From owner-svn-src-projects@freebsd.org Mon Oct 1 18:16:37 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 748BF10A6449 for ; Mon, 1 Oct 2018 18:16:37 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 28FE385AB8; Mon, 1 Oct 2018 18:16:37 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 234F7247AD; Mon, 1 Oct 2018 18:16:37 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91IGbCq000442; Mon, 1 Oct 2018 18:16:37 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91IGbKo000440; Mon, 1 Oct 2018 18:16:37 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201810011816.w91IGbKo000440@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Mon, 1 Oct 2018 18:16:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339070 - projects/openssl111/secure/lib/libcrypto X-SVN-Group: projects X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: projects/openssl111/secure/lib/libcrypto X-SVN-Commit-Revision: 339070 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2018 18:16:37 -0000 Author: jkim Date: Mon Oct 1 18:16:36 2018 New Revision: 339070 URL: https://svnweb.freebsd.org/changeset/base/339070 Log: Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile. Especially, head does not support old toolchains because of ifunc support. Modified: projects/openssl111/secure/lib/libcrypto/Makefile.inc Modified: projects/openssl111/secure/lib/libcrypto/Makefile.inc ============================================================================== --- projects/openssl111/secure/lib/libcrypto/Makefile.inc Mon Oct 1 18:15:25 2018 (r339069) +++ projects/openssl111/secure/lib/libcrypto/Makefile.inc Mon Oct 1 18:16:36 2018 (r339070) @@ -21,16 +21,9 @@ CFLAGS+= -DL_ENDIAN CFLAGS+= -DB_ENDIAN .endif -.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "arm" +.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \ + ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386" ASM_${MACHINE_CPUARCH}= -.elif ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" -_ASM_AVX!= { \ - echo vzeroall | \ - ${CC} -x assembler -o /dev/null -c - 2> /dev/null; \ - } && echo yes || echo no -.if ${_ASM_AVX} == yes -ASM_${MACHINE_CPUARCH}= -.endif .endif .if defined(ASM_${MACHINE_CPUARCH}) From owner-svn-src-projects@freebsd.org Mon Oct 1 20:51:27 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E91B410AA351 for ; Mon, 1 Oct 2018 20:51:26 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F0208C9C1; Mon, 1 Oct 2018 20:51:26 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 99F4826177; Mon, 1 Oct 2018 20:51:26 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91KpQGt094483; Mon, 1 Oct 2018 20:51:26 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91KpQdk094482; Mon, 1 Oct 2018 20:51:26 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201810012051.w91KpQdk094482@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Mon, 1 Oct 2018 20:51:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339078 - projects/openssl111/contrib/sendmail/src X-SVN-Group: projects X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: projects/openssl111/contrib/sendmail/src X-SVN-Commit-Revision: 339078 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2018 20:51:27 -0000 Author: jkim Date: Mon Oct 1 20:51:26 2018 New Revision: 339078 URL: https://svnweb.freebsd.org/changeset/base/339078 Log: Revert r338773. A patch from the ports tree will be committed. Requested by: gshapiro Modified: projects/openssl111/contrib/sendmail/src/tls.c Modified: projects/openssl111/contrib/sendmail/src/tls.c ============================================================================== --- projects/openssl111/contrib/sendmail/src/tls.c Mon Oct 1 20:39:17 2018 (r339077) +++ projects/openssl111/contrib/sendmail/src/tls.c Mon Oct 1 20:51:26 2018 (r339078) @@ -60,58 +60,18 @@ static unsigned char dh512_g[] = 0x02 }; -#if OPENSSL_VERSION_NUMBER < 0x10100000 - -static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - /* If the fields p and g in d are NULL, the corresponding input - * parameters MUST be non-NULL. q may remain NULL. - */ - if ((dh->p == NULL && p == NULL) - || (dh->g == NULL && g == NULL)) - return 0; - - if (p != NULL) { - BN_free(dh->p); - dh->p = p; - } - if (q != NULL) { - BN_free(dh->q); - dh->q = q; - } - if (g != NULL) { - BN_free(dh->g); - dh->g = g; - } - - if (q != NULL) { - dh->length = BN_num_bits(q); - } - - return 1; -} -#endif - static DH * get_dh512() { DH *dh = NULL; - BIGNUM *p; - BIGNUM *g; - dh = DH_new(); - p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if (!dh || !p || !g) - goto err; - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + return NULL; return dh; -err: - DH_free(dh); - BN_free(p); - BN_free(g); - return NULL; } # if 0 @@ -157,22 +117,17 @@ get_dh2048() }; static unsigned char dh2048_g[]={ 0x02, }; DH *dh; - BIGNUM *p; - BIGNUM *g; - dh = DH_new(); - p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if (!dh || !p || !g) - goto err; - if (!DH_set0_pqg(dh, p, NULL, g)) - goto err; + if ((dh=DH_new()) == NULL) + return(NULL); + dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + { + DH_free(dh); + return(NULL); + } return(dh); -err: - DH_free(dh); - BN_free(p); - BN_free(g); - return NULL; } # endif /* !NO_DH */ @@ -971,7 +926,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac { /* get a pointer to the current certificate validation store */ store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ - crl_file = BIO_new(BIO_s_file()); + crl_file = BIO_new(BIO_s_file_internal()); if (crl_file != NULL) { if (BIO_read_filename(crl_file, CRLFile) >= 0) @@ -1045,41 +1000,26 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac ** maybe we should do it only on demand... */ -# if SM_CONF_SHM if (bitset(TLS_I_RSA_TMP, req) - && ShmId != SM_SHM_NO_ID) +# if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && + (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, + NULL)) == NULL +# else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ +# endif /* SM_CONF_SHM */ + ) { - BIGNUM *bn; - - bn = BN_new(); - rsa_tmp = RSA_new(); - if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - if (rsa_tmp) + if (LogLevel > 7) { - if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL)) - { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } + sm_syslog(LOG_WARNING, NOQID, + "STARTTLS=%s, error: RSA_generate_key failed", + who); + if (LogLevel > 9) + tlslogerr(LOG_WARNING, who); } - BN_free(bn); - if (!rsa_tmp) - { - if (LogLevel > 7) - { - sm_syslog(LOG_WARNING, NOQID, - "STARTTLS=%s, error: RSA_generate_key failed", - who); - if (LogLevel > 9) - tlslogerr(LOG_WARNING, who); - } - return false; - } + return false; } -# endif /* SM_CONF_SHM */ # endif /* !TLS_NO_RSA */ /* @@ -1270,15 +1210,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); /* this takes a while! */ - dsa = DSA_new(); - if (dsa) { - int r; - - r = DSA_generate_parameters_ex(dsa, bits, NULL, 0, - NULL, NULL, NULL); - if (r != 0) - dh = DSA_dup_DH(dsa); - } + dsa = DSA_generate_parameters(bits, NULL, 0, NULL, + NULL, 0, NULL); + dh = DSA_dup_DH(dsa); DSA_free(dsa); } else if (dh == NULL && bitset(TLS_I_DHFIXED, req)) @@ -1799,9 +1733,6 @@ tmp_rsa_key(s, export, keylength) int export; int keylength; { - BIGNUM *bn; - int ret; - # if SM_CONF_SHM extern int ShmId; extern int *PRSATmpCnt; @@ -1811,22 +1742,10 @@ tmp_rsa_key(s, export, keylength) return rsa_tmp; # endif /* SM_CONF_SHM */ - if (rsa_tmp == NULL) { - rsa_tmp = RSA_new(); - if (!rsa_tmp) - return NULL; - } - - bn = BN_new(); - if (!bn) - return NULL; - if (!BN_set_word(bn, RSA_F4)) { - BN_free(bn); - return NULL; - } - ret = RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL); - BN_free(bn); - if (!ret) + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); + rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); + if (rsa_tmp == NULL) { if (LogLevel > 0) sm_syslog(LOG_ERR, NOQID, @@ -2052,9 +1971,9 @@ x509_verify_cb(ok, ctx) { if (LogLevel > 13) tls_verify_log(ok, ctx, "x509"); - if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL) + if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) { - X509_STORE_CTX_set_error(ctx, 0); + ctx->error = 0; return 1; /* override it */ } } From owner-svn-src-projects@freebsd.org Mon Oct 1 20:55:02 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 570D410AA55A for ; Mon, 1 Oct 2018 20:55:02 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B0078CCF0; Mon, 1 Oct 2018 20:55:02 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DBE3F261CA; Mon, 1 Oct 2018 20:55:01 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91Kt1Kx098880; Mon, 1 Oct 2018 20:55:01 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91Kt1m7098879; Mon, 1 Oct 2018 20:55:01 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201810012055.w91Kt1m7098879@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Mon, 1 Oct 2018 20:55:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339079 - projects/openssl111/contrib/sendmail/src X-SVN-Group: projects X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: projects/openssl111/contrib/sendmail/src X-SVN-Commit-Revision: 339079 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2018 20:55:02 -0000 Author: jkim Date: Mon Oct 1 20:55:01 2018 New Revision: 339079 URL: https://svnweb.freebsd.org/changeset/base/339079 Log: Make sendmail work with OpenSSL 1.1 API. Taken from the ports tree. https://svnweb.freebsd.org/ports/head/mail/sendmail/files/patch-tls.c?revision=466240 Requested by: gshapiro Modified: projects/openssl111/contrib/sendmail/src/tls.c Modified: projects/openssl111/contrib/sendmail/src/tls.c ============================================================================== --- projects/openssl111/contrib/sendmail/src/tls.c Mon Oct 1 20:51:26 2018 (r339078) +++ projects/openssl111/contrib/sendmail/src/tls.c Mon Oct 1 20:55:01 2018 (r339079) @@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 g # include # include # include +# if !NO_DH +# include +# endif /* !NO_DH */ # ifndef HASURANDOMDEV # include # endif /* ! HASURANDOMDEV */ @@ -44,6 +47,23 @@ static bool tls_safe_f __P((char *, long, bool)); static int tls_verify_log __P((int, X509_STORE_CTX *, const char *)); # if !NO_DH +# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100001L || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) +static int +DH_set0_pqg(dh, p, q, g) + DH *dh; + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; +{ + dh->p=p; + if (q != NULL) + dh->q=q; + dh->g=g; + return 1; /* success */ +} +# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ + static DH *get_dh512 __P((void)); static unsigned char dh512_p[] = @@ -64,13 +84,19 @@ static DH * get_dh512() { DH *dh = NULL; + BIGNUM *dhp_bn, *dhg_bn; if ((dh = DH_new()) == NULL) return NULL; - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return NULL; + dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) + { + DH_free(dh); + BN_free(dhp_bn); + BN_free(dhg_bn); + return(NULL); + } return dh; } @@ -117,14 +143,17 @@ get_dh2048() }; static unsigned char dh2048_g[]={ 0x02, }; DH *dh; + BIGNUM *dhp_bn, *dhg_bn; if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) + dhp_bn = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dhg_bn = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { DH_free(dh); + BN_free(dhp_bn); + BN_free(dhg_bn); return(NULL); } return(dh); @@ -708,6 +737,32 @@ load_certkey(ssl, srv, certfile, keyfile) static char server_session_id_context[] = "sendmail8"; +# if !TLS_NO_RSA +static RSA * +sm_RSA_generate_key(num, e) + int num; + unsigned long e; +{ + RSA *rsa = NULL; + BIGNUM *bn_rsa_r4; + int rc; + + bn_rsa_r4 = BN_new(); + rc = BN_set_word(bn_rsa_r4, RSA_F4); + if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, RSA_F4) && (rsa = RSA_new()) != NULL) + { + if (!RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL)) + { + RSA_free(rsa); + rsa = NULL; + } + return NULL; + } + BN_free(bn_rsa_r4); + return rsa; +} +# endif /* !TLS_NO_RSA */ + /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */ #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1 @@ -926,7 +981,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac { /* get a pointer to the current certificate validation store */ store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ - crl_file = BIO_new(BIO_s_file_internal()); + crl_file = BIO_new(BIO_s_file()); if (crl_file != NULL) { if (BIO_read_filename(crl_file, CRLFile) >= 0) @@ -1003,8 +1058,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac if (bitset(TLS_I_RSA_TMP, req) # if SM_CONF_SHM && ShmId != SM_SHM_NO_ID && - (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, - NULL)) == NULL + (rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4)) == NULL # else /* SM_CONF_SHM */ && 0 /* no shared memory: no need to generate key now */ # endif /* SM_CONF_SHM */ @@ -1209,9 +1263,10 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac if (tTd(96, 2)) sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); + dsa=DSA_new(); /* this takes a while! */ - dsa = DSA_generate_parameters(bits, NULL, 0, NULL, - NULL, 0, NULL); + (void)DSA_generate_parameters_ex(dsa, bits, NULL, 0, + NULL, NULL, NULL); dh = DSA_dup_DH(dsa); DSA_free(dsa); } @@ -1744,7 +1799,7 @@ tmp_rsa_key(s, export, keylength) if (rsa_tmp != NULL) RSA_free(rsa_tmp); - rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); + rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4); if (rsa_tmp == NULL) { if (LogLevel > 0) @@ -1971,9 +2026,9 @@ x509_verify_cb(ok, ctx) { if (LogLevel > 13) tls_verify_log(ok, ctx, "x509"); - if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL) { - ctx->error = 0; + X509_STORE_CTX_set_error(ctx, 0); return 1; /* override it */ } } From owner-svn-src-projects@freebsd.org Tue Oct 2 21:40:58 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C97510AE1BC for ; Tue, 2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2DE827DEFE; Tue, 2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 28C455BE4; Tue, 2 Oct 2018 21:40:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w92LevVR002381; Tue, 2 Oct 2018 21:40:57 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w92LevA4002380; Tue, 2 Oct 2018 21:40:57 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201810022140.w92LevA4002380@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Tue, 2 Oct 2018 21:40:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339099 - projects/openssl111 X-SVN-Group: projects X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: projects/openssl111 X-SVN-Commit-Revision: 339099 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 21:40:58 -0000 Author: jhb Date: Tue Oct 2 21:40:57 2018 New Revision: 339099 URL: https://svnweb.freebsd.org/changeset/base/339099 Log: Update obsolete files list for OpenSSL 1.1.1. This will need a real date once this is merged to head. One weird thing to note: the 32-bit engines get dumped into /usr/lib32 rather than /usr/lib32/engines, and I bet the 32-bit libcrypto.so i looking for the .so files in the wrong place. We should probably fix both of those at some point. Reviewed by: emaste, jkim Differential Revision: https://reviews.freebsd.org/D17384 Modified: projects/openssl111/ObsoleteFiles.inc Modified: projects/openssl111/ObsoleteFiles.inc ============================================================================== --- projects/openssl111/ObsoleteFiles.inc Tue Oct 2 21:36:00 2018 (r339098) +++ projects/openssl111/ObsoleteFiles.inc Tue Oct 2 21:40:57 2018 (r339099) @@ -38,6 +38,229 @@ # xargs -n1 | sort | uniq -d; # done +# 2018xxxx: OpenSSL 1.1.1 +OLD_FILES+=usr/include/openssl/des_old.h +OLD_FILES+=usr/include/openssl/dso.h +OLD_FILES+=usr/include/openssl/krb5_asn.h +OLD_FILES+=usr/include/openssl/kssl.h +OLD_FILES+=usr/include/openssl/pqueue.h +OLD_FILES+=usr/include/openssl/ssl23.h +OLD_FILES+=usr/include/openssl/ui_compat.h +OLD_FILES+=usr/share/openssl/man/man1/dss1.1.gz +OLD_FILES+=usr/share/openssl/man/man1/md2.1.gz +OLD_FILES+=usr/share/openssl/man/man1/md4.1.gz +OLD_FILES+=usr/share/openssl/man/man1/md5.1.gz +OLD_FILES+=usr/share/openssl/man/man1/mdc2.1.gz +OLD_FILES+=usr/share/openssl/man/man1/ripemd160.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha1.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha224.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha256.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha384.1.gz +OLD_FILES+=usr/share/openssl/man/man1/sha512.1.gz +OLD_FILES+=usr/share/openssl/man/man1/x509v3_config.1.gz +OLD_FILES+=usr/share/openssl/man/man3/ASN1_STRING_length_set.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BIO_get_conn_int_port.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BIO_get_conn_ip.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BIO_set.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BIO_set_conn_int_port.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BIO_set_conn_ip.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_get_thread_id.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_set_thread_id.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_BLINDING_thread_id.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_MONT_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_RECP_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BN_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_memdup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_memdup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_strdup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_strlcat.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_strlcpy.3.gz +OLD_FILES+=usr/share/openssl/man/man3/BUF_strndup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CMS_set1_signer_cert.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_cmp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_cpy.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_current.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_get_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_hash.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_THREADID_set_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_destroy_dynlockid.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_get_new_dynlockid.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_lock.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_num_locks.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_create_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_destroy_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_dynlock_lock_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/CRYPTO_set_locking_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/DES_ede3_cbcm_encrypt.3.gz +OLD_FILES+=usr/share/openssl/man/man3/DES_enc_read.3.gz +OLD_FILES+=usr/share/openssl/man/man3/DES_enc_write.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EC_KEY_get_key_method_data.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EC_KEY_insert_key_method_data.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EC_POINT_set_Jprojective_coordinates.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ERR_load_UI_strings.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_CIPHER_CTX_cleanup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_CIPHER_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_MAX_MD_SIZE.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_cleanup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_create.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_destroy.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_MD_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEVP_PKEY_CTX_set_app_data.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_get_default_digest.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_dss.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_dss1.3.gz +OLD_FILES+=usr/share/openssl/man/man3/EVP_sha.3.gz +OLD_FILES+=usr/share/openssl/man/man3/HMAC_CTX_cleanup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/HMAC_CTX_init.3.gz +OLD_FILES+=usr/share/openssl/man/man3/HMAC_cleanup.3.gz +OLD_FILES+=usr/share/openssl/man/man3/OPENSSL_ia32cap_loc.3.gz +OLD_FILES+=usr/share/openssl/man/man3/PEM.3.gz +OLD_FILES+=usr/share/openssl/man/man3/RAND_SSLeay.3.gz +OLD_FILES+=usr/share/openssl/man/man3/RSA_PKCS1_SSLeay.3.gz +OLD_FILES+=usr/share/openssl/man/man3/RSA_null_method.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_get_ex_new_index.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_need_tmp_rsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_custom_cli_ext.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_default_read_ahead.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_ecdh_auto.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_SESSION_get_ex_new_index.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_add_session.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_flush_sessions.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_get_accept_state.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_get_ex_new_index.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_get_msg_callback_arg.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_need_tmp_rsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_remove_session.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_set_ecdh_auto.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa_callback.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLeay.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLeay_add_ssl_algorithms.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLeay_version.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLv2_client_method.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLv2_method.3.gz +OLD_FILES+=usr/share/openssl/man/man3/SSLv2_server_method.3.gz +OLD_FILES+=usr/share/openssl/man/man3/X509_STORE_CTX_set_chain.3.gz +OLD_FILES+=usr/share/openssl/man/man3/X509_STORE_CTX_trusted_stack.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/blowfish.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_add_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_check_top.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_cmp_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_div_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_dump.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_expand.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_expand2.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_fix_top.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_internal.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_add_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_comba4.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_comba8.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_high.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_low_normal.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_low_recursive.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_normal.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_part_recursive.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_recursive.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_mul_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_print.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_set_high.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_set_low.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_set_max.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_comba4.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_comba8.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_normal.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_recursive.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sqr_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_sub_words.3.gz +OLD_FILES+=usr/share/openssl/man/man3/bn_wexpand.3.gz +OLD_FILES+=usr/share/openssl/man/man3/buffer.3.gz +OLD_FILES+=usr/share/openssl/man/man3/crypto.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPKParameters_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPKParameters_fp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_ECPrivate_key.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_Netscape_RSA.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_PKCS8PrivateKey.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_Private_key.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_X509_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/d2i_X509_fp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/des.3.gz +OLD_FILES+=usr/share/openssl/man/man3/des_read_2passwords.3.gz +OLD_FILES+=usr/share/openssl/man/man3/des_read_password.3.gz +OLD_FILES+=usr/share/openssl/man/man3/des_read_pw.3.gz +OLD_FILES+=usr/share/openssl/man/man3/des_read_pw_string.3.gz +OLD_FILES+=usr/share/openssl/man/man3/dh.3.gz +OLD_FILES+=usr/share/openssl/man/man3/dsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ec.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ecdsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/engine.3.gz +OLD_FILES+=usr/share/openssl/man/man3/err.3.gz +OLD_FILES+=usr/share/openssl/man/man3/evp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/hmac.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_ECPKParameters_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_ECPKParameters_fp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_Netscape_RSA.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_X509_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_X509_fp.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_delete.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_doall.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_doall_arg.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_error.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_free.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_insert.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_new.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_node_stats.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_node_stats_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_node_usage_stats.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_node_usage_stats_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_retrieve.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_stats.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lh_stats_bio.3.gz +OLD_FILES+=usr/share/openssl/man/man3/lhash.3.gz +OLD_FILES+=usr/share/openssl/man/man3/md5.3.gz +OLD_FILES+=usr/share/openssl/man/man3/mdc2.3.gz +OLD_FILES+=usr/share/openssl/man/man3/pem.3.gz +OLD_FILES+=usr/share/openssl/man/man3/rand.3.gz +OLD_FILES+=usr/share/openssl/man/man3/rc4.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ripemd.3.gz +OLD_FILES+=usr/share/openssl/man/man3/rsa.3.gz +OLD_FILES+=usr/share/openssl/man/man3/sha.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ssl.3.gz +OLD_FILES+=usr/share/openssl/man/man3/threads.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ui.3.gz +OLD_FILES+=usr/share/openssl/man/man3/ui_compat.3.gz +OLD_FILES+=usr/share/openssl/man/man3/x509.3.gz +OLD_LIBS+=lib/libcrypto.so.8 +OLD_LIBS+=usr/lib/engines/lib4758cca.so +OLD_LIBS+=usr/lib/engines/libaep.so +OLD_LIBS+=usr/lib/engines/libatalla.so +OLD_LIBS+=usr/lib/engines/libcapi.so +OLD_LIBS+=usr/lib/engines/libchil.so +OLD_LIBS+=usr/lib/engines/libcswift.so +OLD_LIBS+=usr/lib/engines/libgost.so +OLD_LIBS+=usr/lib/engines/libnuron.so +OLD_LIBS+=usr/lib/engines/libsureware.so +OLD_LIBS+=usr/lib/engines/libubsec.so +OLD_LIBS+=usr/lib/libssl.so.8 +OLD_LIBS+=usr/lib32/libcrypto.so.8 +OLD_LIBS+=usr/lib32/lib4758cca.so +OLD_LIBS+=usr/lib32/libaep.so +OLD_LIBS+=usr/lib32/libatalla.so +OLD_LIBS+=usr/lib32/libcapi.so +OLD_LIBS+=usr/lib32/libchil.so +OLD_LIBS+=usr/lib32/libcswift.so +OLD_LIBS+=usr/lib32/libgost.so +OLD_LIBS+=usr/lib32/libnuron.so +OLD_LIBS+=usr/lib32/libsureware.so +OLD_LIBS+=usr/lib32/libubsec.so +OLD_LIBS+=usr/lib32/libssl.so.8 # 20180824: libbe(3) SHLIBDIR fixed to reflect correct location OLD_LIBS+=usr/lib/libbe.so.1 # 20180819: Remove deprecated arc4random(3) stir/addrandom interfaces From owner-svn-src-projects@freebsd.org Wed Oct 3 16:06:18 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D09A410A4103 for ; Wed, 3 Oct 2018 16:06:17 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8572E82FDB; Wed, 3 Oct 2018 16:06:17 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8029A192AF; Wed, 3 Oct 2018 16:06:17 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93G6HbU072697; Wed, 3 Oct 2018 16:06:17 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93G6Hq7072696; Wed, 3 Oct 2018 16:06:17 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201810031606.w93G6Hq7072696@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 3 Oct 2018 16:06:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339154 - projects/openssl111/crypto/openssh/openbsd-compat X-SVN-Group: projects X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: projects/openssl111/crypto/openssh/openbsd-compat X-SVN-Commit-Revision: 339154 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 16:06:18 -0000 Author: emaste Date: Wed Oct 3 16:06:17 2018 New Revision: 339154 URL: https://svnweb.freebsd.org/changeset/base/339154 Log: openssh: add openbsd-compat/libressl-api-compat.c Missed in migrating changeset from git to svn for r338811 Reported by: jhb Added: projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c (contents, props changed) Added: projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/openssl111/crypto/openssh/openbsd-compat/libressl-api-compat.c Wed Oct 3 16:06:17 2018 (r339154) @@ -0,0 +1,636 @@ +/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ +/* + * Copyright (c) 2018 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef WITH_OPENSSL + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#ifndef HAVE_DSA_GET0_PQG +void +DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; +} +#endif /* HAVE_DSA_GET0_PQG */ + +#ifndef HAVE_DSA_SET0_PQG +int +DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || + (d->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(d->p); + d->p = p; + } + if (q != NULL) { + BN_free(d->q); + d->q = q; + } + if (g != NULL) { + BN_free(d->g); + d->g = g; + } + + return 1; +} +#endif /* HAVE_DSA_SET0_PQG */ + +#ifndef HAVE_DSA_GET0_KEY +void +DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; +} +#endif /* HAVE_DSA_GET0_KEY */ + +#ifndef HAVE_DSA_SET0_KEY +int +DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (d->pub_key == NULL && pub_key == NULL) + return 0; + + if (pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + + return 1; +} +#endif /* HAVE_DSA_SET0_KEY */ + +#ifndef HAVE_RSA_GET0_KEY +void +RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} +#endif /* HAVE_RSA_GET0_KEY */ + +#ifndef HAVE_RSA_SET0_KEY +int +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_KEY */ + +#ifndef HAVE_RSA_GET0_CRT_PARAMS +void +RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) +{ + if (dmp1 != NULL) + *dmp1 = r->dmp1; + if (dmq1 != NULL) + *dmq1 = r->dmq1; + if (iqmp != NULL) + *iqmp = r->iqmp; +} +#endif /* HAVE_RSA_GET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_SET0_CRT_PARAMS +int +RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + if ((r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) + return 0; + + if (dmp1 != NULL) { + BN_free(r->dmp1); + r->dmp1 = dmp1; + } + if (dmq1 != NULL) { + BN_free(r->dmq1); + r->dmq1 = dmq1; + } + if (iqmp != NULL) { + BN_free(r->iqmp); + r->iqmp = iqmp; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_GET0_FACTORS +void +RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +{ + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; +} +#endif /* HAVE_RSA_GET0_FACTORS */ + +#ifndef HAVE_RSA_SET0_FACTORS +int +RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +{ + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) + return 0; + + if (p != NULL) { + BN_free(r->p); + r->p = p; + } + if (q != NULL) { + BN_free(r->q); + r->q = q; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_FACTORS */ + +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV +int +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) +{ + if (ctx == NULL) + return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) + return 0; + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; +# ifdef HAVE_EVP_CIPHER_CTX_IV + memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len); +# else + memcpy(iv, ctx->iv, len); +# endif /* HAVE_EVP_CIPHER_CTX_IV */ + } + return 1; +} +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ + +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV +int +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) +{ + if (ctx == NULL) + return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) + return 0; + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; +# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len); +# else + memcpy(ctx->iv, iv, len); +# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */ + } + return 1; +} +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +#ifndef HAVE_DSA_SIG_GET0 +void +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} +#endif /* HAVE_DSA_SIG_GET0 */ + +#ifndef HAVE_DSA_SIG_SET0 +int +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + sig->r = r; + BN_clear_free(sig->s); + sig->s = s; + + return 1; +} +#endif /* HAVE_DSA_SIG_SET0 */ + +#ifndef HAVE_ECDSA_SIG_GET0 +void +ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} +#endif /* HAVE_ECDSA_SIG_GET0 */ + +#ifndef HAVE_ECDSA_SIG_SET0 +int +ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} +#endif /* HAVE_ECDSA_SIG_SET0 */ + +#ifndef HAVE_DH_GET0_PQG +void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} +#endif /* HAVE_DH_GET0_PQG */ + +#ifndef HAVE_DH_SET0_PQG +int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } + + return 1; +} +#endif /* HAVE_DH_SET0_PQG */ + +#ifndef HAVE_DH_GET0_KEY +void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} +#endif /* HAVE_DH_GET0_KEY */ + +#ifndef HAVE_DH_SET0_KEY +int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (pub_key != NULL) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + + return 1; +} +#endif /* HAVE_DH_SET0_KEY */ + +#ifndef HAVE_DH_SET_LENGTH +int +DH_set_length(DH *dh, long length) +{ + if (length < 0 || length > INT_MAX) + return 0; + + dh->length = length; + return 1; +} +#endif /* HAVE_DH_SET_LENGTH */ + +#ifndef HAVE_RSA_METH_FREE +void +RSA_meth_free(RSA_METHOD *meth) +{ + if (meth != NULL) { + free((char *)meth->name); + free(meth); + } +} +#endif /* HAVE_RSA_METH_FREE */ + +#ifndef HAVE_RSA_METH_DUP +RSA_METHOD * +RSA_meth_dup(const RSA_METHOD *meth) +{ + RSA_METHOD *copy; + + if ((copy = calloc(1, sizeof(*copy))) == NULL) + return NULL; + memcpy(copy, meth, sizeof(*copy)); + if ((copy->name = strdup(meth->name)) == NULL) { + free(copy); + return NULL; + } + + return copy; +} +#endif /* HAVE_RSA_METH_DUP */ + +#ifndef HAVE_RSA_METH_SET1_NAME +int +RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +{ + char *copy; + + if ((copy = strdup(name)) == NULL) + return 0; + free((char *)meth->name); + meth->name = copy; + return 1; +} +#endif /* HAVE_RSA_METH_SET1_NAME */ + +#ifndef HAVE_RSA_METH_GET_FINISH +int +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +{ + return meth->finish; +} +#endif /* HAVE_RSA_METH_GET_FINISH */ + +#ifndef HAVE_RSA_METH_SET_PRIV_ENC +int +RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_enc = priv_enc; + return 1; +} +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ + +#ifndef HAVE_RSA_METH_SET_PRIV_DEC +int +RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_dec = priv_dec; + return 1; +} +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ + +#ifndef HAVE_RSA_METH_SET_FINISH +int +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) +{ + meth->finish = finish; + return 1; +} +#endif /* HAVE_RSA_METH_SET_FINISH */ + +#ifndef HAVE_EVP_PKEY_GET0_RSA +RSA * +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ + return NULL; + } + return pkey->pkey.rsa; +} +#endif /* HAVE_EVP_PKEY_GET0_RSA */ + +#ifndef HAVE_EVP_MD_CTX_NEW +EVP_MD_CTX * +EVP_MD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} +#endif /* HAVE_EVP_MD_CTX_NEW */ + +#ifndef HAVE_EVP_MD_CTX_FREE +void +EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_MD_CTX_cleanup(ctx); + + free(ctx); +} +#endif /* HAVE_EVP_MD_CTX_FREE */ + +#endif /* WITH_OPENSSL */ From owner-svn-src-projects@freebsd.org Wed Oct 3 16:14:18 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5825010A4457 for ; Wed, 3 Oct 2018 16:14:18 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0E9E283545; Wed, 3 Oct 2018 16:14:18 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DF6751944A; Wed, 3 Oct 2018 16:14:17 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93GEH22077981; Wed, 3 Oct 2018 16:14:17 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93GEHvm077980; Wed, 3 Oct 2018 16:14:17 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201810031614.w93GEHvm077980@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 3 Oct 2018 16:14:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339156 - projects/openssl111/crypto/openssh X-SVN-Group: projects X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: projects/openssl111/crypto/openssh X-SVN-Commit-Revision: 339156 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 16:14:18 -0000 Author: emaste Date: Wed Oct 3 16:14:17 2018 New Revision: 339156 URL: https://svnweb.freebsd.org/changeset/base/339156 Log: openssh: record merge of OpenSSL 1.1.1 compat from vendor Discussed with: des Modified: Directory Properties: projects/openssl111/crypto/openssh/ (props changed) From owner-svn-src-projects@freebsd.org Wed Oct 3 16:38:37 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 128DC10A4DB2 for ; Wed, 3 Oct 2018 16:38:37 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B3C6584233; Wed, 3 Oct 2018 16:38:36 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ABFA319797; Wed, 3 Oct 2018 16:38:36 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w93GcakI088502; Wed, 3 Oct 2018 16:38:36 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w93GcaOb088491; Wed, 3 Oct 2018 16:38:36 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201810031638.w93GcaOb088491@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 3 Oct 2018 16:38:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339157 - in projects/openssl111: crypto/openssh secure/lib/libssh X-SVN-Group: projects X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: in projects/openssl111: crypto/openssh secure/lib/libssh X-SVN-Commit-Revision: 339157 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 16:38:37 -0000 Author: emaste Date: Wed Oct 3 16:38:36 2018 New Revision: 339157 URL: https://svnweb.freebsd.org/changeset/base/339157 Log: openssh: connect libressl-api-compat.c and regen config.h Differential Revision: https://reviews.freebsd.org/D17390 Modified: projects/openssl111/crypto/openssh/config.h projects/openssl111/secure/lib/libssh/Makefile Modified: projects/openssl111/crypto/openssh/config.h ============================================================================== --- projects/openssl111/crypto/openssh/config.h Wed Oct 3 16:14:17 2018 (r339156) +++ projects/openssl111/crypto/openssh/config.h Wed Oct 3 16:38:36 2018 (r339157) @@ -394,6 +394,21 @@ /* Define if you have /dev/ptc */ /* #undef HAVE_DEV_PTS_AND_PTC */ +/* Define if libcrypto has DH_get0_key */ +#define HAVE_DH_GET0_KEY 1 + +/* Define if libcrypto has DH_get0_pqg */ +#define HAVE_DH_GET0_PQG 1 + +/* Define if libcrypto has DH_set0_key */ +#define HAVE_DH_SET0_KEY 1 + +/* Define if libcrypto has DH_set0_pqg */ +#define HAVE_DH_SET0_PQG 1 + +/* Define if libcrypto has DH_set_length */ +#define HAVE_DH_SET_LENGTH 1 + /* Define to 1 if you have the header file. */ #define HAVE_DIRENT_H 1 @@ -406,6 +421,30 @@ /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ #define HAVE_DSA_GENERATE_PARAMETERS_EX 1 +/* Define if libcrypto has DSA_get0_key */ +#define HAVE_DSA_GET0_KEY 1 + +/* Define if libcrypto has DSA_get0_pqg */ +#define HAVE_DSA_GET0_PQG 1 + +/* Define if libcrypto has DSA_set0_key */ +#define HAVE_DSA_SET0_KEY 1 + +/* Define if libcrypto has DSA_set0_pqg */ +#define HAVE_DSA_SET0_PQG 1 + +/* Define if libcrypto has DSA_SIG_get0 */ +#define HAVE_DSA_SIG_GET0 1 + +/* Define if libcrypto has DSA_SIG_set0 */ +#define HAVE_DSA_SIG_SET0 1 + +/* Define if libcrypto has ECDSA_SIG_get0 */ +#define HAVE_ECDSA_SIG_GET0 1 + +/* Define if libcrypto has ECDSA_SIG_set0 */ +#define HAVE_ECDSA_SIG_SET0 1 + /* Define to 1 if you have the header file. */ #define HAVE_ELF_H 1 @@ -436,6 +475,15 @@ /* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ #define HAVE_EVP_CIPHER_CTX_CTRL 1 +/* Define if libcrypto has EVP_CIPHER_CTX_set_iv */ +/* #undef HAVE_EVP_CIPHER_CTX_GET_IV */ + +/* Define if libcrypto has EVP_CIPHER_CTX_iv */ +#define HAVE_EVP_CIPHER_CTX_IV 1 + +/* Define if libcrypto has EVP_CIPHER_CTX_iv_noconst */ +#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1 + /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ #define HAVE_EVP_DIGESTFINAL_EX 1 @@ -443,14 +491,23 @@ #define HAVE_EVP_DIGESTINIT_EX 1 /* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ -#define HAVE_EVP_MD_CTX_CLEANUP 1 +/* #undef HAVE_EVP_MD_CTX_CLEANUP */ /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ #define HAVE_EVP_MD_CTX_COPY_EX 1 +/* Define if libcrypto has EVP_MD_CTX_free */ +#define HAVE_EVP_MD_CTX_FREE 1 + /* Define to 1 if you have the `EVP_MD_CTX_init' function. */ -#define HAVE_EVP_MD_CTX_INIT 1 +/* #undef HAVE_EVP_MD_CTX_INIT */ +/* Define if libcrypto has EVP_MD_CTX_new */ +#define HAVE_EVP_MD_CTX_NEW 1 + +/* Define if libcrypto has EVP_PKEY_get0_RSA */ +#define HAVE_EVP_PKEY_GET0_RSA 1 + /* Define to 1 if you have the `EVP_ripemd160' function. */ #define HAVE_EVP_RIPEMD160 1 @@ -647,7 +704,7 @@ #define HAVE_HEADER_AD 1 /* Define to 1 if you have the `HMAC_CTX_init' function. */ -#define HAVE_HMAC_CTX_INIT 1 +/* #undef HAVE_HMAC_CTX_INIT */ /* Define if you have ut_host in utmp.h */ /* #undef HAVE_HOST_IN_UTMP */ @@ -973,8 +1030,47 @@ /* Define to 1 if you have the `RSA_generate_key_ex' function. */ #define HAVE_RSA_GENERATE_KEY_EX 1 +/* Define if libcrypto has RSA_get0_crt_params */ +#define HAVE_RSA_GET0_CRT_PARAMS 1 + +/* Define if libcrypto has RSA_get0_factors */ +#define HAVE_RSA_GET0_FACTORS 1 + +/* Define if libcrypto has RSA_get0_key */ +#define HAVE_RSA_GET0_KEY 1 + /* Define to 1 if you have the `RSA_get_default_method' function. */ #define HAVE_RSA_GET_DEFAULT_METHOD 1 + +/* Define if libcrypto has RSA_meth_dup */ +#define HAVE_RSA_METH_DUP 1 + +/* Define if libcrypto has RSA_meth_free */ +#define HAVE_RSA_METH_FREE 1 + +/* Define if libcrypto has RSA_meth_get_finish */ +#define HAVE_RSA_METH_GET_FINISH 1 + +/* Define if libcrypto has RSA_meth_set1_name */ +#define HAVE_RSA_METH_SET1_NAME 1 + +/* Define if libcrypto has RSA_meth_set_finish */ +#define HAVE_RSA_METH_SET_FINISH 1 + +/* Define if libcrypto has RSA_meth_set_priv_dec */ +#define HAVE_RSA_METH_SET_PRIV_DEC 1 + +/* Define if libcrypto has RSA_meth_set_priv_enc */ +#define HAVE_RSA_METH_SET_PRIV_ENC 1 + +/* Define if libcrypto has RSA_get0_srt_params */ +#define HAVE_RSA_SET0_CRT_PARAMS 1 + +/* Define if libcrypto has RSA_set0_factors */ +#define HAVE_RSA_SET0_FACTORS 1 + +/* Define if libcrypto has RSA_set0_key */ +#define HAVE_RSA_SET0_KEY 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SANDBOX_H */ Modified: projects/openssl111/secure/lib/libssh/Makefile ============================================================================== --- projects/openssl111/secure/lib/libssh/Makefile Wed Oct 3 16:14:17 2018 (r339156) +++ projects/openssl111/secure/lib/libssh/Makefile Wed Oct 3 16:38:36 2018 (r339157) @@ -31,7 +31,9 @@ PACKAGE= ssh # Portability layer SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c explicit_bzero.c \ - fmt_scaled.c freezero.c glob.c openssl-compat.c port-net.c \ + fmt_scaled.c freezero.c glob.c \ + libressl-api-compat.c \ + openssl-compat.c port-net.c \ realpath.c recallocarray.c strtonum.c timingsafe_bcmp.c vis.c xcrypt.c .if ${MK_LDNS} == "no" From owner-svn-src-projects@freebsd.org Fri Oct 5 16:35:28 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DFE1010B0E81 for ; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8044D88071; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D07117C45; Fri, 5 Oct 2018 16:35:27 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95GZR3o068699; Fri, 5 Oct 2018 16:35:27 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95GZOaX068686; Fri, 5 Oct 2018 16:35:24 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201810051635.w95GZOaX068686@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Fri, 5 Oct 2018 16:35:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339198 - in projects/openssl111: crypto/heimdal/kdc crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/nt... X-SVN-Group: projects X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in projects/openssl111: crypto/heimdal/kdc crypto/heimdal/lib/gssapi/krb5 crypto/heimdal/lib/gssapi/ntlm crypto/heimdal/lib/hx509 crypto/heimdal/lib/krb5 crypto/heimdal/lib/ntlm crypto/heimdal/lib/rok... X-SVN-Commit-Revision: 339198 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 16:35:28 -0000 Author: jhb Date: Fri Oct 5 16:35:24 2018 New Revision: 339198 URL: https://svnweb.freebsd.org/changeset/base/339198 Log: Update the existing heimdal implementation for OpenSSL 1.1. Existing work is underway to import a newer version of heimdal, but this patchset gets us to a fully working tree to enable more wide spread testing of OpenSSL 1.1 for now. I've also enabled WARNS=1 for kerberos (which is the reason for the change in libroken). Having -Werror enabled was useful during the 1.1 updates and we probably should have warnings enabled by default for kerberos anyway. This passes make tinderbox, and I have also done some very light runtime testing on amd64. Reviewed by: bjk, jkim, emaste Differential Revision: https://reviews.freebsd.org/D17276 Modified: projects/openssl111/crypto/heimdal/kdc/digest.c projects/openssl111/crypto/heimdal/kdc/kx509.c projects/openssl111/crypto/heimdal/kdc/pkinit.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c projects/openssl111/crypto/heimdal/lib/hx509/crypto.c projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-aes.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-arcfour.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-des-common.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-des.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-evp.c projects/openssl111/crypto/heimdal/lib/krb5/crypto-rand.c projects/openssl111/crypto/heimdal/lib/krb5/crypto.h projects/openssl111/crypto/heimdal/lib/krb5/pkinit.c projects/openssl111/crypto/heimdal/lib/ntlm/heimntlm-protos.h projects/openssl111/crypto/heimdal/lib/ntlm/ntlm.c projects/openssl111/crypto/heimdal/lib/roken/snprintf.c projects/openssl111/kerberos5/Makefile.inc projects/openssl111/kerberos5/include/crypto-headers.h Modified: projects/openssl111/crypto/heimdal/kdc/digest.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/digest.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/digest.c Fri Oct 5 16:35:24 2018 (r339198) @@ -375,8 +375,8 @@ _kdc_do_digest(krb5_context context, case choice_DigestReqInner_init: { unsigned char server_nonce[16], identifier; - RAND_pseudo_bytes(&identifier, sizeof(identifier)); - RAND_pseudo_bytes(server_nonce, sizeof(server_nonce)); + RAND_bytes(&identifier, sizeof(identifier)); + RAND_bytes(server_nonce, sizeof(server_nonce)); server_nonce[0] = kdc_time & 0xff; server_nonce[1] = (kdc_time >> 8) & 0xff; @@ -1333,7 +1333,7 @@ _kdc_do_digest(krb5_context context, if (ireq.u.ntlmRequest.sessionkey) { unsigned char masterkey[MD4_DIGEST_LENGTH]; - EVP_CIPHER_CTX rc4; + EVP_CIPHER_CTX *rc4; size_t len; if ((flags & NTLM_NEG_KEYEX) == 0) { @@ -1354,12 +1354,18 @@ _kdc_do_digest(krb5_context context, } - EVP_CIPHER_CTX_init(&rc4); - EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); - EVP_Cipher(&rc4, + rc4 = EVP_CIPHER_CTX_new(); + if (rc4 == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + "NTLM failed to malloc cipher context"); + goto failed; + } + EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); + EVP_Cipher(rc4, masterkey, ireq.u.ntlmRequest.sessionkey->data, sizeof(masterkey)); - EVP_CIPHER_CTX_cleanup(&rc4); + EVP_CIPHER_CTX_free(rc4); r.u.ntlmResponse.sessionkey = malloc(sizeof(*r.u.ntlmResponse.sessionkey)); Modified: projects/openssl111/crypto/heimdal/kdc/kx509.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/kx509.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/kx509.c Fri Oct 5 16:35:24 2018 (r339198) @@ -64,7 +64,7 @@ verify_req_hash(krb5_context context, krb5_keyblock *key) { unsigned char digest[SHA_DIGEST_LENGTH]; - HMAC_CTX ctx; + HMAC_CTX *ctx; if (req->pk_hash.length != sizeof(digest)) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -73,16 +73,21 @@ verify_req_hash(krb5_context context, return KRB5KDC_ERR_PREAUTH_FAILED; } - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - if (sizeof(digest) != HMAC_size(&ctx)) + if (sizeof(digest) != HMAC_size(ctx)) krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); - HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); - HMAC_Final(&ctx, digest, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, req->pk_key.data, req->pk_key.length); + HMAC_Final(ctx, digest, 0); + HMAC_CTX_free(ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, @@ -98,35 +103,40 @@ calculate_reply_hash(krb5_context context, Kx509Response *rep) { krb5_error_code ret; - HMAC_CTX ctx; + HMAC_CTX *ctx; - HMAC_CTX_init(&ctx); + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + "HMAC context malloc failed"); + return ENOMEM; + } - HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, + HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); + ret = krb5_data_alloc(rep->hash, HMAC_size(ctx)); if (ret) { - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); if (rep->error_code) { int32_t t = *rep->error_code; do { unsigned char p = (t & 0xff); - HMAC_Update(&ctx, &p, 1); + HMAC_Update(ctx, &p, 1); t >>= 8; } while (t); } if (rep->certificate) - HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); + HMAC_Update(ctx, rep->certificate->data, rep->certificate->length); if (rep->e_text) - HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); + HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); - HMAC_Final(&ctx, rep->hash->data, 0); - HMAC_CTX_cleanup(&ctx); + HMAC_Final(ctx, rep->hash->data, 0); + HMAC_CTX_free(ctx); return 0; } Modified: projects/openssl111/crypto/heimdal/kdc/pkinit.c ============================================================================== --- projects/openssl111/crypto/heimdal/kdc/pkinit.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/kdc/pkinit.c Fri Oct 5 16:35:24 2018 (r339198) @@ -331,6 +331,7 @@ get_dh_param(krb5_context context, { DomainParameters dhparam; DH *dh = NULL; + BIGNUM *p, *q, *g; krb5_error_code ret; memset(&dhparam, 0, sizeof(dhparam)); @@ -375,15 +376,21 @@ get_dh_param(krb5_context context, goto out; } ret = KRB5_BADMSGTYPE; - dh->p = integer_to_BN(context, "DH prime", &dhparam.p); - if (dh->p == NULL) + p = integer_to_BN(context, "DH prime", &dhparam.p); + g = integer_to_BN(context, "DH base", &dhparam.g); + q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); + if (p == NULL || g == NULL || q == NULL) { + BN_free(p); + BN_free(g); + BN_free(q); goto out; - dh->g = integer_to_BN(context, "DH base", &dhparam.g); - if (dh->g == NULL) + } + if (DH_set0_pqg(dh, p, g, q) != 1) { + BN_free(p); + BN_free(g); + BN_free(q); goto out; - dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); - if (dh->g == NULL) - goto out; + } { heim_integer glue; @@ -895,7 +902,7 @@ out: */ static krb5_error_code -BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer) { integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); @@ -1112,9 +1119,11 @@ pk_mk_pa_reply_dh(krb5_context context, if (cp->keyex == USE_DH) { DH *kdc_dh = cp->u.dh.key; + const BIGNUM *pub_key; heim_integer i; - ret = BN_to_integer(context, kdc_dh->pub_key, &i); + DH_get0_key(kdc_dh, &pub_key, NULL); + ret = BN_to_integer(context, pub_key, &i); if (ret) return ret; Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/arcfour.c Fri Oct 5 16:35:24 2018 (r339198) @@ -173,7 +173,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, int32_t seq_number; size_t len, total_len; u_char k6_data[16], *p0, *p; - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); @@ -235,11 +235,17 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p, p, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, message_token); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p, p, 8); + EVP_CIPHER_CTX_free(rc4_key); + memset(k6_data, 0, sizeof(k6_data)); *minor_status = 0; @@ -308,12 +314,16 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0); - EVP_Cipher(&rc4_key, SND_SEQ, p, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0); + EVP_Cipher(rc4_key, SND_SEQ, p, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -461,12 +471,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if(conf_req_flag) { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p0 + 24, p0 + 24, 8 + datalen); + EVP_CIPHER_CTX_free(rc4_key); } memset(k6_data, 0, sizeof(k6_data)); @@ -480,12 +495,17 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -580,12 +600,16 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat } { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, SND_SEQ, p0 + 8, 8); + EVP_CIPHER_CTX_free(rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -628,13 +652,18 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_stat output_message_buffer->length = datalen; if(conf_flag) { - EVP_CIPHER_CTX rc4_key; + EVP_CIPHER_CTX *rc4_key; - EVP_CIPHER_CTX_init(&rc4_key); - EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); - EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8); - EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); - EVP_CIPHER_CTX_cleanup(&rc4_key); + rc4_key = EVP_CIPHER_CTX_new(); + if (rc4_key == NULL) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(rc4_key, Confounder, p0 + 24, 8); + EVP_Cipher(rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); + EVP_CIPHER_CTX_free(rc4_key); } else { memcpy(Confounder, p0 + 24, 8); /* Confounder */ memcpy(output_message_buffer->value, Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/get_mic.c Fri Oct 5 16:35:24 2018 (r339198) @@ -50,7 +50,7 @@ mic_des EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock deskey; DES_cblock zero; int32_t seq_number; @@ -96,6 +96,17 @@ mic_des &schedule, &zero); memcpy (p - 8, hash, 8); /* SGN_CKSUM */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); /* sequence number */ krb5_auth_con_getlocalseqnumber (context, @@ -111,10 +122,9 @@ mic_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/unwrap.c Fri Oct 5 16:35:24 2018 (r339198) @@ -50,7 +50,7 @@ unwrap_des size_t len; EVP_MD_CTX *md5; u_char hash[16]; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_key_schedule schedule; DES_cblock deskey; DES_cblock zero; @@ -104,12 +104,17 @@ unwrap_des deskey[i] ^= 0xf0; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0); - EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len); - EVP_CIPHER_CTX_cleanup(&des_ctx); + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0); + EVP_Cipher(des_ctx, p, p, input_message_buffer->length - len); + EVP_CIPHER_CTX_free(des_ctx); - memset (&schedule, 0, sizeof(schedule)); + memset (deskey, 0, sizeof(deskey)); } if (IS_DCE_STYLE(context_handle)) { @@ -135,19 +140,29 @@ unwrap_des DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (ct_memcmp (p - 8, hash, 8) != 0) + if (ct_memcmp (p - 8, hash, 8) != 0) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); return GSS_S_BAD_MIC; + } /* verify sequence number */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/verify_mic.c Fri Oct 5 16:35:24 2018 (r339198) @@ -51,7 +51,7 @@ verify_mic_des EVP_MD_CTX *md5; u_char hash[16], *seq; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock zero; DES_cblock deskey; uint32_t seq_number; @@ -96,14 +96,21 @@ verify_mic_des /* verify sequence number */ + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(des_ctx, p, p, 8); + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/krb5/wrap.c Fri Oct 5 16:35:24 2018 (r339198) @@ -211,7 +211,7 @@ wrap_des EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; - EVP_CIPHER_CTX des_ctx; + EVP_CIPHER_CTX *des_ctx; DES_cblock deskey; DES_cblock zero; size_t i; @@ -283,6 +283,17 @@ wrap_des &schedule, &zero); memcpy (p - 8, hash, 8); + des_ctx = EVP_CIPHER_CTX_new(); + if (des_ctx == NULL) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + free(output_message_buffer->value); + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + /* sequence number */ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_getlocalseqnumber (context, @@ -298,10 +309,8 @@ wrap_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); - EVP_Cipher(&des_ctx, p, p, 8); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(des_ctx, p, p, 8); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, @@ -317,11 +326,11 @@ wrap_des for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - EVP_CIPHER_CTX_init(&des_ctx); - EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); - EVP_Cipher(&des_ctx, p, p, datalen); - EVP_CIPHER_CTX_cleanup(&des_ctx); + EVP_CIPHER_CTX_reset(des_ctx); + EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); + EVP_Cipher(des_ctx, p, p, datalen); } + EVP_CIPHER_CTX_free(des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); Modified: projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/gssapi/ntlm/crypto.c Fri Oct 5 16:35:24 2018 (r339198) @@ -148,16 +148,18 @@ v2_sign_message(gss_buffer_t in, { unsigned char hmac[16]; unsigned int hmaclen; - HMAC_CTX c; + HMAC_CTX *c; - HMAC_CTX_init(&c); - HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL); + c = HMAC_CTX_new(); + if (c == NULL) + return GSS_S_FAILURE; + HMAC_Init_ex(c, signkey, 16, EVP_md5(), NULL); encode_le_uint32(seq, hmac); - HMAC_Update(&c, hmac, 4); - HMAC_Update(&c, in->value, in->length); - HMAC_Final(&c, hmac, &hmaclen); - HMAC_CTX_cleanup(&c); + HMAC_Update(c, hmac, 4); + HMAC_Update(c, in->value, in->length); + HMAC_Final(c, hmac, &hmaclen); + HMAC_CTX_free(c); encode_le_uint32(1, &out[0]); if (sealkey) Modified: projects/openssl111/crypto/heimdal/lib/hx509/crypto.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/crypto.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/crypto.c Fri Oct 5 16:35:24 2018 (r339198) @@ -226,7 +226,8 @@ heim_int2BN(const heim_integer *i) BIGNUM *bn; bn = BN_bin2bn(i->data, i->length, NULL); - BN_set_negative(bn, i->negative); + if (bn != NULL) + BN_set_negative(bn, i->negative); return bn; } @@ -899,12 +900,15 @@ rsa_get_internal(hx509_context context, hx509_private_key key, const char *type) { + const BIGNUM *n; + if (strcasecmp(type, "rsa-modulus") == 0) { - return BN_dup(key->private_key.rsa->n); + RSA_get0_key(key->private_key.rsa, &n, NULL, NULL); } else if (strcasecmp(type, "rsa-exponent") == 0) { - return BN_dup(key->private_key.rsa->e); + RSA_get0_key(key->private_key.rsa, NULL, &n, NULL); } else return NULL; + return BN_dup(n); } @@ -1045,6 +1049,7 @@ dsa_verify_signature(hx509_context context, DSAPublicKey pk; DSAParams param; size_t size; + BIGNUM *key, *p, *q, *g; DSA *dsa; int ret; @@ -1062,16 +1067,25 @@ dsa_verify_signature(hx509_context context, if (ret) goto out; - dsa->pub_key = heim_int2BN(&pk); + key = heim_int2BN(&pk); free_DSAPublicKey(&pk); - if (dsa->pub_key == NULL) { + if (key == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } + ret = DSA_set0_key(dsa, key, NULL); + + if (ret != 1) { + BN_free(key); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "failed to set DSA key"); + goto out; + } + if (spi->algorithm.parameters == NULL) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; hx509_set_error_string(context, 0, ret, "DSA parameters missing"); @@ -1087,18 +1101,32 @@ dsa_verify_signature(hx509_context context, goto out; } - dsa->p = heim_int2BN(¶m.p); - dsa->q = heim_int2BN(¶m.q); - dsa->g = heim_int2BN(¶m.g); + p = heim_int2BN(¶m.p); + q = heim_int2BN(¶m.q); + g = heim_int2BN(¶m.g); free_DSAParams(¶m); - if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { + if (p == NULL || q == NULL || g == NULL) { + BN_free(p); + BN_free(q); + BN_free(g); ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } + ret = DSA_set0_pqg(dsa, p, q, g); + + if (ret != 1) { + BN_free(p); + BN_free(q); + BN_free(g); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "failed to set DSA parameters"); + goto out; + } + ret = DSA_verify(-1, data->data, data->length, (unsigned char*)sig->data, sig->length, dsa); @@ -2562,7 +2590,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, const heim_octet_string *ivec, heim_octet_string **ciphertext) { - EVP_CIPHER_CTX evp; + EVP_CIPHER_CTX *evp; size_t padsize, bsize; int ret; @@ -2574,12 +2602,13 @@ hx509_crypto_encrypt(hx509_crypto crypto, assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length); - EVP_CIPHER_CTX_init(&evp); + evp = EVP_CIPHER_CTX_new(); + if (evp == NULL) + return ENOMEM; - ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + ret = EVP_CipherInit_ex(evp, crypto->c, NULL, crypto->key.data, ivec->data, 1); if (ret != 1) { - EVP_CIPHER_CTX_cleanup(&evp); ret = HX509_CRYPTO_INTERNAL_ERROR; goto out; } @@ -2619,7 +2648,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, *p++ = padsize; } - ret = EVP_Cipher(&evp, (*ciphertext)->data, + ret = EVP_Cipher(evp, (*ciphertext)->data, (*ciphertext)->data, length + padsize); if (ret != 1) { @@ -2638,7 +2667,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, *ciphertext = NULL; } } - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); return ret; } @@ -2650,7 +2679,7 @@ hx509_crypto_decrypt(hx509_crypto crypto, heim_octet_string *ivec, heim_octet_string *clear) { - EVP_CIPHER_CTX evp; + EVP_CIPHER_CTX *evp; void *idata = NULL; int ret; @@ -2670,27 +2699,30 @@ hx509_crypto_decrypt(hx509_crypto crypto, if (ivec) idata = ivec->data; - EVP_CIPHER_CTX_init(&evp); + evp = EVP_CIPHER_CTX_new(); + if (evp == NULL) + return ENOMEM; - ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + ret = EVP_CipherInit_ex(evp, crypto->c, NULL, crypto->key.data, idata, 0); if (ret != 1) { - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); return HX509_CRYPTO_INTERNAL_ERROR; } clear->length = length; clear->data = malloc(length); if (clear->data == NULL) { - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); clear->length = 0; return ENOMEM; } - if (EVP_Cipher(&evp, clear->data, data, length) != 1) { + if (EVP_Cipher(evp, clear->data, data, length) != 1) { + EVP_CIPHER_CTX_free(evp); return HX509_CRYPTO_INTERNAL_ERROR; } - EVP_CIPHER_CTX_cleanup(&evp); + EVP_CIPHER_CTX_free(evp); if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) { int padsize; @@ -2949,6 +2981,8 @@ match_keys_rsa(hx509_cert c, hx509_private_key private const SubjectPublicKeyInfo *spi; RSAPublicKey pk; RSA *rsa; + const BIGNUM *d, *p, *q, *dmp1, *dmq1, *iqmp; + BIGNUM *new_d, *new_p, *new_q, *new_dmp1, *new_dmq1, *new_iqmp, *n, *e; size_t size; int ret; @@ -2956,7 +2990,10 @@ match_keys_rsa(hx509_cert c, hx509_private_key private return 0; rsa = private_key->private_key.rsa; - if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL) + RSA_get0_key(rsa, NULL, NULL, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + if (d == NULL || p == NULL || q == NULL) return 0; cert = _hx509_get_cert(c); @@ -2973,21 +3010,66 @@ match_keys_rsa(hx509_cert c, hx509_private_key private RSA_free(rsa); return 0; } - rsa->n = heim_int2BN(&pk.modulus); - rsa->e = heim_int2BN(&pk.publicExponent); + n = heim_int2BN(&pk.modulus); + e = heim_int2BN(&pk.publicExponent); free_RSAPublicKey(&pk); - rsa->d = BN_dup(private_key->private_key.rsa->d); - rsa->p = BN_dup(private_key->private_key.rsa->p); - rsa->q = BN_dup(private_key->private_key.rsa->q); - rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1); - rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1); - rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp); + new_d = BN_dup(d); + new_p = BN_dup(p); + new_q = BN_dup(q); + new_dmp1 = BN_dup(dmp1); + new_dmq1 = BN_dup(dmq1); + new_iqmp = BN_dup(iqmp); - if (rsa->n == NULL || rsa->e == NULL || - rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL || - rsa->dmp1 == NULL || rsa->dmq1 == NULL) { + if (n == NULL || e == NULL || + new_d == NULL || new_p == NULL|| new_q == NULL || + new_dmp1 == NULL || new_dmq1 == NULL || new_iqmp == NULL) { + BN_free(n); + BN_free(e); + BN_free(new_d); + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_key(rsa, new_d, n, e); + + if (ret != 1) { + BN_free(n); + BN_free(e); + BN_free(new_d); + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_factors(rsa, new_p, new_q); + + if (ret != 1) { + BN_free(new_p); + BN_free(new_q); + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); + RSA_free(rsa); + return 0; + } + + ret = RSA_set0_crt_params(rsa, new_dmp1, new_dmq1, new_iqmp); + + if (ret != 1) { + BN_free(new_dmp1); + BN_free(new_dmq1); + BN_free(new_iqmp); RSA_free(rsa); return 0; } Modified: projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/hxtool.c Fri Oct 5 16:35:24 2018 (r339198) @@ -1387,12 +1387,12 @@ info(void *opt, int argc, char **argv) { const RSA_METHOD *m = RSA_get_default_method(); if (m != NULL) - printf("rsa: %s\n", m->name); + printf("rsa: %s\n", RSA_meth_get0_name(m)); } { const DH_METHOD *m = DH_get_default_method(); if (m != NULL) - printf("dh: %s\n", m->name); + printf("dh: %s\n", DH_meth_get0_name(m)); } #ifdef HAVE_OPENSSL { Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/ks_file.c Fri Oct 5 16:35:24 2018 (r339198) @@ -107,11 +107,18 @@ try_decrypt(hx509_context context, clear.length = len; { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0); - EVP_Cipher(&ctx, clear.data, cipher, len); - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX *ctx; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "Out of memory to decrypt for private key"); + ret = ENOMEM; + goto out; + } + EVP_CipherInit_ex(ctx, c, NULL, key, ivdata, 0); + EVP_Cipher(ctx, clear.data, cipher, len); + EVP_CIPHER_CTX_free(ctx); } ret = _hx509_collector_private_key_add(context, @@ -122,8 +129,8 @@ try_decrypt(hx509_context context, NULL); memset(clear.data, 0, clear.length); - free(clear.data); out: + free(clear.data); memset(key, 0, keylen); free(key); return ret; Modified: projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c ============================================================================== --- projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c Fri Oct 5 16:05:59 2018 (r339197) +++ projects/openssl111/crypto/heimdal/lib/hx509/ks_p11.c Fri Oct 5 16:35:24 2018 (r339198) @@ -213,22 +213,48 @@ p11_rsa_finish(RSA *rsa) return 1; } -static const RSA_METHOD p11_rsa_pkcs1_method = { - "hx509 PKCS11 PKCS#1 RSA", - p11_rsa_public_encrypt, - p11_rsa_public_decrypt, - p11_rsa_private_encrypt, - p11_rsa_private_decrypt, - NULL, - NULL, - p11_rsa_init, - p11_rsa_finish, - 0, - NULL, - NULL, - NULL -}; +static const RSA_METHOD * +get_p11_rsa_pkcs1_method(void) +{ + static const RSA_METHOD *p11_rsa_pkcs1_method; + RSA_METHOD *new_method; + if (p11_rsa_pkcs1_method != NULL) + return p11_rsa_pkcs1_method; + + new_method = RSA_meth_new("hx509 PKCS11 PKCS#1 RSA", 0); + if (new_method == NULL) + return NULL; + + if (RSA_meth_set_pub_enc(new_method, p11_rsa_public_encrypt) != 1) + goto out; + + if (RSA_meth_set_pub_dec(new_method, p11_rsa_public_decrypt) != 1) + goto out; + + if (RSA_meth_set_priv_enc(new_method, p11_rsa_private_encrypt) != 1) + goto out; + + if (RSA_meth_set_priv_dec(new_method, p11_rsa_private_decrypt) != 1) + goto out; + + if (RSA_meth_set_init(new_method, p11_rsa_init) != 1) + goto out; + + if (RSA_meth_set_finish(new_method, p11_rsa_finish) != 1) + goto out; + + /* + * This might overwrite a previously-created method if multiple + * threads invoke this concurrently which will leak memory. + */ + p11_rsa_pkcs1_method = new_method; + return p11_rsa_pkcs1_method; +out: + RSA_meth_free(new_method); + return NULL; +} + /* * */ @@ -607,6 +633,8 @@ collect_private_key(hx509_context context, hx509_private_key key; heim_octet_string localKeyId; int ret; + const RSA_METHOD *meth; + BIGNUM *n, *e; RSA *rsa; struct p11_rsa *p11rsa; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@freebsd.org Fri Oct 5 17:53:59 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F28A10B2853 for ; Fri, 5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A9848A7CB; Fri, 5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 44C561898C; Fri, 5 Oct 2018 17:53:58 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95Hrw7D009818; Fri, 5 Oct 2018 17:53:58 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95Hrmko009773; Fri, 5 Oct 2018 17:53:48 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201810051753.w95Hrmko009773@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Fri, 5 Oct 2018 17:53:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339201 - in projects/openssl111: . contrib/blacklist/bin contrib/bmake contrib/elftoolchain/libelf contrib/libarchive contrib/libarchive/libarchive contrib/libarchive/libarchive/test c... X-SVN-Group: projects X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in projects/openssl111: . contrib/blacklist/bin contrib/bmake contrib/elftoolchain/libelf contrib/libarchive contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/test_ut... X-SVN-Commit-Revision: 339201 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 17:53:59 -0000 Author: gjb Date: Fri Oct 5 17:53:47 2018 New Revision: 339201 URL: https://svnweb.freebsd.org/changeset/base/339201 Log: MFH r338661 through r339200. Sponsored by: The FreeBSD Foundation Added: - copied from r339200, head/contrib/mandoc/ projects/openssl111/lib/lib80211/regdomain.xml - copied unchanged from r339200, head/lib/lib80211/regdomain.xml projects/openssl111/lib/libalias/libalias/libalias.conf - copied unchanged from r339200, head/lib/libalias/libalias/libalias.conf projects/openssl111/lib/libc/net/hosts - copied unchanged from r339200, head/lib/libc/net/hosts projects/openssl111/lib/libc/net/hosts.equiv - copied unchanged from r339200, head/lib/libc/net/hosts.equiv projects/openssl111/lib/libc/net/networks - copied unchanged from r339200, head/lib/libc/net/networks projects/openssl111/lib/libc/net/nsswitch.conf - copied unchanged from r339200, head/lib/libc/net/nsswitch.conf projects/openssl111/lib/libc/net/protocols - copied unchanged from r339200, head/lib/libc/net/protocols projects/openssl111/lib/libc/posix1e/mac.conf - copied unchanged from r339200, head/lib/libc/posix1e/mac.conf projects/openssl111/lib/libc/rpc/netconfig - copied unchanged from r339200, head/lib/libc/rpc/netconfig projects/openssl111/lib/libc/rpc/rpc - copied unchanged from r339200, head/lib/libc/rpc/rpc projects/openssl111/lib/libopie/opieaccess - copied unchanged from r339200, head/lib/libopie/opieaccess projects/openssl111/lib/libsmb/nsmb.conf - copied unchanged from r339200, head/lib/libsmb/nsmb.conf projects/openssl111/lib/libwrap/hosts.allow - copied unchanged from r339200, head/lib/libwrap/hosts.allow projects/openssl111/libexec/rtld-elf/libmap.conf - copied unchanged from r339200, head/libexec/rtld-elf/libmap.conf projects/openssl111/sbin/bsdlabel/disktab - copied unchanged from r339200, head/sbin/bsdlabel/disktab projects/openssl111/share/man/man4/iflib.4 - copied unchanged from r339200, head/share/man/man4/iflib.4 projects/openssl111/sys/arm64/include/ifunc.h - copied unchanged from r339200, head/sys/arm64/include/ifunc.h projects/openssl111/tools/build/options/WITH_HYPERV - copied unchanged from r339200, head/tools/build/options/WITH_HYPERV projects/openssl111/usr.bin/tip/tip/phones - copied unchanged from r339200, head/usr.bin/tip/tip/phones projects/openssl111/usr.bin/tip/tip/remote - copied unchanged from r339200, head/usr.bin/tip/tip/remote projects/openssl111/usr.sbin/amd/amd/amd.map - copied unchanged from r339200, head/usr.sbin/amd/amd/amd.map projects/openssl111/usr.sbin/lpr/lpd/hosts.lpd - copied unchanged from r339200, head/usr.sbin/lpr/lpd/hosts.lpd projects/openssl111/usr.sbin/lpr/lpd/printcap - copied unchanged from r339200, head/usr.sbin/lpr/lpd/printcap Directory Properties: projects/openssl111/contrib/mandoc/ (props changed) Replaced: projects/openssl111/sbin/dhclient/dhclient.conf - copied unchanged from r339200, head/sbin/dhclient/dhclient.conf Deleted: projects/openssl111/contrib/mdocml/ projects/openssl111/etc/amd.map projects/openssl111/etc/dhclient.conf projects/openssl111/etc/disktab projects/openssl111/etc/hosts projects/openssl111/etc/hosts.allow projects/openssl111/etc/hosts.equiv projects/openssl111/etc/hosts.lpd projects/openssl111/etc/libalias.conf projects/openssl111/etc/libmap.conf projects/openssl111/etc/mac.conf projects/openssl111/etc/netconfig projects/openssl111/etc/networks projects/openssl111/etc/nsmb.conf projects/openssl111/etc/nsswitch.conf projects/openssl111/etc/opieaccess projects/openssl111/etc/phones projects/openssl111/etc/printcap projects/openssl111/etc/protocols projects/openssl111/etc/regdomain.xml projects/openssl111/etc/remote projects/openssl111/etc/rpc Modified: projects/openssl111/UPDATING projects/openssl111/contrib/blacklist/bin/blacklistd.8 projects/openssl111/contrib/bmake/make.1 projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c projects/openssl111/contrib/libarchive/README.md projects/openssl111/contrib/libarchive/libarchive/archive_acl.c projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c projects/openssl111/contrib/libarchive/test_utils/test_main.c projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c projects/openssl111/etc/Makefile projects/openssl111/gnu/usr.bin/binutils/as/config.h projects/openssl111/gnu/usr.bin/binutils/ld/config.h projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h projects/openssl111/gnu/usr.bin/cc/libiberty/config.h projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h projects/openssl111/include/limits.h projects/openssl111/include/time.h projects/openssl111/lib/Makefile projects/openssl111/lib/clang/freebsd_cc_version.h projects/openssl111/lib/csu/arm/crt1.c projects/openssl111/lib/csu/common/crtbrand.c projects/openssl111/lib/csu/common/ignore_init.c projects/openssl111/lib/csu/common/notes.h projects/openssl111/lib/lib80211/Makefile projects/openssl111/lib/libalias/libalias/Makefile projects/openssl111/lib/libbe/be.c projects/openssl111/lib/libc/Makefile projects/openssl111/lib/libc/amd64/string/bcmp.S projects/openssl111/lib/libc/amd64/string/bcopy.S projects/openssl111/lib/libc/amd64/string/bzero.S projects/openssl111/lib/libc/amd64/string/memcmp.S projects/openssl111/lib/libc/amd64/string/memset.S projects/openssl111/lib/libc/i386/string/bcopy.S projects/openssl111/lib/libc/net/Makefile.inc projects/openssl111/lib/libc/posix1e/Makefile.inc projects/openssl111/lib/libc/rpc/Makefile.inc projects/openssl111/lib/libopie/Makefile projects/openssl111/lib/libpmc/Makefile projects/openssl111/lib/libpmc/libpmc_pmu_util.c projects/openssl111/lib/libsmb/Makefile projects/openssl111/lib/libusb/libusb10.h projects/openssl111/lib/libusb/libusb10_io.c projects/openssl111/lib/libwrap/Makefile projects/openssl111/libexec/rtld-elf/Makefile projects/openssl111/libexec/rtld-elf/aarch64/reloc.c projects/openssl111/libexec/rtld-elf/aarch64/rtld_machdep.h projects/openssl111/libexec/rtld-elf/libmap.c projects/openssl111/libexec/rtld-elf/powerpc/reloc.c projects/openssl111/libexec/rtld-elf/rtld.c projects/openssl111/release/Makefile projects/openssl111/release/scripts/pkg-stage.sh projects/openssl111/sbin/bsdlabel/Makefile projects/openssl111/sbin/devd/devd.cc projects/openssl111/sbin/devd/devd.hh projects/openssl111/sbin/dhclient/Makefile projects/openssl111/sbin/fsck_ffs/pass5.c projects/openssl111/sbin/geom/core/geom.8 projects/openssl111/sbin/geom/core/geom.c projects/openssl111/sbin/ifconfig/ifipsec.c projects/openssl111/sbin/init/rc.d/ldconfig projects/openssl111/sbin/ipfw/ipfw.8 projects/openssl111/sbin/ipfw/ipfw2.c projects/openssl111/sbin/reboot/reboot.c projects/openssl111/sbin/sysctl/sysctl.8 projects/openssl111/secure/usr.bin/openssl/Makefile projects/openssl111/share/man/man4/Makefile projects/openssl111/share/man/man4/bnxt.4 projects/openssl111/share/man/man4/cxgbe.4 projects/openssl111/share/man/man4/ddb.4 projects/openssl111/share/man/man4/em.4 projects/openssl111/share/man/man5/make.conf.5 projects/openssl111/share/man/man5/msdosfs.5 projects/openssl111/share/man/man5/src.conf.5 projects/openssl111/share/man/man9/MODULE_PNP_INFO.9 projects/openssl111/share/man/man9/iflib.9 projects/openssl111/share/mk/bsd.dirs.mk projects/openssl111/share/mk/bsd.progs.mk projects/openssl111/share/mk/bsd.subdir.mk projects/openssl111/share/mk/bsd.sys.mk projects/openssl111/share/mk/src.opts.mk projects/openssl111/stand/lua/menu.lua projects/openssl111/stand/lua/password.lua projects/openssl111/sys/amd64/amd64/copyout.c projects/openssl111/sys/amd64/amd64/machdep.c projects/openssl111/sys/amd64/amd64/pmap.c projects/openssl111/sys/amd64/amd64/support.S projects/openssl111/sys/amd64/amd64/trap.c projects/openssl111/sys/amd64/include/pmap.h projects/openssl111/sys/amd64/include/vmm.h projects/openssl111/sys/amd64/vmm/intel/vmx.c projects/openssl111/sys/amd64/vmm/vmm.c projects/openssl111/sys/arm/conf/std.armv6 projects/openssl111/sys/arm/conf/std.armv7 projects/openssl111/sys/arm64/arm64/elf_machdep.c projects/openssl111/sys/arm64/arm64/identcpu.c projects/openssl111/sys/arm64/arm64/machdep.c projects/openssl111/sys/arm64/arm64/undefined.c projects/openssl111/sys/arm64/conf/GENERIC-MMCCAM projects/openssl111/sys/arm64/include/pte.h projects/openssl111/sys/arm64/include/undefined.h projects/openssl111/sys/cam/scsi/scsi_cd.c projects/openssl111/sys/cam/scsi/scsi_da.c projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/zfs_vfsops.h projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_queue.c projects/openssl111/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c projects/openssl111/sys/compat/freebsd32/freebsd32_ioctl.c projects/openssl111/sys/compat/freebsd32/freebsd32_ioctl.h projects/openssl111/sys/compat/freebsd32/freebsd32_syscall.h projects/openssl111/sys/compat/freebsd32/freebsd32_syscalls.c projects/openssl111/sys/compat/freebsd32/freebsd32_sysent.c projects/openssl111/sys/compat/freebsd32/syscalls.master projects/openssl111/sys/conf/files projects/openssl111/sys/conf/files.arm projects/openssl111/sys/conf/files.arm64 projects/openssl111/sys/conf/files.i386 projects/openssl111/sys/conf/files.mips projects/openssl111/sys/conf/files.powerpc projects/openssl111/sys/conf/files.riscv projects/openssl111/sys/conf/files.sparc64 projects/openssl111/sys/conf/kern.pre.mk projects/openssl111/sys/conf/newvers.sh projects/openssl111/sys/crypto/ccp/ccp.c projects/openssl111/sys/dev/aac/aac_pci.c projects/openssl111/sys/dev/aacraid/aacraid_pci.c projects/openssl111/sys/dev/adlink/adlink.c projects/openssl111/sys/dev/ae/if_ae.c projects/openssl111/sys/dev/age/if_age.c projects/openssl111/sys/dev/ahci/ahci_pci.c projects/openssl111/sys/dev/alc/if_alc.c projects/openssl111/sys/dev/ale/if_ale.c projects/openssl111/sys/dev/amdsmn/amdsmn.c projects/openssl111/sys/dev/amdtemp/amdtemp.c projects/openssl111/sys/dev/amr/amr_pci.c projects/openssl111/sys/dev/an/if_an_pci.c projects/openssl111/sys/dev/bce/if_bce.c projects/openssl111/sys/dev/bfe/if_bfe.c projects/openssl111/sys/dev/bge/if_bge.c projects/openssl111/sys/dev/bwi/if_bwi_pci.c projects/openssl111/sys/dev/bwn/if_bwn_pci.c projects/openssl111/sys/dev/bxe/bxe.c projects/openssl111/sys/dev/cas/if_cas.c projects/openssl111/sys/dev/ciss/ciss.c projects/openssl111/sys/dev/cpuctl/cpuctl.c projects/openssl111/sys/dev/cxgb/cxgb_main.c projects/openssl111/sys/dev/cxgbe/adapter.h projects/openssl111/sys/dev/cxgbe/common/common.h projects/openssl111/sys/dev/cxgbe/common/t4_hw.c projects/openssl111/sys/dev/cxgbe/firmware/t4fw_cfg.txt projects/openssl111/sys/dev/cxgbe/firmware/t5fw_cfg.txt projects/openssl111/sys/dev/cxgbe/firmware/t6fw_cfg.txt projects/openssl111/sys/dev/cxgbe/osdep.h projects/openssl111/sys/dev/cxgbe/t4_filter.c projects/openssl111/sys/dev/cxgbe/t4_l2t.c projects/openssl111/sys/dev/cxgbe/t4_l2t.h projects/openssl111/sys/dev/cxgbe/t4_main.c projects/openssl111/sys/dev/cxgbe/tom/t4_cpl_io.c projects/openssl111/sys/dev/dc/if_dc.c projects/openssl111/sys/dev/drm2/drm_os_freebsd.c projects/openssl111/sys/dev/drm2/i915/i915_drv.c projects/openssl111/sys/dev/drm2/i915/intel_ringbuffer.c projects/openssl111/sys/dev/drm2/radeon/radeon_drv.c projects/openssl111/sys/dev/e1000/if_em.c projects/openssl111/sys/dev/ed/if_ed_pci.c projects/openssl111/sys/dev/ena/ena.c projects/openssl111/sys/dev/et/if_et.c projects/openssl111/sys/dev/ffec/if_ffec.c projects/openssl111/sys/dev/fxp/if_fxp.c projects/openssl111/sys/dev/gem/if_gem_pci.c projects/openssl111/sys/dev/hwpmc/hwpmc_logging.c projects/openssl111/sys/dev/hwpmc/hwpmc_mod.c projects/openssl111/sys/dev/ichiic/ig4_iic.c projects/openssl111/sys/dev/ichiic/ig4_pci.c projects/openssl111/sys/dev/ida/ida_pci.c projects/openssl111/sys/dev/intpm/intpm.c projects/openssl111/sys/dev/ioat/ioat.c projects/openssl111/sys/dev/ipw/if_ipw.c projects/openssl111/sys/dev/iwm/if_iwm.c projects/openssl111/sys/dev/iwn/if_iwn.c projects/openssl111/sys/dev/ixgbe/if_ix.c projects/openssl111/sys/dev/ixgbe/if_ixv.c projects/openssl111/sys/dev/ixl/if_ixl.c projects/openssl111/sys/dev/ixl/if_ixlv.c projects/openssl111/sys/dev/mfi/mfi_pci.c projects/openssl111/sys/dev/mpr/mpr_pci.c projects/openssl111/sys/dev/mps/mps_pci.c projects/openssl111/sys/dev/mvs/mvs_pci.c projects/openssl111/sys/dev/my/if_my.c projects/openssl111/sys/dev/ncr/ncr.c projects/openssl111/sys/dev/ntb/ntb_hw/ntb_hw_intel.c projects/openssl111/sys/dev/oce/oce_if.c projects/openssl111/sys/dev/ofw/ofw_bus_subr.h projects/openssl111/sys/dev/pccard/pccardvar.h projects/openssl111/sys/dev/pccbb/pccbb_pci.c projects/openssl111/sys/dev/pci/pci_user.c projects/openssl111/sys/dev/pci/pcireg.h projects/openssl111/sys/dev/pci/pcivar.h projects/openssl111/sys/dev/pcn/if_pcn.c projects/openssl111/sys/dev/puc/puc_pci.c projects/openssl111/sys/dev/ral/if_ral_pci.c projects/openssl111/sys/dev/rl/if_rl.c projects/openssl111/sys/dev/sdhci/sdhci_acpi.c projects/openssl111/sys/dev/spibus/spi.h projects/openssl111/sys/dev/uart/uart_bus_pccard.c projects/openssl111/sys/dev/uart/uart_bus_pci.c projects/openssl111/sys/dev/usb/net/if_ure.c projects/openssl111/sys/dev/usb/usbdi.h projects/openssl111/sys/dev/xl/if_xl.c projects/openssl111/sys/geom/raid/tr_raid0.c projects/openssl111/sys/i386/i386/npx.c projects/openssl111/sys/i386/i386/pmap.c projects/openssl111/sys/i386/i386/trap.c projects/openssl111/sys/i386/i386/vm_machdep.c projects/openssl111/sys/i386/include/pmap.h projects/openssl111/sys/isa/isavar.h projects/openssl111/sys/kern/init_sysent.c projects/openssl111/sys/kern/kern_context.c projects/openssl111/sys/kern/kern_cpuset.c projects/openssl111/sys/kern/kern_descrip.c projects/openssl111/sys/kern/kern_malloc.c projects/openssl111/sys/kern/kern_resource.c projects/openssl111/sys/kern/link_elf.c projects/openssl111/sys/kern/subr_vmem.c projects/openssl111/sys/kern/sys_generic.c projects/openssl111/sys/kern/syscalls.c projects/openssl111/sys/kern/syscalls.master projects/openssl111/sys/kern/uipc_socket.c projects/openssl111/sys/kern/vfs_lookup.c projects/openssl111/sys/kern/vfs_syscalls.c projects/openssl111/sys/net/if.c projects/openssl111/sys/net/if_gre.c projects/openssl111/sys/net/if_tap.c projects/openssl111/sys/net/if_tun.c projects/openssl111/sys/net/if_var.h projects/openssl111/sys/net/if_vlan.c projects/openssl111/sys/net/iflib.c projects/openssl111/sys/net/iflib.h projects/openssl111/sys/netinet/in_pcb.h projects/openssl111/sys/netinet/ip_encap.h projects/openssl111/sys/netinet/ip_output.c projects/openssl111/sys/netinet/sctp_asconf.c projects/openssl111/sys/netinet/sctp_auth.c projects/openssl111/sys/netinet/sctp_auth.h projects/openssl111/sys/netinet/sctp_input.c projects/openssl111/sys/netinet/sctp_output.c projects/openssl111/sys/netinet/sctputil.c projects/openssl111/sys/netinet/siftr.c projects/openssl111/sys/netinet/tcp_hpts.c projects/openssl111/sys/netinet/tcp_input.c projects/openssl111/sys/netinet/tcp_syncache.c projects/openssl111/sys/netinet/udp_usrreq.c projects/openssl111/sys/netinet6/icmp6.c projects/openssl111/sys/netinet6/in6_pcb.c projects/openssl111/sys/netinet6/udp6_usrreq.c projects/openssl111/sys/netipsec/key.c projects/openssl111/sys/netipsec/key.h projects/openssl111/sys/netipsec/subr_ipsec.c projects/openssl111/sys/netipsec/xform.h projects/openssl111/sys/netpfil/pf/pf.c projects/openssl111/sys/opencrypto/cryptosoft.c projects/openssl111/sys/opencrypto/cryptosoft.h projects/openssl111/sys/powerpc/conf/GENERIC64 projects/openssl111/sys/powerpc/ofw/ofw_machdep.c projects/openssl111/sys/riscv/include/fpe.h projects/openssl111/sys/riscv/riscv/machdep.c projects/openssl111/sys/riscv/riscv/pmap.c projects/openssl111/sys/riscv/riscv/swtch.S projects/openssl111/sys/riscv/riscv/trap.c projects/openssl111/sys/security/audit/audit.c projects/openssl111/sys/security/audit/audit.h projects/openssl111/sys/security/audit/audit_dtrace.c projects/openssl111/sys/security/audit/audit_private.h projects/openssl111/sys/security/audit/audit_syscalls.c projects/openssl111/sys/security/audit/audit_worker.c projects/openssl111/sys/sys/_domainset.h projects/openssl111/sys/sys/malloc.h projects/openssl111/sys/sys/module.h projects/openssl111/sys/sys/pmc.h projects/openssl111/sys/sys/pmckern.h projects/openssl111/sys/sys/racct.h projects/openssl111/sys/sys/resourcevar.h projects/openssl111/sys/sys/signalvar.h projects/openssl111/sys/sys/syscall.h projects/openssl111/sys/sys/user.h projects/openssl111/sys/sys/vmmeter.h projects/openssl111/sys/ufs/ffs/ffs_softdep.c projects/openssl111/sys/ufs/ufs/ufs_quota.c projects/openssl111/sys/ufs/ufs/ufs_vfsops.c projects/openssl111/sys/ufs/ufs/ufs_vnops.c projects/openssl111/sys/vm/swap_pager.c projects/openssl111/sys/vm/uma_core.c projects/openssl111/sys/vm/vm_domainset.c projects/openssl111/sys/vm/vm_domainset.h projects/openssl111/sys/vm/vm_fault.c projects/openssl111/sys/vm/vm_glue.c projects/openssl111/sys/vm/vm_init.c projects/openssl111/sys/vm/vm_kern.c projects/openssl111/sys/vm/vm_kern.h projects/openssl111/sys/vm/vm_mmap.c projects/openssl111/sys/vm/vm_page.c projects/openssl111/sys/vm/vm_pageout.c projects/openssl111/sys/vm/vm_pagequeue.h projects/openssl111/sys/vm/vm_phys.c projects/openssl111/sys/x86/acpica/srat.c projects/openssl111/sys/x86/include/ifunc.h projects/openssl111/sys/x86/include/ucode.h projects/openssl111/sys/x86/iommu/intel_utils.c projects/openssl111/sys/x86/isa/atpic.c projects/openssl111/sys/x86/x86/ucode.c projects/openssl111/tools/build/mk/OptionalObsoleteFiles.inc projects/openssl111/usr.bin/bmake/Makefile.config projects/openssl111/usr.bin/clang/lld/ld.lld.1 projects/openssl111/usr.bin/locate/locate/Makefile projects/openssl111/usr.bin/mail/Makefile projects/openssl111/usr.bin/mandoc/Makefile projects/openssl111/usr.bin/nfsstat/nfsstat.1 projects/openssl111/usr.bin/tip/tip/Makefile projects/openssl111/usr.bin/top/top.1 projects/openssl111/usr.sbin/Makefile projects/openssl111/usr.sbin/amd/amd/Makefile projects/openssl111/usr.sbin/bsdinstall/bsdinstall.8 projects/openssl111/usr.sbin/bsdinstall/scripts/config projects/openssl111/usr.sbin/bsdinstall/scripts/hardening projects/openssl111/usr.sbin/chown/chown.c projects/openssl111/usr.sbin/cxgbetool/cxgbetool.8 projects/openssl111/usr.sbin/cxgbetool/cxgbetool.c projects/openssl111/usr.sbin/kldxref/kldxref.c projects/openssl111/usr.sbin/lpr/lpd/Makefile projects/openssl111/usr.sbin/nscd/nscd.8 projects/openssl111/usr.sbin/pmc/Makefile projects/openssl111/usr.sbin/pmccontrol/pmccontrol.c Directory Properties: projects/openssl111/ (props changed) projects/openssl111/contrib/blacklist/ (props changed) projects/openssl111/contrib/bmake/ (props changed) projects/openssl111/contrib/elftoolchain/ (props changed) projects/openssl111/contrib/libarchive/ (props changed) projects/openssl111/contrib/llvm/ (props changed) projects/openssl111/contrib/llvm/tools/clang/ (props changed) projects/openssl111/contrib/llvm/tools/lld/ (props changed) projects/openssl111/contrib/openbsm/ (props changed) projects/openssl111/crypto/openssh/ (props changed) projects/openssl111/gnu/usr.bin/binutils/ (props changed) projects/openssl111/gnu/usr.bin/gdb/ (props changed) projects/openssl111/sys/cddl/contrib/opensolaris/ (props changed) Modified: projects/openssl111/UPDATING ============================================================================== --- projects/openssl111/UPDATING Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/UPDATING Fri Oct 5 17:53:47 2018 (r339201) @@ -31,6 +31,21 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20181002: + The cam(4) based nda(4) driver will be used over nvd(4) by default on + powerpc64. You may set 'options NVME_USE_NVD=1' in your kernel conf or + loader tunable 'hw.nvme.use_nvd=1' if you wish to use the existing + driver. Make sure to edit /boot/etc/kboot.conf and fstab to use the + nda device name. + +20180913: + Reproducible build mode is now on by default, in preparation for + FreeBSD 12.0. This eliminates build metadata such as the user, + host, and time from the kernel (and uname), unless the working tree + corresponds to a modified checkout from a version control system. + The previous behavior can be obtained by setting the /etc/src.conf + knob WITHOUT_REPRODUCIBLE_BUILD. + 20180826: The Yarrow CSPRNG has been removed from the kernel as it has not been supported by its designers since at least 2003. Fortuna has been the @@ -170,6 +185,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: need to be rebuilt. r335018 did a __FreeBSD_version bump for this. 20180530: + As of r334391 lld is the default amd64 system linker; it is installed + as /usr/bin/ld. Kernel build workarounds (see 20180510 entry) are no + longer necessary. + +20180530: The kernel / userland interface for devinfo changed, so you'll need a new kernel and userland as a pair for it to work (rebuilding lib/libdevinfo is all that's required). devinfo and devmatch will @@ -195,6 +215,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: way requires LD=ld.lld on the command line (or LD=/usr/local/bin/ld for binutils port/package). lld will soon be default, and this requirement will go away. + + NOTE: As of r334391 lld is the default system linker on amd64, and no + workaround is necessary. 20180508: The nxge(4) driver has been removed. This driver was for PCI-X 10g Modified: projects/openssl111/contrib/blacklist/bin/blacklistd.8 ============================================================================== --- projects/openssl111/contrib/blacklist/bin/blacklistd.8 Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/blacklist/bin/blacklistd.8 Fri Oct 5 17:53:47 2018 (r339201) @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 7, 2016 +.Dd October 5, 2018 .Dt BLACKLISTD 8 .Os .Sh NAME @@ -178,7 +178,7 @@ Specify the default rule name for the packet filter ru .It Fl r Re-read the firewall rules from the internal database, then remove and re-add them. -This helps for packet filters that don't retain state across reboots. +This helps for packet filters that do not retain state across reboots. .It Fl s Ar sockpath Add .Ar sockpath @@ -197,6 +197,27 @@ diagnostic messages to .Dv stdout instead of .Xr syslogd 8 . +.El +.Sh SIGNAL HANDLING +.Nm +deals with the following signals: +.Bl -tag -width "USR2" +.It HUP +Receipt of this signal causes +.Nm +to re-read the configuration file. +.It INT, TERM & QUIT +These signals tell +.Nm +to exit in an orderly fashion. +.It USR1 +This signal tells +.Nm +to increase the internal debugging level by 1. +.It USR2 +This signal tells +.Nm +to decrease the internal debugging level by 1. .El .Sh FILES .Bl -tag -width /usr/libexec/blacklistd-helper -compact Modified: projects/openssl111/contrib/bmake/make.1 ============================================================================== --- projects/openssl111/contrib/bmake/make.1 Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/bmake/make.1 Fri Oct 5 17:53:47 2018 (r339201) @@ -29,7 +29,7 @@ .\" .\" from: @(#)make.1 8.4 (Berkeley) 3/19/94 .\" -.Dd June 22, 2017 +.Dd September 27, 2018 .Dt MAKE 1 .Os .Sh NAME @@ -796,7 +796,7 @@ Tells whether to pass the descriptors of the job token queue even if the target is not tagged with .Ic .MAKE -The default is +The default is .Ql Pa yes for backwards compatability with .Fx 9.0 @@ -2385,7 +2385,8 @@ Basic use of suffix rules (for files only in the curre not trying to chain transformations together, etc.) is also reasonably portable. .Sh SEE ALSO -.Xr mkdep 1 +.Xr mkdep 1 , +.Xr style.Makefile 5 .Sh HISTORY A .Nm Modified: projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c ============================================================================== --- projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/elftoolchain/libelf/gelf_mips64el.c Fri Oct 5 17:53:47 2018 (r339201) @@ -34,8 +34,9 @@ int _libelf_is_mips64el(Elf *e) { - return (e->e_kind == ELF_K_ELF && e->e_byteorder == ELFDATA2LSB && - e->e_u.e_elf.e_ehdr.e_ehdr64->e_machine == EM_MIPS); + return (e->e_kind == ELF_K_ELF && + e->e_u.e_elf.e_ehdr.e_ehdr64->e_machine == EM_MIPS && + e->e_u.e_elf.e_ehdr.e_ehdr64->e_ident[EI_DATA] == ELFDATA2LSB); } /* Modified: projects/openssl111/contrib/libarchive/README.md ============================================================================== --- projects/openssl111/contrib/libarchive/README.md Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/README.md Fri Oct 5 17:53:47 2018 (r339201) @@ -78,7 +78,6 @@ Currently, the library automatically detects and reads * POSIX pax interchange format * POSIX octet-oriented cpio * SVR4 ASCII cpio - * POSIX octet-oriented cpio * Binary cpio (big-endian or little-endian) * ISO9660 CD-ROM images (with optional Rockridge or Joliet extensions) * ZIP archives (with uncompressed or "deflate" compressed entries, including support for encrypted Zip archives) Modified: projects/openssl111/contrib/libarchive/libarchive/archive_acl.c ============================================================================== --- projects/openssl111/contrib/libarchive/libarchive/archive_acl.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/libarchive/archive_acl.c Fri Oct 5 17:53:47 2018 (r339201) @@ -2058,6 +2058,12 @@ next_field(const char **p, const char **start, } *sep = **p; + /* If the field is only whitespace, bail out now. */ + if (**p == '\0') { + *end = *p; + return; + } + /* Trim trailing whitespace to locate end of field. */ *end = *p - 1; while (**end == ' ' || **end == '\t' || **end == '\n') { Modified: projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c ============================================================================== --- projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/libarchive/archive_cryptor.c Fri Oct 5 17:53:47 2018 (r339201) @@ -316,7 +316,14 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *k memcpy(ctx->key, key, key_len); memset(ctx->nonce, 0, sizeof(ctx->nonce)); ctx->encr_pos = AES_BLOCK_SIZE; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (!EVP_CIPHER_CTX_reset(ctx->ctx)) { + EVP_CIPHER_CTX_free(ctx->ctx); + ctx->ctx = NULL; + } +#else EVP_CIPHER_CTX_init(ctx->ctx); +#endif return 0; } Modified: projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c ============================================================================== --- projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_ar.c Fri Oct 5 17:53:47 2018 (r339201) @@ -459,6 +459,7 @@ ar_parse_common_header(struct ar *ar, struct archive_e uint64_t n; /* Copy remaining header */ + archive_entry_set_filetype(entry, AE_IFREG); archive_entry_set_mtime(entry, (time_t)ar_atol10(h + AR_date_offset, AR_date_size), 0L); archive_entry_set_uid(entry, Modified: projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c ============================================================================== --- projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/libarchive/archive_read_support_format_zip.c Fri Oct 5 17:53:47 2018 (r339201) @@ -2708,6 +2708,11 @@ slurp_central_directory(struct archive_read *a, struct return ARCHIVE_FATAL; zip_entry = calloc(1, sizeof(struct zip_entry)); + if (zip_entry == NULL) { + archive_set_error(&a->archive, ENOMEM, + "Can't allocate zip entry"); + return ARCHIVE_FATAL; + } zip_entry->next = zip->zip_entries; zip_entry->flags |= LA_FROM_CENTRAL_DIRECTORY; zip->zip_entries = zip_entry; Modified: projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c ============================================================================== --- projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/libarchive/test/test_sparse_basic.c Fri Oct 5 17:53:47 2018 (r339201) @@ -422,6 +422,7 @@ verify_sparse_file(struct archive *a, const char *path assert(sparse->type == END); assertEqualInt(expected_offset, archive_entry_size(ae)); + failure(path); assertEqualInt(holes_seen, expected_holes); assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); @@ -457,6 +458,7 @@ verify_sparse_file2(struct archive *a, const char *pat /* Verify the number of holes only, not its offset nor its * length because those alignments are deeply dependence on * its filesystem. */ + failure(path); assertEqualInt(blocks, archive_entry_sparse_count(ae)); archive_entry_free(ae); } Modified: projects/openssl111/contrib/libarchive/test_utils/test_main.c ============================================================================== --- projects/openssl111/contrib/libarchive/test_utils/test_main.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/libarchive/test_utils/test_main.c Fri Oct 5 17:53:47 2018 (r339201) @@ -2166,7 +2166,7 @@ void assertVersion(const char *prog, const char *base) /* Skip arbitrary third-party version numbers. */ while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || - isalnum(*q))) { + isalnum((unsigned char)*q))) { ++q; --s; } Modified: projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp ============================================================================== --- projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/lib/CodeGen/BranchFolding.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -884,11 +884,12 @@ void BranchFolder::mergeCommonTails(unsigned commonTai if (UpdateLiveIns) { LivePhysRegs NewLiveIns(*TRI); computeLiveIns(NewLiveIns, *MBB); + LiveRegs.init(*TRI); // The flag merging may lead to some register uses no longer using the // flag, add IMPLICIT_DEFs in the predecessors as necessary. for (MachineBasicBlock *Pred : MBB->predecessors()) { - LiveRegs.init(*TRI); + LiveRegs.clear(); LiveRegs.addLiveOuts(*Pred); MachineBasicBlock::iterator InsertBefore = Pred->getFirstTerminator(); for (unsigned Reg : NewLiveIns) { Modified: projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp ============================================================================== --- projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CGExprAgg.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -14,6 +14,7 @@ #include "CodeGenFunction.h" #include "CGObjCRuntime.h" #include "CodeGenModule.h" +#include "ConstantEmitter.h" #include "clang/AST/ASTContext.h" #include "clang/AST/DeclCXX.h" #include "clang/AST/DeclTemplate.h" @@ -85,7 +86,7 @@ class AggExprEmitter : public StmtVisitorgetNumInits(); uint64_t NumArrayElements = AType->getNumElements(); assert(NumInitElements <= NumArrayElements); + QualType elementType = + CGF.getContext().getAsArrayType(ArrayQTy)->getElementType(); + // DestPtr is an array*. Construct an elementType* by drilling // down a level. llvm::Value *zero = llvm::ConstantInt::get(CGF.SizeTy, 0); @@ -409,6 +413,29 @@ void AggExprEmitter::EmitArrayInit(Address DestPtr, ll CharUnits elementAlign = DestPtr.getAlignment().alignmentOfArrayElement(elementSize); + // Consider initializing the array by copying from a global. For this to be + // more efficient than per-element initialization, the size of the elements + // with explicit initializers should be large enough. + if (NumInitElements * elementSize.getQuantity() > 16 && + elementType.isTriviallyCopyableType(CGF.getContext())) { + CodeGen::CodeGenModule &CGM = CGF.CGM; + ConstantEmitter Emitter(CGM); + LangAS AS = ArrayQTy.getAddressSpace(); + if (llvm::Constant *C = Emitter.tryEmitForInitializer(E, AS, ArrayQTy)) { + auto GV = new llvm::GlobalVariable( + CGM.getModule(), C->getType(), + CGM.isTypeConstant(ArrayQTy, /* ExcludeCtorDtor= */ true), + llvm::GlobalValue::PrivateLinkage, C, "constinit", + /* InsertBefore= */ nullptr, llvm::GlobalVariable::NotThreadLocal, + CGM.getContext().getTargetAddressSpace(AS)); + Emitter.finalize(GV); + CharUnits Align = CGM.getContext().getTypeAlignInChars(ArrayQTy); + GV->setAlignment(Align.getQuantity()); + EmitFinalDestCopy(ArrayQTy, CGF.MakeAddrLValue(GV, ArrayQTy, Align)); + return; + } + } + // Exception safety requires us to destroy all the // already-constructed members if an initializer throws. // For that, we'll need an EH cleanup. @@ -1156,11 +1183,8 @@ void AggExprEmitter::VisitInitListExpr(InitListExpr *E // Handle initialization of an array. if (E->getType()->isArrayType()) { - QualType elementType = - CGF.getContext().getAsArrayType(E->getType())->getElementType(); - auto AType = cast(Dest.getAddress().getElementType()); - EmitArrayInit(Dest.getAddress(), AType, elementType, E); + EmitArrayInit(Dest.getAddress(), AType, E->getType(), E); return; } Modified: projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp ============================================================================== --- projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/clang/lib/CodeGen/CodeGenModule.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -321,8 +321,6 @@ void CodeGenModule::checkAliases() { assert(FTy); if (!FTy->getReturnType()->isPointerTy()) Diags.Report(Location, diag::err_ifunc_resolver_return); - if (FTy->getNumParams()) - Diags.Report(Location, diag::err_ifunc_resolver_params); } llvm::Constant *Aliasee = Alias->getIndirectSymbol(); Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h ============================================================================== --- projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/lld/ELF/Config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -156,6 +156,7 @@ struct Configuration { bool ZExecstack; bool ZHazardplt; bool ZIfuncnoplt; + bool ZInterpose; bool ZNocopyreloc; bool ZNodelete; bool ZNodlopen; Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp ============================================================================== --- projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/lld/ELF/Driver.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -670,6 +670,7 @@ void LinkerDriver::readConfigs(opt::InputArgList &Args Config->ZExecstack = hasZOption(Args, "execstack"); Config->ZHazardplt = hasZOption(Args, "hazardplt"); Config->ZIfuncnoplt = hasZOption(Args, "ifunc-noplt"); + Config->ZInterpose = hasZOption(Args, "interpose"); Config->ZNocopyreloc = hasZOption(Args, "nocopyreloc"); Config->ZNodelete = hasZOption(Args, "nodelete"); Config->ZNodlopen = hasZOption(Args, "nodlopen"); Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp ============================================================================== --- projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/lld/ELF/SyntheticSections.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -1034,6 +1034,8 @@ template void DynamicSection::final uint32_t DtFlags1 = 0; if (Config->Bsymbolic) DtFlags |= DF_SYMBOLIC; + if (Config->ZInterpose) + DtFlags1 |= DF_1_INTERPOSE; if (Config->ZNodelete) DtFlags1 |= DF_1_NODELETE; if (Config->ZNodlopen) Modified: projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp ============================================================================== --- projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/llvm/tools/lld/ELF/Writer.cpp Fri Oct 5 17:53:47 2018 (r339201) @@ -487,7 +487,7 @@ template void Writer::run() { static bool shouldKeepInSymtab(SectionBase *Sec, StringRef SymName, const Symbol &B) { - if (B.isFile() || B.isSection()) + if (B.isSection()) return false; // If sym references a section in a discarded group, don't keep it. Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h ============================================================================== --- projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/openbsm/bin/auditdistd/auditdistd.h Fri Oct 5 17:53:47 2018 (r339201) @@ -248,6 +248,21 @@ struct adrep { if (_wakeup) \ cv_signal(list##_cond); \ } while (0) +#define QUEUE_CONCAT2(tolist, fromlist1, fromlist2) do { \ + bool _wakeup; \ + \ + mtx_lock(tolist##_lock); \ + _wakeup = TAILQ_EMPTY(tolist); \ + mtx_lock(fromlist1##_lock); \ + TAILQ_CONCAT((tolist), (fromlist1), adr_next); \ + mtx_unlock(fromlist1##_lock); \ + mtx_lock(fromlist2##_lock); \ + TAILQ_CONCAT((tolist), (fromlist2), adr_next); \ + mtx_unlock(fromlist2##_lock); \ + mtx_unlock(tolist##_lock); \ + if (_wakeup) \ + cv_signal(tolist##_cond); \ +} while (0) #define QUEUE_WAIT(list) do { \ mtx_lock(list##_lock); \ while (TAILQ_EMPTY(list)) \ Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c ============================================================================== --- projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/openbsm/bin/auditdistd/receiver.c Fri Oct 5 17:53:47 2018 (r339201) @@ -140,7 +140,7 @@ static void adreq_decode_and_validate_header(struct adreq *adreq) { - /* Byte-swap only is the sender is using different byte order. */ + /* Byte-swap only if the sender is using different byte order. */ if (adreq->adr_byteorder != ADIST_BYTEORDER) { adreq->adr_byteorder = ADIST_BYTEORDER; adreq->adr_seq = bswap64(adreq->adr_seq); Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c ============================================================================== --- projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/openbsm/bin/auditdistd/sender.c Fri Oct 5 17:53:47 2018 (r339201) @@ -342,14 +342,7 @@ sender_disconnect(void) pjdlog_warning("Disconnected from %s.", adhost->adh_remoteaddr); /* Move all in-flight requests back onto free list. */ - mtx_lock(&adist_free_list_lock); - mtx_lock(&adist_send_list_lock); - TAILQ_CONCAT(&adist_free_list, &adist_send_list, adr_next); - mtx_unlock(&adist_send_list_lock); - mtx_lock(&adist_recv_list_lock); - TAILQ_CONCAT(&adist_free_list, &adist_recv_list, adr_next); - mtx_unlock(&adist_recv_list_lock); - mtx_unlock(&adist_free_list_lock); + QUEUE_CONCAT2(&adist_free_list, &adist_send_list, &adist_recv_list); } static void @@ -519,9 +512,6 @@ keepalive_send(void) pjdlog_debug(3, "keepalive_send: Request sent."); } -/* - * Thread sends request to secondary node. - */ static void * send_thread(void *arg __unused) { @@ -581,7 +571,7 @@ static void adrep_decode_header(struct adrep *adrep) { - /* Byte-swap only is the receiver is using different byte order. */ + /* Byte-swap only if the receiver is using different byte order. */ if (adrep->adrp_byteorder != ADIST_BYTEORDER) { adrep->adrp_byteorder = ADIST_BYTEORDER; adrep->adrp_seq = bswap64(adrep->adrp_seq); @@ -589,10 +579,6 @@ adrep_decode_header(struct adrep *adrep) } } -/* - * Thread receives answer from secondary node and passes it to ggate_send - * thread. - */ static void * recv_thread(void *arg __unused) { @@ -609,9 +595,13 @@ recv_thread(void *arg __unused) if (adhost->adh_remote == NULL) { /* * Connection is dead. - * XXX: We shouldn't be here. + * There is a short race in sender_disconnect() between + * setting adh_remote to NULL and removing entries from + * the recv list, which can result in us being here. + * To avoid just spinning, wait for 0.1s. */ rw_unlock(&adist_remote_lock); + usleep(100000); continue; } if (proto_recv(adhost->adh_remote, &adrep, Modified: projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c ============================================================================== --- projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/contrib/openbsm/bin/auditdistd/trail.c Fri Oct 5 17:53:47 2018 (r339201) @@ -361,17 +361,38 @@ again: pjdlog_debug(1, "No new trail files."); return; } - PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile, - sizeof(trail->tr_filename)) < sizeof(trail->tr_filename)); dfd = dirfd(trail->tr_dirfp); PJDLOG_ASSERT(dfd >= 0); - trail->tr_filefd = openat(dfd, trail->tr_filename, O_RDONLY); + trail->tr_filefd = openat(dfd, curfile, O_RDONLY); if (trail->tr_filefd == -1) { - pjdlog_errno(LOG_ERR, - "Unable to open file \"%s/%s\", skipping", - trail->tr_dirname, trail->tr_filename); + if (errno == ENOENT && trail_is_not_terminated(curfile)) { + /* + * The .not_terminated file was most likely renamed. + * Keep trail->tr_filename as a starting point and + * search again. + */ + pjdlog_debug(1, + "Unable to open \"%s/%s\", most likely renamed in the meantime, retrying.", + trail->tr_dirname, curfile); + } else { + /* + * We were unable to open the file, but not because of + * the above. This shouldn't happen, but it did. + * We don't know why it happen, so the best we can do + * is to just skip this file - this is why we copy the + * name, so we can start and the next entry. + */ + PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile, + sizeof(trail->tr_filename)) < + sizeof(trail->tr_filename)); + pjdlog_errno(LOG_ERR, + "Unable to open file \"%s/%s\", skipping", + trail->tr_dirname, curfile); + } goto again; } + PJDLOG_VERIFY(strlcpy(trail->tr_filename, curfile, + sizeof(trail->tr_filename)) < sizeof(trail->tr_filename)); pjdlog_debug(1, "Found next trail file: \"%s/%s\".", trail->tr_dirname, trail->tr_filename); } Modified: projects/openssl111/etc/Makefile ============================================================================== --- projects/openssl111/etc/Makefile Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/etc/Makefile Fri Oct 5 17:53:47 2018 (r339201) @@ -13,57 +13,18 @@ SUBDIR+=sendmail .endif BIN1= \ - dhclient.conf \ - disktab \ group \ - hosts \ - hosts.allow \ - hosts.equiv \ - libalias.conf \ - libmap.conf \ login.access \ - mac.conf \ - netconfig \ - networks \ - nsswitch.conf \ - phones \ - protocols \ rc.bsdextended \ rc.firewall \ - remote \ - rpc \ termcap.small # NB: keep these sorted by MK_* knobs -.if ${MK_AMD} != "no" -BIN1+= amd.map -.endif - -.if ${MK_LOCATE} != "no" -BIN1+= ${SRCTOP}/usr.bin/locate/locate/locate.rc -.endif - -.if ${MK_LPR} != "no" -BIN1+= hosts.lpd printcap -.endif - -.if ${MK_MAIL} != "no" -BIN1+= ${SRCTOP}/usr.bin/mail/misc/mail.rc -.endif - -.if ${MK_OPENSSL} != "no" -SSL= ${SRCTOP}/crypto/openssl/apps/openssl.cnf -.endif - .if ${MK_SENDMAIL} != "no" BIN1+= rc.sendmail .endif -.if ${MK_WIRELESS} != "no" -BIN1+= regdomain.xml -.endif - .if ${MK_SENDMAIL} == "no" ETCMAIL=mailer.conf aliases .else @@ -104,7 +65,7 @@ distribution: ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${BIN1} ${DESTDIR}/etc; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ - master.passwd nsmb.conf opieaccess ${DESTDIR}/etc; + master.passwd ${DESTDIR}/etc; .if ${MK_TCSH} == "no" sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd @@ -129,10 +90,6 @@ distribution: .if ${MK_SENDMAIL} != "no" ${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution .endif -.if ${MK_OPENSSL} != "no" - cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ - ${SSL} ${DESTDIR}/etc/ssl -.endif .if ${MK_KERBEROS} != "no" cd ${.CURDIR}/root; \ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ @@ -160,10 +117,6 @@ distribution: ${DESTDIR}/boot/device.hints .endif .endif -.if ${MK_NIS} == "no" - sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \ - ${DESTDIR}/etc/nsswitch.conf -.endif MTREE_CMD?= mtree @@ -244,7 +197,7 @@ distrib-dirs: ${MTREES:N/*} distrib-cleanup .PHONY etc-examples: ${META_DEPS} cd ${.CURDIR}; ${INSTALL} ${TAG_ARGS} -o ${BINOWN} -g ${BINGRP} -m 444 \ - ${BIN1} ${BIN2} nsmb.conf opieaccess \ + ${BIN1} ${BIN2} \ ${DESTDIR}${SHAREDIR}/examples/etc .include Modified: projects/openssl111/gnu/usr.bin/binutils/as/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/binutils/as/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/binutils/as/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -69,7 +69,7 @@ /* #undef HAVE_REMOVE */ /* Define to 1 if you have the `sbrk' function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define to 1 if you have the header file. */ #define HAVE_STDARG_H 1 Modified: projects/openssl111/gnu/usr.bin/binutils/ld/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/binutils/ld/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/binutils/ld/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -65,7 +65,7 @@ #define HAVE_REALPATH 1 /* Define to 1 if you have the `sbrk' function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 Modified: projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/binutils/libbinutils/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -104,7 +104,7 @@ #define HAVE_MKSTEMP 1 /* Define to 1 if you have the `sbrk' function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define to 1 if you have the `setmode' function. */ #define HAVE_SETMODE 1 Modified: projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/binutils/libiberty/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -188,7 +188,7 @@ #define HAVE_RINDEX 1 /* Define to 1 if you have the `sbrk' function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define to 1 if you have the `setenv' function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/cc/libiberty/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/cc/libiberty/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/cc/libiberty/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -187,7 +187,7 @@ #define HAVE_RINDEX 1 /* Define to 1 if you have the `sbrk' function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define to 1 if you have the `setenv' function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/amd64/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/arm/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -239,7 +239,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/i386/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/mips/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/powerpc/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/powerpc64/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h ============================================================================== --- projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/gnu/usr.bin/gdb/arch/sparc64/config.h Fri Oct 5 17:53:47 2018 (r339201) @@ -227,7 +227,7 @@ #define HAVE_REALPATH 1 /* Define if you have the sbrk function. */ -#define HAVE_SBRK 1 +/* #undef HAVE_SBRK */ /* Define if you have the setenv function. */ #define HAVE_SETENV 1 Modified: projects/openssl111/include/limits.h ============================================================================== --- projects/openssl111/include/limits.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/include/limits.h Fri Oct 5 17:53:47 2018 (r339201) @@ -122,7 +122,7 @@ #endif #if __XSI_VISIBLE || __POSIX_VISIBLE >= 200809 -#define NL_ARGMAX 65536 /* max # of position args for printf */ +#define NL_ARGMAX 4096 /* max # of position args for printf */ #define NL_MSGMAX 32767 #define NL_SETMAX 255 #define NL_TEXTMAX 2048 Modified: projects/openssl111/include/time.h ============================================================================== --- projects/openssl111/include/time.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/include/time.h Fri Oct 5 17:53:47 2018 (r339201) @@ -207,9 +207,13 @@ time_t posix2time(time_t t); #include #endif +#if defined(__BSD_VISIBLE) || __ISO_C_VISIBLE >= 2011 || \ + (defined(cplusplus) && cplusplus >= 201703) +#include /* ISO/IEC 9899:201x 7.27.2.5 The timespec_get function */ #define TIME_UTC 1 /* time elapsed since epoch */ int timespec_get(struct timespec *ts, int base); +#endif __END_DECLS Modified: projects/openssl111/lib/Makefile ============================================================================== --- projects/openssl111/lib/Makefile Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/Makefile Fri Oct 5 17:53:47 2018 (r339201) @@ -70,6 +70,8 @@ SUBDIR= ${SUBDIR_BOOTSTRAP} \ libpathconv \ libpcap \ libpjdlog \ + libpmc \ + libpmcstat \ ${_libproc} \ libprocstat \ libregex \ @@ -198,9 +200,6 @@ _libdl= libdl .endif SUBDIR.${MK_OPENSSL}+= libmp -.if (${COMPILER_TYPE} == "clang" || (${COMPILER_TYPE} == "gcc" && ${COMPILER_VERSION} >= 60100 && ${MACHINE_CPUARCH} != "riscv")) -SUBDIR.${MK_PMC}+= libpmc libpmcstat -.endif SUBDIR.${MK_RADIUS_SUPPORT}+= libradius SUBDIR.${MK_SENDMAIL}+= libmilter libsm libsmdb libsmutil SUBDIR.${MK_TELNET}+= libtelnet Modified: projects/openssl111/lib/clang/freebsd_cc_version.h ============================================================================== --- projects/openssl111/lib/clang/freebsd_cc_version.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/clang/freebsd_cc_version.h Fri Oct 5 17:53:47 2018 (r339201) @@ -1,3 +1,3 @@ /* $FreeBSD$ */ -#define FREEBSD_CC_VERSION 1200015 +#define FREEBSD_CC_VERSION 1200016 Modified: projects/openssl111/lib/csu/arm/crt1.c ============================================================================== --- projects/openssl111/lib/csu/arm/crt1.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/csu/arm/crt1.c Fri Oct 5 17:53:47 2018 (r339201) @@ -44,6 +44,8 @@ #include __FBSDID("$FreeBSD$"); +#include +#include #include #include "libc_private.h" @@ -120,7 +122,7 @@ static const struct { } archtag __attribute__ ((section (NOTE_SECTION), aligned(4))) __used = { .namesz = sizeof(NOTE_FREEBSD_VENDOR), .descsz = sizeof(MACHINE_ARCH), - .type = ARCH_NOTETYPE, + .type = NT_FREEBSD_ARCH_TAG, .name = NOTE_FREEBSD_VENDOR, .desc = MACHINE_ARCH }; Modified: projects/openssl111/lib/csu/common/crtbrand.c ============================================================================== --- projects/openssl111/lib/csu/common/crtbrand.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/csu/common/crtbrand.c Fri Oct 5 17:53:47 2018 (r339201) @@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include "notes.h" /* @@ -62,7 +63,7 @@ static const struct { } abitag __attribute__ ((section (NOTE_SECTION), aligned(4))) __used = { .namesz = sizeof(NOTE_FREEBSD_VENDOR), .descsz = sizeof(int32_t), - .type = ABI_NOTETYPE, + .type = NT_FREEBSD_ABI_TAG, .name = NOTE_FREEBSD_VENDOR, .desc = __FreeBSD_version }; Modified: projects/openssl111/lib/csu/common/ignore_init.c ============================================================================== --- projects/openssl111/lib/csu/common/ignore_init.c Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/csu/common/ignore_init.c Fri Oct 5 17:53:47 2018 (r339201) @@ -28,6 +28,8 @@ #include __FBSDID("$FreeBSD$"); +#include +#include #include "notes.h" extern int main(int, char **, char **); @@ -114,7 +116,7 @@ static const struct { aligned(4))) __used = { .namesz = sizeof(NOTE_FREEBSD_VENDOR), .descsz = sizeof(uint32_t), - .type = CRT_NOINIT_NOTETYPE, + .type = NT_FREEBSD_NOINIT_TAG, .name = NOTE_FREEBSD_VENDOR, .desc = 0 }; Modified: projects/openssl111/lib/csu/common/notes.h ============================================================================== --- projects/openssl111/lib/csu/common/notes.h Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/csu/common/notes.h Fri Oct 5 17:53:47 2018 (r339201) @@ -34,8 +34,4 @@ #define NOTE_SECTION ".note.tag" -#define ABI_NOTETYPE 1 -#define CRT_NOINIT_NOTETYPE 2 -#define ARCH_NOTETYPE 3 - #endif Modified: projects/openssl111/lib/lib80211/Makefile ============================================================================== --- projects/openssl111/lib/lib80211/Makefile Fri Oct 5 17:07:10 2018 (r339200) +++ projects/openssl111/lib/lib80211/Makefile Fri Oct 5 17:53:47 2018 (r339201) @@ -1,5 +1,6 @@ # $FreeBSD$ +CONFS= regdomain.xml PACKAGE=lib${LIB} LIB= 80211 SHLIBDIR?= /lib Copied: projects/openssl111/lib/lib80211/regdomain.xml (from r339200, head/lib/lib80211/regdomain.xml) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/openssl111/lib/lib80211/regdomain.xml Fri Oct 5 17:53:47 2018 (r339201, copy of r339200, head/lib/lib80211/regdomain.xml) @@ -0,0 +1,1943 @@ + + + + + + + + + + + DEBUG + 0x1ff + + + + FCC + 0x10 + + + + + 30 + IEEE80211_CHAN_B + + + + + + 30 + IEEE80211_CHAN_G + + + + + + 17 + + + + 23 + + + + 23 + IEEE80211_CHAN_PASSIVE + + + + + + 30 + IEEE80211_CHAN_G + IEEE80211_CHAN_HT20 + + + + 30 + IEEE80211_CHAN_G + IEEE80211_CHAN_HT40 + + + + + + 17 + IEEE80211_CHAN_HT20 + + + + 17 + IEEE80211_CHAN_HT40 + + + + 23 *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@freebsd.org Fri Oct 5 20:49:55 2018 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DDAD10B64FC for ; Fri, 5 Oct 2018 20:49:55 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D507A706F3; Fri, 5 Oct 2018 20:49:54 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF68F1A69B; Fri, 5 Oct 2018 20:49:54 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w95KnsE5097249; Fri, 5 Oct 2018 20:49:54 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w95KnsGY097248; Fri, 5 Oct 2018 20:49:54 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201810052049.w95KnsGY097248@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 5 Oct 2018 20:49:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r339209 - projects/openssl111/secure/lib/libcrypto X-SVN-Group: projects X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: projects/openssl111/secure/lib/libcrypto X-SVN-Commit-Revision: 339209 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 20:49:55 -0000 Author: emaste Date: Fri Oct 5 20:49:54 2018 New Revision: 339209 URL: https://svnweb.freebsd.org/changeset/base/339209 Log: libcrypto: have buildinf.h depend on Makefile So that it will be regenerated after Makefile changes affecting the file's content - specifically, the OpenSSL 1.1.1 update adds a DATE macro which did not exist previously. Sponsored by: The FreeBSD Foundation Modified: projects/openssl111/secure/lib/libcrypto/Makefile Modified: projects/openssl111/secure/lib/libcrypto/Makefile ============================================================================== --- projects/openssl111/secure/lib/libcrypto/Makefile Fri Oct 5 20:35:43 2018 (r339208) +++ projects/openssl111/secure/lib/libcrypto/Makefile Fri Oct 5 20:49:54 2018 (r339209) @@ -430,7 +430,7 @@ SRCS+= buildinf.h CLEANDIRS= openssl CLEANFILES= buildinf.h opensslconf.h opensslconf.h.tmp -buildinf.h: +buildinf.h: Makefile ( echo "/*"; \ echo " * WARNING: do not edit!"; \ echo " * Generated by ${.ALLSRC}"; \