Date: Tue, 20 Nov 2018 21:10:04 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r340703 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/async/arch crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/... Message-ID: <201811202110.wAKLA4i5030740@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue Nov 20 21:10:04 2018 New Revision: 340703 URL: https://svnweb.freebsd.org/changeset/base/340703 Log: Merge OpenSSL 1.1.1a. Added: head/crypto/openssl/crypto/getenv.c - copied unchanged from r340690, vendor-crypto/openssl/dist/crypto/getenv.c head/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod - copied unchanged from r340690, vendor-crypto/openssl/dist/doc/man3/SSL_get_peer_tmp_key.pod head/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 (contents, props changed) Deleted: head/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod head/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod head/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod head/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 head/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 head/secure/lib/libcrypto/man/SSL_get_server_tmp_key.3 Modified: head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/INSTALL head/crypto/openssl/NEWS head/crypto/openssl/README head/crypto/openssl/apps/app_rand.c head/crypto/openssl/apps/apps.c head/crypto/openssl/apps/apps.h head/crypto/openssl/apps/ca.c head/crypto/openssl/apps/ocsp.c head/crypto/openssl/apps/openssl.cnf head/crypto/openssl/apps/opt.c head/crypto/openssl/apps/rehash.c head/crypto/openssl/apps/rsa.c head/crypto/openssl/apps/s_cb.c head/crypto/openssl/apps/s_server.c head/crypto/openssl/apps/speed.c head/crypto/openssl/apps/x509.c head/crypto/openssl/crypto/LPdir_unix.c head/crypto/openssl/crypto/async/arch/async_posix.h head/crypto/openssl/crypto/bio/b_sock2.c head/crypto/openssl/crypto/bio/bio_lib.c head/crypto/openssl/crypto/bio/bss_log.c head/crypto/openssl/crypto/bn/asm/x86_64-gcc.c head/crypto/openssl/crypto/bn/bn_exp.c head/crypto/openssl/crypto/bn/bn_lib.c head/crypto/openssl/crypto/build.info head/crypto/openssl/crypto/conf/conf_api.c head/crypto/openssl/crypto/conf/conf_mod.c head/crypto/openssl/crypto/cryptlib.c head/crypto/openssl/crypto/ct/ct_log.c head/crypto/openssl/crypto/dsa/dsa_gen.c head/crypto/openssl/crypto/dsa/dsa_ossl.c head/crypto/openssl/crypto/ec/ec_ameth.c head/crypto/openssl/crypto/ec/ec_mult.c head/crypto/openssl/crypto/ec/ec_pmeth.c head/crypto/openssl/crypto/ec/ecdh_kdf.c head/crypto/openssl/crypto/engine/eng_devcrypto.c head/crypto/openssl/crypto/engine/eng_list.c head/crypto/openssl/crypto/err/openssl.txt head/crypto/openssl/crypto/evp/e_aes.c head/crypto/openssl/crypto/evp/e_rc2.c head/crypto/openssl/crypto/evp/pmeth_lib.c head/crypto/openssl/crypto/include/internal/ec_int.h head/crypto/openssl/crypto/include/internal/rand_int.h head/crypto/openssl/crypto/kdf/hkdf.c head/crypto/openssl/crypto/mem_sec.c head/crypto/openssl/crypto/o_fopen.c head/crypto/openssl/crypto/pkcs12/p12_mutl.c head/crypto/openssl/crypto/poly1305/poly1305_ieee754.c head/crypto/openssl/crypto/rand/drbg_ctr.c head/crypto/openssl/crypto/rand/drbg_lib.c head/crypto/openssl/crypto/rand/rand_err.c head/crypto/openssl/crypto/rand/rand_lcl.h head/crypto/openssl/crypto/rand/rand_lib.c head/crypto/openssl/crypto/rand/rand_unix.c head/crypto/openssl/crypto/rand/randfile.c head/crypto/openssl/crypto/rsa/rsa_lib.c head/crypto/openssl/crypto/rsa/rsa_meth.c head/crypto/openssl/crypto/rsa/rsa_ossl.c head/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl head/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl head/crypto/openssl/crypto/siphash/siphash.c head/crypto/openssl/crypto/sm2/sm2_crypt.c head/crypto/openssl/crypto/sm2/sm2_sign.c head/crypto/openssl/crypto/ui/ui_openssl.c head/crypto/openssl/crypto/x509/by_dir.c head/crypto/openssl/crypto/x509/by_file.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/doc/man1/ca.pod head/crypto/openssl/doc/man1/enc.pod head/crypto/openssl/doc/man1/openssl.pod head/crypto/openssl/doc/man1/req.pod head/crypto/openssl/doc/man1/rsa.pod head/crypto/openssl/doc/man1/s_server.pod head/crypto/openssl/doc/man1/storeutl.pod head/crypto/openssl/doc/man1/x509.pod head/crypto/openssl/doc/man3/DES_random_key.pod head/crypto/openssl/doc/man3/EVP_DigestInit.pod head/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod head/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod head/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod head/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod head/crypto/openssl/doc/man3/EVP_aes.pod head/crypto/openssl/doc/man3/EVP_aria.pod head/crypto/openssl/doc/man3/EVP_bf_cbc.pod head/crypto/openssl/doc/man3/EVP_camellia.pod head/crypto/openssl/doc/man3/EVP_cast5_cbc.pod head/crypto/openssl/doc/man3/EVP_des.pod head/crypto/openssl/doc/man3/EVP_idea_cbc.pod head/crypto/openssl/doc/man3/EVP_md5.pod head/crypto/openssl/doc/man3/EVP_rc2_cbc.pod head/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod head/crypto/openssl/doc/man3/EVP_seed_cbc.pod head/crypto/openssl/doc/man3/EVP_sm4_cbc.pod head/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod head/crypto/openssl/doc/man3/RSA_meth_new.pod head/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod head/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod head/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod head/crypto/openssl/doc/man3/SSL_get_error.pod head/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod head/crypto/openssl/doc/man3/SSL_set_bio.pod head/crypto/openssl/doc/man3/SSL_set_shutdown.pod head/crypto/openssl/doc/man3/SSL_shutdown.pod head/crypto/openssl/doc/man7/RAND_DRBG.pod head/crypto/openssl/e_os.h head/crypto/openssl/include/internal/cryptlib.h head/crypto/openssl/include/internal/tsan_assist.h head/crypto/openssl/include/openssl/cryptoerr.h head/crypto/openssl/include/openssl/ec.h head/crypto/openssl/include/openssl/ocsp.h head/crypto/openssl/include/openssl/opensslv.h head/crypto/openssl/include/openssl/rand_drbg.h head/crypto/openssl/include/openssl/randerr.h head/crypto/openssl/include/openssl/rsa.h head/crypto/openssl/include/openssl/ssl.h head/crypto/openssl/include/openssl/symhacks.h head/crypto/openssl/include/openssl/tls1.h head/crypto/openssl/ssl/d1_lib.c head/crypto/openssl/ssl/record/rec_layer_d1.c head/crypto/openssl/ssl/record/record.h head/crypto/openssl/ssl/record/record_locl.h head/crypto/openssl/ssl/record/ssl3_record.c head/crypto/openssl/ssl/s3_cbc.c head/crypto/openssl/ssl/s3_enc.c head/crypto/openssl/ssl/s3_lib.c head/crypto/openssl/ssl/ssl_cert.c head/crypto/openssl/ssl/ssl_ciph.c head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/ssl/ssl_locl.h head/crypto/openssl/ssl/statem/extensions.c head/crypto/openssl/ssl/statem/extensions_clnt.c head/crypto/openssl/ssl/statem/statem.c head/crypto/openssl/ssl/statem/statem_clnt.c head/crypto/openssl/ssl/statem/statem_lib.c head/crypto/openssl/ssl/statem/statem_locl.h head/crypto/openssl/ssl/statem/statem_srvr.c head/crypto/openssl/ssl/t1_lib.c head/crypto/openssl/ssl/tls13_enc.c head/secure/lib/libcrypto/Makefile head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/Makefile.man head/secure/lib/libcrypto/man/ADMISSIONS.3 head/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 head/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 head/secure/lib/libcrypto/man/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/ASN1_TYPE_get.3 head/secure/lib/libcrypto/man/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 head/secure/lib/libcrypto/man/ASYNC_start_job.3 head/secure/lib/libcrypto/man/BF_encrypt.3 head/secure/lib/libcrypto/man/BIO_ADDR.3 head/secure/lib/libcrypto/man/BIO_ADDRINFO.3 head/secure/lib/libcrypto/man/BIO_connect.3 head/secure/lib/libcrypto/man/BIO_ctrl.3 head/secure/lib/libcrypto/man/BIO_f_base64.3 head/secure/lib/libcrypto/man/BIO_f_buffer.3 head/secure/lib/libcrypto/man/BIO_f_cipher.3 head/secure/lib/libcrypto/man/BIO_f_md.3 head/secure/lib/libcrypto/man/BIO_f_null.3 head/secure/lib/libcrypto/man/BIO_f_ssl.3 head/secure/lib/libcrypto/man/BIO_find_type.3 head/secure/lib/libcrypto/man/BIO_get_data.3 head/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 head/secure/lib/libcrypto/man/BIO_meth_new.3 head/secure/lib/libcrypto/man/BIO_new.3 head/secure/lib/libcrypto/man/BIO_new_CMS.3 head/secure/lib/libcrypto/man/BIO_parse_hostserv.3 head/secure/lib/libcrypto/man/BIO_printf.3 head/secure/lib/libcrypto/man/BIO_push.3 head/secure/lib/libcrypto/man/BIO_read.3 head/secure/lib/libcrypto/man/BIO_s_accept.3 head/secure/lib/libcrypto/man/BIO_s_bio.3 head/secure/lib/libcrypto/man/BIO_s_connect.3 head/secure/lib/libcrypto/man/BIO_s_fd.3 head/secure/lib/libcrypto/man/BIO_s_file.3 head/secure/lib/libcrypto/man/BIO_s_mem.3 head/secure/lib/libcrypto/man/BIO_s_null.3 head/secure/lib/libcrypto/man/BIO_s_socket.3 head/secure/lib/libcrypto/man/BIO_set_callback.3 head/secure/lib/libcrypto/man/BIO_should_retry.3 head/secure/lib/libcrypto/man/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/BN_CTX_new.3 head/secure/lib/libcrypto/man/BN_CTX_start.3 head/secure/lib/libcrypto/man/BN_add.3 head/secure/lib/libcrypto/man/BN_add_word.3 head/secure/lib/libcrypto/man/BN_bn2bin.3 head/secure/lib/libcrypto/man/BN_cmp.3 head/secure/lib/libcrypto/man/BN_copy.3 head/secure/lib/libcrypto/man/BN_generate_prime.3 head/secure/lib/libcrypto/man/BN_mod_inverse.3 head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/BN_new.3 head/secure/lib/libcrypto/man/BN_num_bytes.3 head/secure/lib/libcrypto/man/BN_rand.3 head/secure/lib/libcrypto/man/BN_security_bits.3 head/secure/lib/libcrypto/man/BN_set_bit.3 head/secure/lib/libcrypto/man/BN_swap.3 head/secure/lib/libcrypto/man/BN_zero.3 head/secure/lib/libcrypto/man/BUF_MEM_new.3 head/secure/lib/libcrypto/man/CMS_add0_cert.3 head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/CMS_add1_signer.3 head/secure/lib/libcrypto/man/CMS_compress.3 head/secure/lib/libcrypto/man/CMS_decrypt.3 head/secure/lib/libcrypto/man/CMS_encrypt.3 head/secure/lib/libcrypto/man/CMS_final.3 head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/CMS_get0_type.3 head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/CMS_sign.3 head/secure/lib/libcrypto/man/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/CMS_uncompress.3 head/secure/lib/libcrypto/man/CMS_verify.3 head/secure/lib/libcrypto/man/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/CONF_modules_free.3 head/secure/lib/libcrypto/man/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 head/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 head/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 head/secure/lib/libcrypto/man/CTLOG_STORE_new.3 head/secure/lib/libcrypto/man/CTLOG_new.3 head/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 head/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 head/secure/lib/libcrypto/man/DES_random_key.3 head/secure/lib/libcrypto/man/DH_generate_key.3 head/secure/lib/libcrypto/man/DH_generate_parameters.3 head/secure/lib/libcrypto/man/DH_get0_pqg.3 head/secure/lib/libcrypto/man/DH_get_1024_160.3 head/secure/lib/libcrypto/man/DH_meth_new.3 head/secure/lib/libcrypto/man/DH_new.3 head/secure/lib/libcrypto/man/DH_new_by_nid.3 head/secure/lib/libcrypto/man/DH_set_method.3 head/secure/lib/libcrypto/man/DH_size.3 head/secure/lib/libcrypto/man/DSA_SIG_new.3 head/secure/lib/libcrypto/man/DSA_do_sign.3 head/secure/lib/libcrypto/man/DSA_dup_DH.3 head/secure/lib/libcrypto/man/DSA_generate_key.3 head/secure/lib/libcrypto/man/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/DSA_get0_pqg.3 head/secure/lib/libcrypto/man/DSA_meth_new.3 head/secure/lib/libcrypto/man/DSA_new.3 head/secure/lib/libcrypto/man/DSA_set_method.3 head/secure/lib/libcrypto/man/DSA_sign.3 head/secure/lib/libcrypto/man/DSA_size.3 head/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 head/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 head/secure/lib/libcrypto/man/DTLSv1_listen.3 head/secure/lib/libcrypto/man/ECDSA_SIG_new.3 head/secure/lib/libcrypto/man/ECPKParameters_print.3 head/secure/lib/libcrypto/man/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/EC_GROUP_new.3 head/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 head/secure/lib/libcrypto/man/EC_KEY_new.3 head/secure/lib/libcrypto/man/EC_POINT_add.3 head/secure/lib/libcrypto/man/EC_POINT_new.3 head/secure/lib/libcrypto/man/ENGINE_add.3 head/secure/lib/libcrypto/man/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/ERR_clear_error.3 head/secure/lib/libcrypto/man/ERR_error_string.3 head/secure/lib/libcrypto/man/ERR_get_error.3 head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/ERR_load_strings.3 head/secure/lib/libcrypto/man/ERR_print_errors.3 head/secure/lib/libcrypto/man/ERR_put_error.3 head/secure/lib/libcrypto/man/ERR_remove_state.3 head/secure/lib/libcrypto/man/ERR_set_mark.3 head/secure/lib/libcrypto/man/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 head/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 head/secure/lib/libcrypto/man/EVP_DigestInit.3 head/secure/lib/libcrypto/man/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/EVP_EncodeInit.3 head/secure/lib/libcrypto/man/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/EVP_MD_meth_new.3 head/secure/lib/libcrypto/man/EVP_OpenInit.3 head/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 head/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/EVP_SealInit.3 head/secure/lib/libcrypto/man/EVP_SignInit.3 head/secure/lib/libcrypto/man/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/EVP_aes.3 head/secure/lib/libcrypto/man/EVP_aria.3 head/secure/lib/libcrypto/man/EVP_bf_cbc.3 head/secure/lib/libcrypto/man/EVP_blake2b512.3 head/secure/lib/libcrypto/man/EVP_camellia.3 head/secure/lib/libcrypto/man/EVP_cast5_cbc.3 head/secure/lib/libcrypto/man/EVP_chacha20.3 head/secure/lib/libcrypto/man/EVP_des.3 head/secure/lib/libcrypto/man/EVP_desx_cbc.3 head/secure/lib/libcrypto/man/EVP_idea_cbc.3 head/secure/lib/libcrypto/man/EVP_md2.3 head/secure/lib/libcrypto/man/EVP_md4.3 head/secure/lib/libcrypto/man/EVP_md5.3 head/secure/lib/libcrypto/man/EVP_mdc2.3 head/secure/lib/libcrypto/man/EVP_rc2_cbc.3 head/secure/lib/libcrypto/man/EVP_rc4.3 head/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 head/secure/lib/libcrypto/man/EVP_ripemd160.3 head/secure/lib/libcrypto/man/EVP_seed_cbc.3 head/secure/lib/libcrypto/man/EVP_sha1.3 head/secure/lib/libcrypto/man/EVP_sha224.3 head/secure/lib/libcrypto/man/EVP_sha3_224.3 head/secure/lib/libcrypto/man/EVP_sm3.3 head/secure/lib/libcrypto/man/EVP_sm4_cbc.3 head/secure/lib/libcrypto/man/EVP_whirlpool.3 head/secure/lib/libcrypto/man/HMAC.3 head/secure/lib/libcrypto/man/MD5.3 head/secure/lib/libcrypto/man/MDC2_Init.3 head/secure/lib/libcrypto/man/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 head/secure/lib/libcrypto/man/OCSP_cert_to_id.3 head/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 head/secure/lib/libcrypto/man/OCSP_resp_find_status.3 head/secure/lib/libcrypto/man/OCSP_response_status.3 head/secure/lib/libcrypto/man/OCSP_sendreq_new.3 head/secure/lib/libcrypto/man/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 head/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/OPENSSL_config.3 head/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 head/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/OPENSSL_malloc.3 head/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 head/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 head/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 head/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 head/secure/lib/libcrypto/man/OSSL_STORE_expect.3 head/secure/lib/libcrypto/man/OSSL_STORE_open.3 head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 head/secure/lib/libcrypto/man/PEM_read.3 head/secure/lib/libcrypto/man/PEM_read_CMS.3 head/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 head/secure/lib/libcrypto/man/PEM_read_bio_ex.3 head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/PKCS12_create.3 head/secure/lib/libcrypto/man/PKCS12_newpass.3 head/secure/lib/libcrypto/man/PKCS12_parse.3 head/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 head/secure/lib/libcrypto/man/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/PKCS7_sign.3 head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/PKCS7_verify.3 head/secure/lib/libcrypto/man/RAND_DRBG_generate.3 head/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 head/secure/lib/libcrypto/man/RAND_DRBG_new.3 head/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 head/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 head/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 head/secure/lib/libcrypto/man/RAND_add.3 head/secure/lib/libcrypto/man/RAND_bytes.3 head/secure/lib/libcrypto/man/RAND_cleanup.3 head/secure/lib/libcrypto/man/RAND_egd.3 head/secure/lib/libcrypto/man/RAND_load_file.3 head/secure/lib/libcrypto/man/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/RC4_set_key.3 head/secure/lib/libcrypto/man/RIPEMD160_Init.3 head/secure/lib/libcrypto/man/RSA_blinding_on.3 head/secure/lib/libcrypto/man/RSA_check_key.3 head/secure/lib/libcrypto/man/RSA_generate_key.3 head/secure/lib/libcrypto/man/RSA_get0_key.3 head/secure/lib/libcrypto/man/RSA_meth_new.3 head/secure/lib/libcrypto/man/RSA_new.3 head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/RSA_print.3 head/secure/lib/libcrypto/man/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/RSA_set_method.3 head/secure/lib/libcrypto/man/RSA_sign.3 head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/RSA_size.3 head/secure/lib/libcrypto/man/SCT_new.3 head/secure/lib/libcrypto/man/SCT_print.3 head/secure/lib/libcrypto/man/SCT_validate.3 head/secure/lib/libcrypto/man/SHA256_Init.3 head/secure/lib/libcrypto/man/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 head/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libcrypto/man/SSL_CONF_cmd.3 head/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 head/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 head/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libcrypto/man/SSL_CTX_add_session.3 head/secure/lib/libcrypto/man/SSL_CTX_config.3 head/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 head/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 head/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 head/secure/lib/libcrypto/man/SSL_CTX_free.3 head/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 head/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 head/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 head/secure/lib/libcrypto/man/SSL_CTX_new.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_sessions.3 head/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 head/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 head/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 head/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 head/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 head/secure/lib/libcrypto/man/SSL_CTX_set_options.3 head/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 head/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 head/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 head/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 head/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 head/secure/lib/libcrypto/man/SSL_SESSION_free.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 head/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 head/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 head/secure/lib/libcrypto/man/SSL_SESSION_print.3 head/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 head/secure/lib/libcrypto/man/SSL_accept.3 head/secure/lib/libcrypto/man/SSL_alert_type_string.3 head/secure/lib/libcrypto/man/SSL_alloc_buffers.3 head/secure/lib/libcrypto/man/SSL_check_chain.3 head/secure/lib/libcrypto/man/SSL_clear.3 head/secure/lib/libcrypto/man/SSL_connect.3 head/secure/lib/libcrypto/man/SSL_do_handshake.3 head/secure/lib/libcrypto/man/SSL_export_keying_material.3 head/secure/lib/libcrypto/man/SSL_extension_supported.3 head/secure/lib/libcrypto/man/SSL_free.3 head/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 head/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 head/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 head/secure/lib/libcrypto/man/SSL_get_ciphers.3 head/secure/lib/libcrypto/man/SSL_get_client_random.3 head/secure/lib/libcrypto/man/SSL_get_current_cipher.3 head/secure/lib/libcrypto/man/SSL_get_default_timeout.3 head/secure/lib/libcrypto/man/SSL_get_error.3 head/secure/lib/libcrypto/man/SSL_get_extms_support.3 head/secure/lib/libcrypto/man/SSL_get_fd.3 head/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 head/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 head/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 head/secure/lib/libcrypto/man/SSL_get_psk_identity.3 head/secure/lib/libcrypto/man/SSL_get_rbio.3 head/secure/lib/libcrypto/man/SSL_get_session.3 head/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 head/secure/lib/libcrypto/man/SSL_get_verify_result.3 head/secure/lib/libcrypto/man/SSL_get_version.3 head/secure/lib/libcrypto/man/SSL_in_init.3 head/secure/lib/libcrypto/man/SSL_key_update.3 head/secure/lib/libcrypto/man/SSL_library_init.3 head/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 head/secure/lib/libcrypto/man/SSL_new.3 head/secure/lib/libcrypto/man/SSL_pending.3 head/secure/lib/libcrypto/man/SSL_read.3 head/secure/lib/libcrypto/man/SSL_read_early_data.3 head/secure/lib/libcrypto/man/SSL_rstate_string.3 head/secure/lib/libcrypto/man/SSL_session_reused.3 head/secure/lib/libcrypto/man/SSL_set1_host.3 head/secure/lib/libcrypto/man/SSL_set_bio.3 head/secure/lib/libcrypto/man/SSL_set_connect_state.3 head/secure/lib/libcrypto/man/SSL_set_fd.3 head/secure/lib/libcrypto/man/SSL_set_session.3 head/secure/lib/libcrypto/man/SSL_set_shutdown.3 head/secure/lib/libcrypto/man/SSL_set_verify_result.3 head/secure/lib/libcrypto/man/SSL_shutdown.3 head/secure/lib/libcrypto/man/SSL_state_string.3 head/secure/lib/libcrypto/man/SSL_want.3 head/secure/lib/libcrypto/man/SSL_write.3 head/secure/lib/libcrypto/man/UI_STRING.3 head/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 head/secure/lib/libcrypto/man/UI_create_method.3 head/secure/lib/libcrypto/man/UI_new.3 head/secure/lib/libcrypto/man/X509V3_get_d2i.3 head/secure/lib/libcrypto/man/X509_ALGOR_dup.3 head/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 head/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 head/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 head/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/X509_NAME_get0_der.3 head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/X509_PUBKEY_new.3 head/secure/lib/libcrypto/man/X509_SIG_get0.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/X509_STORE_add_cert.3 head/secure/lib/libcrypto/man/X509_STORE_get0_param.3 head/secure/lib/libcrypto/man/X509_STORE_new.3 head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/X509_check_ca.3 head/secure/lib/libcrypto/man/X509_check_host.3 head/secure/lib/libcrypto/man/X509_check_issued.3 head/secure/lib/libcrypto/man/X509_check_private_key.3 head/secure/lib/libcrypto/man/X509_cmp_time.3 head/secure/lib/libcrypto/man/X509_digest.3 head/secure/lib/libcrypto/man/X509_dup.3 head/secure/lib/libcrypto/man/X509_get0_notBefore.3 head/secure/lib/libcrypto/man/X509_get0_signature.3 head/secure/lib/libcrypto/man/X509_get0_uids.3 head/secure/lib/libcrypto/man/X509_get_extension_flags.3 head/secure/lib/libcrypto/man/X509_get_pubkey.3 head/secure/lib/libcrypto/man/X509_get_serialNumber.3 head/secure/lib/libcrypto/man/X509_get_subject_name.3 head/secure/lib/libcrypto/man/X509_get_version.3 head/secure/lib/libcrypto/man/X509_new.3 head/secure/lib/libcrypto/man/X509_sign.3 head/secure/lib/libcrypto/man/X509_verify_cert.3 head/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 head/secure/lib/libcrypto/man/d2i_DHparams.3 head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 head/secure/lib/libcrypto/man/d2i_PrivateKey.3 head/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 head/secure/lib/libcrypto/man/d2i_X509.3 head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 head/secure/lib/libcrypto/man/o2i_SCT_LIST.3 head/secure/lib/libssl/Version.map (contents, props changed) head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/engine.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/list.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/prime.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/srp.1 head/secure/usr.bin/openssl/man/storeutl.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 Directory Properties: head/crypto/openssl/ (props changed) head/secure/lib/libcrypto/Version.map (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/CHANGES Tue Nov 20 21:10:04 2018 (r340703) @@ -7,6 +7,42 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] *) Add a new ClientHello callback. Provides a callback interface that gives @@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop <ebishop@spyglass.com>] - Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/Configure Tue Nov 20 21:10:04 2018 (r340703) @@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) { if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; -You have selected the --with-rand-seed=none option, which effectively disables -automatic reseeding of the OpenSSL random generator. All operations depending -on the random generator such as creating keys will not work unless the random -generator is seeded manually by the application. -Please read the 'Note on random number generation' section in the INSTALL -instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== +You have selected the --with-rand-seed=none option, which effectively +disables automatic reseeding of the OpenSSL random generator. +All operations depending on the random generator such as creating keys +will not work unless the random generator is seeded manually by the +application. + +Please read the 'Note on random number generation' section in the +INSTALL instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== + _____ } push @{$config{openssl_other_defines}}, @@ -2174,6 +2179,16 @@ EOF # Massage the result + # If the user configured no-shared, we allow no shared sources + if ($disabled{shared}) { + foreach (keys %{$unified_info{shared_sources}}) { + foreach (keys %{$unified_info{shared_sources}->{$_}}) { + delete $unified_info{sources}->{$_}; + } + } + $unified_info{shared_sources} = {}; + } + # If we depend on a header file or a perl module, add an inclusion of # its directory to allow smoothe inclusion foreach my $dest (keys %{$unified_info{depends}}) { @@ -2198,8 +2213,8 @@ EOF next unless defined($unified_info{includes}->{$dest}->{$k}); my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}}; foreach my $obj (grep /\.o$/, - (keys %{$unified_info{sources}->{$dest}}, - keys %{$unified_info{shared_sources}->{$dest}})) { + (keys %{$unified_info{sources}->{$dest} // {}}, + keys %{$unified_info{shared_sources}->{$dest} // {}})) { foreach my $inc (@incs) { unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}}; @@ -2238,6 +2253,42 @@ EOF [ @{$unified_info{includes}->{$dest}->{source}} ]; } } + + # For convenience collect information regarding directories where + # files are generated, those generated files and the end product + # they end up in where applicable. Then, add build rules for those + # directories + my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ], + "dso" => [ @{$unified_info{engines}} ], + "bin" => [ @{$unified_info{programs}} ], + "script" => [ @{$unified_info{scripts}} ] ); + foreach my $type (keys %loopinfo) { + foreach my $product (@{$loopinfo{$type}}) { + my %dirs = (); + my $pd = dirname($product); + + foreach (@{$unified_info{sources}->{$product} // []}, + @{$unified_info{shared_sources}->{$product} // []}) { + my $d = dirname($_); + + # We don't want to create targets for source directories + # when building out of source + next if ($config{sourcedir} ne $config{builddir} + && $d =~ m|^\Q$config{sourcedir}\E|); + # We already have a "test" target, and the current directory + # is just silly to make a target for + next if $d eq "test" || $d eq "."; + + $dirs{$d} = 1; + push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ + if $d ne $pd; + } + foreach (keys %dirs) { + push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, + $product; + } + } + } } # For the schemes that need it, we provide the old *_obj configs @@ -2712,10 +2763,16 @@ print <<"EOF"; ********************************************************************** *** *** -*** If you want to report a building issue, please include the *** -*** output from this command: *** +*** OpenSSL has been successfully configured *** *** *** -*** perl configdata.pm --dump *** +*** If you encounter a problem while building, please open an *** +*** issue on GitHub <https://github.com/openssl/openssl/issues> *** +*** and include the output from the following command: *** +*** *** +*** perl configdata.pm --dump *** +*** *** +*** (If you are new to OpenSSL, you might want to consult the *** +*** 'Troubleshooting' section in the INSTALL file first) *** *** *** ********************************************************************** EOF Modified: head/crypto/openssl/INSTALL ============================================================================== --- head/crypto/openssl/INSTALL Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/INSTALL Tue Nov 20 21:10:04 2018 (r340703) @@ -614,8 +614,8 @@ Windows, and as a comma separated list of libraries on VMS. RANLIB The library archive indexer. - RC The Windows resources manipulator. - RCFLAGS Flags for the Windows reources manipulator. + RC The Windows resource compiler. + RCFLAGS Flags for the Windows resource compiler. RM The command to remove files and directories. These cannot be mixed with compiling / linking flags given @@ -969,7 +969,7 @@ BUILDFILE Use a different build file name than the platform default - ("Makefile" on Unixly platforms, "makefile" on native Windows, + ("Makefile" on Unix-like platforms, "makefile" on native Windows, "descrip.mms" on OpenVMS). This requires that there is a corresponding build file template. See Configurations/README for further information. @@ -1171,7 +1171,7 @@ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of the name. - On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + On most POSIX platforms, shared libraries are named libcrypto.so.1.1 and libssl.so.1.1. on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll @@ -1202,7 +1202,7 @@ The seeding method can be configured using the --with-rand-seed option, which can be used to specify a comma separated list of seed methods. However in most cases OpenSSL will choose a suitable default method, - so it is not necessary to explicitely provide this option. Note also + so it is not necessary to explicitly provide this option. Note also that not all methods are available on all platforms. I) On operating systems which provide a suitable randomness source (in Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/NEWS Tue Nov 20 21:10:04 2018 (r340703) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] + + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/README Tue Nov 20 21:10:04 2018 (r340703) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1 11 Sep 2018 + OpenSSL 1.1.1a 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: head/crypto/openssl/apps/app_rand.c ============================================================================== --- head/crypto/openssl/apps/app_rand.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/app_rand.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section) if (RAND_load_file(randfile, -1) < 0) { BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); ERR_print_errors(bio_err); - return; } if (save_rand_file == NULL) save_rand_file = OPENSSL_strdup(randfile); Modified: head/crypto/openssl/apps/apps.c ============================================================================== --- head/crypto/openssl/apps/apps.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/apps.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int opt_getprog(), typestr); continue; } + if (*valstr == '\0') { + BIO_printf(bio_err, + "%s: No value provided for Subject Attribute %s, skipped\n", + opt_getprog(), typestr); + continue; + } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) Modified: head/crypto/openssl/apps/apps.h ============================================================================== --- head/crypto/openssl/apps/apps.h Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/apps.h Tue Nov 20 21:10:04 2018 (r340703) @@ -369,7 +369,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_SMIME (1L << 3) # define OPT_FMT_ENGINE (1L << 4) # define OPT_FMT_MSBLOB (1L << 5) -# define OPT_FMT_NETSCAPE (1L << 6) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ # define OPT_FMT_NSS (1L << 7) # define OPT_FMT_TEXT (1L << 8) # define OPT_FMT_HTTP (1L << 9) @@ -378,8 +378,8 @@ typedef struct string_int_pair_st { # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ - OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) char *opt_progname(const char *argv0); char *opt_getprog(void); Modified: head/crypto/openssl/apps/ca.c ============================================================================== --- head/crypto/openssl/apps/ca.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/ca.c Tue Nov 20 21:10:04 2018 (r340703) @@ -605,7 +605,7 @@ end_of_options: /* * outdir is a directory spec, but access() for VMS demands a * filename. We could use the DEC C routine to convert the - * directory syntax to Unixly, and give that to app_isdir, + * directory syntax to Unix, and give that to app_isdir, * but for now the fopen will catch the error if it's not a * directory */ @@ -976,7 +976,7 @@ end_of_options: BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); - if (!rand_ser + if (serialfile != NULL && !save_serial(serialfile, "new", serial, NULL)) goto end; @@ -1044,7 +1044,8 @@ end_of_options: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - if (!rotate_serial(serialfile, "new", "old")) + if (serialfile != NULL + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1177,10 +1178,9 @@ end_of_options: } /* we have a CRL number that need updating */ - if (crlnumberfile != NULL) - if (!rand_ser - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; + if (crlnumberfile != NULL + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + goto end; BN_free(crlnumber); crlnumber = NULL; @@ -1195,9 +1195,10 @@ end_of_options: PEM_write_bio_X509_CRL(Sout, crl); - if (crlnumberfile != NULL) /* Rename the crlnumber file */ - if (!rotate_serial(crlnumberfile, "new", "old")) - goto end; + /* Rename the crlnumber file */ + if (crlnumberfile != NULL + && !rotate_serial(crlnumberfile, "new", "old")) + goto end; } /*****************************************************************/ Modified: head/crypto/openssl/apps/ocsp.c ============================================================================== --- head/crypto/openssl/apps/ocsp.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/ocsp.c Tue Nov 20 21:10:04 2018 (r340703) @@ -950,6 +950,7 @@ static void spawn_loop(void) sleep(30); break; case 0: /* child */ + OPENSSL_free(kidpids); signal(SIGINT, SIG_DFL); signal(SIGTERM, SIG_DFL); if (termsig) @@ -976,6 +977,7 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ + OPENSSL_free(kidpids); syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } Modified: head/crypto/openssl/apps/openssl.cnf ============================================================================== --- head/crypto/openssl/apps/openssl.cnf Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/openssl.cnf Tue Nov 20 21:10:04 2018 (r340703) @@ -11,7 +11,6 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -58,7 +57,6 @@ crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert Modified: head/crypto/openssl/apps/opt.c ============================================================================== --- head/crypto/openssl/apps/opt.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/opt.c Tue Nov 20 21:10:04 2018 (r340703) @@ -168,7 +168,6 @@ static OPT_PAIR formats[] = { {"smime", OPT_FMT_SMIME}, {"engine", OPT_FMT_ENGINE}, {"msblob", OPT_FMT_MSBLOB}, - {"netscape", OPT_FMT_NETSCAPE}, {"nss", OPT_FMT_NSS}, {"text", OPT_FMT_TEXT}, {"http", OPT_FMT_HTTP}, Modified: head/crypto/openssl/apps/rehash.c ============================================================================== --- head/crypto/openssl/apps/rehash.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/rehash.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1,6 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> + * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy Modified: head/crypto/openssl/apps/rsa.c ============================================================================== --- head/crypto/openssl/apps/rsa.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/rsa.c Tue Nov 20 21:10:04 2018 (r340703) @@ -38,8 +38,8 @@ typedef enum OPTION_choice { const OPTIONS rsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"}, + {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"}, + {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, {"in", OPT_IN, 's', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, @@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) { if (pubin) { Modified: head/crypto/openssl/apps/s_cb.c ============================================================================== --- head/crypto/openssl/apps/s_cb.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/s_cb.c Tue Nov 20 21:10:04 2018 (r340703) @@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; - if (!SSL_get_server_tmp_key(s, &key)) + + if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { Modified: head/crypto/openssl/apps/s_server.c ============================================================================== --- head/crypto/openssl/apps/s_server.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/s_server.c Tue Nov 20 21:10:04 2018 (r340703) @@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigne if (strlen(psk_identity) != identity_len || memcmp(psk_identity, identity, identity_len) != 0) { - BIO_printf(bio_s_out, - "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); + *sess = NULL; + return 1; } if (psksess != NULL) { @@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif + if (early_data && (www > 0 || rev)) { + BIO_printf(bio_err, + "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); + goto end; + } #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP) { Modified: head/crypto/openssl/apps/speed.c ============================================================================== --- head/crypto/openssl/apps/speed.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/speed.c Tue Nov 20 21:10:04 2018 (r340703) @@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < ECDSA_NUM; testnum++) ecdsa_doit[testnum] = 0; } } Modified: head/crypto/openssl/apps/x509.c ============================================================================== --- head/crypto/openssl/apps/x509.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/apps/x509.c Tue Nov 20 21:10:04 2018 (r340703) @@ -67,10 +67,10 @@ typedef enum OPTION_choice { const OPTIONS x509_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', - "Input format - default PEM (one of DER, NET or PEM)"}, + "Input format - default PEM (one of DER or PEM)"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (one of DER, NET or PEM)"}, + "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, Modified: head/crypto/openssl/crypto/LPdir_unix.c ============================================================================== --- head/crypto/openssl/crypto/LPdir_unix.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/LPdir_unix.c Tue Nov 20 21:10:04 2018 (r340703) @@ -51,7 +51,7 @@ #endif /* - * The POSIXly macro for the maximum number of characters in a file path is + * The POSIX macro for the maximum number of characters in a file path is * NAME_MAX. However, some operating systems use PATH_MAX instead. * Therefore, it seems natural to first check for PATH_MAX and use that, and * if it doesn't exist, use NAME_MAX. Modified: head/crypto/openssl/crypto/async/arch/async_posix.h ============================================================================== --- head/crypto/openssl/crypto/async/arch/async_posix.h Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/async/arch/async_posix.h Tue Nov 20 21:10:04 2018 (r340703) @@ -17,7 +17,8 @@ # include <unistd.h> -# if _POSIX_VERSION >= 200112L +# if _POSIX_VERSION >= 200112L \ + && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) # include <pthread.h> Modified: head/crypto/openssl/crypto/bio/b_sock2.c ============================================================================== --- head/crypto/openssl/crypto/bio/b_sock2.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bio/b_sock2.c Tue Nov 20 21:10:04 2018 (r340703) @@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int op */ int BIO_bind(int sock, const BIO_ADDR *addr, int options) { +# ifndef OPENSSL_SYS_WINDOWS int on = 1; +# endif if (sock == -1) { BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET); Modified: head/crypto/openssl/crypto/bio/bio_lib.c ============================================================================== --- head/crypto/openssl/crypto/bio/bio_lib.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bio/bio_lib.c Tue Nov 20 21:10:04 2018 (r340703) @@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const argi = (int)len; } - if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { if (*processed > INT_MAX) return -1; inret = *processed; @@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const ret = b->callback(b, oper, argp, argi, argl, inret); - if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { *processed = (size_t)ret; ret = 1; } Modified: head/crypto/openssl/crypto/bio/bss_log.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_log.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bio/bss_log.c Tue Nov 20 21:10:04 2018 (r340703) @@ -408,4 +408,9 @@ static void xcloselog(BIO *bp) # endif /* Unix */ +#else /* NO_SYSLOG */ +const BIO_METHOD *BIO_s_log(void) +{ + return NULL; +} #endif /* NO_SYSLOG */ Modified: head/crypto/openssl/crypto/bn/asm/x86_64-gcc.c ============================================================================== --- head/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,12 +63,6 @@ * very much like 64-bit code compiled with no-asm on the same * machine. */ - -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif # undef mul # undef mul_add Modified: head/crypto/openssl/crypto/bn/bn_exp.c ============================================================================== --- head/crypto/openssl/crypto/bn/bn_exp.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bn/bn_exp.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM * is not only slower but also makes each bit vulnerable to * EM (and likely other) side-channel attacks like One&Done * (for details see "One&Done: A Single-Decryption EM-Based - * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and * M. Prvulovic, in USENIX Security'18) */ Modified: head/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- head/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:10:04 2018 (r340703) @@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, b->neg ^= t; /*- - * Idea behind BN_FLG_STATIC_DATA is actually to - * indicate that data may not be written to. - * Intention is actually to treat it as it's - * read-only data, and some (if not most) of it does - * reside in read-only segment. In other words - * observation of BN_FLG_STATIC_DATA in - * BN_consttime_swap should be treated as fatal - * condition. It would either cause SEGV or - * effectively cause data corruption. - * BN_FLG_MALLOCED refers to BN structure itself, - * and hence must be preserved. Remaining flags are - * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be - * preserved, because it determines how x->d was - * allocated and hence how to free it. This leaves - * BN_FLG_CONSTTIME that one can do something about. - * To summarize it's sufficient to mask and swap - * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should - * be treated as fatal. + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it */ - t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; a->flags ^= t; b->flags ^= t; Modified: head/crypto/openssl/crypto/build.info ============================================================================== --- head/crypto/openssl/crypto/build.info Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/build.info Tue Nov 20 21:10:04 2018 (r340703) @@ -2,7 +2,7 @@ LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ - threads_pthread.c threads_win.c threads_none.c \ + threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \ {- $target{uplink_aux_src} -} EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ Modified: head/crypto/openssl/crypto/conf/conf_api.c ============================================================================== --- head/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:10:04 2018 (r340703) @@ -10,6 +10,7 @@ /* Part of the code in here was originally in conf.c, which is now removed */ #include "e_os.h" +#include "internal/cryptlib.h" #include <stdlib.h> #include <string.h> #include <openssl/conf.h> @@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *s if (v != NULL) return v->value; if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return p; } @@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *s else return NULL; } else - return getenv(name); + return ossl_safe_getenv(name); } static unsigned long conf_value_hash(const CONF_VALUE *v) Modified: head/crypto/openssl/crypto/conf/conf_mod.c ============================================================================== --- head/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:10:04 2018 (r340703) @@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - if (!OPENSSL_issetugid()) { - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); - } + if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) + return OPENSSL_strdup(file); len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS Modified: head/crypto/openssl/crypto/cryptlib.c ============================================================================== --- head/crypto/openssl/crypto/cryptlib.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/cryptlib.c Tue Nov 20 21:10:04 2018 (r340703) @@ -204,7 +204,7 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); - FARPROC f; + FARPROC f = NULL; if (mod != NULL) f = GetProcAddress(mod, "_OPENSSL_isservice"); Modified: head/crypto/openssl/crypto/ct/ct_log.c ============================================================================== --- head/crypto/openssl/crypto/ct/ct_log.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/ct/ct_log.c Tue Nov 20 21:10:04 2018 (r340703) @@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const C int CTLOG_STORE_load_default_file(CTLOG_STORE *store) { - const char *fpath = getenv(CTLOG_FILE_EVP); + const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); if (fpath == NULL) fpath = CTLOG_FILE; Modified: head/crypto/openssl/crypto/dsa/dsa_gen.c ============================================================================== --- head/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:10:04 2018 (r340703) @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N if (mctx == NULL) goto err; + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); Modified: head/crypto/openssl/crypto/dsa/dsa_ossl.c ============================================================================== --- head/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:10:04 2018 (r340703) @@ -9,6 +9,7 @@ #include <stdio.h> #include "internal/cryptlib.h" +#include "internal/bn_int.h" #include <openssl/bn.h> #include <openssl/sha.h> #include "dsa_locl.h" @@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, in DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l, *m; + BIGNUM *l; int ret = 0; - int q_bits; + int q_bits, q_words; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, k = BN_new(); l = BN_new(); - m = BN_new(); - if (k == NULL || l == NULL || m == NULL) + if (k == NULL || l == NULL) goto err; if (ctx_in == NULL) { @@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Preallocate space */ q_bits = BN_num_bits(dsa->q); - if (!BN_set_bit(k, q_bits) - || !BN_set_bit(l, q_bits) - || !BN_set_bit(m, q_bits)) + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) goto err; /* Get random k */ @@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } while (BN_is_zero(k)); BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * small timing information leakage. We then choose the sum that is * one bit longer than the modulus. * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. + * There are some concerns about the efficacy of doing this. More + * specificly refer to the discussion starting with: + * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. */ if (!BN_add(l, k, dsa->q) - || !BN_add(m, l, dsa->q) - || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m)) + || !BN_add(k, l, dsa->q)) goto err; + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); + if ((dsa)->meth->bn_mod_exp != NULL) { if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) @@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) goto err; BN_clear_free(*kinvp); @@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BN_CTX_free(ctx); BN_clear_free(k); BN_clear_free(l); - BN_clear_free(m); return ret; } @@ -392,4 +397,32 @@ static int dsa_finish(DSA *dsa) { BN_MONT_CTX_free(dsa->method_mont_p); return 1; +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; } Modified: head/crypto/openssl/crypto/ec/ec_ameth.c ============================================================================== --- head/crypto/openssl/crypto/ec/ec_ameth.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/ec/ec_ameth.c Tue Nov 20 21:10:04 2018 (r340703) @@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); @@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_62; + kdf_type = EVP_PKEY_ECDH_KDF_X9_63; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else Modified: head/crypto/openssl/crypto/ec/ec_mult.c ============================================================================== --- head/crypto/openssl/crypto/ec/ec_mult.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/ec/ec_mult.c Tue Nov 20 21:10:04 2018 (r340703) @@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI */ cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); - if ((bn_wexpand(k, group_top + 1) == NULL) - || (bn_wexpand(lambda, group_top + 1) == NULL)) { + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; } @@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI * k := scalar + 2*cardinality */ kbit = BN_is_bit_set(lambda, cardinality_bits); - BN_consttime_swap(kbit, k, lambda, group_top + 1); + BN_consttime_swap(kbit, k, lambda, group_top + 2); group_top = bn_get_top(group->field); if ((bn_wexpand(s->X, group_top) == NULL) Modified: head/crypto/openssl/crypto/ec/ec_pmeth.c ============================================================================== --- head/crypto/openssl/crypto/ec/ec_pmeth.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/ec/ec_pmeth.c Tue Nov 20 21:10:04 2018 (r340703) @@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; /* Do KDF stuff */ - if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, + if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) goto err; rv = 1; @@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, i case EVP_PKEY_CTRL_EC_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; - if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62) + if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63) return -2; dctx->kdf_type = p1; return 1; Modified: head/crypto/openssl/crypto/ec/ecdh_kdf.c ============================================================================== --- head/crypto/openssl/crypto/ec/ecdh_kdf.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/ec/ecdh_kdf.c Tue Nov 20 21:10:04 2018 (r340703) @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,13 @@ #include <string.h> #include <openssl/ec.h> #include <openssl/evp.h> +#include "ec_lcl.h" -/* Key derivation function from X9.62/SECG */ +/* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ #define ECDH_KDF_MAX (1 << 30) -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) @@ -65,4 +66,16 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, err: EVP_MD_CTX_free(mctx); return rv; +} + +/*- + * The old name for ecdh_KDF_X9_63 + * Retained for ABI compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) +{ + return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); } Modified: head/crypto/openssl/crypto/engine/eng_devcrypto.c ============================================================================== --- head/crypto/openssl/crypto/engine/eng_devcrypto.c Tue Nov 20 21:04:20 2018 (r340702) +++ head/crypto/openssl/crypto/engine/eng_devcrypto.c Tue Nov 20 21:10:04 2018 (r340703) @@ -28,6 +28,13 @@ # define CHECK_BSD_STYLE_MACROS #endif +/* + * ONE global file descriptor for all sessions. This allows operations + * such as digest session data copying (see digest_copy()), but is also + * saner... why re-open /dev/crypto for every session? + */ +static int cfd; + /****************************************************************************** * * Ciphers @@ -39,7 +46,6 @@ *****/ struct cipher_ctx { - int cfd; struct session_op sess; /* to pass from init to do_cipher */ @@ -69,7 +75,7 @@ static const struct cipher_data_st { { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, #ifndef OPENSSL_NO_RC4 - { NID_rc4, 1, 16, 0, CRYPTO_ARC4 }, + { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 }, *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811202110.wAKLA4i5030740>