From nobody Tue Oct 24 18:57:29 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFLsW4G9Mz4yMwq; Tue, 24 Oct 2023 18:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFLsW2hcwz4GBb; Tue, 24 Oct 2023 18:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698173855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ci3vnsEI32+6E6kuKxFvBa6yxAucc3epa9aEJXMcLV8=; b=AqkCVDweI7F5TJyx4qneU+qaDmPTlhWO33sntoEc/g8kwsx7SZKwnv3yv4N/DJnirfmyUA aabi5NNbeX1yRvLwP7t5H7ckeLJqzwL8NO0u2Uz0lkGr62vXDheQnDNXnvdPtoYRuuGXw4 A9fWsuOqWq69FokM9vxnPaBFzOxI0zcdXvSAwydX0w+jTeSg94IRU2T92886H6KRcBUXnv r4SL8tYCIWXe4+MkY30BjoAyXkYq8LYhmVj6FP6w4ak+djSLXreFaNL7DFB3GUDVMZPOGo 3lQ6ImvAemtr41tRq9n9StaijwydVcOMHliucMtvhazQ2MDNjmpwSMe2gg5MMQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698173855; a=rsa-sha256; cv=none; b=lEROVald68pJip+DsK1qaMhtxGnNrtbPvGrN2xMsdpts8Doj0Viavr7FFpjSAZMfv5QDNY EqEhp4rfuPrnoyTuwmx7lKVfHAigU8MHeh2Jp9PiJG0OOXgSapjpTQNKFa7R7ZynmU8884 cu1grNxD77gwBWw4taB/VmfF8HtS2KKwoSr+lwUt2xoSRemsg0n7H5HH+Ww4AZa+ZEKzL/ bnbvYlX9dzOO/TznQ8h7yYEzm8KZQ5Z8k4QsOvvkMq+RSgx4qW8GFxmiYIF3IZKAvuPfaD 31b32JlQCb8np3qjw8UR6BfL5GhOem1/QesjxXLPcpKmJGqM9Je2LIdhrWubCA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698173855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ci3vnsEI32+6E6kuKxFvBa6yxAucc3epa9aEJXMcLV8=; b=Fe1FyTF41Q5hfJfghSTMD9+40DyMh/aYPjfW3feD/q1FcerK3GORKVcaHo69UqvoXN9w2E JxRXUX0UDVQ2uVzgMSaGf+u2wpxXBoTbYNVMGrO+dCNFtSltUAhVhNSXlCkd92WK+vswVa +kV6C7ADHB8V7nCufFNBJF1uGVawvNRpp32mRC3veSHqNcnteir+gPMxubIxttQsA67R5H 7Sr2+F2wXiqQFnvxRvZpMjBRDJCxmopoYUKDw9hyuCzdB7GCaTMXX8T5maWAWvKPhyqaM0 M/cZ3mlubJCu5GA/rN0TjaKKeEo57iEDfVzITgr5yMB8wpV4/W2yTEcJL+xFIQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SFLsW1mGHzZ7d; Tue, 24 Oct 2023 18:57:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 39OIvZSC022650; Tue, 24 Oct 2023 18:57:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 39OIvT7X022637; Tue, 24 Oct 2023 18:57:29 GMT (envelope-from git) Date: Tue, 24 Oct 2023 18:57:29 GMT Message-Id: <202310241857.39OIvT7X022637@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: ad991e4c142e - main - OpenSSL: update to 3.0.12 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ad991e4c142ebabad7aef488ad97b189ecabb270 Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ad991e4c142ebabad7aef488ad97b189ecabb270 commit ad991e4c142ebabad7aef488ad97b189ecabb270 Merge: 6869f90bf5bb 825caf7e1244 Author: Ed Maste AuthorDate: 2023-10-24 18:55:56 +0000 Commit: Ed Maste CommitDate: 2023-10-24 18:55:56 +0000 OpenSSL: update to 3.0.12 OpenSSL 3.0.12 addresses: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Relnotes: Yes Sponsored by: The FreeBSD Foundation crypto/openssl/CHANGES.md | 9 +++ crypto/openssl/INSTALL.md | 4 +- crypto/openssl/NEWS.md | 6 ++ crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/dgst.c | 2 + crypto/openssl/apps/dhparam.c | 4 +- crypto/openssl/apps/dsaparam.c | 4 +- crypto/openssl/apps/enc.c | 5 +- crypto/openssl/apps/gendsa.c | 4 +- crypto/openssl/apps/genpkey.c | 4 +- crypto/openssl/apps/genrsa.c | 4 +- crypto/openssl/apps/lib/apps.c | 16 ++++-- crypto/openssl/apps/req.c | 2 + crypto/openssl/apps/speed.c | 3 +- crypto/openssl/crypto/aes/asm/aesv8-armx.pl | 3 + crypto/openssl/crypto/arm_arch.h | 7 +-- crypto/openssl/crypto/bn/bn_gcd.c | 8 +-- crypto/openssl/crypto/build.info | 2 - crypto/openssl/crypto/cms/cms_enc.c | 5 +- crypto/openssl/crypto/cms/cms_err.c | 4 +- crypto/openssl/crypto/cms/cms_sd.c | 14 ++++- crypto/openssl/crypto/dh/dh_check.c | 3 +- crypto/openssl/crypto/dh/dh_key.c | 3 +- crypto/openssl/crypto/dh/dh_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_check.c | 8 ++- crypto/openssl/crypto/dsa/dsa_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_ossl.c | 1 - crypto/openssl/crypto/engine/eng_pkey.c | 44 ++++++++++++++- crypto/openssl/crypto/engine/eng_table.c | 1 + crypto/openssl/crypto/err/openssl.txt | 1 + crypto/openssl/crypto/evp/evp_enc.c | 45 ++++++++++++++- crypto/openssl/crypto/evp/legacy_sha.c | 8 ++- crypto/openssl/crypto/evp/p_lib.c | 2 +- crypto/openssl/crypto/evp/pmeth_lib.c | 5 +- crypto/openssl/crypto/ex_data.c | 4 +- crypto/openssl/crypto/ffc/ffc_key_validate.c | 16 ++---- crypto/openssl/crypto/lhash/lhash.c | 6 +- crypto/openssl/crypto/mem.c | 12 +++- crypto/openssl/crypto/modes/asm/ghashv8-armx.pl | 5 +- crypto/openssl/crypto/objects/obj_dat.c | 7 ++- crypto/openssl/crypto/param_build_set.c | 13 +++-- .../openssl/crypto/poly1305/asm/poly1305-armv8.pl | 26 ++++----- crypto/openssl/crypto/property/property_parse.c | 34 +++++++++-- crypto/openssl/crypto/rsa/rsa_backend.c | 14 +---- crypto/openssl/crypto/rsa/rsa_lib.c | 32 ++++++++--- crypto/openssl/doc/man3/CMS_add1_signer.pod | 8 ++- crypto/openssl/doc/man3/DH_generate_parameters.pod | 6 +- .../openssl/doc/man3/DSA_generate_parameters.pod | 4 +- crypto/openssl/doc/man3/EVP_aes_128_gcm.pod | 8 +-- crypto/openssl/doc/man3/EVP_aria_128_gcm.pod | 2 +- crypto/openssl/doc/man3/EVP_bf_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_blake2b512.pod | 2 +- crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod | 2 +- crypto/openssl/doc/man3/EVP_cast5_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_chacha20.pod | 2 +- crypto/openssl/doc/man3/EVP_des_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_desx_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_idea_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_md2.pod | 2 +- crypto/openssl/doc/man3/EVP_md4.pod | 2 +- crypto/openssl/doc/man3/EVP_md5.pod | 2 +- crypto/openssl/doc/man3/EVP_mdc2.pod | 2 +- crypto/openssl/doc/man3/EVP_rc2_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_rc4.pod | 2 +- crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_ripemd160.pod | 2 +- crypto/openssl/doc/man3/EVP_seed_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_sha1.pod | 2 +- crypto/openssl/doc/man3/EVP_sha224.pod | 2 +- crypto/openssl/doc/man3/EVP_sha3_224.pod | 2 +- crypto/openssl/doc/man3/EVP_sm3.pod | 2 +- crypto/openssl/doc/man3/EVP_sm4_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_whirlpool.pod | 2 +- crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod | 5 +- .../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod | 10 +++- .../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++-- .../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod | 4 +- crypto/openssl/doc/man3/d2i_X509.pod | 26 +++++++-- crypto/openssl/include/openssl/cmserr.h | 3 +- crypto/openssl/include/openssl/evp.h | 4 +- crypto/openssl/include/openssl/opensslv.h | 10 ++-- crypto/openssl/include/openssl/pkcs7.h.in | 6 +- crypto/openssl/providers/fips-sources.checksums | 40 ++++++------- crypto/openssl/providers/fips.checksum | 2 +- .../encode_decode/encode_key2text.c | 65 +++++++++------------- .../providers/implementations/keymgmt/dh_kmgmt.c | 2 +- .../providers/implementations/macs/kmac_prov.c | 6 +- secure/lib/libcrypto/Makefile.inc | 4 +- 88 files changed, 442 insertions(+), 247 deletions(-) diff --cc crypto/openssl/include/openssl/opensslv.h index 0bf61ce6a9d7,000000000000..73590b76ca70 mode 100644,000000..100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@@ -1,114 -1,0 +1,114 @@@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslv.h.in + * + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLV_H +# define OPENSSL_OPENSSLV_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * SECTION 1: VERSION DATA. These will change for each release + */ + +/* + * Base version macros + * + * These macros express version number MAJOR.MINOR.PATCH exactly + */ +# define OPENSSL_VERSION_MAJOR 3 +# define OPENSSL_VERSION_MINOR 0 - # define OPENSSL_VERSION_PATCH 11 ++# define OPENSSL_VERSION_PATCH 12 + +/* + * Additional version information + * + * These are also part of the new version scheme, but aren't part + * of the version number itself. + */ + +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +# define OPENSSL_VERSION_PRE_RELEASE "" +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +# define OPENSSL_VERSION_BUILD_METADATA "" + +/* + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA + * to be anything but the empty string. Its use is entirely reserved for + * others + */ + +/* + * Shared library version + * + * This is strictly to express ABI version, which may or may not + * be related to the API version expressed with the macros above. + * This is defined in free form. + */ +# define OPENSSL_SHLIB_VERSION 3 + +/* + * SECTION 2: USEFUL MACROS + */ + +/* For checking general API compatibility when preprocessing */ +# define OPENSSL_VERSION_PREREQ(maj,min) \ + ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) + +/* + * Macros to get the version in easily digested string form, both the short + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced + * with the values from the corresponding OPENSSL_VERSION_ macros) and the + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and + * OPENSSL_VERSION_BUILD_METADATA_STR appended. + */ - # define OPENSSL_VERSION_STR "3.0.11" - # define OPENSSL_FULL_VERSION_STR "3.0.11" ++# define OPENSSL_VERSION_STR "3.0.12" ++# define OPENSSL_FULL_VERSION_STR "3.0.12" + +/* + * SECTION 3: ADDITIONAL METADATA + * + * These strings are defined separately to allow them to be parsable. + */ - # define OPENSSL_RELEASE_DATE "19 Sep 2023" ++# define OPENSSL_RELEASE_DATE "24 Oct 2023" + +/* + * SECTION 4: BACKWARD COMPATIBILITY + */ + - # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023" ++# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023" + +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0L +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xfL +# endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) + +# ifdef __cplusplus +} +# endif + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OPENSSLV_H +# endif + +#endif /* OPENSSL_OPENSSLV_H */ diff --cc secure/lib/libcrypto/Makefile.inc index 7b016d988a34,000000000000..65925f972ba7 mode 100644,000000..100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@@ -1,22 -1,0 +1,22 @@@ + +.include + +# OpenSSL version used for manual page generation - OPENSSL_VER= 3.0.11 - OPENSSL_DATE= 2023-09-19 ++OPENSSL_VER= 3.0.12 ++OPENSSL_DATE= 2023-10-24 + +LCRYPTO_SRC= ${SRCTOP}/crypto/openssl +LCRYPTO_DOC= ${LCRYPTO_SRC}/doc + +CFLAGS+= -I${LCRYPTO_SRC} +CFLAGS+= -I${LCRYPTO_SRC}/include +CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include +CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include + +.include "Makefile.common" + +.for pcfile in ${PCFILES} +${pcfile}: ${pcfile}.in + sed -e 's,@openssl_ver@,${OPENSSL_VER},g' ${.ALLSRC} > ${.TARGET} +.endfor +CLEANFILES+= ${PCFILES}