group: projects
X-SVN-Commit-Author: jkim
X-SVN-Commit-Paths: projects/openssl111/contrib/sendmail/src
X-SVN-Commit-Revision: 339078
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Oct 2018 20:51:27 -0000

Author: jkim
Date: Mon Oct  1 20:51:26 2018
New Revision: 339078
URL: https://svnweb.freebsd.org/changeset/base/339078

Log:
  Revert r338773.  A patch from the ports tree will be committed.
  
  Requested by:	gshapiro

Modified:
  projects/openssl111/contrib/sendmail/src/tls.c

Modified: projects/openssl111/contrib/sendmail/src/tls.c
==============================================================================
--- projects/openssl111/contrib/sendmail/src/tls.c	Mon Oct  1 20:39:17 2018	(r339077)
+++ projects/openssl111/contrib/sendmail/src/tls.c	Mon Oct  1 20:51:26 2018	(r339078)
@@ -60,58 +60,18 @@ static unsigned char dh512_g[] =
 	0x02
 };
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
-
-static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-	/* If the fields p and g in d are NULL, the corresponding input
-	 * parameters MUST be non-NULL.  q may remain NULL.
-	 */
-	if ((dh->p == NULL && p == NULL)
-	    || (dh->g == NULL && g == NULL))
-		return 0;
-
-	if (p != NULL) {
-		BN_free(dh->p);
-		dh->p = p;
-	}
-	if (q != NULL) {
-		BN_free(dh->q);
-		dh->q = q;
-	}
-	if (g != NULL) {
-		BN_free(dh->g);
-		dh->g = g;
-	}
-
-	if (q != NULL) {
-		dh->length = BN_num_bits(q);
-	}
-
-	return 1;
-}
-#endif
-
 static DH *
 get_dh512()
 {
 	DH *dh = NULL;
-	BIGNUM *p;
-	BIGNUM *g;
 
-	dh = DH_new();
-	p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-	g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-	if (!dh || !p || !g)
-		goto err;
-	if (!DH_set0_pqg(dh, p, NULL, g))
-		goto err;
+	if ((dh = DH_new()) == NULL)
+		return NULL;
+	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		return NULL;
 	return dh;
-err:
-	DH_free(dh);
-	BN_free(p);
-	BN_free(g);
-	return NULL;
 }
 
 #  if 0
@@ -157,22 +117,17 @@ get_dh2048()
 		};
 	static unsigned char dh2048_g[]={ 0x02, };
 	DH *dh;
-	BIGNUM *p;
-	BIGNUM *g;
 
-	dh = DH_new();
-	p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-	g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-	if (!dh || !p || !g)
-		goto err;
-	if (!DH_set0_pqg(dh, p, NULL, g))
-		goto err;
+	if ((dh=DH_new()) == NULL)
+		return(NULL);
+	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+	{
+		DH_free(dh);
+		return(NULL);
+	}
 	return(dh);
-err:
-	DH_free(dh);
-	BN_free(p);
-	BN_free(g);
-	return NULL;
 }
 # endif /* !NO_DH */
 
@@ -971,7 +926,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 	{
 		/* get a pointer to the current certificate validation store */
 		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
-		crl_file = BIO_new(BIO_s_file());
+		crl_file = BIO_new(BIO_s_file_internal());
 		if (crl_file != NULL)
 		{
 			if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1045,41 +1000,26 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 	**  maybe we should do it only on demand...
 	*/
 
-#  if SM_CONF_SHM
 	if (bitset(TLS_I_RSA_TMP, req)
-	    && ShmId != SM_SHM_NO_ID)
+#  if SM_CONF_SHM
+	    && ShmId != SM_SHM_NO_ID &&
+	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+					NULL)) == NULL
+#  else /* SM_CONF_SHM */
+	    && 0	/* no shared memory: no need to generate key now */
+#  endif /* SM_CONF_SHM */
+	   )
 	{
-		BIGNUM *bn;
-
-		bn = BN_new();
-		rsa_tmp = RSA_new();
-		if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
-			RSA_free(rsa_tmp);
-			rsa_tmp = NULL;
-		}
-		if (rsa_tmp)
+		if (LogLevel > 7)
 		{
-			if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL))
-			{
-				RSA_free(rsa_tmp);
-				rsa_tmp = NULL;
-			}
+			sm_syslog(LOG_WARNING, NOQID,
+				  "STARTTLS=%s, error: RSA_generate_key failed",
+				  who);
+			if (LogLevel > 9)
+				tlslogerr(LOG_WARNING, who);
 		}
-		BN_free(bn);
-		if (!rsa_tmp)
-		{
-			if (LogLevel > 7)
-			{
-				sm_syslog(LOG_WARNING, NOQID,
-					  "STARTTLS=%s, error: RSA_generate_key failed",
-					  who);
-				if (LogLevel > 9)
-					tlslogerr(LOG_WARNING, who);
-			}
-			return false;
-		}
+		return false;
 	}
-#  endif /* SM_CONF_SHM */
 # endif /* !TLS_NO_RSA */
 
 	/*
@@ -1270,15 +1210,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 				sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
 
 			/* this takes a while! */
-			dsa = DSA_new();
-			if (dsa) {
-				int r;
-
-				r = DSA_generate_parameters_ex(dsa, bits, NULL, 0,
-							    NULL, NULL, NULL);
-				if (r != 0)
-					dh = DSA_dup_DH(dsa);
-			}
+			dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
+						      NULL, 0, NULL);
+			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
 		}
 		else if (dh == NULL && bitset(TLS_I_DHFIXED, req))
@@ -1799,9 +1733,6 @@ tmp_rsa_key(s, export, keylength)
 	int export;
 	int keylength;
 {
-	BIGNUM *bn;
-	int ret;
-
 #   if SM_CONF_SHM
 	extern int ShmId;
 	extern int *PRSATmpCnt;
@@ -1811,22 +1742,10 @@ tmp_rsa_key(s, export, keylength)
 		return rsa_tmp;
 #   endif /* SM_CONF_SHM */
 
-	if (rsa_tmp == NULL) {
-		rsa_tmp = RSA_new();
-		if (!rsa_tmp)
-			return NULL;
-	}
-
-	bn = BN_new();
-	if (!bn)
-		return NULL;
-	if (!BN_set_word(bn, RSA_F4)) {
-		BN_free(bn);
-		return NULL;
-	}
-	ret = RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL);
-	BN_free(bn);
-	if (!ret)
+	if (rsa_tmp != NULL)
+		RSA_free(rsa_tmp);
+	rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
+	if (rsa_tmp == NULL)
 	{
 		if (LogLevel > 0)
 			sm_syslog(LOG_ERR, NOQID,
@@ -2052,9 +1971,9 @@ x509_verify_cb(ok, ctx)
 	{
 		if (LogLevel > 13)
 			tls_verify_log(ok, ctx, "x509");
-		if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
+		if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
 		{
-			X509_STORE_CTX_set_error(ctx, 0);
+			ctx->error = 0;
 			return 1;	/* override it */
 		}
 	}

From owner-svn-src-projects@freebsd.org  Mon Oct  1 20:55:02 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 570D410AA55A
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Mon,  1 Oct 2018 20:55:02 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0B0078CCF0;
 Mon,  1 Oct 2018 20:55:02 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DBE3F261CA;
 Mon,  1 Oct 2018 20:55:01 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91Kt1Kx098880;
 Mon, 1 Oct 2018 20:55:01 GMT (envelope-from jkim@FreeBSD.org)
Received: (from jkim@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91Kt1m7098879;
 Mon, 1 Oct 2018 20:55:01 GMT (envelope-from jkim@FreeBSD.org)
Message-Id: <201810012055.w91Kt1m7098879@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jkim set sender to
 jkim@FreeBSD.org using -f
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Mon, 1 Oct 2018 20:55:01 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339079 - projects/openssl111/contrib/sendmail/src
X-SVN-Group: projects
X-SVN-Commit-Author: jkim
X-SVN-Commit-Paths: projects/openssl111/contrib/sendmail/src
X-SVN-Commit-Revision: 339079
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Oct 2018 20:55:02 -0000

Author: jkim
Date: Mon Oct  1 20:55:01 2018
New Revision: 339079
URL: https://svnweb.freebsd.org/changeset/base/339079

Log:
  Make sendmail work with OpenSSL 1.1 API.  Taken from the ports tree.
  
  https://svnweb.freebsd.org/ports/head/mail/sendmail/files/patch-tls.c?revision=466240
  
  Requested by:	gshapiro

Modified:
  projects/openssl111/contrib/sendmail/src/tls.c

Modified: projects/openssl111/contrib/sendmail/src/tls.c
==============================================================================
--- projects/openssl111/contrib/sendmail/src/tls.c	Mon Oct  1 20:51:26 2018	(r339078)
+++ projects/openssl111/contrib/sendmail/src/tls.c	Mon Oct  1 20:55:01 2018	(r339079)
@@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 g
 # include <openssl/err.h>
 # include <openssl/bio.h>
 # include <openssl/pem.h>
+# if !NO_DH
+# include <openssl/dh.h>
+# endif /* !NO_DH */
 # ifndef HASURANDOMDEV
 #  include <openssl/rand.h>
 # endif /* ! HASURANDOMDEV */
@@ -44,6 +47,23 @@ static bool	tls_safe_f __P((char *, long, bool));
 static int	tls_verify_log __P((int, X509_STORE_CTX *, const char *));
 
 # if !NO_DH
+# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100001L || \
+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+static int
+DH_set0_pqg(dh, p, q, g)
+	DH *dh;
+	BIGNUM *p;
+	BIGNUM *q;
+	BIGNUM *g;
+{
+	dh->p=p;
+	if (q != NULL)
+		dh->q=q;
+	dh->g=g;
+	return 1; /* success */
+}
+# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
+
 static DH *get_dh512 __P((void));
 
 static unsigned char dh512_p[] =
@@ -64,13 +84,19 @@ static DH *
 get_dh512()
 {
 	DH *dh = NULL;
+	BIGNUM *dhp_bn, *dhg_bn;
 
 	if ((dh = DH_new()) == NULL)
 		return NULL;
-	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		return NULL;
+	dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+	dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+	if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
+	{
+		DH_free(dh);
+		BN_free(dhp_bn);
+		BN_free(dhg_bn);
+		return(NULL);
+	}
 	return dh;
 }
 
@@ -117,14 +143,17 @@ get_dh2048()
 		};
 	static unsigned char dh2048_g[]={ 0x02, };
 	DH *dh;
+	BIGNUM *dhp_bn, *dhg_bn;
 
 	if ((dh=DH_new()) == NULL)
 		return(NULL);
-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
+	dhp_bn = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	dhg_bn = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+	if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
 	{
 		DH_free(dh);
+		BN_free(dhp_bn);
+		BN_free(dhg_bn);
 		return(NULL);
 	}
 	return(dh);
@@ -708,6 +737,32 @@ load_certkey(ssl, srv, certfile, keyfile)
 
 static char server_session_id_context[] = "sendmail8";
 
+# if !TLS_NO_RSA
+static RSA *
+sm_RSA_generate_key(num, e)
+	int num;
+	unsigned long e;
+{
+	RSA *rsa = NULL;
+        BIGNUM *bn_rsa_r4;
+	int rc;
+
+	bn_rsa_r4 = BN_new();
+        rc = BN_set_word(bn_rsa_r4, RSA_F4);
+	if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, RSA_F4) && (rsa = RSA_new()) != NULL)
+	{
+		if (!RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL))
+		{
+			RSA_free(rsa);
+			rsa = NULL;
+		}
+		return NULL;
+	}
+	BN_free(bn_rsa_r4);
+	return rsa;
+}
+# endif /* !TLS_NO_RSA */
+
 /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
 # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	1
@@ -926,7 +981,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 	{
 		/* get a pointer to the current certificate validation store */
 		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
-		crl_file = BIO_new(BIO_s_file_internal());
+		crl_file = BIO_new(BIO_s_file());
 		if (crl_file != NULL)
 		{
 			if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1003,8 +1058,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 	if (bitset(TLS_I_RSA_TMP, req)
 #  if SM_CONF_SHM
 	    && ShmId != SM_SHM_NO_ID &&
-	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
-					NULL)) == NULL
+	    (rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4)) == NULL
 #  else /* SM_CONF_SHM */
 	    && 0	/* no shared memory: no need to generate key now */
 #  endif /* SM_CONF_SHM */
@@ -1209,9 +1263,10 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
 			if (tTd(96, 2))
 				sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
 
+			dsa=DSA_new();
 			/* this takes a while! */
-			dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
-						      NULL, 0, NULL);
+			(void)DSA_generate_parameters_ex(dsa, bits, NULL, 0,
+							 NULL, NULL, NULL);
 			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
 		}
@@ -1744,7 +1799,7 @@ tmp_rsa_key(s, export, keylength)
 
 	if (rsa_tmp != NULL)
 		RSA_free(rsa_tmp);
-	rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
+	rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4);
 	if (rsa_tmp == NULL)
 	{
 		if (LogLevel > 0)
@@ -1971,9 +2026,9 @@ x509_verify_cb(ok, ctx)
 	{
 		if (LogLevel > 13)
 			tls_verify_log(ok, ctx, "x509");
-		if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+		if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
 		{
-			ctx->error = 0;
+			X509_STORE_CTX_set_error(ctx, 0);
 			return 1;	/* override it */
 		}
 	}

From owner-svn-src-projects@freebsd.org  Tue Oct  2 21:40:58 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C97510AE1BC
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Tue,  2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2DE827DEFE;
 Tue,  2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 28C455BE4;
 Tue,  2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w92LevVR002381;
 Tue, 2 Oct 2018 21:40:57 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w92LevA4002380;
 Tue, 2 Oct 2018 21:40:57 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201810022140.w92LevA4002380@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Tue, 2 Oct 2018 21:40:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339099 - projects/openssl111
X-SVN-Group: projects
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: projects/openssl111
X-SVN-Commit-Revision: 339099
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 21:40:58 -0000

Author: jhb
Date: Tue Oct  2 21:40:57 2018
New Revision: 339099
URL: https://svnweb.freebsd.org/changeset/base/339099

Log:
  Update obsolete files list for OpenSSL 1.1.1.
  
  This will need a real date once this is merged to head.
  
  One weird thing to note: the 32-bit engines get dumped into /usr/lib32
  rather than /usr/lib32/engines, and I bet the 32-bit libcrypto.so i
  looking for the .so files in the wrong place.  We should probably fix
  both of those at some point.
  
  Reviewed by:	emaste, jkim
  Differential Revision:	https://reviews.freebsd.org/D17384

Modified:
  projects/openssl111/ObsoleteFiles.inc

Modified: projects/openssl111/ObsoleteFiles.inc
==============================================================================
--- projects/openssl111/ObsoleteFiles.inc	Tue Oct  2 21:36:00 2018	(r339098)
+++ projects/openssl111/ObsoleteFiles.inc	Tue Oct  2 21:40:57 2018	(r339099)
@@ -38,6 +38,229 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 2018xxxx: OpenSSL 1.1.1
+OLD_FILES+=usr/include/openssl/des_old.h
+OLD_FILES+=usr/include/openssl/dso.h
+OLD_FILES+=usr/include/openssl/krb5_asn.h
+OLD_FILES+=usr/include/openssl/kssl.h
+OLD_FILES+=usr/include/openssl/pqueue.h
+OLD_FILES+=usr/include/openssl/ssl23.h
+OLD_FILES+=usr/include/openssl/ui_compat.h
+OLD_FILES+=usr/share/openssl/man/man1/dss1.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/md2.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/md4.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/md5.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/mdc2.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/ripemd160.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha1.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha224.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha256.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha384.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/sha512.1.gz
+OLD_FILES+=usr/share/openssl/man/man1/x509v3_config.1.gz
+OLD_FILES+=usr/share/openssl/man/man3/ASN1_STRING_length_set.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BIO_get_conn_int_port.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BIO_get_conn_ip.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BIO_set.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BIO_set_conn_int_port.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BIO_set_conn_ip.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_get_thread_id.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_set_thread_id.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_thread_id.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_MONT_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_RECP_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BN_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_memdup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_memdup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_strdup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_strlcat.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_strlcpy.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/BUF_strndup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CMS_set1_signer_cert.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_cmp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_cpy.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_current.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_get_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_hash.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_set_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_destroy_dynlockid.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_get_new_dynlockid.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_lock.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_num_locks.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_create_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_destroy_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_lock_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_locking_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/DES_ede3_cbcm_encrypt.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/DES_enc_read.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/DES_enc_write.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EC_KEY_get_key_method_data.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EC_KEY_insert_key_method_data.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EC_POINT_set_Jprojective_coordinates.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ERR_load_UI_strings.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_CIPHER_CTX_cleanup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_CIPHER_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_MAX_MD_SIZE.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_cleanup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_create.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_destroy.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_get_default_digest.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_dss.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_dss1.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/EVP_sha.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/HMAC_CTX_cleanup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/HMAC_CTX_init.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/HMAC_cleanup.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/OPENSSL_ia32cap_loc.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/PEM.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/RAND_SSLeay.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/RSA_PKCS1_SSLeay.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/RSA_null_method.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_get_ex_new_index.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_need_tmp_rsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_custom_cli_ext.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_default_read_ahead.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_ecdh_auto.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_SESSION_get_ex_new_index.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_add_session.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_flush_sessions.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_get_accept_state.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_get_ex_new_index.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_get_msg_callback_arg.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_need_tmp_rsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_remove_session.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_set_ecdh_auto.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa_callback.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLeay.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLeay_add_ssl_algorithms.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLeay_version.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLv2_client_method.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLv2_method.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/SSLv2_server_method.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/X509_STORE_CTX_set_chain.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/X509_STORE_CTX_trusted_stack.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/blowfish.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_add_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_check_top.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_cmp_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_div_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_dump.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_expand.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_expand2.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_fix_top.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_internal.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_add_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_comba4.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_comba8.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_high.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_low_normal.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_low_recursive.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_normal.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_part_recursive.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_recursive.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_mul_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_print.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_set_high.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_set_low.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_set_max.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_comba4.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_comba8.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_normal.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_recursive.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_sub_words.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/bn_wexpand.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/buffer.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/crypto.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPKParameters_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPKParameters_fp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPrivate_key.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_Netscape_RSA.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_PKCS8PrivateKey.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_Private_key.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_X509_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/d2i_X509_fp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/des.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/des_read_2passwords.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/des_read_password.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/des_read_pw.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/des_read_pw_string.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/dh.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/dsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ec.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ecdsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/engine.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/err.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/evp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/hmac.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_ECPKParameters_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_ECPKParameters_fp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_Netscape_RSA.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_X509_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_X509_fp.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_delete.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_doall.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_doall_arg.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_error.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_free.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_insert.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_new.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_node_stats.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_node_stats_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_node_usage_stats.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_node_usage_stats_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_retrieve.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_stats.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lh_stats_bio.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/lhash.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/md5.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/mdc2.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/pem.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/rand.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/rc4.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ripemd.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/rsa.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/sha.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ssl.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/threads.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ui.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/ui_compat.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/x509.3.gz
+OLD_LIBS+=lib/libcrypto.so.8
+OLD_LIBS+=usr/lib/engines/lib4758cca.so
+OLD_LIBS+=usr/lib/engines/libaep.so
+OLD_LIBS+=usr/lib/engines/libatalla.so
+OLD_LIBS+=usr/lib/engines/libcapi.so
+OLD_LIBS+=usr/lib/engines/libchil.so
+OLD_LIBS+=usr/lib/engines/libcswift.so
+OLD_LIBS+=usr/lib/engines/libgost.so
+OLD_LIBS+=usr/lib/engines/libnuron.so
+OLD_LIBS+=usr/lib/engines/libsureware.so
+OLD_LIBS+=usr/lib/engines/libubsec.so
+OLD_LIBS+=usr/lib/libssl.so.8
+OLD_LIBS+=usr/lib32/libcrypto.so.8
+OLD_LIBS+=usr/lib32/lib4758cca.so
+OLD_LIBS+=usr/lib32/libaep.so
+OLD_LIBS+=usr/lib32/libatalla.so
+OLD_LIBS+=usr/lib32/libcapi.so
+OLD_LIBS+=usr/lib32/libchil.so
+OLD_LIBS+=usr/lib32/libcswift.so
+OLD_LIBS+=usr/lib32/libgost.so
+OLD_LIBS+=usr/lib32/libnuron.so
+OLD_LIBS+=usr/lib32/libsureware.so
+OLD_LIBS+=usr/lib32/libubsec.so
+OLD_LIBS+=usr/lib32/libssl.so.8
 # 20180824: libbe(3) SHLIBDIR fixed to reflect correct location
 OLD_LIBS+=usr/lib/libbe.so.1
 # 20180819: Remove deprecated arc4random(3) stir/addrandom interfaces

From owner-svn-src-projects@freebsd.org  Wed Oct  3 16:06:18 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D09A410A4103
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Wed,  3 Oct 2018 16:06:17 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8572E82FDB;
 Wed,  3 Oct 2018 16:06:17 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8029A192AF;
 Wed,  3 Oct 2018 16:06:17 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93G6HbU072697;
 Wed, 3 Oct 2018 16:06:17 GMT (envelope-from emaste@FreeBSD.org)
Received: (from emaste@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93G6Hq7072696;
 Wed, 3 Oct 2018 16:06:17 GMT (envelope-from emaste@FreeBSD.org)
Message-Id: <201810031606.w93G6Hq7072696@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: emaste set sender to
 emaste@FreeBSD.org using -f
From: Ed Maste <emaste@FreeBSD.org>
Date: Wed, 3 Oct 2018 16:06:17 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339154 -
 projects/openssl111/crypto/openssh/openbsd-compat
X-SVN-Group: projects
X-SVN-Commit-Author: emaste
X-SVN-Commit-Paths: projects/openssl111/crypto/openssh/openbsd-compat
X-SVN-Commit-Revision: 339154
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 16:06:18 -0000

Author: emaste
Date: Wed Oct  3 16:06:17 2018
New Revision: 339154
URL: https://svnweb.freebsd.org/changeset/base/339154

Log:
  openssh: add openbsd-compat/libressl-api-compat.c
  
  Missed in migrating changeset from git to svn for r338811
  
  Reported by:	jhb

Added:
  projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c   (contents, props changed)

Added: projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c	Wed Oct  3 16:06:17 2018	(r339154)
@@ -0,0 +1,636 @@
+/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
+/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
+/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*	$OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $	*/
+/*
+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef WITH_OPENSSL
+
+#include <sys/types.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/ecdsa.h>
+#include <openssl/dh.h>
+
+#ifndef HAVE_DSA_GET0_PQG
+void
+DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+	if (p != NULL)
+		*p = d->p;
+	if (q != NULL)
+		*q = d->q;
+	if (g != NULL)
+		*g = d->g;
+}
+#endif /* HAVE_DSA_GET0_PQG */
+
+#ifndef HAVE_DSA_SET0_PQG
+int
+DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
+	    (d->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(d->p);
+		d->p = p;
+	}
+	if (q != NULL) {
+		BN_free(d->q);
+		d->q = q;
+	}
+	if (g != NULL) {
+		BN_free(d->g);
+		d->g = g;
+	}
+
+	return 1;
+}
+#endif /* HAVE_DSA_SET0_PQG */
+
+#ifndef HAVE_DSA_GET0_KEY
+void
+DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+	if (pub_key != NULL)
+		*pub_key = d->pub_key;
+	if (priv_key != NULL)
+		*priv_key = d->priv_key;
+}
+#endif /* HAVE_DSA_GET0_KEY */
+
+#ifndef HAVE_DSA_SET0_KEY
+int
+DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+	if (d->pub_key == NULL && pub_key == NULL)
+		return 0;
+
+	if (pub_key != NULL) {
+		BN_free(d->pub_key);
+		d->pub_key = pub_key;
+	}
+	if (priv_key != NULL) {
+		BN_free(d->priv_key);
+		d->priv_key = priv_key;
+	}
+
+	return 1;
+}
+#endif /* HAVE_DSA_SET0_KEY */
+
+#ifndef HAVE_RSA_GET0_KEY
+void
+RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+	if (n != NULL)
+		*n = r->n;
+	if (e != NULL)
+		*e = r->e;
+	if (d != NULL)
+		*d = r->d;
+}
+#endif /* HAVE_RSA_GET0_KEY */
+
+#ifndef HAVE_RSA_SET0_KEY
+int
+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
+		return 0;
+
+	if (n != NULL) {
+		BN_free(r->n);
+		r->n = n;
+	}
+	if (e != NULL) {
+		BN_free(r->e);
+		r->e = e;
+	}
+	if (d != NULL) {
+		BN_free(r->d);
+		r->d = d;
+	}
+
+	return 1;
+}
+#endif /* HAVE_RSA_SET0_KEY */
+
+#ifndef HAVE_RSA_GET0_CRT_PARAMS
+void
+RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+    const BIGNUM **iqmp)
+{
+	if (dmp1 != NULL)
+		*dmp1 = r->dmp1;
+	if (dmq1 != NULL)
+		*dmq1 = r->dmq1;
+	if (iqmp != NULL)
+		*iqmp = r->iqmp;
+}
+#endif /* HAVE_RSA_GET0_CRT_PARAMS */
+
+#ifndef HAVE_RSA_SET0_CRT_PARAMS
+int
+RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+	if ((r->dmp1 == NULL && dmp1 == NULL) ||
+	    (r->dmq1 == NULL && dmq1 == NULL) ||
+	    (r->iqmp == NULL && iqmp == NULL))
+	       	return 0;
+
+	if (dmp1 != NULL) {
+		BN_free(r->dmp1);
+		r->dmp1 = dmp1;
+	}
+	if (dmq1 != NULL) {
+		BN_free(r->dmq1);
+		r->dmq1 = dmq1;
+	}
+	if (iqmp != NULL) {
+		BN_free(r->iqmp);
+		r->iqmp = iqmp;
+	}
+
+	return 1;
+}
+#endif /* HAVE_RSA_SET0_CRT_PARAMS */
+
+#ifndef HAVE_RSA_GET0_FACTORS
+void
+RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+	if (p != NULL)
+		*p = r->p;
+	if (q != NULL)
+		*q = r->q;
+}
+#endif /* HAVE_RSA_GET0_FACTORS */
+
+#ifndef HAVE_RSA_SET0_FACTORS
+int
+RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(r->p);
+		r->p = p;
+	}
+	if (q != NULL) {
+		BN_free(r->q);
+		r->q = q;
+	}
+
+	return 1;
+}
+#endif /* HAVE_RSA_SET0_FACTORS */
+
+#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+int
+EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
+{
+	if (ctx == NULL)
+		return 0;
+	if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
+		return 0;
+	if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
+		return 0;
+	if (len > EVP_MAX_IV_LENGTH)
+		return 0; /* sanity check; shouldn't happen */
+	/*
+	 * Skip the memcpy entirely when the requested IV length is zero,
+	 * since the iv pointer may be NULL or invalid.
+	 */
+	if (len != 0) {
+		if (iv == NULL)
+			return 0;
+# ifdef HAVE_EVP_CIPHER_CTX_IV
+		memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
+# else
+		memcpy(iv, ctx->iv, len);
+# endif /* HAVE_EVP_CIPHER_CTX_IV */
+	}
+	return 1;
+}
+#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
+
+#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
+int
+EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
+{
+	if (ctx == NULL)
+		return 0;
+	if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
+		return 0;
+	if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
+		return 0;
+	if (len > EVP_MAX_IV_LENGTH)
+		return 0; /* sanity check; shouldn't happen */
+	/*
+	 * Skip the memcpy entirely when the requested IV length is zero,
+	 * since the iv pointer may be NULL or invalid.
+	 */
+	if (len != 0) {
+		if (iv == NULL)
+			return 0;
+# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST
+		memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
+# else
+		memcpy(ctx->iv, iv, len);
+# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */
+	}
+	return 1;
+}
+#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
+
+#ifndef HAVE_DSA_SIG_GET0
+void
+DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+	if (pr != NULL)
+		*pr = sig->r;
+	if (ps != NULL)
+		*ps = sig->s;
+}
+#endif /* HAVE_DSA_SIG_GET0 */
+
+#ifndef HAVE_DSA_SIG_SET0
+int
+DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+
+	BN_clear_free(sig->r);
+	sig->r = r;
+	BN_clear_free(sig->s);
+	sig->s = s;
+
+	return 1;
+}
+#endif /* HAVE_DSA_SIG_SET0 */
+
+#ifndef HAVE_ECDSA_SIG_GET0
+void
+ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+	if (pr != NULL)
+		*pr = sig->r;
+	if (ps != NULL)
+		*ps = sig->s;
+}
+#endif /* HAVE_ECDSA_SIG_GET0 */
+
+#ifndef HAVE_ECDSA_SIG_SET0
+int
+ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+
+	BN_clear_free(sig->r);
+	BN_clear_free(sig->s);
+	sig->r = r;
+	sig->s = s;
+	return 1;
+}
+#endif /* HAVE_ECDSA_SIG_SET0 */
+
+#ifndef HAVE_DH_GET0_PQG
+void
+DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+	if (p != NULL)
+		*p = dh->p;
+	if (q != NULL)
+		*q = dh->q;
+	if (g != NULL)
+		*g = dh->g;
+}
+#endif /* HAVE_DH_GET0_PQG */
+
+#ifndef HAVE_DH_SET0_PQG
+int
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
+		return 0;
+
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
+	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
+
+	return 1;
+}
+#endif /* HAVE_DH_SET0_PQG */
+
+#ifndef HAVE_DH_GET0_KEY
+void
+DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+	if (pub_key != NULL)
+		*pub_key = dh->pub_key;
+	if (priv_key != NULL)
+		*priv_key = dh->priv_key;
+}
+#endif /* HAVE_DH_GET0_KEY */
+
+#ifndef HAVE_DH_SET0_KEY
+int
+DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+	if (pub_key != NULL) {
+		BN_free(dh->pub_key);
+		dh->pub_key = pub_key;
+	}
+	if (priv_key != NULL) {
+		BN_free(dh->priv_key);
+		dh->priv_key = priv_key;
+	}
+
+	return 1;
+}
+#endif /* HAVE_DH_SET0_KEY */
+
+#ifndef HAVE_DH_SET_LENGTH
+int
+DH_set_length(DH *dh, long length)
+{
+	if (length < 0 || length > INT_MAX)
+		return 0;
+
+	dh->length = length;
+	return 1;
+}
+#endif /* HAVE_DH_SET_LENGTH */
+
+#ifndef HAVE_RSA_METH_FREE
+void
+RSA_meth_free(RSA_METHOD *meth)
+{
+	if (meth != NULL) {
+		free((char *)meth->name);
+		free(meth);
+	}
+}
+#endif /* HAVE_RSA_METH_FREE */
+
+#ifndef HAVE_RSA_METH_DUP
+RSA_METHOD *
+RSA_meth_dup(const RSA_METHOD *meth)
+{
+	RSA_METHOD *copy;
+
+	if ((copy = calloc(1, sizeof(*copy))) == NULL)
+		return NULL;
+	memcpy(copy, meth, sizeof(*copy));
+	if ((copy->name = strdup(meth->name)) == NULL) {
+		free(copy);
+		return NULL;
+	}
+
+	return copy;
+}
+#endif /* HAVE_RSA_METH_DUP */
+
+#ifndef HAVE_RSA_METH_SET1_NAME
+int
+RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+	char *copy;
+
+	if ((copy = strdup(name)) == NULL)
+		return 0;
+	free((char *)meth->name);
+	meth->name = copy;
+	return 1;
+}
+#endif /* HAVE_RSA_METH_SET1_NAME */
+
+#ifndef HAVE_RSA_METH_GET_FINISH
+int
+(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
+{
+	return meth->finish;
+}
+#endif /* HAVE_RSA_METH_GET_FINISH */
+
+#ifndef HAVE_RSA_METH_SET_PRIV_ENC
+int
+RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+{
+	meth->rsa_priv_enc = priv_enc;
+	return 1;
+}
+#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
+
+#ifndef HAVE_RSA_METH_SET_PRIV_DEC
+int
+RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
+    const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
+{
+	meth->rsa_priv_dec = priv_dec;
+	return 1;
+}
+#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
+
+#ifndef HAVE_RSA_METH_SET_FINISH
+int
+RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
+{
+	meth->finish = finish;
+	return 1;
+}
+#endif /* HAVE_RSA_METH_SET_FINISH */
+
+#ifndef HAVE_EVP_PKEY_GET0_RSA
+RSA *
+EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+	if (pkey->type != EVP_PKEY_RSA) {
+		/* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
+		return NULL;
+	}
+	return pkey->pkey.rsa;
+}
+#endif /* HAVE_EVP_PKEY_GET0_RSA */
+
+#ifndef HAVE_EVP_MD_CTX_NEW
+EVP_MD_CTX *
+EVP_MD_CTX_new(void)
+{
+	return calloc(1, sizeof(EVP_MD_CTX));
+}
+#endif /* HAVE_EVP_MD_CTX_NEW */
+
+#ifndef HAVE_EVP_MD_CTX_FREE
+void
+EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+	if (ctx == NULL)
+		return;
+
+	EVP_MD_CTX_cleanup(ctx);
+
+	free(ctx);
+}
+#endif /* HAVE_EVP_MD_CTX_FREE */
+
+#endif /* WITH_OPENSSL */

From owner-svn-src-projects@freebsd.org  Wed Oct  3 16:14:18 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5825010A4457
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Wed,  3 Oct 2018 16:14:18 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0E9E283545;
 Wed,  3 Oct 2018 16:14:18 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DF6751944A;
 Wed,  3 Oct 2018 16:14:17 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93GEH22077981;
 Wed, 3 Oct 2018 16:14:17 GMT (envelope-from emaste@FreeBSD.org)
Received: (from emaste@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93GEHvm077980;
 Wed, 3 Oct 2018 16:14:17 GMT (envelope-from emaste@FreeBSD.org)
Message-Id: <201810031614.w93GEHvm077980@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: emaste set sender to
 emaste@FreeBSD.org using -f
From: Ed Maste <emaste@FreeBSD.org>
Date: Wed, 3 Oct 2018 16:14:17 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339156 - projects/openssl111/crypto/openssh
X-SVN-Group: projects
X-SVN-Commit-Author: emaste
X-SVN-Commit-Paths: projects/openssl111/crypto/openssh
X-SVN-Commit-Revision: 339156
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 16:14:18 -0000

Author: emaste
Date: Wed Oct  3 16:14:17 2018
New Revision: 339156
URL: https://svnweb.freebsd.org/changeset/base/339156

Log:
  openssh: record merge of OpenSSL 1.1.1 compat from vendor
  
  Discussed with:	des

Modified:
Directory Properties:
  projects/openssl111/crypto/openssh/   (props changed)

From owner-svn-src-projects@freebsd.org  Wed Oct  3 16:38:37 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 128DC10A4DB2
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Wed,  3 Oct 2018 16:38:37 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B3C6584233;
 Wed,  3 Oct 2018 16:38:36 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ABFA319797;
 Wed,  3 Oct 2018 16:38:36 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93GcakI088502;
 Wed, 3 Oct 2018 16:38:36 GMT (envelope-from emaste@FreeBSD.org)
Received: (from emaste@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93GcaOb088491;
 Wed, 3 Oct 2018 16:38:36 GMT (envelope-from emaste@FreeBSD.org)
Message-Id: <201810031638.w93GcaOb088491@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: emaste set sender to
 emaste@FreeBSD.org using -f
From: Ed Maste <emaste@FreeBSD.org>
Date: Wed, 3 Oct 2018 16:38:36 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339157 - in projects/openssl111: crypto/openssh
 secure/lib/libssh
X-SVN-Group: projects
X-SVN-Commit-Author: emaste
X-SVN-Commit-Paths: in projects/openssl111: crypto/openssh secure/lib/libssh
X-SVN-Commit-Revision: 339157
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 16:38:37 -0000

Author: emaste
Date: Wed Oct  3 16:38:36 2018
New Revision: 339157
URL: https://svnweb.freebsd.org/changeset/base/339157

Log:
  openssh: connect libressl-api-compat.c and regen config.h
  
  Differential Revision:	https://reviews.freebsd.org/D17390

Modified:
  projects/openssl111/crypto/openssh/config.h
  projects/openssl111/secure/lib/libssh/Makefile

Modified: projects/openssl111/crypto/openssh/config.h
==============================================================================
--- projects/openssl111/crypto/openssh/config.h	Wed Oct  3 16:14:17 2018	(r339156)
+++ projects/openssl111/crypto/openssh/config.h	Wed Oct  3 16:38:36 2018	(r339157)
@@ -394,6 +394,21 @@
 /* Define if you have /dev/ptc */
 /* #undef HAVE_DEV_PTS_AND_PTC */
 
+/* Define if libcrypto has DH_get0_key */
+#define HAVE_DH_GET0_KEY 1
+
+/* Define if libcrypto has DH_get0_pqg */
+#define HAVE_DH_GET0_PQG 1
+
+/* Define if libcrypto has DH_set0_key */
+#define HAVE_DH_SET0_KEY 1
+
+/* Define if libcrypto has DH_set0_pqg */
+#define HAVE_DH_SET0_PQG 1
+
+/* Define if libcrypto has DH_set_length */
+#define HAVE_DH_SET_LENGTH 1
+
 /* Define to 1 if you have the <dirent.h> header file. */
 #define HAVE_DIRENT_H 1
 
@@ -406,6 +421,30 @@
 /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
 #define HAVE_DSA_GENERATE_PARAMETERS_EX 1
 
+/* Define if libcrypto has DSA_get0_key */
+#define HAVE_DSA_GET0_KEY 1
+
+/* Define if libcrypto has DSA_get0_pqg */
+#define HAVE_DSA_GET0_PQG 1
+
+/* Define if libcrypto has DSA_set0_key */
+#define HAVE_DSA_SET0_KEY 1
+
+/* Define if libcrypto has DSA_set0_pqg */
+#define HAVE_DSA_SET0_PQG 1
+
+/* Define if libcrypto has DSA_SIG_get0 */
+#define HAVE_DSA_SIG_GET0 1
+
+/* Define if libcrypto has DSA_SIG_set0 */
+#define HAVE_DSA_SIG_SET0 1
+
+/* Define if libcrypto has ECDSA_SIG_get0 */
+#define HAVE_ECDSA_SIG_GET0 1
+
+/* Define if libcrypto has ECDSA_SIG_set0 */
+#define HAVE_ECDSA_SIG_SET0 1
+
 /* Define to 1 if you have the <elf.h> header file. */
 #define HAVE_ELF_H 1
 
@@ -436,6 +475,15 @@
 /* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
 #define HAVE_EVP_CIPHER_CTX_CTRL 1
 
+/* Define if libcrypto has EVP_CIPHER_CTX_set_iv */
+/* #undef HAVE_EVP_CIPHER_CTX_GET_IV */
+
+/* Define if libcrypto has EVP_CIPHER_CTX_iv */
+#define HAVE_EVP_CIPHER_CTX_IV 1
+
+/* Define if libcrypto has EVP_CIPHER_CTX_iv_noconst */
+#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1
+
 /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
 #define HAVE_EVP_DIGESTFINAL_EX 1
 
@@ -443,14 +491,23 @@
 #define HAVE_EVP_DIGESTINIT_EX 1
 
 /* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
-#define HAVE_EVP_MD_CTX_CLEANUP 1
+/* #undef HAVE_EVP_MD_CTX_CLEANUP */
 
 /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
 #define HAVE_EVP_MD_CTX_COPY_EX 1
 
+/* Define if libcrypto has EVP_MD_CTX_free */
+#define HAVE_EVP_MD_CTX_FREE 1
+
 /* Define to 1 if you have the `EVP_MD_CTX_init' function. */
-#define HAVE_EVP_MD_CTX_INIT 1
+/* #undef HAVE_EVP_MD_CTX_INIT */
 
+/* Define if libcrypto has EVP_MD_CTX_new */
+#define HAVE_EVP_MD_CTX_NEW 1
+
+/* Define if libcrypto has EVP_PKEY_get0_RSA */
+#define HAVE_EVP_PKEY_GET0_RSA 1
+
 /* Define to 1 if you have the `EVP_ripemd160' function. */
 #define HAVE_EVP_RIPEMD160 1
 
@@ -647,7 +704,7 @@
 #define HAVE_HEADER_AD 1
 
 /* Define to 1 if you have the `HMAC_CTX_init' function. */
-#define HAVE_HMAC_CTX_INIT 1
+/* #undef HAVE_HMAC_CTX_INIT */
 
 /* Define if you have ut_host in utmp.h */
 /* #undef HAVE_HOST_IN_UTMP */
@@ -973,8 +1030,47 @@
 /* Define to 1 if you have the `RSA_generate_key_ex' function. */
 #define HAVE_RSA_GENERATE_KEY_EX 1
 
+/* Define if libcrypto has RSA_get0_crt_params */
+#define HAVE_RSA_GET0_CRT_PARAMS 1
+
+/* Define if libcrypto has RSA_get0_factors */
+#define HAVE_RSA_GET0_FACTORS 1
+
+/* Define if libcrypto has RSA_get0_key */
+#define HAVE_RSA_GET0_KEY 1
+
 /* Define to 1 if you have the `RSA_get_default_method' function. */
 #define HAVE_RSA_GET_DEFAULT_METHOD 1
+
+/* Define if libcrypto has RSA_meth_dup */
+#define HAVE_RSA_METH_DUP 1
+
+/* Define if libcrypto has RSA_meth_free */
+#define HAVE_RSA_METH_FREE 1
+
+/* Define if libcrypto has RSA_meth_get_finish */
+#define HAVE_RSA_METH_GET_FINISH 1
+
+/* Define if libcrypto has RSA_meth_set1_name */
+#define HAVE_RSA_METH_SET1_NAME 1
+
+/* Define if libcrypto has RSA_meth_set_finish */
+#define HAVE_RSA_METH_SET_FINISH 1
+
+/* Define if libcrypto has RSA_meth_set_priv_dec */
+#define HAVE_RSA_METH_SET_PRIV_DEC 1
+
+/* Define if libcrypto has RSA_meth_set_priv_enc */
+#define HAVE_RSA_METH_SET_PRIV_ENC 1
+
+/* Define if libcrypto has RSA_get0_srt_params */
+#define HAVE_RSA_SET0_CRT_PARAMS 1
+
+/* Define if libcrypto has RSA_set0_factors */
+#define HAVE_RSA_SET0_FACTORS 1
+
+/* Define if libcrypto has RSA_set0_key */
+#define HAVE_RSA_SET0_KEY 1
 
 /* Define to 1 if you have the <sandbox.h> header file. */
 /* #undef HAVE_SANDBOX_H */

Modified: projects/openssl111/secure/lib/libssh/Makefile
==============================================================================
--- projects/openssl111/secure/lib/libssh/Makefile	Wed Oct  3 16:14:17 2018	(r339156)
+++ projects/openssl111/secure/lib/libssh/Makefile	Wed Oct  3 16:38:36 2018	(r339157)
@@ -31,7 +31,9 @@ PACKAGE=	ssh
 
 # Portability layer
 SRCS+=	bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c explicit_bzero.c \
-	fmt_scaled.c freezero.c glob.c openssl-compat.c port-net.c \
+	fmt_scaled.c freezero.c glob.c \
+	libressl-api-compat.c \
+	openssl-compat.c port-net.c \
 	realpath.c recallocarray.c strtonum.c timingsafe_bcmp.c vis.c xcrypt.c
 
 .if ${MK_LDNS} == "no"

From owner-svn-src-projects@freebsd.org  Fri Oct  5 16:35:28 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFE1010B0E81
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Fri,  5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8044D88071;
 Fri,  5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D07117C45;
 Fri,  5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95GZR3o068699;
 Fri, 5 Oct 2018 16:35:27 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95GZOaX068686;
 Fri, 5 Oct 2018 16:35:24 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201810051635.w95GZOaX068686@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Fri, 5 Oct 2018 16:35:24 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339198 - in projects/openssl111: crypto/heimdal/kdc
 crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm
 crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/nt...
X-SVN-Group: projects
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: in projects/openssl111: crypto/heimdal/kdc
 crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm
 crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/ntlm
 crypto/heimdal/lib/rok...
X-SVN-Commit-Revision: 339198
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 16:35:28 -0000

Author: jhb
Date: Fri Oct  5 16:35:24 2018
New Revision: 339198
URL: https://svnweb.freebsd.org/changeset/base/339198

Log:
  Update the existing heimdal implementation for OpenSSL 1.1.
  
  Existing work is underway to import a newer version of heimdal, but
  this patchset gets us to a fully working tree to enable more wide
  spread testing of OpenSSL 1.1 for now.
  
  I've also enabled WARNS=1 for kerberos (which is the reason for the
  change in libroken).  Having -Werror enabled was useful during the
  1.1 updates and we probably should have warnings enabled by default
  for kerberos anyway.
  
  This passes make tinderbox, and I have also done some very light
  runtime testing on amd64.
  
  Reviewed by:	bjk, jkim, emaste
  Differential Revision:	https://reviews.freebsd.org/D17276

Modified:
  projects/openssl111/crypto/heimdal/kdc/digest.c
  projects/openssl111/crypto/heimdal/kdc/kx509.c
  projects/openssl111/crypto/heimdal/kdc/pkinit.c
  projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c
  projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c
  projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c
  projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
  projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c
  projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c
  projects/openssl111/crypto/heimdal/lib/hx509/crypto.c
  projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c
  projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c
  projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-aes.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-arcfour.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-des-common.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-des.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-evp.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto-rand.c
  projects/openssl111/crypto/heimdal/lib/krb5/crypto.h
  projects/openssl111/crypto/heimdal/lib/krb5/pkinit.c
  projects/openssl111/crypto/heimdal/lib/ntlm/heimntlm-protos.h
  projects/openssl111/crypto/heimdal/lib/ntlm/ntlm.c
  projects/openssl111/crypto/heimdal/lib/roken/snprintf.c
  projects/openssl111/kerberos5/Makefile.inc
  projects/openssl111/kerberos5/include/crypto-headers.h

Modified: projects/openssl111/crypto/heimdal/kdc/digest.c
==============================================================================
--- projects/openssl111/crypto/heimdal/kdc/digest.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/kdc/digest.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -375,8 +375,8 @@ _kdc_do_digest(krb5_context context,
     case choice_DigestReqInner_init: {
 	unsigned char server_nonce[16], identifier;
 
-	RAND_pseudo_bytes(&identifier, sizeof(identifier));
-	RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
+	RAND_bytes(&identifier, sizeof(identifier));
+	RAND_bytes(server_nonce, sizeof(server_nonce));
 
 	server_nonce[0] = kdc_time & 0xff;
 	server_nonce[1] = (kdc_time >> 8) & 0xff;
@@ -1333,7 +1333,7 @@ _kdc_do_digest(krb5_context context,
 
 	if (ireq.u.ntlmRequest.sessionkey) {
 	    unsigned char masterkey[MD4_DIGEST_LENGTH];
-	    EVP_CIPHER_CTX rc4;
+	    EVP_CIPHER_CTX *rc4;
 	    size_t len;
 
 	    if ((flags & NTLM_NEG_KEYEX) == 0) {
@@ -1354,12 +1354,18 @@ _kdc_do_digest(krb5_context context,
 	    }
 
 
-	    EVP_CIPHER_CTX_init(&rc4);
-	    EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
-	    EVP_Cipher(&rc4,
+	    rc4 = EVP_CIPHER_CTX_new();
+	    if (rc4 == NULL) {
+		ret = ENOMEM;
+		krb5_set_error_message(context, ret,
+				       "NTLM failed to malloc cipher context");
+		goto failed;
+	    }
+	    EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1);
+	    EVP_Cipher(rc4,
 		       masterkey, ireq.u.ntlmRequest.sessionkey->data,
 		       sizeof(masterkey));
-	    EVP_CIPHER_CTX_cleanup(&rc4);
+	    EVP_CIPHER_CTX_free(rc4);
 
 	    r.u.ntlmResponse.sessionkey =
 		malloc(sizeof(*r.u.ntlmResponse.sessionkey));

Modified: projects/openssl111/crypto/heimdal/kdc/kx509.c
==============================================================================
--- projects/openssl111/crypto/heimdal/kdc/kx509.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/kdc/kx509.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -64,7 +64,7 @@ verify_req_hash(krb5_context context,
 		krb5_keyblock *key)
 {
     unsigned char digest[SHA_DIGEST_LENGTH];
-    HMAC_CTX ctx;
+    HMAC_CTX *ctx;
 
     if (req->pk_hash.length != sizeof(digest)) {
 	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -73,16 +73,21 @@ verify_req_hash(krb5_context context,
 	return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
-    HMAC_CTX_init(&ctx);
-    HMAC_Init_ex(&ctx,
+    ctx = HMAC_CTX_new();
+    if (ctx == NULL) {
+	krb5_set_error_message(context, ENOMEM,
+			       "HMAC context malloc failed");
+	return ENOMEM;
+    }
+    HMAC_Init_ex(ctx,
 		 key->keyvalue.data, key->keyvalue.length,
 		 EVP_sha1(), NULL);
-    if (sizeof(digest) != HMAC_size(&ctx))
+    if (sizeof(digest) != HMAC_size(ctx))
 	krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
-    HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);
-    HMAC_Final(&ctx, digest, 0);
-    HMAC_CTX_cleanup(&ctx);
+    HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
+    HMAC_Update(ctx, req->pk_key.data, req->pk_key.length);
+    HMAC_Final(ctx, digest, 0);
+    HMAC_CTX_free(ctx);
 
     if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
 	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
@@ -98,35 +103,40 @@ calculate_reply_hash(krb5_context context,
 		     Kx509Response *rep)
 {
     krb5_error_code ret;
-    HMAC_CTX ctx;
+    HMAC_CTX *ctx;
 
-    HMAC_CTX_init(&ctx);
+    ctx = HMAC_CTX_new();
+    if (ctx == NULL) {
+	krb5_set_error_message(context, ENOMEM,
+			       "HMAC context malloc failed");
+	return ENOMEM;
+    }
 
-    HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,
+    HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length,
 		 EVP_sha1(), NULL);
-    ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));
+    ret = krb5_data_alloc(rep->hash, HMAC_size(ctx));
     if (ret) {
-	HMAC_CTX_cleanup(&ctx);
+	HMAC_CTX_free(ctx);
 	krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
 	return ENOMEM;
     }
 
-    HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
+    HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
     if (rep->error_code) {
 	int32_t t = *rep->error_code;
 	do {
 	    unsigned char p = (t & 0xff);
-	    HMAC_Update(&ctx, &p, 1);
+	    HMAC_Update(ctx, &p, 1);
 	    t >>= 8;
 	} while (t);
     }
     if (rep->certificate)
-	HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
+	HMAC_Update(ctx, rep->certificate->data, rep->certificate->length);
     if (rep->e_text)
-	HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
+	HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
 
-    HMAC_Final(&ctx, rep->hash->data, 0);
-    HMAC_CTX_cleanup(&ctx);
+    HMAC_Final(ctx, rep->hash->data, 0);
+    HMAC_CTX_free(ctx);
 
     return 0;
 }

Modified: projects/openssl111/crypto/heimdal/kdc/pkinit.c
==============================================================================
--- projects/openssl111/crypto/heimdal/kdc/pkinit.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/kdc/pkinit.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -331,6 +331,7 @@ get_dh_param(krb5_context context,
 {
     DomainParameters dhparam;
     DH *dh = NULL;
+    BIGNUM *p, *q, *g;
     krb5_error_code ret;
 
     memset(&dhparam, 0, sizeof(dhparam));
@@ -375,15 +376,21 @@ get_dh_param(krb5_context context,
 	goto out;
     }
     ret = KRB5_BADMSGTYPE;
-    dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
-    if (dh->p == NULL)
+    p = integer_to_BN(context, "DH prime", &dhparam.p);
+    g = integer_to_BN(context, "DH base", &dhparam.g);
+    q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
+    if (p == NULL || g == NULL || q == NULL) {
+	BN_free(p);
+	BN_free(g);
+	BN_free(q);
 	goto out;
-    dh->g = integer_to_BN(context, "DH base", &dhparam.g);
-    if (dh->g == NULL)
+    }
+    if (DH_set0_pqg(dh, p, g, q) != 1) {
+	BN_free(p);
+	BN_free(g);
+	BN_free(q);
 	goto out;
-    dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
-    if (dh->g == NULL)
-	goto out;
+    }
 
     {
 	heim_integer glue;
@@ -895,7 +902,7 @@ out:
  */
 
 static krb5_error_code
-BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
+BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer)
 {
     integer->length = BN_num_bytes(bn);
     integer->data = malloc(integer->length);
@@ -1112,9 +1119,11 @@ pk_mk_pa_reply_dh(krb5_context context,
 
     if (cp->keyex == USE_DH) {
 	DH *kdc_dh = cp->u.dh.key;
+	const BIGNUM *pub_key;
 	heim_integer i;
 
-	ret = BN_to_integer(context, kdc_dh->pub_key, &i);
+	DH_get0_key(kdc_dh, &pub_key, NULL);
+	ret = BN_to_integer(context, pub_key, &i);
 	if (ret)
 	    return ret;
 

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -173,7 +173,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
     int32_t seq_number;
     size_t len, total_len;
     u_char k6_data[16], *p0, *p;
-    EVP_CIPHER_CTX rc4_key;
+    EVP_CIPHER_CTX *rc4_key;
 
     _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
 
@@ -235,11 +235,17 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
 
     memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
 
-    EVP_CIPHER_CTX_init(&rc4_key);
-    EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-    EVP_Cipher(&rc4_key, p, p, 8);
-    EVP_CIPHER_CTX_cleanup(&rc4_key);
+    rc4_key = EVP_CIPHER_CTX_new();
+    if (rc4_key == NULL) {
+	_gsskrb5_release_buffer(minor_status, message_token);
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
 
+    EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+    EVP_Cipher(rc4_key, p, p, 8);
+    EVP_CIPHER_CTX_free(rc4_key);
+
     memset(k6_data, 0, sizeof(k6_data));
 
     *minor_status = 0;
@@ -308,12 +314,16 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
     }
 
     {
-	EVP_CIPHER_CTX rc4_key;
+	EVP_CIPHER_CTX *rc4_key;
 
-	EVP_CIPHER_CTX_init(&rc4_key);
-	EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
-	EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
-	EVP_CIPHER_CTX_cleanup(&rc4_key);
+	rc4_key = EVP_CIPHER_CTX_new();
+	if (rc4_key == NULL) {
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
+	EVP_Cipher(rc4_key, SND_SEQ, p, 8);
+	EVP_CIPHER_CTX_free(rc4_key);
 
 	memset(k6_data, 0, sizeof(k6_data));
     }
@@ -461,12 +471,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
 
 
     if(conf_req_flag) {
-	EVP_CIPHER_CTX rc4_key;
+	EVP_CIPHER_CTX *rc4_key;
 
-	EVP_CIPHER_CTX_init(&rc4_key);
-	EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-	EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
-	EVP_CIPHER_CTX_cleanup(&rc4_key);
+	rc4_key = EVP_CIPHER_CTX_new();
+	if (rc4_key == NULL) {
+	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+	EVP_Cipher(rc4_key, p0 + 24, p0 + 24, 8 + datalen);
+	EVP_CIPHER_CTX_free(rc4_key);
     }
     memset(k6_data, 0, sizeof(k6_data));
 
@@ -480,12 +495,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
     }
 
     {
-	EVP_CIPHER_CTX rc4_key;
+	EVP_CIPHER_CTX *rc4_key;
 
-	EVP_CIPHER_CTX_init(&rc4_key);
-	EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-	EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
-	EVP_CIPHER_CTX_cleanup(&rc4_key);
+	rc4_key = EVP_CIPHER_CTX_new();
+	if (rc4_key == NULL) {
+	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+	EVP_Cipher(rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
+	EVP_CIPHER_CTX_free(rc4_key);
 	memset(k6_data, 0, sizeof(k6_data));
     }
 
@@ -580,12 +600,16 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat
     }
 
     {
-	EVP_CIPHER_CTX rc4_key;
+	EVP_CIPHER_CTX *rc4_key;
 
-	EVP_CIPHER_CTX_init(&rc4_key);
-	EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-	EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
-	EVP_CIPHER_CTX_cleanup(&rc4_key);
+	rc4_key = EVP_CIPHER_CTX_new();
+	if (rc4_key == NULL) {
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+	EVP_Cipher(rc4_key, SND_SEQ, p0 + 8, 8);
+	EVP_CIPHER_CTX_free(rc4_key);
 	memset(k6_data, 0, sizeof(k6_data));
     }
 
@@ -628,13 +652,18 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat
     output_message_buffer->length = datalen;
 
     if(conf_flag) {
-	EVP_CIPHER_CTX rc4_key;
+	EVP_CIPHER_CTX *rc4_key;
 
-	EVP_CIPHER_CTX_init(&rc4_key);
-	EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
-	EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
-	EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
-	EVP_CIPHER_CTX_cleanup(&rc4_key);
+	rc4_key = EVP_CIPHER_CTX_new();
+	if (rc4_key == NULL) {
+	    _gsskrb5_release_buffer(minor_status, output_message_buffer);
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
+	EVP_Cipher(rc4_key, Confounder, p0 + 24, 8);
+	EVP_Cipher(rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
+	EVP_CIPHER_CTX_free(rc4_key);
     } else {
 	memcpy(Confounder, p0 + 24, 8); /* Confounder */
 	memcpy(output_message_buffer->value,

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -50,7 +50,7 @@ mic_des
   EVP_MD_CTX *md5;
   u_char hash[16];
   DES_key_schedule schedule;
-  EVP_CIPHER_CTX des_ctx;
+  EVP_CIPHER_CTX *des_ctx;
   DES_cblock deskey;
   DES_cblock zero;
   int32_t seq_number;
@@ -96,6 +96,17 @@ mic_des
 		 &schedule, &zero);
   memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
 
+  des_ctx = EVP_CIPHER_CTX_new();
+  if (des_ctx == NULL) {
+      memset (deskey, 0, sizeof(deskey));
+      memset (&schedule, 0, sizeof(schedule));
+      free (message_token->value);
+      message_token->value = NULL;
+      message_token->length = 0;
+      *minor_status = ENOMEM;
+      return GSS_S_FAILURE;
+  }
+
   HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
   /* sequence number */
   krb5_auth_con_getlocalseqnumber (context,
@@ -111,10 +122,9 @@ mic_des
 	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
 	  4);
 
-  EVP_CIPHER_CTX_init(&des_ctx);
-  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
-  EVP_Cipher(&des_ctx, p, p, 8);
-  EVP_CIPHER_CTX_cleanup(&des_ctx);
+  EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+  EVP_Cipher(des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_free(des_ctx);
 
   krb5_auth_con_setlocalseqnumber (context,
 			       ctx->auth_context,

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -50,7 +50,7 @@ unwrap_des
   size_t len;
   EVP_MD_CTX *md5;
   u_char hash[16];
-  EVP_CIPHER_CTX des_ctx;
+  EVP_CIPHER_CTX *des_ctx;
   DES_key_schedule schedule;
   DES_cblock deskey;
   DES_cblock zero;
@@ -104,12 +104,17 @@ unwrap_des
 	  deskey[i] ^= 0xf0;
 
 
-      EVP_CIPHER_CTX_init(&des_ctx);
-      EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0);
-      EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len);
-      EVP_CIPHER_CTX_cleanup(&des_ctx);
+      des_ctx = EVP_CIPHER_CTX_new();
+      if (des_ctx == NULL) {
+	  memset (deskey, 0, sizeof(deskey));
+	  *minor_status = ENOMEM;
+	  return GSS_S_FAILURE;
+      }
+      EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0);
+      EVP_Cipher(des_ctx, p, p, input_message_buffer->length - len);
+      EVP_CIPHER_CTX_free(des_ctx);
 
-      memset (&schedule, 0, sizeof(schedule));
+      memset (deskey, 0, sizeof(deskey));
   }
 
   if (IS_DCE_STYLE(context_handle)) {
@@ -135,19 +140,29 @@ unwrap_des
   DES_set_key_unchecked (&deskey, &schedule);
   DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
 		 &schedule, &zero);
-  if (ct_memcmp (p - 8, hash, 8) != 0)
+  if (ct_memcmp (p - 8, hash, 8) != 0) {
+    memset (deskey, 0, sizeof(deskey));
+    memset (&schedule, 0, sizeof(schedule));
     return GSS_S_BAD_MIC;
+  }
 
   /* verify sequence number */
 
+  des_ctx = EVP_CIPHER_CTX_new();
+  if (des_ctx == NULL) {
+    memset (deskey, 0, sizeof(deskey));
+    memset (&schedule, 0, sizeof(schedule));
+    *minor_status = ENOMEM;
+    return GSS_S_FAILURE;
+  }
+
   HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
 
   p -= 16;
 
-  EVP_CIPHER_CTX_init(&des_ctx);
-  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
-  EVP_Cipher(&des_ctx, p, p, 8);
-  EVP_CIPHER_CTX_cleanup(&des_ctx);
+  EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+  EVP_Cipher(des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_free(des_ctx);
 
   memset (deskey, 0, sizeof(deskey));
   memset (&schedule, 0, sizeof(schedule));

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -51,7 +51,7 @@ verify_mic_des
   EVP_MD_CTX *md5;
   u_char hash[16], *seq;
   DES_key_schedule schedule;
-  EVP_CIPHER_CTX des_ctx;
+  EVP_CIPHER_CTX *des_ctx;
   DES_cblock zero;
   DES_cblock deskey;
   uint32_t seq_number;
@@ -96,14 +96,21 @@ verify_mic_des
 
   /* verify sequence number */
 
+  des_ctx = EVP_CIPHER_CTX_new();
+  if (des_ctx == NULL) {
+    memset (deskey, 0, sizeof(deskey));
+    memset (&schedule, 0, sizeof(schedule));
+    *minor_status = ENOMEM;
+    return GSS_S_FAILURE;
+  }
+
   HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
 
   p -= 16;
 
-  EVP_CIPHER_CTX_init(&des_ctx);
-  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
-  EVP_Cipher(&des_ctx, p, p, 8);
-  EVP_CIPHER_CTX_cleanup(&des_ctx);
+  EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0);
+  EVP_Cipher(des_ctx, p, p, 8);
+  EVP_CIPHER_CTX_free(des_ctx);
 
   memset (deskey, 0, sizeof(deskey));
   memset (&schedule, 0, sizeof(schedule));

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -211,7 +211,7 @@ wrap_des
   EVP_MD_CTX *md5;
   u_char hash[16];
   DES_key_schedule schedule;
-  EVP_CIPHER_CTX des_ctx;
+  EVP_CIPHER_CTX *des_ctx;
   DES_cblock deskey;
   DES_cblock zero;
   size_t i;
@@ -283,6 +283,17 @@ wrap_des
 		 &schedule, &zero);
   memcpy (p - 8, hash, 8);
 
+  des_ctx = EVP_CIPHER_CTX_new();
+  if (des_ctx == NULL) {
+    memset (deskey, 0, sizeof(deskey));
+    memset (&schedule, 0, sizeof(schedule));
+    free(output_message_buffer->value);
+    output_message_buffer->value = NULL;
+    output_message_buffer->length = 0;
+    *minor_status = ENOMEM;
+    return GSS_S_FAILURE;
+  }
+
   /* sequence number */
   HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
   krb5_auth_con_getlocalseqnumber (context,
@@ -298,10 +309,8 @@ wrap_des
 	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
 	  4);
 
-  EVP_CIPHER_CTX_init(&des_ctx);
-  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
-  EVP_Cipher(&des_ctx, p, p, 8);
-  EVP_CIPHER_CTX_cleanup(&des_ctx);
+  EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
+  EVP_Cipher(des_ctx, p, p, 8);
 
   krb5_auth_con_setlocalseqnumber (context,
 			       ctx->auth_context,
@@ -317,11 +326,11 @@ wrap_des
       for (i = 0; i < sizeof(deskey); ++i)
 	  deskey[i] ^= 0xf0;
 
-      EVP_CIPHER_CTX_init(&des_ctx);
-      EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
-      EVP_Cipher(&des_ctx, p, p, datalen);
-      EVP_CIPHER_CTX_cleanup(&des_ctx);
+      EVP_CIPHER_CTX_reset(des_ctx);
+      EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
+      EVP_Cipher(des_ctx, p, p, datalen);
   }
+  EVP_CIPHER_CTX_free(des_ctx);
   memset (deskey, 0, sizeof(deskey));
   memset (&schedule, 0, sizeof(schedule));
 

Modified: projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -148,16 +148,18 @@ v2_sign_message(gss_buffer_t in,
 {
     unsigned char hmac[16];
     unsigned int hmaclen;
-    HMAC_CTX c;
+    HMAC_CTX *c;
 
-    HMAC_CTX_init(&c);
-    HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL);
+    c = HMAC_CTX_new();
+    if (c == NULL)
+	return GSS_S_FAILURE;
+    HMAC_Init_ex(c, signkey, 16, EVP_md5(), NULL);
 
     encode_le_uint32(seq, hmac);
-    HMAC_Update(&c, hmac, 4);
-    HMAC_Update(&c, in->value, in->length);
-    HMAC_Final(&c, hmac, &hmaclen);
-    HMAC_CTX_cleanup(&c);
+    HMAC_Update(c, hmac, 4);
+    HMAC_Update(c, in->value, in->length);
+    HMAC_Final(c, hmac, &hmaclen);
+    HMAC_CTX_free(c);
 
     encode_le_uint32(1, &out[0]);
     if (sealkey)

Modified: projects/openssl111/crypto/heimdal/lib/hx509/crypto.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/hx509/crypto.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/hx509/crypto.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -226,7 +226,8 @@ heim_int2BN(const heim_integer *i)
     BIGNUM *bn;
 
     bn = BN_bin2bn(i->data, i->length, NULL);
-    BN_set_negative(bn, i->negative);
+    if (bn != NULL)
+	    BN_set_negative(bn, i->negative);
     return bn;
 }
 
@@ -899,12 +900,15 @@ rsa_get_internal(hx509_context context,
 		 hx509_private_key key,
 		 const char *type)
 {
+    const BIGNUM *n;
+
     if (strcasecmp(type, "rsa-modulus") == 0) {
-	return BN_dup(key->private_key.rsa->n);
+	RSA_get0_key(key->private_key.rsa, &n, NULL, NULL);
     } else if (strcasecmp(type, "rsa-exponent") == 0) {
-	return BN_dup(key->private_key.rsa->e);
+	RSA_get0_key(key->private_key.rsa, NULL, &n, NULL);
     } else
 	return NULL;
+    return BN_dup(n);
 }
 
 
@@ -1045,6 +1049,7 @@ dsa_verify_signature(hx509_context context,
     DSAPublicKey pk;
     DSAParams param;
     size_t size;
+    BIGNUM *key, *p, *q, *g;
     DSA *dsa;
     int ret;
 
@@ -1062,16 +1067,25 @@ dsa_verify_signature(hx509_context context,
     if (ret)
 	goto out;
 
-    dsa->pub_key = heim_int2BN(&pk);
+    key = heim_int2BN(&pk);
 
     free_DSAPublicKey(&pk);
 
-    if (dsa->pub_key == NULL) {
+    if (key == NULL) {
 	ret = ENOMEM;
 	hx509_set_error_string(context, 0, ret, "out of memory");
 	goto out;
     }
 
+    ret = DSA_set0_key(dsa, key, NULL);
+
+    if (ret != 1) {
+	BN_free(key);
+	ret = EINVAL;
+	hx509_set_error_string(context, 0, ret, "failed to set DSA key");
+	goto out;
+    }
+
     if (spi->algorithm.parameters == NULL) {
 	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 	hx509_set_error_string(context, 0, ret, "DSA parameters missing");
@@ -1087,18 +1101,32 @@ dsa_verify_signature(hx509_context context,
 	goto out;
     }
 
-    dsa->p = heim_int2BN(&param.p);
-    dsa->q = heim_int2BN(&param.q);
-    dsa->g = heim_int2BN(&param.g);
+    p = heim_int2BN(&param.p);
+    q = heim_int2BN(&param.q);
+    g = heim_int2BN(&param.g);
 
     free_DSAParams(&param);
 
-    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
+    if (p == NULL || q == NULL || g == NULL) {
+	BN_free(p);
+	BN_free(q);
+	BN_free(g);
 	ret = ENOMEM;
 	hx509_set_error_string(context, 0, ret, "out of memory");
 	goto out;
     }
 
+    ret = DSA_set0_pqg(dsa, p, q, g);
+
+    if (ret != 1) {
+	BN_free(p);
+	BN_free(q);
+	BN_free(g);
+	ret = EINVAL;
+	hx509_set_error_string(context, 0, ret, "failed to set DSA parameters");
+	goto out;
+    }
+
     ret = DSA_verify(-1, data->data, data->length,
 		     (unsigned char*)sig->data, sig->length,
 		     dsa);
@@ -2562,7 +2590,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 		     const heim_octet_string *ivec,
 		     heim_octet_string **ciphertext)
 {
-    EVP_CIPHER_CTX evp;
+    EVP_CIPHER_CTX *evp;
     size_t padsize, bsize;
     int ret;
 
@@ -2574,12 +2602,13 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 
     assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
 
-    EVP_CIPHER_CTX_init(&evp);
+    evp = EVP_CIPHER_CTX_new();
+    if (evp == NULL)
+	return ENOMEM;
 
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
+    ret = EVP_CipherInit_ex(evp, crypto->c, NULL,
 			    crypto->key.data, ivec->data, 1);
     if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
 	ret = HX509_CRYPTO_INTERNAL_ERROR;
 	goto out;
     }
@@ -2619,7 +2648,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 	    *p++ = padsize;
     }
 
-    ret = EVP_Cipher(&evp, (*ciphertext)->data,
+    ret = EVP_Cipher(evp, (*ciphertext)->data,
 		     (*ciphertext)->data,
 		     length + padsize);
     if (ret != 1) {
@@ -2638,7 +2667,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
 	    *ciphertext = NULL;
 	}
     }
-    EVP_CIPHER_CTX_cleanup(&evp);
+    EVP_CIPHER_CTX_free(evp);
 
     return ret;
 }
@@ -2650,7 +2679,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
 		     heim_octet_string *ivec,
 		     heim_octet_string *clear)
 {
-    EVP_CIPHER_CTX evp;
+    EVP_CIPHER_CTX *evp;
     void *idata = NULL;
     int ret;
 
@@ -2670,27 +2699,30 @@ hx509_crypto_decrypt(hx509_crypto crypto,
     if (ivec)
 	idata = ivec->data;
 
-    EVP_CIPHER_CTX_init(&evp);
+    evp = EVP_CIPHER_CTX_new();
+    if (evp == NULL)
+	return ENOMEM;
 
-    ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
+    ret = EVP_CipherInit_ex(evp, crypto->c, NULL,
 			    crypto->key.data, idata, 0);
     if (ret != 1) {
-	EVP_CIPHER_CTX_cleanup(&evp);
+	EVP_CIPHER_CTX_free(evp);
 	return HX509_CRYPTO_INTERNAL_ERROR;
     }
 
     clear->length = length;
     clear->data = malloc(length);
     if (clear->data == NULL) {
-	EVP_CIPHER_CTX_cleanup(&evp);
+	EVP_CIPHER_CTX_free(evp);
 	clear->length = 0;
 	return ENOMEM;
     }
 
-    if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
+    if (EVP_Cipher(evp, clear->data, data, length) != 1) {
+	EVP_CIPHER_CTX_free(evp);
 	return HX509_CRYPTO_INTERNAL_ERROR;
     }
-    EVP_CIPHER_CTX_cleanup(&evp);
+    EVP_CIPHER_CTX_free(evp);
 
     if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
 	int padsize;
@@ -2949,6 +2981,8 @@ match_keys_rsa(hx509_cert c, hx509_private_key private
     const SubjectPublicKeyInfo *spi;
     RSAPublicKey pk;
     RSA *rsa;
+    const BIGNUM *d, *p, *q, *dmp1, *dmq1, *iqmp;
+    BIGNUM *new_d, *new_p, *new_q, *new_dmp1, *new_dmq1, *new_iqmp, *n, *e;
     size_t size;
     int ret;
 
@@ -2956,7 +2990,10 @@ match_keys_rsa(hx509_cert c, hx509_private_key private
 	return 0;
 
     rsa = private_key->private_key.rsa;
-    if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
+    RSA_get0_key(rsa, NULL, NULL, &d);
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    if (d == NULL || p == NULL || q == NULL)
 	return 0;
 
     cert = _hx509_get_cert(c);
@@ -2973,21 +3010,66 @@ match_keys_rsa(hx509_cert c, hx509_private_key private
 	RSA_free(rsa);
 	return 0;
     }
-    rsa->n = heim_int2BN(&pk.modulus);
-    rsa->e = heim_int2BN(&pk.publicExponent);
+    n = heim_int2BN(&pk.modulus);
+    e = heim_int2BN(&pk.publicExponent);
 
     free_RSAPublicKey(&pk);
 
-    rsa->d = BN_dup(private_key->private_key.rsa->d);
-    rsa->p = BN_dup(private_key->private_key.rsa->p);
-    rsa->q = BN_dup(private_key->private_key.rsa->q);
-    rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
-    rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
-    rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
+    new_d = BN_dup(d);
+    new_p = BN_dup(p);
+    new_q = BN_dup(q);
+    new_dmp1 = BN_dup(dmp1);
+    new_dmq1 = BN_dup(dmq1);
+    new_iqmp = BN_dup(iqmp);
 
-    if (rsa->n == NULL || rsa->e == NULL ||
-	rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
-	rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
+    if (n == NULL || e == NULL ||
+	new_d == NULL || new_p == NULL|| new_q == NULL ||
+	new_dmp1 == NULL || new_dmq1 == NULL || new_iqmp == NULL) {
+	BN_free(n);
+	BN_free(e);
+	BN_free(new_d);
+	BN_free(new_p);
+	BN_free(new_q);
+	BN_free(new_dmp1);
+	BN_free(new_dmq1);
+	BN_free(new_iqmp);
+	RSA_free(rsa);
+	return 0;
+    }
+
+    ret = RSA_set0_key(rsa, new_d, n, e);
+
+    if (ret != 1) {
+	BN_free(n);
+	BN_free(e);
+	BN_free(new_d);
+	BN_free(new_p);
+	BN_free(new_q);
+	BN_free(new_dmp1);
+	BN_free(new_dmq1);
+	BN_free(new_iqmp);
+	RSA_free(rsa);
+	return 0;
+    }
+
+    ret = RSA_set0_factors(rsa, new_p, new_q);
+
+    if (ret != 1) {
+	BN_free(new_p);
+	BN_free(new_q);
+	BN_free(new_dmp1);
+	BN_free(new_dmq1);
+	BN_free(new_iqmp);
+	RSA_free(rsa);
+	return 0;
+    }
+
+    ret = RSA_set0_crt_params(rsa, new_dmp1, new_dmq1, new_iqmp);
+
+    if (ret != 1) {
+	BN_free(new_dmp1);
+	BN_free(new_dmq1);
+	BN_free(new_iqmp);
 	RSA_free(rsa);
 	return 0;
     }

Modified: projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -1387,12 +1387,12 @@ info(void *opt, int argc, char **argv)
     {
 	const RSA_METHOD *m = RSA_get_default_method();
 	if (m != NULL)
-	    printf("rsa: %s\n", m->name);
+	    printf("rsa: %s\n", RSA_meth_get0_name(m));
     }
     {
 	const DH_METHOD *m = DH_get_default_method();
 	if (m != NULL)
-	    printf("dh: %s\n", m->name);
+	    printf("dh: %s\n", DH_meth_get0_name(m));
     }
 #ifdef HAVE_OPENSSL
     {

Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -107,11 +107,18 @@ try_decrypt(hx509_context context,
     clear.length = len;
 
     {
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
-	EVP_Cipher(&ctx, clear.data, cipher, len);
-	EVP_CIPHER_CTX_cleanup(&ctx);
+	EVP_CIPHER_CTX *ctx;
+
+	ctx = EVP_CIPHER_CTX_new();
+	if (ctx == NULL) {
+		hx509_set_error_string(context, 0, ENOMEM,
+				       "Out of memory to decrypt for private key");
+		ret = ENOMEM;
+		goto out;
+	}
+	EVP_CipherInit_ex(ctx, c, NULL, key, ivdata, 0);
+	EVP_Cipher(ctx, clear.data, cipher, len);
+	EVP_CIPHER_CTX_free(ctx);
     }
 
     ret = _hx509_collector_private_key_add(context,
@@ -122,8 +129,8 @@ try_decrypt(hx509_context context,
 					   NULL);
 
     memset(clear.data, 0, clear.length);
-    free(clear.data);
 out:
+    free(clear.data);
     memset(key, 0, keylen);
     free(key);
     return ret;

Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c
==============================================================================
--- projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c	Fri Oct  5 16:05:59 2018	(r339197)
+++ projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c	Fri Oct  5 16:35:24 2018	(r339198)
@@ -213,22 +213,48 @@ p11_rsa_finish(RSA *rsa)
     return 1;
 }
 
-static const RSA_METHOD p11_rsa_pkcs1_method = {
-    "hx509 PKCS11 PKCS#1 RSA",
-    p11_rsa_public_encrypt,
-    p11_rsa_public_decrypt,
-    p11_rsa_private_encrypt,
-    p11_rsa_private_decrypt,
-    NULL,
-    NULL,
-    p11_rsa_init,
-    p11_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
+static const RSA_METHOD *
+get_p11_rsa_pkcs1_method(void)
+{
+    static const RSA_METHOD *p11_rsa_pkcs1_method;
+    RSA_METHOD *new_method;
 
+    if (p11_rsa_pkcs1_method != NULL)
+	return p11_rsa_pkcs1_method;
+
+    new_method = RSA_meth_new("hx509 PKCS11 PKCS#1 RSA", 0);
+    if (new_method == NULL)
+	return NULL;
+
+    if (RSA_meth_set_pub_enc(new_method, p11_rsa_public_encrypt) != 1)
+	goto out;
+
+    if (RSA_meth_set_pub_dec(new_method, p11_rsa_public_decrypt) != 1)
+	goto out;
+
+    if (RSA_meth_set_priv_enc(new_method, p11_rsa_private_encrypt) != 1)
+	goto out;
+
+    if (RSA_meth_set_priv_dec(new_method, p11_rsa_private_decrypt) != 1)
+	goto out;
+
+    if (RSA_meth_set_init(new_method, p11_rsa_init) != 1)
+	goto out;
+
+    if (RSA_meth_set_finish(new_method, p11_rsa_finish) != 1)
+	goto out;
+
+    /*
+     * This might overwrite a previously-created method if multiple
+     * threads invoke this concurrently which will leak memory.
+     */
+    p11_rsa_pkcs1_method = new_method;
+    return p11_rsa_pkcs1_method;
+out:
+    RSA_meth_free(new_method);
+    return NULL;
+}
+
 /*
  *
  */
@@ -607,6 +633,8 @@ collect_private_key(hx509_context context,
     hx509_private_key key;
     heim_octet_string localKeyId;
     int ret;
+    const RSA_METHOD *meth;
+    BIGNUM *n, *e;
     RSA *rsa;
     struct p11_rsa *p11rsa;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-projects@freebsd.org  Fri Oct  5 17:53:59 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F28A10B2853
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Fri,  5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4A9848A7CB;
 Fri,  5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 44C561898C;
 Fri,  5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95Hrw7D009818;
 Fri, 5 Oct 2018 17:53:58 GMT (envelope-from gjb@FreeBSD.org)
Received: (from gjb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95Hrmko009773;
 Fri, 5 Oct 2018 17:53:48 GMT (envelope-from gjb@FreeBSD.org)
Message-Id: <201810051753.w95Hrmko009773@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org
 using -f
From: Glen Barber <gjb@FreeBSD.org>
Date: Fri, 5 Oct 2018 17:53:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339201 - in projects/openssl111: . contrib/blacklist/bin
 contrib/bmake contrib/elftoolchain/libelf contrib/libarchive
 contrib/libarchive/libarchive contrib/libarchive/libarchive/test c...
X-SVN-Group: projects
X-SVN-Commit-Author: gjb
X-SVN-Commit-Paths: in projects/openssl111: . contrib/blacklist/bin
 contrib/bmake contrib/elftoolchain/libelf contrib/libarchive
 contrib/libarchive/libarchive contrib/libarchive/libarchive/test
 contrib/libarchive/test_ut...
X-SVN-Commit-Revision: 339201
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 17:53:59 -0000

Author: gjb
Date: Fri Oct  5 17:53:47 2018
New Revision: 339201
URL: https://svnweb.freebsd.org/changeset/base/339201

Log:
  MFH r338661 through r339200.
  
  Sponsored by:	The FreeBSD Foundation

Added:
     - copied from r339200, head/contrib/mandoc/
  projects/openssl111/lib/lib80211/regdomain.xml
     - copied unchanged from r339200, head/lib/lib80211/regdomain.xml
  projects/openssl111/lib/libalias/libalias/libalias.conf
     - copied unchanged from r339200, head/lib/libalias/libalias/libalias.conf
  projects/openssl111/lib/libc/net/hosts
     - copied unchanged from r339200, head/lib/libc/net/hosts
  projects/openssl111/lib/libc/net/hosts.equiv
     - copied unchanged from r339200, head/lib/libc/net/hosts.equiv
  projects/openssl111/lib/libc/net/networks
     - copied unchanged from r339200, head/lib/libc/net/networks
  projects/openssl111/lib/libc/net/nsswitch.conf
     - copied unchanged from r339200, head/lib/libc/net/nsswitch.conf
  projects/openssl111/lib/libc/net/protocols
     - copied unchanged from r339200, head/lib/libc/net/protocols
  projects/openssl111/lib/libc/posix1e/mac.conf
     - copied unchanged from r339200, head/lib/libc/posix1e/mac.conf
  projects/openssl111/lib/libc/rpc/netconfig
     - copied unchanged from r339200, head/lib/libc/rpc/netconfig
  projects/openssl111/lib/libc/rpc/rpc
     - copied unchanged from r339200, head/lib/libc/rpc/rpc
  projects/openssl111/lib/libopie/opieaccess
     - copied unchanged from r339200, head/lib/libopie/opieaccess
  projects/openssl111/lib/libsmb/nsmb.conf
     - copied unchanged from r339200, head/lib/libsmb/nsmb.conf
  projects/openssl111/lib/libwrap/hosts.allow
     - copied unchanged from r339200, head/lib/libwrap/hosts.allow
  projects/openssl111/libexec/rtld-elf/libmap.conf
     - copied unchanged from r339200, head/libexec/rtld-elf/libmap.conf
  projects/openssl111/sbin/bsdlabel/disktab
     - copied unchanged from r339200, head/sbin/bsdlabel/disktab
  projects/openssl111/share/man/man4/iflib.4
     - copied unchanged from r339200, head/share/man/man4/iflib.4
  projects/openssl111/sys/arm64/include/ifunc.h
     - copied unchanged from r339200, head/sys/arm64/include/ifunc.h
  projects/openssl111/tools/build/options/WITH_HYPERV
     - copied unchanged from r339200, head/tools/build/options/WITH_HYPERV
  projects/openssl111/usr.bin/tip/tip/phones
     - copied unchanged from r339200, head/usr.bin/tip/tip/phones
  projects/openssl111/usr.bin/tip/tip/remote
     - copied unchanged from r339200, head/usr.bin/tip/tip/remote
  projects/openssl111/usr.sbin/amd/amd/amd.map
     - copied unchanged from r339200, head/usr.sbin/amd/amd/amd.map
  projects/openssl111/usr.sbin/lpr/lpd/hosts.lpd
     - copied unchanged from r339200, head/usr.sbin/lpr/lpd/hosts.lpd
  projects/openssl111/usr.sbin/lpr/lpd/printcap
     - copied unchanged from r339200, head/usr.sbin/lpr/lpd/printcap
Directory Properties:
  projects/openssl111/contrib/mandoc/   (props changed)
Replaced:
  projects/openssl111/sbin/dhclient/dhclient.conf
     - copied unchanged from r339200, head/sbin/dhclient/dhclient.conf
Deleted:
  projects/openssl111/contrib/mdocml/
  projects/openssl111/etc/amd.map
  projects/openssl111/etc/dhclient.conf
  projects/openssl111/etc/disktab
  projects/openssl111/etc/hosts
  projects/openssl111/etc/hosts.allow
  projects/openssl111/etc/hosts.equiv
  projects/openssl111/etc/hosts.lpd
  projects/openssl111/etc/libalias.conf
  projects/openssl111/etc/libmap.conf
  projects/openssl111/etc/mac.conf
  projects/openssl111/etc/netconfig
  projects/openssl111/etc/networks
  projects/openssl111/etc/nsmb.conf
  projects/openssl111/etc/nsswitch.conf
  projects/openssl111/etc/opieaccess
  projects/openssl111/etc/phones
  projects/openssl111/etc/printcap
  projects/openssl111/etc/protocols
  projects/openssl111/etc/regdomain.xml
  projects/openssl111/etc/remote
  projects/openssl111/etc/rpc
Modified:
  projects/openssl111/UPDATING
  projects/openssl111/contrib/blacklist/bin/blacklistd.8
  projects/openssl111/contrib/bmake/make.1
  projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c
  projects/openssl111/contrib/libarchive/README.md
  projects/openssl111/contrib/libarchive/libarchive/archive_acl.c
  projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c
  projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c
  projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c
  projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c
  projects/openssl111/contrib/libarchive/test_utils/test_main.c
  projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp
  projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp
  projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp
  projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h
  projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp
  projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp
  projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp
  projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h
  projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c
  projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c
  projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c
  projects/openssl111/etc/Makefile
  projects/openssl111/gnu/usr.bin/binutils/as/config.h
  projects/openssl111/gnu/usr.bin/binutils/ld/config.h
  projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h
  projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h
  projects/openssl111/gnu/usr.bin/cc/libiberty/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h
  projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h
  projects/openssl111/include/limits.h
  projects/openssl111/include/time.h
  projects/openssl111/lib/Makefile
  projects/openssl111/lib/clang/freebsd_cc_version.h
  projects/openssl111/lib/csu/arm/crt1.c
  projects/openssl111/lib/csu/common/crtbrand.c
  projects/openssl111/lib/csu/common/ignore_init.c
  projects/openssl111/lib/csu/common/notes.h
  projects/openssl111/lib/lib80211/Makefile
  projects/openssl111/lib/libalias/libalias/Makefile
  projects/openssl111/lib/libbe/be.c
  projects/openssl111/lib/libc/Makefile
  projects/openssl111/lib/libc/amd64/string/bcmp.S
  projects/openssl111/lib/libc/amd64/string/bcopy.S
  projects/openssl111/lib/libc/amd64/string/bzero.S
  projects/openssl111/lib/libc/amd64/string/memcmp.S
  projects/openssl111/lib/libc/amd64/string/memset.S
  projects/openssl111/lib/libc/i386/string/bcopy.S
  projects/openssl111/lib/libc/net/Makefile.inc
  projects/openssl111/lib/libc/posix1e/Makefile.inc
  projects/openssl111/lib/libc/rpc/Makefile.inc
  projects/openssl111/lib/libopie/Makefile
  projects/openssl111/lib/libpmc/Makefile
  projects/openssl111/lib/libpmc/libpmc_pmu_util.c
  projects/openssl111/lib/libsmb/Makefile
  projects/openssl111/lib/libusb/libusb10.h
  projects/openssl111/lib/libusb/libusb10_io.c
  projects/openssl111/lib/libwrap/Makefile
  projects/openssl111/libexec/rtld-elf/Makefile
  projects/openssl111/libexec/rtld-elf/aarch64/reloc.c
  projects/openssl111/libexec/rtld-elf/aarch64/rtld_machdep.h
  projects/openssl111/libexec/rtld-elf/libmap.c
  projects/openssl111/libexec/rtld-elf/powerpc/reloc.c
  projects/openssl111/libexec/rtld-elf/rtld.c
  projects/openssl111/release/Makefile
  projects/openssl111/release/scripts/pkg-stage.sh
  projects/openssl111/sbin/bsdlabel/Makefile
  projects/openssl111/sbin/devd/devd.cc
  projects/openssl111/sbin/devd/devd.hh
  projects/openssl111/sbin/dhclient/Makefile
  projects/openssl111/sbin/fsck_ffs/pass5.c
  projects/openssl111/sbin/geom/core/geom.8
  projects/openssl111/sbin/geom/core/geom.c
  projects/openssl111/sbin/ifconfig/ifipsec.c
  projects/openssl111/sbin/init/rc.d/ldconfig
  projects/openssl111/sbin/ipfw/ipfw.8
  projects/openssl111/sbin/ipfw/ipfw2.c
  projects/openssl111/sbin/reboot/reboot.c
  projects/openssl111/sbin/sysctl/sysctl.8
  projects/openssl111/secure/usr.bin/openssl/Makefile
  projects/openssl111/share/man/man4/Makefile
  projects/openssl111/share/man/man4/bnxt.4
  projects/openssl111/share/man/man4/cxgbe.4
  projects/openssl111/share/man/man4/ddb.4
  projects/openssl111/share/man/man4/em.4
  projects/openssl111/share/man/man5/make.conf.5
  projects/openssl111/share/man/man5/msdosfs.5
  projects/openssl111/share/man/man5/src.conf.5
  projects/openssl111/share/man/man9/MODULE_PNP_INFO.9
  projects/openssl111/share/man/man9/iflib.9
  projects/openssl111/share/mk/bsd.dirs.mk
  projects/openssl111/share/mk/bsd.progs.mk
  projects/openssl111/share/mk/bsd.subdir.mk
  projects/openssl111/share/mk/bsd.sys.mk
  projects/openssl111/share/mk/src.opts.mk
  projects/openssl111/stand/lua/menu.lua
  projects/openssl111/stand/lua/password.lua
  projects/openssl111/sys/amd64/amd64/copyout.c
  projects/openssl111/sys/amd64/amd64/machdep.c
  projects/openssl111/sys/amd64/amd64/pmap.c
  projects/openssl111/sys/amd64/amd64/support.S
  projects/openssl111/sys/amd64/amd64/trap.c
  projects/openssl111/sys/amd64/include/pmap.h
  projects/openssl111/sys/amd64/include/vmm.h
  projects/openssl111/sys/amd64/vmm/intel/vmx.c
  projects/openssl111/sys/amd64/vmm/vmm.c
  projects/openssl111/sys/arm/conf/std.armv6
  projects/openssl111/sys/arm/conf/std.armv7
  projects/openssl111/sys/arm64/arm64/elf_machdep.c
  projects/openssl111/sys/arm64/arm64/identcpu.c
  projects/openssl111/sys/arm64/arm64/machdep.c
  projects/openssl111/sys/arm64/arm64/undefined.c
  projects/openssl111/sys/arm64/conf/GENERIC-MMCCAM
  projects/openssl111/sys/arm64/include/pte.h
  projects/openssl111/sys/arm64/include/undefined.h
  projects/openssl111/sys/cam/scsi/scsi_cd.c
  projects/openssl111/sys/cam/scsi/scsi_da.c
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zfs_vfsops.h
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_queue.c
  projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c
  projects/openssl111/sys/compat/freebsd32/freebsd32_ioctl.c
  projects/openssl111/sys/compat/freebsd32/freebsd32_ioctl.h
  projects/openssl111/sys/compat/freebsd32/freebsd32_syscall.h
  projects/openssl111/sys/compat/freebsd32/freebsd32_syscalls.c
  projects/openssl111/sys/compat/freebsd32/freebsd32_sysent.c
  projects/openssl111/sys/compat/freebsd32/syscalls.master
  projects/openssl111/sys/conf/files
  projects/openssl111/sys/conf/files.arm
  projects/openssl111/sys/conf/files.arm64
  projects/openssl111/sys/conf/files.i386
  projects/openssl111/sys/conf/files.mips
  projects/openssl111/sys/conf/files.powerpc
  projects/openssl111/sys/conf/files.riscv
  projects/openssl111/sys/conf/files.sparc64
  projects/openssl111/sys/conf/kern.pre.mk
  projects/openssl111/sys/conf/newvers.sh
  projects/openssl111/sys/crypto/ccp/ccp.c
  projects/openssl111/sys/dev/aac/aac_pci.c
  projects/openssl111/sys/dev/aacraid/aacraid_pci.c
  projects/openssl111/sys/dev/adlink/adlink.c
  projects/openssl111/sys/dev/ae/if_ae.c
  projects/openssl111/sys/dev/age/if_age.c
  projects/openssl111/sys/dev/ahci/ahci_pci.c
  projects/openssl111/sys/dev/alc/if_alc.c
  projects/openssl111/sys/dev/ale/if_ale.c
  projects/openssl111/sys/dev/amdsmn/amdsmn.c
  projects/openssl111/sys/dev/amdtemp/amdtemp.c
  projects/openssl111/sys/dev/amr/amr_pci.c
  projects/openssl111/sys/dev/an/if_an_pci.c
  projects/openssl111/sys/dev/bce/if_bce.c
  projects/openssl111/sys/dev/bfe/if_bfe.c
  projects/openssl111/sys/dev/bge/if_bge.c
  projects/openssl111/sys/dev/bwi/if_bwi_pci.c
  projects/openssl111/sys/dev/bwn/if_bwn_pci.c
  projects/openssl111/sys/dev/bxe/bxe.c
  projects/openssl111/sys/dev/cas/if_cas.c
  projects/openssl111/sys/dev/ciss/ciss.c
  projects/openssl111/sys/dev/cpuctl/cpuctl.c
  projects/openssl111/sys/dev/cxgb/cxgb_main.c
  projects/openssl111/sys/dev/cxgbe/adapter.h
  projects/openssl111/sys/dev/cxgbe/common/common.h
  projects/openssl111/sys/dev/cxgbe/common/t4_hw.c
  projects/openssl111/sys/dev/cxgbe/firmware/t4fw_cfg.txt
  projects/openssl111/sys/dev/cxgbe/firmware/t5fw_cfg.txt
  projects/openssl111/sys/dev/cxgbe/firmware/t6fw_cfg.txt
  projects/openssl111/sys/dev/cxgbe/osdep.h
  projects/openssl111/sys/dev/cxgbe/t4_filter.c
  projects/openssl111/sys/dev/cxgbe/t4_l2t.c
  projects/openssl111/sys/dev/cxgbe/t4_l2t.h
  projects/openssl111/sys/dev/cxgbe/t4_main.c
  projects/openssl111/sys/dev/cxgbe/tom/t4_cpl_io.c
  projects/openssl111/sys/dev/dc/if_dc.c
  projects/openssl111/sys/dev/drm2/drm_os_freebsd.c
  projects/openssl111/sys/dev/drm2/i915/i915_drv.c
  projects/openssl111/sys/dev/drm2/i915/intel_ringbuffer.c
  projects/openssl111/sys/dev/drm2/radeon/radeon_drv.c
  projects/openssl111/sys/dev/e1000/if_em.c
  projects/openssl111/sys/dev/ed/if_ed_pci.c
  projects/openssl111/sys/dev/ena/ena.c
  projects/openssl111/sys/dev/et/if_et.c
  projects/openssl111/sys/dev/ffec/if_ffec.c
  projects/openssl111/sys/dev/fxp/if_fxp.c
  projects/openssl111/sys/dev/gem/if_gem_pci.c
  projects/openssl111/sys/dev/hwpmc/hwpmc_logging.c
  projects/openssl111/sys/dev/hwpmc/hwpmc_mod.c
  projects/openssl111/sys/dev/ichiic/ig4_iic.c
  projects/openssl111/sys/dev/ichiic/ig4_pci.c
  projects/openssl111/sys/dev/ida/ida_pci.c
  projects/openssl111/sys/dev/intpm/intpm.c
  projects/openssl111/sys/dev/ioat/ioat.c
  projects/openssl111/sys/dev/ipw/if_ipw.c
  projects/openssl111/sys/dev/iwm/if_iwm.c
  projects/openssl111/sys/dev/iwn/if_iwn.c
  projects/openssl111/sys/dev/ixgbe/if_ix.c
  projects/openssl111/sys/dev/ixgbe/if_ixv.c
  projects/openssl111/sys/dev/ixl/if_ixl.c
  projects/openssl111/sys/dev/ixl/if_ixlv.c
  projects/openssl111/sys/dev/mfi/mfi_pci.c
  projects/openssl111/sys/dev/mpr/mpr_pci.c
  projects/openssl111/sys/dev/mps/mps_pci.c
  projects/openssl111/sys/dev/mvs/mvs_pci.c
  projects/openssl111/sys/dev/my/if_my.c
  projects/openssl111/sys/dev/ncr/ncr.c
  projects/openssl111/sys/dev/ntb/ntb_hw/ntb_hw_intel.c
  projects/openssl111/sys/dev/oce/oce_if.c
  projects/openssl111/sys/dev/ofw/ofw_bus_subr.h
  projects/openssl111/sys/dev/pccard/pccardvar.h
  projects/openssl111/sys/dev/pccbb/pccbb_pci.c
  projects/openssl111/sys/dev/pci/pci_user.c
  projects/openssl111/sys/dev/pci/pcireg.h
  projects/openssl111/sys/dev/pci/pcivar.h
  projects/openssl111/sys/dev/pcn/if_pcn.c
  projects/openssl111/sys/dev/puc/puc_pci.c
  projects/openssl111/sys/dev/ral/if_ral_pci.c
  projects/openssl111/sys/dev/rl/if_rl.c
  projects/openssl111/sys/dev/sdhci/sdhci_acpi.c
  projects/openssl111/sys/dev/spibus/spi.h
  projects/openssl111/sys/dev/uart/uart_bus_pccard.c
  projects/openssl111/sys/dev/uart/uart_bus_pci.c
  projects/openssl111/sys/dev/usb/net/if_ure.c
  projects/openssl111/sys/dev/usb/usbdi.h
  projects/openssl111/sys/dev/xl/if_xl.c
  projects/openssl111/sys/geom/raid/tr_raid0.c
  projects/openssl111/sys/i386/i386/npx.c
  projects/openssl111/sys/i386/i386/pmap.c
  projects/openssl111/sys/i386/i386/trap.c
  projects/openssl111/sys/i386/i386/vm_machdep.c
  projects/openssl111/sys/i386/include/pmap.h
  projects/openssl111/sys/isa/isavar.h
  projects/openssl111/sys/kern/init_sysent.c
  projects/openssl111/sys/kern/kern_context.c
  projects/openssl111/sys/kern/kern_cpuset.c
  projects/openssl111/sys/kern/kern_descrip.c
  projects/openssl111/sys/kern/kern_malloc.c
  projects/openssl111/sys/kern/kern_resource.c
  projects/openssl111/sys/kern/link_elf.c
  projects/openssl111/sys/kern/subr_vmem.c
  projects/openssl111/sys/kern/sys_generic.c
  projects/openssl111/sys/kern/syscalls.c
  projects/openssl111/sys/kern/syscalls.master
  projects/openssl111/sys/kern/uipc_socket.c
  projects/openssl111/sys/kern/vfs_lookup.c
  projects/openssl111/sys/kern/vfs_syscalls.c
  projects/openssl111/sys/net/if.c
  projects/openssl111/sys/net/if_gre.c
  projects/openssl111/sys/net/if_tap.c
  projects/openssl111/sys/net/if_tun.c
  projects/openssl111/sys/net/if_var.h
  projects/openssl111/sys/net/if_vlan.c
  projects/openssl111/sys/net/iflib.c
  projects/openssl111/sys/net/iflib.h
  projects/openssl111/sys/netinet/in_pcb.h
  projects/openssl111/sys/netinet/ip_encap.h
  projects/openssl111/sys/netinet/ip_output.c
  projects/openssl111/sys/netinet/sctp_asconf.c
  projects/openssl111/sys/netinet/sctp_auth.c
  projects/openssl111/sys/netinet/sctp_auth.h
  projects/openssl111/sys/netinet/sctp_input.c
  projects/openssl111/sys/netinet/sctp_output.c
  projects/openssl111/sys/netinet/sctputil.c
  projects/openssl111/sys/netinet/siftr.c
  projects/openssl111/sys/netinet/tcp_hpts.c
  projects/openssl111/sys/netinet/tcp_input.c
  projects/openssl111/sys/netinet/tcp_syncache.c
  projects/openssl111/sys/netinet/udp_usrreq.c
  projects/openssl111/sys/netinet6/icmp6.c
  projects/openssl111/sys/netinet6/in6_pcb.c
  projects/openssl111/sys/netinet6/udp6_usrreq.c
  projects/openssl111/sys/netipsec/key.c
  projects/openssl111/sys/netipsec/key.h
  projects/openssl111/sys/netipsec/subr_ipsec.c
  projects/openssl111/sys/netipsec/xform.h
  projects/openssl111/sys/netpfil/pf/pf.c
  projects/openssl111/sys/opencrypto/cryptosoft.c
  projects/openssl111/sys/opencrypto/cryptosoft.h
  projects/openssl111/sys/powerpc/conf/GENERIC64
  projects/openssl111/sys/powerpc/ofw/ofw_machdep.c
  projects/openssl111/sys/riscv/include/fpe.h
  projects/openssl111/sys/riscv/riscv/machdep.c
  projects/openssl111/sys/riscv/riscv/pmap.c
  projects/openssl111/sys/riscv/riscv/swtch.S
  projects/openssl111/sys/riscv/riscv/trap.c
  projects/openssl111/sys/security/audit/audit.c
  projects/openssl111/sys/security/audit/audit.h
  projects/openssl111/sys/security/audit/audit_dtrace.c
  projects/openssl111/sys/security/audit/audit_private.h
  projects/openssl111/sys/security/audit/audit_syscalls.c
  projects/openssl111/sys/security/audit/audit_worker.c
  projects/openssl111/sys/sys/_domainset.h
  projects/openssl111/sys/sys/malloc.h
  projects/openssl111/sys/sys/module.h
  projects/openssl111/sys/sys/pmc.h
  projects/openssl111/sys/sys/pmckern.h
  projects/openssl111/sys/sys/racct.h
  projects/openssl111/sys/sys/resourcevar.h
  projects/openssl111/sys/sys/signalvar.h
  projects/openssl111/sys/sys/syscall.h
  projects/openssl111/sys/sys/user.h
  projects/openssl111/sys/sys/vmmeter.h
  projects/openssl111/sys/ufs/ffs/ffs_softdep.c
  projects/openssl111/sys/ufs/ufs/ufs_quota.c
  projects/openssl111/sys/ufs/ufs/ufs_vfsops.c
  projects/openssl111/sys/ufs/ufs/ufs_vnops.c
  projects/openssl111/sys/vm/swap_pager.c
  projects/openssl111/sys/vm/uma_core.c
  projects/openssl111/sys/vm/vm_domainset.c
  projects/openssl111/sys/vm/vm_domainset.h
  projects/openssl111/sys/vm/vm_fault.c
  projects/openssl111/sys/vm/vm_glue.c
  projects/openssl111/sys/vm/vm_init.c
  projects/openssl111/sys/vm/vm_kern.c
  projects/openssl111/sys/vm/vm_kern.h
  projects/openssl111/sys/vm/vm_mmap.c
  projects/openssl111/sys/vm/vm_page.c
  projects/openssl111/sys/vm/vm_pageout.c
  projects/openssl111/sys/vm/vm_pagequeue.h
  projects/openssl111/sys/vm/vm_phys.c
  projects/openssl111/sys/x86/acpica/srat.c
  projects/openssl111/sys/x86/include/ifunc.h
  projects/openssl111/sys/x86/include/ucode.h
  projects/openssl111/sys/x86/iommu/intel_utils.c
  projects/openssl111/sys/x86/isa/atpic.c
  projects/openssl111/sys/x86/x86/ucode.c
  projects/openssl111/tools/build/mk/OptionalObsoleteFiles.inc
  projects/openssl111/usr.bin/bmake/Makefile.config
  projects/openssl111/usr.bin/clang/lld/ld.lld.1
  projects/openssl111/usr.bin/locate/locate/Makefile
  projects/openssl111/usr.bin/mail/Makefile
  projects/openssl111/usr.bin/mandoc/Makefile
  projects/openssl111/usr.bin/nfsstat/nfsstat.1
  projects/openssl111/usr.bin/tip/tip/Makefile
  projects/openssl111/usr.bin/top/top.1
  projects/openssl111/usr.sbin/Makefile
  projects/openssl111/usr.sbin/amd/amd/Makefile
  projects/openssl111/usr.sbin/bsdinstall/bsdinstall.8
  projects/openssl111/usr.sbin/bsdinstall/scripts/config
  projects/openssl111/usr.sbin/bsdinstall/scripts/hardening
  projects/openssl111/usr.sbin/chown/chown.c
  projects/openssl111/usr.sbin/cxgbetool/cxgbetool.8
  projects/openssl111/usr.sbin/cxgbetool/cxgbetool.c
  projects/openssl111/usr.sbin/kldxref/kldxref.c
  projects/openssl111/usr.sbin/lpr/lpd/Makefile
  projects/openssl111/usr.sbin/nscd/nscd.8
  projects/openssl111/usr.sbin/pmc/Makefile
  projects/openssl111/usr.sbin/pmccontrol/pmccontrol.c
Directory Properties:
  projects/openssl111/   (props changed)
  projects/openssl111/contrib/blacklist/   (props changed)
  projects/openssl111/contrib/bmake/   (props changed)
  projects/openssl111/contrib/elftoolchain/   (props changed)
  projects/openssl111/contrib/libarchive/   (props changed)
  projects/openssl111/contrib/llvm/   (props changed)
  projects/openssl111/contrib/llvm/tools/clang/   (props changed)
  projects/openssl111/contrib/llvm/tools/lld/   (props changed)
  projects/openssl111/contrib/openbsm/   (props changed)
  projects/openssl111/crypto/openssh/   (props changed)
  projects/openssl111/gnu/usr.bin/binutils/   (props changed)
  projects/openssl111/gnu/usr.bin/gdb/   (props changed)
  projects/openssl111/sys/cddl/contrib/opensolaris/   (props changed)

Modified: projects/openssl111/UPDATING
==============================================================================
--- projects/openssl111/UPDATING	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/UPDATING	Fri Oct  5 17:53:47 2018	(r339201)
@@ -31,6 +31,21 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20181002:
+	The cam(4) based nda(4) driver will be used over nvd(4) by default on
+	powerpc64. You may set 'options NVME_USE_NVD=1' in your kernel conf or
+	loader tunable 'hw.nvme.use_nvd=1' if you wish to use the existing
+	driver.  Make sure to edit /boot/etc/kboot.conf and fstab to use the
+	nda device name.
+
+20180913:
+	Reproducible build mode is now on by default, in preparation for
+	FreeBSD 12.0.  This eliminates build metadata such as the user,
+	host, and time from the kernel (and uname), unless the working tree
+	corresponds to a modified checkout from a version control system.
+	The previous behavior can be obtained by setting the /etc/src.conf
+	knob WITHOUT_REPRODUCIBLE_BUILD.
+
 20180826:
 	The Yarrow CSPRNG has been removed from the kernel as it has not been
 	supported by its designers since at least 2003. Fortuna has been the
@@ -170,6 +185,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
 	need to be rebuilt.  r335018 did a __FreeBSD_version bump for this.
 
 20180530:
+	As of r334391 lld is the default amd64 system linker; it is installed
+	as /usr/bin/ld.  Kernel build workarounds (see 20180510 entry) are no
+	longer necessary.
+
+20180530:
 	The kernel / userland interface for devinfo changed, so you'll
 	need a new kernel and userland as a pair for it to work (rebuilding
 	lib/libdevinfo is all that's required). devinfo and devmatch will
@@ -195,6 +215,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
 	way requires LD=ld.lld on the command line (or LD=/usr/local/bin/ld for
 	binutils port/package). lld will soon be default, and this requirement
 	will go away.
+
+	NOTE: As of r334391 lld is the default system linker on amd64, and no
+	workaround is necessary.
 
 20180508:
 	The nxge(4) driver has been removed.  This driver was for PCI-X 10g

Modified: projects/openssl111/contrib/blacklist/bin/blacklistd.8
==============================================================================
--- projects/openssl111/contrib/blacklist/bin/blacklistd.8	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/blacklist/bin/blacklistd.8	Fri Oct  5 17:53:47 2018	(r339201)
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 7, 2016
+.Dd October 5, 2018
 .Dt BLACKLISTD 8
 .Os
 .Sh NAME
@@ -178,7 +178,7 @@ Specify the default rule name for the packet filter ru
 .It Fl r
 Re-read the firewall rules from the internal database, then
 remove and re-add them.
-This helps for packet filters that don't retain state across reboots.
+This helps for packet filters that do not retain state across reboots.
 .It Fl s Ar sockpath
 Add
 .Ar sockpath
@@ -197,6 +197,27 @@ diagnostic messages to
 .Dv stdout
 instead of
 .Xr syslogd 8 .
+.El
+.Sh SIGNAL HANDLING
+.Nm
+deals with the following signals:
+.Bl -tag -width "USR2"
+.It HUP
+Receipt of this signal causes
+.Nm
+to re-read the configuration file.
+.It INT, TERM & QUIT
+These signals tell
+.Nm
+to exit in an orderly fashion.
+.It USR1
+This signal tells
+.Nm
+to increase the internal debugging level by 1.
+.It USR2
+This signal tells
+.Nm
+to decrease the internal debugging level by 1.
 .El
 .Sh FILES
 .Bl -tag -width /usr/libexec/blacklistd-helper -compact

Modified: projects/openssl111/contrib/bmake/make.1
==============================================================================
--- projects/openssl111/contrib/bmake/make.1	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/bmake/make.1	Fri Oct  5 17:53:47 2018	(r339201)
@@ -29,7 +29,7 @@
 .\"
 .\"	from: @(#)make.1	8.4 (Berkeley) 3/19/94
 .\"
-.Dd June 22, 2017
+.Dd September 27, 2018
 .Dt MAKE 1
 .Os
 .Sh NAME
@@ -796,7 +796,7 @@ Tells
 whether to pass the descriptors of the job token queue
 even if the target is not tagged with
 .Ic .MAKE
-The default is 
+The default is
 .Ql Pa yes
 for backwards compatability with
 .Fx 9.0
@@ -2385,7 +2385,8 @@ Basic use of suffix rules (for files only in the curre
 not trying to chain transformations together, etc.) is also reasonably
 portable.
 .Sh SEE ALSO
-.Xr mkdep 1
+.Xr mkdep 1 ,
+.Xr style.Makefile 5
 .Sh HISTORY
 A
 .Nm

Modified: projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c
==============================================================================
--- projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -34,8 +34,9 @@ int
 _libelf_is_mips64el(Elf *e)
 {
 
-	return (e->e_kind == ELF_K_ELF && e->e_byteorder == ELFDATA2LSB &&
-	    e->e_u.e_elf.e_ehdr.e_ehdr64->e_machine == EM_MIPS);
+	return (e->e_kind == ELF_K_ELF &&
+	    e->e_u.e_elf.e_ehdr.e_ehdr64->e_machine == EM_MIPS &&
+	    e->e_u.e_elf.e_ehdr.e_ehdr64->e_ident[EI_DATA] == ELFDATA2LSB);
 }
 
 /*

Modified: projects/openssl111/contrib/libarchive/README.md
==============================================================================
--- projects/openssl111/contrib/libarchive/README.md	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/README.md	Fri Oct  5 17:53:47 2018	(r339201)
@@ -78,7 +78,6 @@ Currently, the library automatically detects and reads
   * POSIX pax interchange format
   * POSIX octet-oriented cpio
   * SVR4 ASCII cpio
-  * POSIX octet-oriented cpio
   * Binary cpio (big-endian or little-endian)
   * ISO9660 CD-ROM images (with optional Rockridge or Joliet extensions)
   * ZIP archives (with uncompressed or "deflate" compressed entries, including support for encrypted Zip archives)

Modified: projects/openssl111/contrib/libarchive/libarchive/archive_acl.c
==============================================================================
--- projects/openssl111/contrib/libarchive/libarchive/archive_acl.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/libarchive/archive_acl.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -2058,6 +2058,12 @@ next_field(const char **p, const char **start,
 	}
 	*sep = **p;
 
+	/* If the field is only whitespace, bail out now. */
+	if (**p == '\0') {
+		*end = *p;
+		return;
+	}
+
 	/* Trim trailing whitespace to locate end of field. */
 	*end = *p - 1;
 	while (**end == ' ' || **end == '\t' || **end == '\n') {

Modified: projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c
==============================================================================
--- projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -316,7 +316,14 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *k
 	memcpy(ctx->key, key, key_len);
 	memset(ctx->nonce, 0, sizeof(ctx->nonce));
 	ctx->encr_pos = AES_BLOCK_SIZE;
+#if OPENSSL_VERSION_NUMBER  >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	if (!EVP_CIPHER_CTX_reset(ctx->ctx)) {
+		EVP_CIPHER_CTX_free(ctx->ctx);
+		ctx->ctx = NULL;
+	}
+#else
 	EVP_CIPHER_CTX_init(ctx->ctx);
+#endif
 	return 0;
 }
 

Modified: projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c
==============================================================================
--- projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -459,6 +459,7 @@ ar_parse_common_header(struct ar *ar, struct archive_e
 	uint64_t n;
 
 	/* Copy remaining header */
+	archive_entry_set_filetype(entry, AE_IFREG);
 	archive_entry_set_mtime(entry,
 	    (time_t)ar_atol10(h + AR_date_offset, AR_date_size), 0L);
 	archive_entry_set_uid(entry,

Modified: projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c
==============================================================================
--- projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -2708,6 +2708,11 @@ slurp_central_directory(struct archive_read *a, struct
 			return ARCHIVE_FATAL;
 
 		zip_entry = calloc(1, sizeof(struct zip_entry));
+		if (zip_entry == NULL) {
+			archive_set_error(&a->archive, ENOMEM,
+				"Can't allocate zip entry");
+			return ARCHIVE_FATAL;
+		}
 		zip_entry->next = zip->zip_entries;
 		zip_entry->flags |= LA_FROM_CENTRAL_DIRECTORY;
 		zip->zip_entries = zip_entry;

Modified: projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c
==============================================================================
--- projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -422,6 +422,7 @@ verify_sparse_file(struct archive *a, const char *path
 	assert(sparse->type == END);
 	assertEqualInt(expected_offset, archive_entry_size(ae));
 
+	failure(path);
 	assertEqualInt(holes_seen, expected_holes);
 
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
@@ -457,6 +458,7 @@ verify_sparse_file2(struct archive *a, const char *pat
 	/* Verify the number of holes only, not its offset nor its
 	 * length because those alignments are deeply dependence on
 	 * its filesystem. */ 
+	failure(path);
 	assertEqualInt(blocks, archive_entry_sparse_count(ae));
 	archive_entry_free(ae);
 }

Modified: projects/openssl111/contrib/libarchive/test_utils/test_main.c
==============================================================================
--- projects/openssl111/contrib/libarchive/test_utils/test_main.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/libarchive/test_utils/test_main.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -2166,7 +2166,7 @@ void assertVersion(const char *prog, const char *base)
 
 	/* Skip arbitrary third-party version numbers. */
 	while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' ||
-	    isalnum(*q))) {
+	    isalnum((unsigned char)*q))) {
 		++q;
 		--s;
 	}

Modified: projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -884,11 +884,12 @@ void BranchFolder::mergeCommonTails(unsigned commonTai
   if (UpdateLiveIns) {
     LivePhysRegs NewLiveIns(*TRI);
     computeLiveIns(NewLiveIns, *MBB);
+    LiveRegs.init(*TRI);
 
     // The flag merging may lead to some register uses no longer using the
     // <undef> flag, add IMPLICIT_DEFs in the predecessors as necessary.
     for (MachineBasicBlock *Pred : MBB->predecessors()) {
-      LiveRegs.init(*TRI);
+      LiveRegs.clear();
       LiveRegs.addLiveOuts(*Pred);
       MachineBasicBlock::iterator InsertBefore = Pred->getFirstTerminator();
       for (unsigned Reg : NewLiveIns) {

Modified: projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -14,6 +14,7 @@
 #include "CodeGenFunction.h"
 #include "CGObjCRuntime.h"
 #include "CodeGenModule.h"
+#include "ConstantEmitter.h"
 #include "clang/AST/ASTContext.h"
 #include "clang/AST/DeclCXX.h"
 #include "clang/AST/DeclTemplate.h"
@@ -85,7 +86,7 @@ class AggExprEmitter : public StmtVisitor<AggExprEmitt
   void EmitMoveFromReturnSlot(const Expr *E, RValue Src);
 
   void EmitArrayInit(Address DestPtr, llvm::ArrayType *AType,
-                     QualType elementType, InitListExpr *E);
+                     QualType ArrayQTy, InitListExpr *E);
 
   AggValueSlot::NeedsGCBarriers_t needsGC(QualType T) {
     if (CGF.getLangOpts().getGC() && TypeRequiresGCollection(T))
@@ -392,12 +393,15 @@ static bool isTrivialFiller(Expr *E) {
 
 /// \brief Emit initialization of an array from an initializer list.
 void AggExprEmitter::EmitArrayInit(Address DestPtr, llvm::ArrayType *AType,
-                                   QualType elementType, InitListExpr *E) {
+                                   QualType ArrayQTy, InitListExpr *E) {
   uint64_t NumInitElements = E->getNumInits();
 
   uint64_t NumArrayElements = AType->getNumElements();
   assert(NumInitElements <= NumArrayElements);
 
+  QualType elementType =
+      CGF.getContext().getAsArrayType(ArrayQTy)->getElementType();
+
   // DestPtr is an array*.  Construct an elementType* by drilling
   // down a level.
   llvm::Value *zero = llvm::ConstantInt::get(CGF.SizeTy, 0);
@@ -409,6 +413,29 @@ void AggExprEmitter::EmitArrayInit(Address DestPtr, ll
   CharUnits elementAlign =
     DestPtr.getAlignment().alignmentOfArrayElement(elementSize);
 
+  // Consider initializing the array by copying from a global. For this to be
+  // more efficient than per-element initialization, the size of the elements
+  // with explicit initializers should be large enough.
+  if (NumInitElements * elementSize.getQuantity() > 16 &&
+      elementType.isTriviallyCopyableType(CGF.getContext())) {
+    CodeGen::CodeGenModule &CGM = CGF.CGM;
+    ConstantEmitter Emitter(CGM);
+    LangAS AS = ArrayQTy.getAddressSpace();
+    if (llvm::Constant *C = Emitter.tryEmitForInitializer(E, AS, ArrayQTy)) {
+      auto GV = new llvm::GlobalVariable(
+          CGM.getModule(), C->getType(),
+          CGM.isTypeConstant(ArrayQTy, /* ExcludeCtorDtor= */ true),
+          llvm::GlobalValue::PrivateLinkage, C, "constinit",
+          /* InsertBefore= */ nullptr, llvm::GlobalVariable::NotThreadLocal,
+          CGM.getContext().getTargetAddressSpace(AS));
+      Emitter.finalize(GV);
+      CharUnits Align = CGM.getContext().getTypeAlignInChars(ArrayQTy);
+      GV->setAlignment(Align.getQuantity());
+      EmitFinalDestCopy(ArrayQTy, CGF.MakeAddrLValue(GV, ArrayQTy, Align));
+      return;
+    }
+  }
+
   // Exception safety requires us to destroy all the
   // already-constructed members if an initializer throws.
   // For that, we'll need an EH cleanup.
@@ -1156,11 +1183,8 @@ void AggExprEmitter::VisitInitListExpr(InitListExpr *E
 
   // Handle initialization of an array.
   if (E->getType()->isArrayType()) {
-    QualType elementType =
-        CGF.getContext().getAsArrayType(E->getType())->getElementType();
-
     auto AType = cast<llvm::ArrayType>(Dest.getAddress().getElementType());
-    EmitArrayInit(Dest.getAddress(), AType, elementType, E);
+    EmitArrayInit(Dest.getAddress(), AType, E->getType(), E);
     return;
   }
 

Modified: projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -321,8 +321,6 @@ void CodeGenModule::checkAliases() {
       assert(FTy);
       if (!FTy->getReturnType()->isPointerTy())
         Diags.Report(Location, diag::err_ifunc_resolver_return);
-      if (FTy->getNumParams())
-        Diags.Report(Location, diag::err_ifunc_resolver_params);
     }
 
     llvm::Constant *Aliasee = Alias->getIndirectSymbol();

Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h
==============================================================================
--- projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -156,6 +156,7 @@ struct Configuration {
   bool ZExecstack;
   bool ZHazardplt;
   bool ZIfuncnoplt;
+  bool ZInterpose;
   bool ZNocopyreloc;
   bool ZNodelete;
   bool ZNodlopen;

Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -670,6 +670,7 @@ void LinkerDriver::readConfigs(opt::InputArgList &Args
   Config->ZExecstack = hasZOption(Args, "execstack");
   Config->ZHazardplt = hasZOption(Args, "hazardplt");
   Config->ZIfuncnoplt = hasZOption(Args, "ifunc-noplt");
+  Config->ZInterpose = hasZOption(Args, "interpose");
   Config->ZNocopyreloc = hasZOption(Args, "nocopyreloc");
   Config->ZNodelete = hasZOption(Args, "nodelete");
   Config->ZNodlopen = hasZOption(Args, "nodlopen");

Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -1034,6 +1034,8 @@ template <class ELFT> void DynamicSection<ELFT>::final
   uint32_t DtFlags1 = 0;
   if (Config->Bsymbolic)
     DtFlags |= DF_SYMBOLIC;
+  if (Config->ZInterpose)
+    DtFlags1 |= DF_1_INTERPOSE;
   if (Config->ZNodelete)
     DtFlags1 |= DF_1_NODELETE;
   if (Config->ZNodlopen)

Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp
==============================================================================
--- projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp	Fri Oct  5 17:53:47 2018	(r339201)
@@ -487,7 +487,7 @@ template <class ELFT> void Writer<ELFT>::run() {
 
 static bool shouldKeepInSymtab(SectionBase *Sec, StringRef SymName,
                                const Symbol &B) {
-  if (B.isFile() || B.isSection())
+  if (B.isSection())
     return false;
 
   // If sym references a section in a discarded group, don't keep it.

Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h
==============================================================================
--- projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -248,6 +248,21 @@ struct adrep {
 	if (_wakeup)							\
 		cv_signal(list##_cond);					\
 } while (0)
+#define	QUEUE_CONCAT2(tolist, fromlist1, fromlist2)	do {		\
+	bool _wakeup;							\
+									\
+	mtx_lock(tolist##_lock);					\
+	_wakeup = TAILQ_EMPTY(tolist);					\
+	mtx_lock(fromlist1##_lock);					\
+	TAILQ_CONCAT((tolist), (fromlist1), adr_next);			\
+	mtx_unlock(fromlist1##_lock);					\
+	mtx_lock(fromlist2##_lock);					\
+	TAILQ_CONCAT((tolist), (fromlist2), adr_next);			\
+	mtx_unlock(fromlist2##_lock);					\
+	mtx_unlock(tolist##_lock);					\
+	if (_wakeup)							\
+		cv_signal(tolist##_cond);				\
+} while (0)
 #define	QUEUE_WAIT(list)	do {					\
 	mtx_lock(list##_lock);						\
 	while (TAILQ_EMPTY(list))					\

Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c
==============================================================================
--- projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -140,7 +140,7 @@ static void
 adreq_decode_and_validate_header(struct adreq *adreq)
 {
 
-	/* Byte-swap only is the sender is using different byte order. */
+	/* Byte-swap only if the sender is using different byte order. */
 	if (adreq->adr_byteorder != ADIST_BYTEORDER) {
 		adreq->adr_byteorder = ADIST_BYTEORDER;
 		adreq->adr_seq = bswap64(adreq->adr_seq);

Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c
==============================================================================
--- projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -342,14 +342,7 @@ sender_disconnect(void)
 	pjdlog_warning("Disconnected from %s.", adhost->adh_remoteaddr);
 
 	/* Move all in-flight requests back onto free list. */
-	mtx_lock(&adist_free_list_lock);
-	mtx_lock(&adist_send_list_lock);
-	TAILQ_CONCAT(&adist_free_list, &adist_send_list, adr_next);
-	mtx_unlock(&adist_send_list_lock);
-	mtx_lock(&adist_recv_list_lock);
-	TAILQ_CONCAT(&adist_free_list, &adist_recv_list, adr_next);
-	mtx_unlock(&adist_recv_list_lock);
-	mtx_unlock(&adist_free_list_lock);
+	QUEUE_CONCAT2(&adist_free_list, &adist_send_list, &adist_recv_list);
 }
 
 static void
@@ -519,9 +512,6 @@ keepalive_send(void)
 	pjdlog_debug(3, "keepalive_send: Request sent.");
 }
 
-/*
- * Thread sends request to secondary node.
- */
 static void *
 send_thread(void *arg __unused)
 {
@@ -581,7 +571,7 @@ static void
 adrep_decode_header(struct adrep *adrep)
 {
 
-	/* Byte-swap only is the receiver is using different byte order. */
+	/* Byte-swap only if the receiver is using different byte order. */
 	if (adrep->adrp_byteorder != ADIST_BYTEORDER) {
 		adrep->adrp_byteorder = ADIST_BYTEORDER;
 		adrep->adrp_seq = bswap64(adrep->adrp_seq);
@@ -589,10 +579,6 @@ adrep_decode_header(struct adrep *adrep)
 	}
 }
 
-/*
- * Thread receives answer from secondary node and passes it to ggate_send
- * thread.
- */
 static void *
 recv_thread(void *arg __unused)
 {
@@ -609,9 +595,13 @@ recv_thread(void *arg __unused)
 		if (adhost->adh_remote == NULL) {
 			/*
 			 * Connection is dead.
-			 * XXX: We shouldn't be here.
+			 * There is a short race in sender_disconnect() between
+			 * setting adh_remote to NULL and removing entries from
+			 * the recv list, which can result in us being here.
+			 * To avoid just spinning, wait for 0.1s.
 			 */
 			rw_unlock(&adist_remote_lock);
+			usleep(100000);
 			continue;
 		}
 		if (proto_recv(adhost->adh_remote, &adrep,

Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c
==============================================================================
--- projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -361,17 +361,38 @@ again:
 		pjdlog_debug(1, "No new trail files.");
 		return;
 	}
-	PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
-	    sizeof(trail->tr_filename)) < sizeof(trail->tr_filename));
 	dfd = dirfd(trail->tr_dirfp);
 	PJDLOG_ASSERT(dfd >= 0);
-	trail->tr_filefd = openat(dfd, trail->tr_filename, O_RDONLY);
+	trail->tr_filefd = openat(dfd, curfile, O_RDONLY);
 	if (trail->tr_filefd == -1) {
-		pjdlog_errno(LOG_ERR,
-		    "Unable to open file \"%s/%s\", skipping",
-		    trail->tr_dirname, trail->tr_filename);
+		if (errno == ENOENT && trail_is_not_terminated(curfile)) {
+			/*
+			 * The .not_terminated file was most likely renamed.
+			 * Keep trail->tr_filename as a starting point and
+			 * search again.
+			 */
+			pjdlog_debug(1,
+			    "Unable to open \"%s/%s\", most likely renamed in the meantime, retrying.",
+			    trail->tr_dirname, curfile);
+		} else {
+			/*
+			 * We were unable to open the file, but not because of
+			 * the above. This shouldn't happen, but it did.
+			 * We don't know why it happen, so the best we can do
+			 * is to just skip this file - this is why we copy the
+			 * name, so we can start and the next entry.
+			 */
+			PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
+			    sizeof(trail->tr_filename)) <
+			    sizeof(trail->tr_filename));
+			pjdlog_errno(LOG_ERR,
+			    "Unable to open file \"%s/%s\", skipping",
+			    trail->tr_dirname, curfile);
+		}
 		goto again;
 	}
+	PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile,
+	    sizeof(trail->tr_filename)) < sizeof(trail->tr_filename));
 	pjdlog_debug(1, "Found next trail file: \"%s/%s\".", trail->tr_dirname,
 	    trail->tr_filename);
 }

Modified: projects/openssl111/etc/Makefile
==============================================================================
--- projects/openssl111/etc/Makefile	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/etc/Makefile	Fri Oct  5 17:53:47 2018	(r339201)
@@ -13,57 +13,18 @@ SUBDIR+=sendmail
 .endif
 
 BIN1=	\
-	dhclient.conf \
-	disktab \
 	group \
-	hosts \
-	hosts.allow \
-	hosts.equiv \
-	libalias.conf \
-	libmap.conf \
 	login.access \
-	mac.conf \
-	netconfig \
-	networks \
-	nsswitch.conf \
-	phones \
-	protocols \
 	rc.bsdextended \
 	rc.firewall \
-	remote \
-	rpc \
 	termcap.small
 
 # NB: keep these sorted by MK_* knobs
 
-.if ${MK_AMD} != "no"
-BIN1+= amd.map
-.endif
-
-.if ${MK_LOCATE} != "no"
-BIN1+=	${SRCTOP}/usr.bin/locate/locate/locate.rc
-.endif
-
-.if ${MK_LPR} != "no"
-BIN1+=	hosts.lpd printcap
-.endif
-
-.if ${MK_MAIL} != "no"
-BIN1+=	${SRCTOP}/usr.bin/mail/misc/mail.rc
-.endif
-
-.if ${MK_OPENSSL} != "no"
-SSL=	${SRCTOP}/crypto/openssl/apps/openssl.cnf
-.endif
-
 .if ${MK_SENDMAIL} != "no"
 BIN1+=	rc.sendmail
 .endif
 
-.if ${MK_WIRELESS} != "no"
-BIN1+= regdomain.xml
-.endif
-
 .if ${MK_SENDMAIL} == "no"
 ETCMAIL=mailer.conf aliases
 .else
@@ -104,7 +65,7 @@ distribution:
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
 		${BIN1} ${DESTDIR}/etc; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
-		master.passwd nsmb.conf opieaccess ${DESTDIR}/etc;
+		master.passwd ${DESTDIR}/etc;
 
 .if ${MK_TCSH} == "no"
 	sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd
@@ -129,10 +90,6 @@ distribution:
 .if ${MK_SENDMAIL} != "no"
 	${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution
 .endif
-.if ${MK_OPENSSL} != "no"
-	cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
-	    ${SSL} ${DESTDIR}/etc/ssl
-.endif
 .if ${MK_KERBEROS} != "no"
 	cd ${.CURDIR}/root; \
 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
@@ -160,10 +117,6 @@ distribution:
 	    ${DESTDIR}/boot/device.hints
 .endif
 .endif
-.if ${MK_NIS} == "no"
-	sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \
-		${DESTDIR}/etc/nsswitch.conf
-.endif
 
 MTREE_CMD?=	mtree
 
@@ -244,7 +197,7 @@ distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY
 
 etc-examples: ${META_DEPS}
 	cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \
-	    ${BIN1} ${BIN2} nsmb.conf opieaccess \
+	    ${BIN1} ${BIN2} \
 	    ${DESTDIR}${SHAREDIR}/examples/etc
 
 .include <bsd.prog.mk>

Modified: projects/openssl111/gnu/usr.bin/binutils/as/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/binutils/as/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/binutils/as/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -69,7 +69,7 @@
 /* #undef HAVE_REMOVE */
 
 /* Define to 1 if you have the `sbrk' function. */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define to 1 if you have the <stdarg.h> header file. */
 #define HAVE_STDARG_H 1

Modified: projects/openssl111/gnu/usr.bin/binutils/ld/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/binutils/ld/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/binutils/ld/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -65,7 +65,7 @@
 #define HAVE_REALPATH 1
 
 /* Define to 1 if you have the `sbrk' function. */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define to 1 if you have the <stdint.h> header file. */
 #define HAVE_STDINT_H 1

Modified: projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -104,7 +104,7 @@
 #define HAVE_MKSTEMP 1
 
 /* Define to 1 if you have the `sbrk' function. */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define to 1 if you have the `setmode' function. */
 #define HAVE_SETMODE 1

Modified: projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -188,7 +188,7 @@
 #define HAVE_RINDEX 1
 
 /* Define to 1 if you have the `sbrk' function. */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define to 1 if you have the `setenv' function. */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/cc/libiberty/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/cc/libiberty/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/cc/libiberty/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -187,7 +187,7 @@
 #define HAVE_RINDEX 1
 
 /* Define to 1 if you have the `sbrk' function. */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define to 1 if you have the `setenv' function. */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -239,7 +239,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h
==============================================================================
--- projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -227,7 +227,7 @@
 #define HAVE_REALPATH 1
 
 /* Define if you have the sbrk function.  */
-#define HAVE_SBRK 1
+/* #undef HAVE_SBRK */
 
 /* Define if you have the setenv function.  */
 #define HAVE_SETENV 1

Modified: projects/openssl111/include/limits.h
==============================================================================
--- projects/openssl111/include/limits.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/include/limits.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -122,7 +122,7 @@
 #endif
 
 #if __XSI_VISIBLE || __POSIX_VISIBLE >= 200809
-#define	NL_ARGMAX		65536	/* max # of position args for printf */
+#define	NL_ARGMAX		4096	/* max # of position args for printf */
 #define	NL_MSGMAX		32767
 #define	NL_SETMAX		255
 #define	NL_TEXTMAX		2048

Modified: projects/openssl111/include/time.h
==============================================================================
--- projects/openssl111/include/time.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/include/time.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -207,9 +207,13 @@ time_t posix2time(time_t t);
 #include <xlocale/_time.h>
 #endif
 
+#if defined(__BSD_VISIBLE) || __ISO_C_VISIBLE >= 2011 || \
+    (defined(cplusplus) && cplusplus >= 201703)
+#include <sys/_timespec.h>
 /* ISO/IEC 9899:201x 7.27.2.5 The timespec_get function */
 #define TIME_UTC	1	/* time elapsed since epoch */
 int timespec_get(struct timespec *ts, int base);
+#endif
 
 __END_DECLS
 

Modified: projects/openssl111/lib/Makefile
==============================================================================
--- projects/openssl111/lib/Makefile	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/Makefile	Fri Oct  5 17:53:47 2018	(r339201)
@@ -70,6 +70,8 @@ SUBDIR=	${SUBDIR_BOOTSTRAP} \
 	libpathconv \
 	libpcap \
 	libpjdlog \
+	libpmc \
+	libpmcstat \
 	${_libproc} \
 	libprocstat \
 	libregex \
@@ -198,9 +200,6 @@ _libdl=		libdl
 .endif
 
 SUBDIR.${MK_OPENSSL}+=	libmp
-.if (${COMPILER_TYPE} == "clang" || (${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 60100 && ${MACHINE_CPUARCH} != "riscv"))
-SUBDIR.${MK_PMC}+=	libpmc libpmcstat
-.endif
 SUBDIR.${MK_RADIUS_SUPPORT}+=	libradius
 SUBDIR.${MK_SENDMAIL}+=	libmilter libsm libsmdb libsmutil
 SUBDIR.${MK_TELNET}+=	libtelnet

Modified: projects/openssl111/lib/clang/freebsd_cc_version.h
==============================================================================
--- projects/openssl111/lib/clang/freebsd_cc_version.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/clang/freebsd_cc_version.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -1,3 +1,3 @@
 /* $FreeBSD$ */
 
-#define	FREEBSD_CC_VERSION		1200015
+#define	FREEBSD_CC_VERSION		1200016

Modified: projects/openssl111/lib/csu/arm/crt1.c
==============================================================================
--- projects/openssl111/lib/csu/arm/crt1.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/csu/arm/crt1.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -44,6 +44,8 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/param.h>
+#include <sys/elf_common.h>
 #include <stdlib.h>
 
 #include "libc_private.h"
@@ -120,7 +122,7 @@ static const struct {
 } archtag __attribute__ ((section (NOTE_SECTION), aligned(4))) __used = {
 	.namesz = sizeof(NOTE_FREEBSD_VENDOR),
 	.descsz = sizeof(MACHINE_ARCH),
-	.type = ARCH_NOTETYPE,
+	.type = NT_FREEBSD_ARCH_TAG,
 	.name = NOTE_FREEBSD_VENDOR,
 	.desc = MACHINE_ARCH
 };

Modified: projects/openssl111/lib/csu/common/crtbrand.c
==============================================================================
--- projects/openssl111/lib/csu/common/crtbrand.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/csu/common/crtbrand.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -29,6 +29,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/elf_common.h>
 #include "notes.h"
 
 /*
@@ -62,7 +63,7 @@ static const struct {
 } abitag __attribute__ ((section (NOTE_SECTION), aligned(4))) __used = {
 	.namesz = sizeof(NOTE_FREEBSD_VENDOR),
 	.descsz = sizeof(int32_t),
-	.type = ABI_NOTETYPE,
+	.type = NT_FREEBSD_ABI_TAG,
 	.name = NOTE_FREEBSD_VENDOR,
 	.desc = __FreeBSD_version
 };

Modified: projects/openssl111/lib/csu/common/ignore_init.c
==============================================================================
--- projects/openssl111/lib/csu/common/ignore_init.c	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/csu/common/ignore_init.c	Fri Oct  5 17:53:47 2018	(r339201)
@@ -28,6 +28,8 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/param.h>
+#include <sys/elf_common.h>
 #include "notes.h"
 
 extern int main(int, char **, char **);
@@ -114,7 +116,7 @@ static const struct {
     aligned(4))) __used = {
 	.namesz = sizeof(NOTE_FREEBSD_VENDOR),
 	.descsz = sizeof(uint32_t),
-	.type = CRT_NOINIT_NOTETYPE,
+	.type = NT_FREEBSD_NOINIT_TAG,
 	.name = NOTE_FREEBSD_VENDOR,
 	.desc = 0
 };

Modified: projects/openssl111/lib/csu/common/notes.h
==============================================================================
--- projects/openssl111/lib/csu/common/notes.h	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/csu/common/notes.h	Fri Oct  5 17:53:47 2018	(r339201)
@@ -34,8 +34,4 @@
 
 #define NOTE_SECTION		".note.tag"
 
-#define ABI_NOTETYPE		1
-#define	CRT_NOINIT_NOTETYPE	2
-#define	ARCH_NOTETYPE		3
-
 #endif

Modified: projects/openssl111/lib/lib80211/Makefile
==============================================================================
--- projects/openssl111/lib/lib80211/Makefile	Fri Oct  5 17:07:10 2018	(r339200)
+++ projects/openssl111/lib/lib80211/Makefile	Fri Oct  5 17:53:47 2018	(r339201)
@@ -1,5 +1,6 @@
 # $FreeBSD$
 
+CONFS=	regdomain.xml
 PACKAGE=lib${LIB}
 LIB=	80211
 SHLIBDIR?= /lib

Copied: projects/openssl111/lib/lib80211/regdomain.xml (from r339200, head/lib/lib80211/regdomain.xml)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/openssl111/lib/lib80211/regdomain.xml	Fri Oct  5 17:53:47 2018	(r339201, copy of r339200, head/lib/lib80211/regdomain.xml)
@@ -0,0 +1,1943 @@
+<!--
+  Copyright (c) 2007-2008 Sam Leffler, Errno Consulting
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+
+  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+  IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  $FreeBSD$
+-->
+
+<regulatory-data>
+
+<!-- Regdomain/SKU definitions -->
+
+<regulatory-domains>
+
+<!--
+  DEBUG holds all available channels; the driver/device
+  defines what the capabilities and tx power caps are.
+  Regdomain code gets this information with the
+  IEEE80211_IOC_DRIVERCAPS ioctl.
+-->
+<rd id="debug">
+  <name>DEBUG</name>
+  <sku>0x1ff</sku>
+</rd>
+
+<rd id="fcc">
+  <name>FCC</name>
+  <sku>0x10</sku>
+  <defcc ref="US"/>
+  <netband mode="11b">
+    <band>
+      <freqband ref="F1_2412_2462"/>
+      <maxpower>30</maxpower>
+      <flags>IEEE80211_CHAN_B</flags>
+    </band>
+  </netband>
+  <netband mode="11g">
+    <band>
+      <freqband ref="F1_2412_2462"/>
+      <maxpower>30</maxpower>
+      <flags>IEEE80211_CHAN_G</flags>
+    </band>
+  </netband>
+  <netband mode="11a">
+    <band>
+      <freqband ref="F1_5180_5240"/>
+      <maxpower>17</maxpower>
+    </band>
+    <band>
+      <freqband ref="F1_5745_5805"/>
+      <maxpower>23</maxpower>
+    </band>
+    <band>
+      <freqband ref="F1_5825_5825"/>
+      <maxpower>23</maxpower>
+      <flags>IEEE80211_CHAN_PASSIVE</flags>
+    </band>
+  </netband>
+  <netband mode="11ng">
+    <band>
+      <freqband ref="F1_2412_2462"/>
+      <maxpower>30</maxpower>
+      <flags>IEEE80211_CHAN_G</flags>
+      <flags>IEEE80211_CHAN_HT20</flags>
+    </band>
+    <band>
+      <freqband ref="H4_2412_2462"/>
+      <maxpower>30</maxpower>
+      <flags>IEEE80211_CHAN_G</flags>
+      <flags>IEEE80211_CHAN_HT40</flags>
+    </band>
+  </netband>
+  <netband mode="11na">
+    <band>
+      <freqband ref="F1_5180_5240"/>
+      <maxpower>17</maxpower>
+      <flags>IEEE80211_CHAN_HT20</flags>
+    </band>
+    <band>
+      <freqband ref="H4_5180_5240"/>
+      <maxpower>17</maxpower>
+      <flags>IEEE80211_CHAN_HT40</flags>
+    </band>
+    <band>
+      <freqband ref="F1_5745_5805"/>
+      <maxpower>23</maxpower>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-projects@freebsd.org  Fri Oct  5 20:49:55 2018
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DDAD10B64FC
 for <svn-src-projects@mailman.ysv.freebsd.org>;
 Fri,  5 Oct 2018 20:49:55 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D507A706F3;
 Fri,  5 Oct 2018 20:49:54 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF68F1A69B;
 Fri,  5 Oct 2018 20:49:54 +0000 (UTC)
 (envelope-from emaste@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95KnsE5097249;
 Fri, 5 Oct 2018 20:49:54 GMT (envelope-from emaste@FreeBSD.org)
Received: (from emaste@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95KnsGY097248;
 Fri, 5 Oct 2018 20:49:54 GMT (envelope-from emaste@FreeBSD.org)
Message-Id: <201810052049.w95KnsGY097248@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: emaste set sender to
 emaste@FreeBSD.org using -f
From: Ed Maste <emaste@FreeBSD.org>
Date: Fri, 5 Oct 2018 20:49:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r339209 - projects/openssl111/secure/lib/libcrypto
X-SVN-Group: projects
X-SVN-Commit-Author: emaste
X-SVN-Commit-Paths: projects/openssl111/secure/lib/libcrypto
X-SVN-Commit-Revision: 339209
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 20:49:55 -0000

Author: emaste
Date: Fri Oct  5 20:49:54 2018
New Revision: 339209
URL: https://svnweb.freebsd.org/changeset/base/339209

Log:
  libcrypto: have buildinf.h depend on Makefile
  
  So that it will be regenerated after Makefile changes affecting the
  file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
  macro which did not exist previously.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  projects/openssl111/secure/lib/libcrypto/Makefile

Modified: projects/openssl111/secure/lib/libcrypto/Makefile
==============================================================================
--- projects/openssl111/secure/lib/libcrypto/Makefile	Fri Oct  5 20:35:43 2018	(r339208)
+++ projects/openssl111/secure/lib/libcrypto/Makefile	Fri Oct  5 20:49:54 2018	(r339209)
@@ -430,7 +430,7 @@ SRCS+=	buildinf.h
 CLEANDIRS=	openssl
 CLEANFILES=	buildinf.h opensslconf.h opensslconf.h.tmp
 
-buildinf.h:
+buildinf.h: Makefile
 	( echo "/*"; \
 	echo " * WARNING: do not edit!"; \
 	echo " * Generated by ${.ALLSRC}"; \