Date: Mon, 14 Dec 2020 19:18:12 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r368639 - in stable/12: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto... Message-ID: <202012141918.0BEJICBO045807@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Mon Dec 14 19:18:11 2020 New Revision: 368639 URL: https://svnweb.freebsd.org/changeset/base/368639 Log: Merge OpenSSL 1.1.1i. Note this is a direct commit because assembly code was moved to a new place on head. Modified: stable/12/crypto/openssl/CHANGES stable/12/crypto/openssl/NEWS stable/12/crypto/openssl/README stable/12/crypto/openssl/apps/ca.c stable/12/crypto/openssl/apps/cms.c stable/12/crypto/openssl/config stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl stable/12/crypto/openssl/crypto/armcap.c stable/12/crypto/openssl/crypto/asn1/tasn_dec.c stable/12/crypto/openssl/crypto/asn1/tasn_enc.c stable/12/crypto/openssl/crypto/bio/b_addr.c stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl stable/12/crypto/openssl/crypto/cms/cms_smime.c stable/12/crypto/openssl/crypto/evp/bio_ok.c stable/12/crypto/openssl/crypto/modes/modes_local.h stable/12/crypto/openssl/crypto/pkcs7/pk7_smime.c stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl stable/12/crypto/openssl/crypto/rand/rand_unix.c stable/12/crypto/openssl/crypto/sha/asm/sha1-armv8.pl stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl stable/12/crypto/openssl/crypto/x509/x509_att.c stable/12/crypto/openssl/crypto/x509/x509_cmp.c stable/12/crypto/openssl/crypto/x509/x509_vfy.c stable/12/crypto/openssl/crypto/x509v3/v3_genn.c stable/12/crypto/openssl/doc/man1/verify.pod stable/12/crypto/openssl/doc/man3/BN_set_bit.pod stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod stable/12/crypto/openssl/include/openssl/opensslv.h stable/12/crypto/openssl/include/openssl/x509.h stable/12/crypto/openssl/ssl/record/rec_layer_d1.c stable/12/crypto/openssl/ssl/s3_lib.c stable/12/crypto/openssl/ssl/ssl_lib.c stable/12/crypto/openssl/ssl/ssl_sess.c stable/12/crypto/openssl/ssl/statem/statem_clnt.c stable/12/crypto/openssl/ssl/statem/statem_srvr.c stable/12/secure/lib/libcrypto/Makefile.inc stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S stable/12/secure/lib/libcrypto/aarch64/sha1-armv8.S stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S stable/12/secure/lib/libcrypto/aarch64/sha512-armv8.S stable/12/secure/lib/libcrypto/arm/aesv8-armx.S stable/12/secure/lib/libcrypto/man/man3/ADMISSIONS.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 stable/12/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 stable/12/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 stable/12/secure/lib/libcrypto/man/man3/BF_encrypt.3 stable/12/secure/lib/libcrypto/man/man3/BIO_ADDR.3 stable/12/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 stable/12/secure/lib/libcrypto/man/man3/BIO_connect.3 stable/12/secure/lib/libcrypto/man/man3/BIO_ctrl.3 stable/12/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 stable/12/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 stable/12/secure/lib/libcrypto/man/man3/BIO_f_md.3 stable/12/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 stable/12/secure/lib/libcrypto/man/man3/BIO_find_type.3 stable/12/secure/lib/libcrypto/man/man3/BIO_get_data.3 stable/12/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/man3/BIO_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/BIO_new.3 stable/12/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 stable/12/secure/lib/libcrypto/man/man3/BIO_printf.3 stable/12/secure/lib/libcrypto/man/man3/BIO_push.3 stable/12/secure/lib/libcrypto/man/man3/BIO_read.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_accept.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_bio.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_connect.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_fd.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_file.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_mem.3 stable/12/secure/lib/libcrypto/man/man3/BIO_s_socket.3 stable/12/secure/lib/libcrypto/man/man3/BIO_set_callback.3 stable/12/secure/lib/libcrypto/man/man3/BIO_should_retry.3 stable/12/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 stable/12/secure/lib/libcrypto/man/man3/BN_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/BN_CTX_start.3 stable/12/secure/lib/libcrypto/man/man3/BN_add.3 stable/12/secure/lib/libcrypto/man/man3/BN_add_word.3 stable/12/secure/lib/libcrypto/man/man3/BN_bn2bin.3 stable/12/secure/lib/libcrypto/man/man3/BN_cmp.3 stable/12/secure/lib/libcrypto/man/man3/BN_copy.3 stable/12/secure/lib/libcrypto/man/man3/BN_generate_prime.3 stable/12/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 stable/12/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 stable/12/secure/lib/libcrypto/man/man3/BN_new.3 stable/12/secure/lib/libcrypto/man/man3/BN_num_bytes.3 stable/12/secure/lib/libcrypto/man/man3/BN_rand.3 stable/12/secure/lib/libcrypto/man/man3/BN_set_bit.3 stable/12/secure/lib/libcrypto/man/man3/BN_zero.3 stable/12/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 stable/12/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 stable/12/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 stable/12/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 stable/12/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 stable/12/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 stable/12/secure/lib/libcrypto/man/man3/CMS_get0_type.3 stable/12/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 stable/12/secure/lib/libcrypto/man/man3/CMS_verify.3 stable/12/secure/lib/libcrypto/man/man3/CONF_modules_free.3 stable/12/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 stable/12/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 stable/12/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 stable/12/secure/lib/libcrypto/man/man3/CTLOG_new.3 stable/12/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 stable/12/secure/lib/libcrypto/man/man3/DES_random_key.3 stable/12/secure/lib/libcrypto/man/man3/DH_generate_key.3 stable/12/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 stable/12/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 stable/12/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 stable/12/secure/lib/libcrypto/man/man3/DH_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/DH_new.3 stable/12/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 stable/12/secure/lib/libcrypto/man/man3/DH_set_method.3 stable/12/secure/lib/libcrypto/man/man3/DH_size.3 stable/12/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/man3/DSA_do_sign.3 stable/12/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 stable/12/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 stable/12/secure/lib/libcrypto/man/man3/DSA_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/DSA_new.3 stable/12/secure/lib/libcrypto/man/man3/DSA_set_method.3 stable/12/secure/lib/libcrypto/man/man3/DSA_sign.3 stable/12/secure/lib/libcrypto/man/man3/DSA_size.3 stable/12/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 stable/12/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 stable/12/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 stable/12/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 stable/12/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 stable/12/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 stable/12/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 stable/12/secure/lib/libcrypto/man/man3/EC_KEY_new.3 stable/12/secure/lib/libcrypto/man/man3/EC_POINT_add.3 stable/12/secure/lib/libcrypto/man/man3/EC_POINT_new.3 stable/12/secure/lib/libcrypto/man/man3/ENGINE_add.3 stable/12/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 stable/12/secure/lib/libcrypto/man/man3/ERR_error_string.3 stable/12/secure/lib/libcrypto/man/man3/ERR_get_error.3 stable/12/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 stable/12/secure/lib/libcrypto/man/man3/ERR_load_strings.3 stable/12/secure/lib/libcrypto/man/man3/ERR_print_errors.3 stable/12/secure/lib/libcrypto/man/man3/ERR_put_error.3 stable/12/secure/lib/libcrypto/man/man3/ERR_remove_state.3 stable/12/secure/lib/libcrypto/man/man3/ERR_set_mark.3 stable/12/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 stable/12/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 stable/12/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 stable/12/secure/lib/libcrypto/man/man3/EVP_SealInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_SignInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 stable/12/secure/lib/libcrypto/man/man3/EVP_aes.3 stable/12/secure/lib/libcrypto/man/man3/EVP_aria.3 stable/12/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 stable/12/secure/lib/libcrypto/man/man3/EVP_camellia.3 stable/12/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_chacha20.3 stable/12/secure/lib/libcrypto/man/man3/EVP_des.3 stable/12/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_md5.3 stable/12/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_rc4.3 stable/12/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 stable/12/secure/lib/libcrypto/man/man3/EVP_sha224.3 stable/12/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 stable/12/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 stable/12/secure/lib/libcrypto/man/man3/HMAC.3 stable/12/secure/lib/libcrypto/man/man3/MD5.3 stable/12/secure/lib/libcrypto/man/man3/MDC2_Init.3 stable/12/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_response_status.3 stable/12/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_config.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 stable/12/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 stable/12/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 stable/12/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 stable/12/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 stable/12/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 stable/12/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 stable/12/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 stable/12/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 stable/12/secure/lib/libcrypto/man/man3/PEM_read.3 stable/12/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 stable/12/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 stable/12/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 stable/12/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 stable/12/secure/lib/libcrypto/man/man3/PKCS7_verify.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 stable/12/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 stable/12/secure/lib/libcrypto/man/man3/RAND_add.3 stable/12/secure/lib/libcrypto/man/man3/RAND_bytes.3 stable/12/secure/lib/libcrypto/man/man3/RAND_egd.3 stable/12/secure/lib/libcrypto/man/man3/RAND_load_file.3 stable/12/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 stable/12/secure/lib/libcrypto/man/man3/RC4_set_key.3 stable/12/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 stable/12/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 stable/12/secure/lib/libcrypto/man/man3/RSA_check_key.3 stable/12/secure/lib/libcrypto/man/man3/RSA_generate_key.3 stable/12/secure/lib/libcrypto/man/man3/RSA_get0_key.3 stable/12/secure/lib/libcrypto/man/man3/RSA_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/RSA_new.3 stable/12/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 stable/12/secure/lib/libcrypto/man/man3/RSA_print.3 stable/12/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 stable/12/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 stable/12/secure/lib/libcrypto/man/man3/RSA_set_method.3 stable/12/secure/lib/libcrypto/man/man3/RSA_sign.3 stable/12/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 stable/12/secure/lib/libcrypto/man/man3/RSA_size.3 stable/12/secure/lib/libcrypto/man/man3/SCT_new.3 stable/12/secure/lib/libcrypto/man/man3/SCT_print.3 stable/12/secure/lib/libcrypto/man/man3/SCT_validate.3 stable/12/secure/lib/libcrypto/man/man3/SHA256_Init.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 stable/12/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 stable/12/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 stable/12/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 stable/12/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 stable/12/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 stable/12/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 stable/12/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_fd.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_session.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 stable/12/secure/lib/libcrypto/man/man3/SSL_get_version.3 stable/12/secure/lib/libcrypto/man/man3/SSL_in_init.3 stable/12/secure/lib/libcrypto/man/man3/SSL_key_update.3 stable/12/secure/lib/libcrypto/man/man3/SSL_library_init.3 stable/12/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 stable/12/secure/lib/libcrypto/man/man3/SSL_new.3 stable/12/secure/lib/libcrypto/man/man3/SSL_pending.3 stable/12/secure/lib/libcrypto/man/man3/SSL_read.3 stable/12/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 stable/12/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 stable/12/secure/lib/libcrypto/man/man3/SSL_set1_host.3 stable/12/secure/lib/libcrypto/man/man3/SSL_set_bio.3 stable/12/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 stable/12/secure/lib/libcrypto/man/man3/SSL_set_fd.3 stable/12/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 stable/12/secure/lib/libcrypto/man/man3/SSL_state_string.3 stable/12/secure/lib/libcrypto/man/man3/SSL_want.3 stable/12/secure/lib/libcrypto/man/man3/SSL_write.3 stable/12/secure/lib/libcrypto/man/man3/UI_STRING.3 stable/12/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 stable/12/secure/lib/libcrypto/man/man3/UI_create_method.3 stable/12/secure/lib/libcrypto/man/man3/UI_new.3 stable/12/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 stable/12/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 stable/12/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 stable/12/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 stable/12/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 stable/12/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 stable/12/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 stable/12/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 stable/12/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 stable/12/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 stable/12/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 stable/12/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 stable/12/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_new.3 stable/12/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 stable/12/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 stable/12/secure/lib/libcrypto/man/man3/X509_check_host.3 stable/12/secure/lib/libcrypto/man/man3/X509_check_private_key.3 stable/12/secure/lib/libcrypto/man/man3/X509_cmp.3 stable/12/secure/lib/libcrypto/man/man3/X509_cmp_time.3 stable/12/secure/lib/libcrypto/man/man3/X509_digest.3 stable/12/secure/lib/libcrypto/man/man3/X509_dup.3 stable/12/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 stable/12/secure/lib/libcrypto/man/man3/X509_get0_signature.3 stable/12/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 stable/12/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 stable/12/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 stable/12/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 stable/12/secure/lib/libcrypto/man/man3/X509_get_version.3 stable/12/secure/lib/libcrypto/man/man3/X509_new.3 stable/12/secure/lib/libcrypto/man/man3/X509_sign.3 stable/12/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 stable/12/secure/lib/libcrypto/man/man3/d2i_DHparams.3 stable/12/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 stable/12/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 stable/12/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 stable/12/secure/lib/libcrypto/man/man3/d2i_X509.3 stable/12/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 stable/12/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 stable/12/secure/lib/libcrypto/man/man5/x509v3_config.5 stable/12/secure/lib/libcrypto/man/man7/Ed25519.7 stable/12/secure/lib/libcrypto/man/man7/X25519.7 stable/12/secure/lib/libcrypto/opensslconf.h.in stable/12/secure/usr.bin/openssl/man/asn1parse.1 stable/12/secure/usr.bin/openssl/man/ca.1 stable/12/secure/usr.bin/openssl/man/ciphers.1 stable/12/secure/usr.bin/openssl/man/cms.1 stable/12/secure/usr.bin/openssl/man/crl.1 stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/12/secure/usr.bin/openssl/man/dgst.1 stable/12/secure/usr.bin/openssl/man/dhparam.1 stable/12/secure/usr.bin/openssl/man/dsa.1 stable/12/secure/usr.bin/openssl/man/dsaparam.1 stable/12/secure/usr.bin/openssl/man/ec.1 stable/12/secure/usr.bin/openssl/man/ecparam.1 stable/12/secure/usr.bin/openssl/man/enc.1 stable/12/secure/usr.bin/openssl/man/engine.1 stable/12/secure/usr.bin/openssl/man/errstr.1 stable/12/secure/usr.bin/openssl/man/gendsa.1 stable/12/secure/usr.bin/openssl/man/genpkey.1 stable/12/secure/usr.bin/openssl/man/genrsa.1 stable/12/secure/usr.bin/openssl/man/list.1 stable/12/secure/usr.bin/openssl/man/nseq.1 stable/12/secure/usr.bin/openssl/man/ocsp.1 stable/12/secure/usr.bin/openssl/man/passwd.1 stable/12/secure/usr.bin/openssl/man/pkcs12.1 stable/12/secure/usr.bin/openssl/man/pkcs7.1 stable/12/secure/usr.bin/openssl/man/pkcs8.1 stable/12/secure/usr.bin/openssl/man/pkey.1 stable/12/secure/usr.bin/openssl/man/pkeyparam.1 stable/12/secure/usr.bin/openssl/man/pkeyutl.1 stable/12/secure/usr.bin/openssl/man/prime.1 stable/12/secure/usr.bin/openssl/man/rand.1 stable/12/secure/usr.bin/openssl/man/req.1 stable/12/secure/usr.bin/openssl/man/rsa.1 stable/12/secure/usr.bin/openssl/man/rsautl.1 stable/12/secure/usr.bin/openssl/man/s_client.1 stable/12/secure/usr.bin/openssl/man/s_server.1 stable/12/secure/usr.bin/openssl/man/s_time.1 stable/12/secure/usr.bin/openssl/man/sess_id.1 stable/12/secure/usr.bin/openssl/man/smime.1 stable/12/secure/usr.bin/openssl/man/speed.1 stable/12/secure/usr.bin/openssl/man/spkac.1 stable/12/secure/usr.bin/openssl/man/srp.1 stable/12/secure/usr.bin/openssl/man/storeutl.1 stable/12/secure/usr.bin/openssl/man/ts.1 stable/12/secure/usr.bin/openssl/man/tsget.1 stable/12/secure/usr.bin/openssl/man/verify.1 stable/12/secure/usr.bin/openssl/man/version.1 stable/12/secure/usr.bin/openssl/man/x509.1 Modified: stable/12/crypto/openssl/CHANGES ============================================================================== --- stable/12/crypto/openssl/CHANGES Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/CHANGES Mon Dec 14 19:18:11 2020 (r368639) @@ -7,6 +7,38 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1h and 1.1.1i [8 Dec 2020] + + *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + (CVE-2020-1971) + [Matt Caswell] + + *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target. + [Stuart Carnie] + + *) The security callback, which can be customised by application code, supports + the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY + in the "other" parameter. In most places this is what is passed. All these + places occur server side. However there was one client side call of this + security operation and it passed a DH object instead. This is incorrect + according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all + of the other locations. Therefore this client side call has been changed to + pass an EVP_PKEY instead. + [Matt Caswell] + + *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected + when validating a certificate path. This check is restored in 1.1.1i. + [David von Oheimb] + Changes between 1.1.1g and 1.1.1h [22 Sep 2020] *) Certificates with explicit curve parameters are now disallowed in @@ -31,6 +63,10 @@ *) Handshake now fails if Extended Master Secret extension is dropped on renegotiation. [Tomas Mraz] + + *) Accidentally, an expired trusted (root) certificate is not anymore rejected + when validating a certificate path. + [David von Oheimb] *) The Oracle Developer Studio compiler will start reporting deprecated APIs Modified: stable/12/crypto/openssl/NEWS ============================================================================== --- stable/12/crypto/openssl/NEWS Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/NEWS Mon Dec 14 19:18:11 2020 (r368639) @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] + + o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) + Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] o Disallow explicit curve parameters in verifications chains when Modified: stable/12/crypto/openssl/README ============================================================================== --- stable/12/crypto/openssl/README Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/README Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1h 22 Sep 2020 + OpenSSL 1.1.1i 8 Dec 2020 Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/12/crypto/openssl/apps/ca.c ============================================================================== --- stable/12/crypto/openssl/apps/ca.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/apps/ca.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1862,8 +1862,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; row[DB_file] = OPENSSL_strdup("unknown"); - if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + if ((row[DB_type] == NULL) || (row[DB_file] == NULL) + || (row[DB_name] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } Modified: stable/12/crypto/openssl/apps/cms.c ============================================================================== --- stable/12/crypto/openssl/apps/cms.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/apps/cms.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -545,9 +545,11 @@ int cms_main(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = app_malloc(sizeof(*nparam), "key param buffer"); - nparam->idx = keyidx; - if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) + if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { + OPENSSL_free(nparam); goto end; + } + nparam->idx = keyidx; nparam->next = NULL; if (key_first == NULL) key_first = nparam; Modified: stable/12/crypto/openssl/config ============================================================================== --- stable/12/crypto/openssl/config Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/config Mon Dec 14 19:18:11 2020 (r368639) @@ -253,11 +253,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in Power*) echo "ppc-apple-darwin${VERSION}" ;; - x86_64) - echo "x86_64-apple-darwin${VERSION}" - ;; *) - echo "i686-apple-darwin${VERSION}" + echo "${MACHINE}-apple-darwin${VERSION}" ;; esac exit 0 @@ -497,6 +494,9 @@ case "$GUESSOS" in else OUT="darwin64-x86_64-cc" fi ;; + $MACHINE-apple-darwin*) + OUT="darwin64-$MACHINE-cc" + ;; armv6+7-*-iphoneos) __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" Modified: stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl ============================================================================== --- stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl Mon Dec 14 19:18:11 2020 (r368639) @@ -183,7 +183,12 @@ $code.=<<___; .Loop192: vtbl.8 $key,{$in1},$mask vext.8 $tmp,$zero,$in0,#12 +#ifdef __ARMEB__ + vst1.32 {$in1},[$out],#16 + sub $out,$out,#8 +#else vst1.32 {$in1},[$out],#8 +#endif aese $key,$zero subs $bits,$bits,#1 @@ -715,8 +720,11 @@ $code.=<<___; ldr $rounds,[$key,#240] ldr $ctr, [$ivp, #12] +#ifdef __ARMEB__ + vld1.8 {$dat0},[$ivp] +#else vld1.32 {$dat0},[$ivp] - +#endif vld1.32 {q8-q9},[$key] // load key schedule... sub $rounds,$rounds,#4 mov $step,#16 @@ -732,17 +740,17 @@ $code.=<<___; #ifndef __ARMEB__ rev $ctr, $ctr #endif - vorr $dat1,$dat0,$dat0 add $tctr1, $ctr, #1 - vorr $dat2,$dat0,$dat0 - add $ctr, $ctr, #2 vorr $ivec,$dat0,$dat0 rev $tctr1, $tctr1 - vmov.32 ${dat1}[3],$tctr1 + vmov.32 ${ivec}[3],$tctr1 + add $ctr, $ctr, #2 + vorr $dat1,$ivec,$ivec b.ls .Lctr32_tail rev $tctr2, $ctr + vmov.32 ${ivec}[3],$tctr2 sub $len,$len,#3 // bias - vmov.32 ${dat2}[3],$tctr2 + vorr $dat2,$ivec,$ivec b .Loop3x_ctr32 .align 4 @@ -769,11 +777,11 @@ $code.=<<___; aese $dat1,q8 aesmc $tmp1,$dat1 vld1.8 {$in0},[$inp],#16 - vorr $dat0,$ivec,$ivec + add $tctr0,$ctr,#1 aese $dat2,q8 aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 - vorr $dat1,$ivec,$ivec + rev $tctr0,$tctr0 aese $tmp0,q9 aesmc $tmp0,$tmp0 aese $tmp1,q9 @@ -782,8 +790,6 @@ $code.=<<___; mov $key_,$key aese $dat2,q9 aesmc $tmp2,$dat2 - vorr $dat2,$ivec,$ivec - add $tctr0,$ctr,#1 aese $tmp0,q12 aesmc $tmp0,$tmp0 aese $tmp1,q12 @@ -799,20 +805,22 @@ $code.=<<___; aese $tmp1,q13 aesmc $tmp1,$tmp1 veor $in2,$in2,$rndlast - rev $tctr0,$tctr0 + vmov.32 ${ivec}[3], $tctr0 aese $tmp2,q13 aesmc $tmp2,$tmp2 - vmov.32 ${dat0}[3], $tctr0 + vorr $dat0,$ivec,$ivec rev $tctr1,$tctr1 aese $tmp0,q14 aesmc $tmp0,$tmp0 + vmov.32 ${ivec}[3], $tctr1 + rev $tctr2,$ctr aese $tmp1,q14 aesmc $tmp1,$tmp1 - vmov.32 ${dat1}[3], $tctr1 - rev $tctr2,$ctr + vorr $dat1,$ivec,$ivec + vmov.32 ${ivec}[3], $tctr2 aese $tmp2,q14 aesmc $tmp2,$tmp2 - vmov.32 ${dat2}[3], $tctr2 + vorr $dat2,$ivec,$ivec subs $len,$len,#3 aese $tmp0,q15 aese $tmp1,q15 Modified: stable/12/crypto/openssl/crypto/armcap.c ============================================================================== --- stable/12/crypto/openssl/crypto/armcap.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/armcap.c Mon Dec 14 19:18:11 2020 (r368639) @@ -17,7 +17,6 @@ #include "arm_arch.h" -__attribute__ ((visibility("hidden"))) unsigned int OPENSSL_armcap_P = 0; #if __ARM_MAX_ARCH__<7 Modified: stable/12/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- stable/12/crypto/openssl/crypto/asn1/tasn_dec.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/asn1/tasn_dec.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy Modified: stable/12/crypto/openssl/crypto/asn1/tasn_enc.c ============================================================================== --- stable/12/crypto/openssl/crypto/asn1/tasn_enc.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/asn1/tasn_enc.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy Modified: stable/12/crypto/openssl/crypto/bio/b_addr.c ============================================================================== --- stable/12/crypto/openssl/crypto/bio/b_addr.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/bio/b_addr.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,11 +1,15 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif #include <assert.h> #include <string.h> Modified: stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl ============================================================================== --- stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl Mon Dec 14 19:18:11 2020 (r368639) @@ -125,6 +125,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .align 5 .Lsigma: Modified: stable/12/crypto/openssl/crypto/cms/cms_smime.c ============================================================================== --- stable/12/crypto/openssl/crypto/cms/cms_smime.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/cms/cms_smime.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *c char *ptr; long len; len = BIO_get_mem_data(dcont, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); goto err2; Modified: stable/12/crypto/openssl/crypto/evp/bio_ok.c ============================================================================== --- stable/12/crypto/openssl/crypto/evp/bio_ok.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/evp/bio_ok.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl) /* * copy start of the next block into proper place */ - if (ctx->buf_len_save - ctx->buf_off_save > 0) { + if (ctx->buf_len_save > ctx->buf_off_save) { ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), ctx->buf_len); Modified: stable/12/crypto/openssl/crypto/modes/modes_local.h ============================================================================== --- stable/12/crypto/openssl/crypto/modes/modes_local.h Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/modes/modes_local.h Mon Dec 14 19:18:11 2020 (r368639) @@ -63,12 +63,15 @@ typedef u32 u32_a1; asm ("bswapl %0" \ : "+r"(ret_)); ret_; }) # elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret_; \ +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +# define BSWAP8(x) ({ u64 ret_; \ asm ("rev %0,%1" \ : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ +# define BSWAP4(x) ({ u32 ret_; \ asm ("rev %w0,%w1" \ : "=r"(ret_) : "r"(x)); ret_; }) +# endif # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) # define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("rev %0,%0; rev %1,%1" \ Modified: stable/12/crypto/openssl/crypto/pkcs7/pk7_smime.c ============================================================================== --- stable/12/crypto/openssl/crypto/pkcs7/pk7_smime.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/pkcs7/pk7_smime.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -301,7 +301,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X50 char *ptr; long len; len = BIO_get_mem_data(indata, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); goto err; Modified: stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl ============================================================================== --- stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl Mon Dec 14 19:18:11 2020 (r368639) @@ -57,10 +57,14 @@ $code.=<<___; // forward "declarations" are required for Apple .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P +.globl poly1305_init +.hidden poly1305_init .globl poly1305_blocks +.hidden poly1305_blocks .globl poly1305_emit +.hidden poly1305_emit -.globl poly1305_init .type poly1305_init,%function .align 5 poly1305_init: @@ -860,8 +864,8 @@ poly1305_blocks_neon: st1 {$ACC4}[0],[$ctx] .Lno_data_neon: - .inst 0xd50323bf // autiasp ldr x29,[sp],#80 + .inst 0xd50323bf // autiasp ret .size poly1305_blocks_neon,.-poly1305_blocks_neon Modified: stable/12/crypto/openssl/crypto/rand/rand_unix.c ============================================================================== --- stable/12/crypto/openssl/crypto/rand/rand_unix.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/rand/rand_unix.c Mon Dec 14 19:18:11 2020 (r368639) @@ -365,12 +365,19 @@ static ssize_t syscall_random(void *buf, size_t buflen * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) + * + * Note: Sometimes getentropy() can be provided but not implemented + * internally. So we need to check errno for ENOSYS */ # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - if (getentropy != NULL) - return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1; + if (getentropy != NULL) { + if (getentropy(buf, buflen) == 0) + return (ssize_t)buflen; + if (errno != ENOSYS) + return -1; + } # else union { void *p; Modified: stable/12/crypto/openssl/crypto/sha/asm/sha1-armv8.pl ============================================================================== --- stable/12/crypto/openssl/crypto/sha/asm/sha1-armv8.pl Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/sha/asm/sha1-armv8.pl Mon Dec 14 19:18:11 2020 (r368639) @@ -176,6 +176,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -329,7 +330,6 @@ $code.=<<___; #endif .asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>" .align 2 -.comm OPENSSL_armcap_P,4,4 ___ }}} Modified: stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl ============================================================================== --- stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl Mon Dec 14 19:18:11 2020 (r368639) @@ -193,6 +193,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -839,12 +840,6 @@ $code.=<<___; #endif ___ } - -$code.=<<___; -#ifndef __KERNEL__ -.comm OPENSSL_armcap_P,4,4 -#endif -___ { my %opcode = ( "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, Modified: stable/12/crypto/openssl/crypto/x509/x509_att.c ============================================================================== --- stable/12/crypto/openssl/crypto/x509/x509_att.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/x509/x509_att.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -149,7 +149,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STAC return ret; } -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type) { int i; Modified: stable/12/crypto/openssl/crypto/x509/x509_cmp.c ============================================================================== --- stable/12/crypto/openssl/crypto/x509/x509_cmp.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/x509/x509_cmp.c Mon Dec 14 19:18:11 2020 (r368639) @@ -135,6 +135,8 @@ int X509_cmp(const X509 *a, const X509 *b) { int rv; + if (a == b) /* for efficiency */ + return 0; /* ensure hash is valid */ if (X509_check_purpose((X509 *)a, -1, 0) != 1) return -2; Modified: stable/12/crypto/openssl/crypto/x509/x509_vfy.c ============================================================================== --- stable/12/crypto/openssl/crypto/x509/x509_vfy.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/x509/x509_vfy.c Mon Dec 14 19:18:11 2020 (r368639) @@ -312,8 +312,20 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return ret; } +static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) +{ + int i, n = sk_X509_num(sk); + + for (i = 0; i < n; i++) + if (X509_cmp(sk_X509_value(sk, i), cert) == 0) + return 1; + return 0; +} + /* - * Given a STACK_OF(X509) find the issuer of cert (if any) + * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x. + * The issuer must not be the same as x and must not yet be in ctx->chain, where the + * exceptional case x is self-issued and ctx->chain has just one element is allowed. */ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { @@ -322,7 +334,13 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) { + /* + * Below check 'issuer != x' is an optimization and safety precaution: + * Candidate issuer cert cannot be the same as the subject cert 'x'. + */ + if (issuer != x && ctx->check_issued(ctx, x, issuer) + && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) + || !sk_X509_contains(ctx->chain, issuer))) { rv = issuer; if (x509_check_cert_time(ctx, rv, -1)) break; @@ -331,30 +349,13 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF return rv; } -/* - * Check that the given certificate 'x' is issued by the certificate 'issuer' - * and the issuer is not yet in ctx->chain, where the exceptional case - * that 'x' is self-issued and ctx->chain has just one element is allowed. - */ +/* Check that the given certificate 'x' is issued by the certificate 'issuer' */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - if (x509_likely_issued(issuer, x) != X509_V_OK) - return 0; - if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) { - int i; - X509 *ch; - - for (i = 0; i < sk_X509_num(ctx->chain); i++) { - ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || X509_cmp(ch, issuer) == 0) - return 0; - } - } - return 1; + return x509_likely_issued(issuer, x) == X509_V_OK; } /* Alternative lookup method: look from a STACK stored in other_ctx */ - static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); @@ -1740,7 +1741,7 @@ static int internal_verify(X509_STORE_CTX *ctx) if (ctx->bare_ta_signed) { xs = xi; xi = NULL; - goto check_cert; + goto check_cert_time; } if (ctx->check_issued(ctx, xi, xi)) @@ -1748,11 +1749,17 @@ static int internal_verify(X509_STORE_CTX *ctx) else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; - goto check_cert; + goto check_cert_time; } - if (n <= 0) - return verify_cb_cert(ctx, xi, 0, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); + if (n <= 0) { + if (!verify_cb_cert(ctx, xi, 0, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) + return 0; + + xs = xi; + goto check_cert_time; + } + n--; ctx->error_depth = n; xs = sk_X509_value(ctx->chain, n); @@ -1811,7 +1818,7 @@ static int internal_verify(X509_STORE_CTX *ctx) } } - check_cert: + check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */ /* Calls verify callback as needed */ if (!x509_check_cert_time(ctx, xs, n)) return 0; Modified: stable/12/crypto/openssl/crypto/x509v3/v3_genn.c ============================================================================== --- stable/12/crypto/openssl/crypto/x509v3/v3_genn.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/crypto/x509v3/v3_genn.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy Modified: stable/12/crypto/openssl/doc/man1/verify.pod ============================================================================== --- stable/12/crypto/openssl/doc/man1/verify.pod Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/doc/man1/verify.pod Mon Dec 14 19:18:11 2020 (r368639) @@ -382,10 +382,14 @@ should be trusted for the supplied purpose. For compatibility with previous versions of OpenSSL, a certificate with no trust settings is considered to be valid for all purposes. -The final operation is to check the validity of the certificate chain. The validity -period is checked against the current system time and the notBefore and notAfter -dates in the certificate. The certificate signatures are also checked at this -point. +The final operation is to check the validity of the certificate chain. +For each element in the chain, including the root CA certificate, +the validity period as specified by the C<notBefore> and C<notAfter> fields +is checked against the current system time. +The B<-attime> flag may be used to use a reference time other than "now." +The certificate signature is checked as well +(except for the signature of the typically self-signed root CA certificate, +which is verified only if the B<-check_ss_sig> option is given). If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid. Modified: stable/12/crypto/openssl/doc/man3/BN_set_bit.pod ============================================================================== --- stable/12/crypto/openssl/doc/man3/BN_set_bit.pod Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/doc/man3/BN_set_bit.pod Mon Dec 14 19:18:11 2020 (r368639) @@ -33,7 +33,7 @@ error occurs if B<a> is shorter than B<n> bits. BN_is_bit_set() tests if bit B<n> in B<a> is set. BN_mask_bits() truncates B<a> to an B<n> bit number -(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is +(C<a&=~((~0)E<lt>E<lt>n)>). An error occurs if B<a> already is shorter than B<n> bits. BN_lshift() shifts B<a> left by B<n> bits and places the result in Modified: stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod ============================================================================== --- stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod Mon Dec 14 19:18:11 2020 (r368639) @@ -137,9 +137,7 @@ I<If no function to get the issuer is provided, the in function will be used instead.> X509_STORE_set_check_issued() sets the function to check that a given -certificate B<x> is issued by the issuer certificate B<issuer> and -the issuer is not yet in the chain contained in <ctx>, where the exceptional -case that B<x> is self-issued and ctx->chain has just one element is allowed. +certificate B<x> is issued by the issuer certificate B<issuer>. This function must return 0 on failure (among others if B<x> hasn't been issued with B<issuer>) and 1 on success. I<If no function to get the issuer is provided, the internal default Modified: stable/12/crypto/openssl/include/openssl/opensslv.h ============================================================================== --- stable/12/crypto/openssl/include/openssl/opensslv.h Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/include/openssl/opensslv.h Mon Dec 14 19:18:11 2020 (r368639) @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010108fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h-freebsd 22 Sep 2020" +# define OPENSSL_VERSION_NUMBER 0x1010109fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i-freebsd 8 Dec 2020" /*- * The macros below are to be used for shared library (.so, .dll, ...) Modified: stable/12/crypto/openssl/include/openssl/x509.h ============================================================================== --- stable/12/crypto/openssl/include/openssl/x509.h Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/include/openssl/x509.h Mon Dec 14 19:18:11 2020 (r368639) @@ -933,7 +933,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STAC int type, const unsigned char *bytes, int len); -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, Modified: stable/12/crypto/openssl/ssl/record/rec_layer_d1.c ============================================================================== --- stable/12/crypto/openssl/ssl/record/rec_layer_d1.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/record/rec_layer_d1.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -808,8 +808,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned ch wb = &s->rlayer.wbuf[0]; /* - * first check if there is a SSL3_BUFFER still being written out. This - * will happen with non blocking IO + * DTLS writes whole datagrams, so there can't be anything left in + * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, Modified: stable/12/crypto/openssl/ssl/s3_lib.c ============================================================================== --- stable/12/crypto/openssl/ssl/s3_lib.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/s3_lib.c Mon Dec 14 19:18:11 2020 (r368639) @@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { - SSL_CIPHER *c = NULL, *tbl; - SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers}; - size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS}; + SSL_CIPHER *tbl; + SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; + size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, + SSL3_NUM_SCSVS}; /* this is not efficient, necessary to optimize this? */ for (j = 0; j < OSSL_NELEM(alltabs); j++) { @@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const ch if (tbl->stdname == NULL) continue; if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; + return tbl; } } } - if (c == NULL) { - tbl = ssl3_scsvs; - for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) { - if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; - } - } - } - return c; + return NULL; } /* Modified: stable/12/crypto/openssl/ssl/ssl_lib.c ============================================================================== --- stable/12/crypto/openssl/ssl/ssl_lib.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/ssl_lib.c Mon Dec 14 19:18:11 2020 (r368639) @@ -2678,7 +2678,7 @@ const char *SSL_get_servername(const SSL *s, const int * - Otherwise it returns NULL * * During/after the handshake (TLSv1.2 or below resumption occurred): - * - If the session from the orignal handshake had a servername accepted + * - If the session from the original handshake had a servername accepted * by the server then it will return that servername. * - Otherwise it returns the servername set via * SSL_set_tlsext_host_name() (or NULL if it was not called). Modified: stable/12/crypto/openssl/ssl/ssl_sess.c ============================================================================== --- stable/12/crypto/openssl/ssl/ssl_sess.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/ssl_sess.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -107,7 +107,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int tic { SSL_SESSION *dest; - dest = OPENSSL_malloc(sizeof(*src)); + dest = OPENSSL_malloc(sizeof(*dest)); if (dest == NULL) { goto err; } Modified: stable/12/crypto/openssl/ssl/statem/statem_clnt.c ============================================================================== --- stable/12/crypto/openssl/ssl/statem/statem_clnt.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/statem/statem_clnt.c Mon Dec 14 19:18:11 2020 (r368639) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2145,15 +2145,17 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EV } bnpub_key = NULL; - if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, - SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); + goto err; + } + dh = NULL; + + if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + 0, peer_tmp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); goto err; } Modified: stable/12/crypto/openssl/ssl/statem/statem_srvr.c ============================================================================== --- stable/12/crypto/openssl/ssl/statem/statem_srvr.c Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/crypto/openssl/ssl/statem/statem_srvr.c Mon Dec 14 19:18:11 2020 (r368639) @@ -2577,7 +2577,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); if (s->s3->tmp.pkey == NULL) { - /* SSLfatal() already called */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); goto err; } Modified: stable/12/secure/lib/libcrypto/Makefile.inc ============================================================================== --- stable/12/secure/lib/libcrypto/Makefile.inc Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/Makefile.inc Mon Dec 14 19:18:11 2020 (r368639) @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.1.1h -OPENSSL_DATE= 2020-09-22 +OPENSSL_VER= 1.1.1i +OPENSSL_DATE= 2020-12-08 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc Modified: stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S ============================================================================== --- stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S Mon Dec 14 19:18:11 2020 (r368639) @@ -104,7 +104,12 @@ aes_v8_set_encrypt_key: .Loop192: tbl v6.16b,{v4.16b},v2.16b ext v5.16b,v0.16b,v3.16b,#12 +#ifdef __ARMEB__ + st1 {v4.4s},[x2],#16 + sub x2,x2,#8 +#else st1 {v4.8b},[x2],#8 +#endif aese v6.16b,v0.16b subs w1,w1,#1 @@ -575,8 +580,11 @@ aes_v8_ctr32_encrypt_blocks: ldr w5,[x3,#240] ldr w8, [x4, #12] +#ifdef __ARMEB__ + ld1 {v0.16b},[x4] +#else ld1 {v0.4s},[x4] - +#endif ld1 {v16.4s,v17.4s},[x3] // load key schedule... sub w5,w5,#4 mov x12,#16 @@ -592,17 +600,17 @@ aes_v8_ctr32_encrypt_blocks: #ifndef __ARMEB__ rev w8, w8 #endif - orr v1.16b,v0.16b,v0.16b add w10, w8, #1 - orr v18.16b,v0.16b,v0.16b - add w8, w8, #2 orr v6.16b,v0.16b,v0.16b rev w10, w10 - mov v1.s[3],w10 + mov v6.s[3],w10 + add w8, w8, #2 + orr v1.16b,v6.16b,v6.16b b.ls .Lctr32_tail rev w12, w8 + mov v6.s[3],w12 sub x2,x2,#3 // bias - mov v18.s[3],w12 + orr v18.16b,v6.16b,v6.16b b .Loop3x_ctr32 .align 4 @@ -629,11 +637,11 @@ aes_v8_ctr32_encrypt_blocks: aese v1.16b,v16.16b aesmc v5.16b,v1.16b ld1 {v2.16b},[x0],#16 - orr v0.16b,v6.16b,v6.16b + add w9,w8,#1 aese v18.16b,v16.16b aesmc v18.16b,v18.16b ld1 {v3.16b},[x0],#16 - orr v1.16b,v6.16b,v6.16b + rev w9,w9 aese v4.16b,v17.16b aesmc v4.16b,v4.16b aese v5.16b,v17.16b @@ -642,8 +650,6 @@ aes_v8_ctr32_encrypt_blocks: mov x7,x3 aese v18.16b,v17.16b aesmc v17.16b,v18.16b - orr v18.16b,v6.16b,v6.16b - add w9,w8,#1 aese v4.16b,v20.16b aesmc v4.16b,v4.16b aese v5.16b,v20.16b @@ -659,20 +665,22 @@ aes_v8_ctr32_encrypt_blocks: aese v5.16b,v21.16b aesmc v5.16b,v5.16b eor v19.16b,v19.16b,v7.16b - rev w9,w9 + mov v6.s[3], w9 aese v17.16b,v21.16b aesmc v17.16b,v17.16b - mov v0.s[3], w9 + orr v0.16b,v6.16b,v6.16b rev w10,w10 aese v4.16b,v22.16b aesmc v4.16b,v4.16b + mov v6.s[3], w10 + rev w12,w8 aese v5.16b,v22.16b aesmc v5.16b,v5.16b - mov v1.s[3], w10 - rev w12,w8 + orr v1.16b,v6.16b,v6.16b + mov v6.s[3], w12 aese v17.16b,v22.16b aesmc v17.16b,v17.16b - mov v18.s[3], w12 + orr v18.16b,v6.16b,v6.16b subs x2,x2,#3 aese v4.16b,v23.16b aese v5.16b,v23.16b Modified: stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S ============================================================================== --- stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S Mon Dec 14 19:18:11 2020 (r368639) @@ -5,6 +5,7 @@ .text +.hidden OPENSSL_armcap_P .align 5 .Lsigma: Modified: stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S ============================================================================== --- stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S Mon Dec 14 19:18:11 2020 (r368639) @@ -6,10 +6,14 @@ // forward "declarations" are required for Apple +.hidden OPENSSL_armcap_P +.globl poly1305_init +.hidden poly1305_init .globl poly1305_blocks +.hidden poly1305_blocks .globl poly1305_emit +.hidden poly1305_emit -.globl poly1305_init .type poly1305_init,%function .align 5 poly1305_init: @@ -797,8 +801,8 @@ poly1305_blocks_neon: st1 {v23.s}[0],[x0] .Lno_data_neon: -.inst 0xd50323bf // autiasp ldr x29,[sp],#80 +.inst 0xd50323bf // autiasp ret .size poly1305_blocks_neon,.-poly1305_blocks_neon Modified: stable/12/secure/lib/libcrypto/aarch64/sha1-armv8.S ============================================================================== --- stable/12/secure/lib/libcrypto/aarch64/sha1-armv8.S Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/aarch64/sha1-armv8.S Mon Dec 14 19:18:11 2020 (r368639) @@ -5,6 +5,7 @@ .text +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -1220,4 +1221,3 @@ sha1_block_armv8: .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 -.comm OPENSSL_armcap_P,4,4 Modified: stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S ============================================================================== --- stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S Mon Dec 14 17:18:59 2020 (r368638) +++ stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S Mon Dec 14 19:18:11 2020 (r368639) @@ -61,6 +61,7 @@ .text +.hidden OPENSSL_armcap_P .globl sha256_block_data_order .type sha256_block_data_order,%function .align 6 @@ -2062,6 +2063,3 @@ sha256_block_neon: add sp,sp,#16*4+16 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012141918.0BEJICBO045807>