Date: Tue, 26 Feb 2019 19:34:43 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r344603 - in stable/12: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto... Message-ID: <201902261934.x1QJYhd6018417@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue Feb 26 19:34:42 2019 New Revision: 344603 URL: https://svnweb.freebsd.org/changeset/base/344603 Log: MFC: r344602 Merge OpenSSL 1.1.1b. Modified: stable/12/crypto/openssl/CHANGES stable/12/crypto/openssl/CONTRIBUTING stable/12/crypto/openssl/Configure stable/12/crypto/openssl/INSTALL stable/12/crypto/openssl/LICENSE stable/12/crypto/openssl/NEWS stable/12/crypto/openssl/README stable/12/crypto/openssl/apps/apps.c stable/12/crypto/openssl/apps/ct_log_list.cnf stable/12/crypto/openssl/apps/dh1024.pem stable/12/crypto/openssl/apps/dh2048.pem stable/12/crypto/openssl/apps/dh4096.pem stable/12/crypto/openssl/apps/ocsp.c stable/12/crypto/openssl/apps/openssl.cnf stable/12/crypto/openssl/apps/pkcs12.c stable/12/crypto/openssl/apps/rehash.c stable/12/crypto/openssl/apps/s_cb.c stable/12/crypto/openssl/apps/s_client.c stable/12/crypto/openssl/apps/s_server.c stable/12/crypto/openssl/apps/speed.c stable/12/crypto/openssl/apps/verify.c stable/12/crypto/openssl/config stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl stable/12/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl stable/12/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl stable/12/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl stable/12/crypto/openssl/crypto/armcap.c stable/12/crypto/openssl/crypto/asn1/a_digest.c stable/12/crypto/openssl/crypto/asn1/a_sign.c stable/12/crypto/openssl/crypto/asn1/a_verify.c stable/12/crypto/openssl/crypto/asn1/ameth_lib.c stable/12/crypto/openssl/crypto/asn1/charmap.h stable/12/crypto/openssl/crypto/asn1/charmap.pl stable/12/crypto/openssl/crypto/asn1/d2i_pu.c stable/12/crypto/openssl/crypto/bio/b_addr.c stable/12/crypto/openssl/crypto/bio/bss_file.c stable/12/crypto/openssl/crypto/bio/bss_mem.c stable/12/crypto/openssl/crypto/bn/asm/armv8-mont.pl stable/12/crypto/openssl/crypto/bn/asm/ia64.S stable/12/crypto/openssl/crypto/bn/asm/mips.pl stable/12/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl stable/12/crypto/openssl/crypto/bn/asm/sparcv8plus.S stable/12/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl stable/12/crypto/openssl/crypto/bn/bn_ctx.c stable/12/crypto/openssl/crypto/bn/bn_depr.c stable/12/crypto/openssl/crypto/bn/bn_div.c stable/12/crypto/openssl/crypto/bn/bn_exp.c stable/12/crypto/openssl/crypto/bn/bn_lib.c stable/12/crypto/openssl/crypto/bn/bn_prime.h stable/12/crypto/openssl/crypto/bn/bn_prime.pl stable/12/crypto/openssl/crypto/bn/bn_shift.c stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl stable/12/crypto/openssl/crypto/cms/cms_kari.c stable/12/crypto/openssl/crypto/cms/cms_pwri.c stable/12/crypto/openssl/crypto/conf/conf_def.c stable/12/crypto/openssl/crypto/conf/conf_def.h stable/12/crypto/openssl/crypto/conf/conf_lib.c stable/12/crypto/openssl/crypto/conf/conf_mod.c stable/12/crypto/openssl/crypto/conf/conf_sap.c stable/12/crypto/openssl/crypto/conf/conf_ssl.c stable/12/crypto/openssl/crypto/conf/keysets.pl stable/12/crypto/openssl/crypto/cryptlib.c stable/12/crypto/openssl/crypto/des/asm/des_enc.m4 stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl stable/12/crypto/openssl/crypto/ec/curve25519.c stable/12/crypto/openssl/crypto/ec/curve448/eddsa.c stable/12/crypto/openssl/crypto/ec/curve448/point_448.h stable/12/crypto/openssl/crypto/ec/ec2_smpl.c stable/12/crypto/openssl/crypto/ec/ec_ameth.c stable/12/crypto/openssl/crypto/ec/ec_err.c stable/12/crypto/openssl/crypto/ec/ec_lcl.h stable/12/crypto/openssl/crypto/ec/ecp_mont.c stable/12/crypto/openssl/crypto/ec/ecp_nist.c stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c stable/12/crypto/openssl/crypto/ec/ecp_nistz256.c stable/12/crypto/openssl/crypto/ec/ecp_smpl.c stable/12/crypto/openssl/crypto/ec/ecx_meth.c stable/12/crypto/openssl/crypto/engine/README stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c stable/12/crypto/openssl/crypto/engine/eng_lib.c stable/12/crypto/openssl/crypto/err/err.c stable/12/crypto/openssl/crypto/err/openssl.txt stable/12/crypto/openssl/crypto/evp/evp_enc.c stable/12/crypto/openssl/crypto/evp/evp_err.c stable/12/crypto/openssl/crypto/evp/p_lib.c stable/12/crypto/openssl/crypto/include/internal/bn_int.h stable/12/crypto/openssl/crypto/init.c stable/12/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl stable/12/crypto/openssl/crypto/objects/obj_dat.h stable/12/crypto/openssl/crypto/objects/obj_dat.pl stable/12/crypto/openssl/crypto/objects/obj_xref.h stable/12/crypto/openssl/crypto/objects/objects.pl stable/12/crypto/openssl/crypto/objects/objxref.pl stable/12/crypto/openssl/crypto/pem/pem_info.c stable/12/crypto/openssl/crypto/perlasm/x86_64-xlate.pl stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl stable/12/crypto/openssl/crypto/ppc_arch.h stable/12/crypto/openssl/crypto/ppccap.c stable/12/crypto/openssl/crypto/ppccpuid.pl stable/12/crypto/openssl/crypto/rand/rand_unix.c stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c stable/12/crypto/openssl/crypto/rsa/rsa_oaep.c stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c stable/12/crypto/openssl/crypto/rsa/rsa_pk1.c stable/12/crypto/openssl/crypto/rsa/rsa_ssl.c stable/12/crypto/openssl/crypto/rsa/rsa_x931g.c stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl stable/12/crypto/openssl/crypto/srp/srp_lib.c stable/12/crypto/openssl/crypto/srp/srp_vfy.c stable/12/crypto/openssl/crypto/ui/ui_openssl.c stable/12/crypto/openssl/crypto/uid.c stable/12/crypto/openssl/crypto/x509/x509_vfy.c stable/12/crypto/openssl/crypto/x509/x_crl.c stable/12/crypto/openssl/crypto/x509/x_pubkey.c stable/12/crypto/openssl/crypto/x509/x_x509.c stable/12/crypto/openssl/doc/HOWTO/certificates.txt stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt stable/12/crypto/openssl/doc/fingerprints.txt stable/12/crypto/openssl/doc/man1/ca.pod stable/12/crypto/openssl/doc/man1/ciphers.pod stable/12/crypto/openssl/doc/man1/cms.pod stable/12/crypto/openssl/doc/man1/dgst.pod stable/12/crypto/openssl/doc/man1/ec.pod stable/12/crypto/openssl/doc/man1/enc.pod stable/12/crypto/openssl/doc/man1/genpkey.pod stable/12/crypto/openssl/doc/man1/ocsp.pod stable/12/crypto/openssl/doc/man1/pkcs12.pod stable/12/crypto/openssl/doc/man1/pkcs8.pod stable/12/crypto/openssl/doc/man1/req.pod stable/12/crypto/openssl/doc/man1/s_client.pod stable/12/crypto/openssl/doc/man1/s_server.pod stable/12/crypto/openssl/doc/man1/smime.pod stable/12/crypto/openssl/doc/man1/storeutl.pod stable/12/crypto/openssl/doc/man1/verify.pod stable/12/crypto/openssl/doc/man1/x509.pod stable/12/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod stable/12/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod stable/12/crypto/openssl/doc/man3/BIO_new_CMS.pod stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod stable/12/crypto/openssl/doc/man3/BN_rand.pod stable/12/crypto/openssl/doc/man3/BN_security_bits.pod stable/12/crypto/openssl/doc/man3/BUF_MEM_new.pod stable/12/crypto/openssl/doc/man3/CMS_get0_type.pod stable/12/crypto/openssl/doc/man3/CONF_modules_load_file.pod stable/12/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod stable/12/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod stable/12/crypto/openssl/doc/man3/DH_size.pod stable/12/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod stable/12/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod stable/12/crypto/openssl/doc/man3/DTLSv1_listen.pod stable/12/crypto/openssl/doc/man3/EC_GROUP_copy.pod stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod stable/12/crypto/openssl/doc/man3/EVP_EncryptInit.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_new.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod stable/12/crypto/openssl/doc/man3/HMAC.pod stable/12/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod stable/12/crypto/openssl/doc/man3/OPENSSL_malloc.pod stable/12/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_open.pod stable/12/crypto/openssl/doc/man3/PEM_read_bio_ex.pod stable/12/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod stable/12/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod stable/12/crypto/openssl/doc/man3/PKCS12_parse.pod stable/12/crypto/openssl/doc/man3/PKCS7_sign.pod stable/12/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod stable/12/crypto/openssl/doc/man3/RAND_bytes.pod stable/12/crypto/openssl/doc/man3/RIPEMD160_Init.pod stable/12/crypto/openssl/doc/man3/RSA_get0_key.pod stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod stable/12/crypto/openssl/doc/man3/RSA_size.pod stable/12/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod stable/12/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd.pod stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_options.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_free.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod stable/12/crypto/openssl/doc/man3/SSL_export_keying_material.pod stable/12/crypto/openssl/doc/man3/SSL_extension_supported.pod stable/12/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod stable/12/crypto/openssl/doc/man3/SSL_get_error.pod stable/12/crypto/openssl/doc/man3/SSL_get_version.pod stable/12/crypto/openssl/doc/man3/SSL_key_update.pod stable/12/crypto/openssl/doc/man3/SSL_read.pod stable/12/crypto/openssl/doc/man3/SSL_read_early_data.pod stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod stable/12/crypto/openssl/doc/man3/SSL_shutdown.pod stable/12/crypto/openssl/doc/man3/SSL_want.pod stable/12/crypto/openssl/doc/man3/SSL_write.pod stable/12/crypto/openssl/doc/man3/UI_create_method.pod stable/12/crypto/openssl/doc/man3/UI_new.pod stable/12/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod stable/12/crypto/openssl/doc/man3/X509_get0_signature.pod stable/12/crypto/openssl/doc/man3/X509_get_serialNumber.pod stable/12/crypto/openssl/doc/man3/X509_get_subject_name.pod stable/12/crypto/openssl/doc/man3/X509_sign.pod stable/12/crypto/openssl/doc/man3/d2i_PrivateKey.pod stable/12/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod stable/12/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod stable/12/crypto/openssl/doc/man5/config.pod stable/12/crypto/openssl/doc/man7/ct.pod stable/12/crypto/openssl/e_os.h stable/12/crypto/openssl/engines/e_dasync.c stable/12/crypto/openssl/include/internal/conf.h stable/12/crypto/openssl/include/internal/constant_time_locl.h stable/12/crypto/openssl/include/internal/cryptlib.h stable/12/crypto/openssl/include/internal/sockets.h stable/12/crypto/openssl/include/internal/thread_once.h stable/12/crypto/openssl/include/internal/tsan_assist.h stable/12/crypto/openssl/include/openssl/crypto.h stable/12/crypto/openssl/include/openssl/e_os2.h stable/12/crypto/openssl/include/openssl/ecerr.h stable/12/crypto/openssl/include/openssl/evp.h stable/12/crypto/openssl/include/openssl/evperr.h stable/12/crypto/openssl/include/openssl/lhash.h stable/12/crypto/openssl/include/openssl/obj_mac.h stable/12/crypto/openssl/include/openssl/opensslv.h stable/12/crypto/openssl/include/openssl/safestack.h stable/12/crypto/openssl/include/openssl/ssl.h stable/12/crypto/openssl/include/openssl/sslerr.h stable/12/crypto/openssl/include/openssl/x509_vfy.h stable/12/crypto/openssl/ssl/record/rec_layer_d1.c stable/12/crypto/openssl/ssl/record/rec_layer_s3.c stable/12/crypto/openssl/ssl/s3_enc.c stable/12/crypto/openssl/ssl/s3_lib.c stable/12/crypto/openssl/ssl/ssl_ciph.c stable/12/crypto/openssl/ssl/ssl_err.c stable/12/crypto/openssl/ssl/ssl_init.c stable/12/crypto/openssl/ssl/ssl_lib.c stable/12/crypto/openssl/ssl/ssl_locl.h stable/12/crypto/openssl/ssl/statem/extensions.c stable/12/crypto/openssl/ssl/statem/statem.c stable/12/crypto/openssl/ssl/statem/statem_clnt.c stable/12/crypto/openssl/ssl/statem/statem_lib.c stable/12/crypto/openssl/ssl/statem/statem_locl.h stable/12/crypto/openssl/ssl/statem/statem_srvr.c stable/12/crypto/openssl/ssl/t1_enc.c stable/12/crypto/openssl/ssl/t1_lib.c stable/12/crypto/openssl/ssl/tls13_enc.c stable/12/secure/lib/libcrypto/Makefile.inc stable/12/secure/lib/libcrypto/Makefile.man stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S stable/12/secure/lib/libcrypto/aarch64/armv8-mont.S stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S stable/12/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S stable/12/secure/lib/libcrypto/aarch64/sha512-armv8.S stable/12/secure/lib/libcrypto/aarch64/vpaes-armv8.S stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S stable/12/secure/lib/libcrypto/amd64/aesni-x86_64.S stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S stable/12/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S stable/12/secure/lib/libcrypto/amd64/ghash-x86_64.S stable/12/secure/lib/libcrypto/amd64/rsaz-avx2.S stable/12/secure/lib/libcrypto/amd64/vpaes-x86_64.S stable/12/secure/lib/libcrypto/amd64/x86_64-mont5.S stable/12/secure/lib/libcrypto/man/ADMISSIONS.3 stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3 stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3 stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3 stable/12/secure/lib/libcrypto/man/BF_encrypt.3 stable/12/secure/lib/libcrypto/man/BIO_ADDR.3 stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3 stable/12/secure/lib/libcrypto/man/BIO_connect.3 stable/12/secure/lib/libcrypto/man/BIO_ctrl.3 stable/12/secure/lib/libcrypto/man/BIO_f_base64.3 stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/12/secure/lib/libcrypto/man/BIO_f_md.3 stable/12/secure/lib/libcrypto/man/BIO_f_null.3 stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/12/secure/lib/libcrypto/man/BIO_find_type.3 stable/12/secure/lib/libcrypto/man/BIO_get_data.3 stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/BIO_meth_new.3 stable/12/secure/lib/libcrypto/man/BIO_new.3 stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3 stable/12/secure/lib/libcrypto/man/BIO_printf.3 stable/12/secure/lib/libcrypto/man/BIO_push.3 stable/12/secure/lib/libcrypto/man/BIO_read.3 stable/12/secure/lib/libcrypto/man/BIO_s_accept.3 stable/12/secure/lib/libcrypto/man/BIO_s_bio.3 stable/12/secure/lib/libcrypto/man/BIO_s_connect.3 stable/12/secure/lib/libcrypto/man/BIO_s_fd.3 stable/12/secure/lib/libcrypto/man/BIO_s_file.3 stable/12/secure/lib/libcrypto/man/BIO_s_mem.3 stable/12/secure/lib/libcrypto/man/BIO_s_null.3 stable/12/secure/lib/libcrypto/man/BIO_s_socket.3 stable/12/secure/lib/libcrypto/man/BIO_set_callback.3 stable/12/secure/lib/libcrypto/man/BIO_should_retry.3 stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/12/secure/lib/libcrypto/man/BN_CTX_new.3 stable/12/secure/lib/libcrypto/man/BN_CTX_start.3 stable/12/secure/lib/libcrypto/man/BN_add.3 stable/12/secure/lib/libcrypto/man/BN_add_word.3 stable/12/secure/lib/libcrypto/man/BN_bn2bin.3 stable/12/secure/lib/libcrypto/man/BN_cmp.3 stable/12/secure/lib/libcrypto/man/BN_copy.3 stable/12/secure/lib/libcrypto/man/BN_generate_prime.3 stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/12/secure/lib/libcrypto/man/BN_new.3 stable/12/secure/lib/libcrypto/man/BN_num_bytes.3 stable/12/secure/lib/libcrypto/man/BN_rand.3 stable/12/secure/lib/libcrypto/man/BN_security_bits.3 stable/12/secure/lib/libcrypto/man/BN_set_bit.3 stable/12/secure/lib/libcrypto/man/BN_swap.3 stable/12/secure/lib/libcrypto/man/BN_zero.3 stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3 stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/12/secure/lib/libcrypto/man/CMS_compress.3 stable/12/secure/lib/libcrypto/man/CMS_decrypt.3 stable/12/secure/lib/libcrypto/man/CMS_encrypt.3 stable/12/secure/lib/libcrypto/man/CMS_final.3 stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/12/secure/lib/libcrypto/man/CMS_get0_type.3 stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/12/secure/lib/libcrypto/man/CMS_sign.3 stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/12/secure/lib/libcrypto/man/CMS_uncompress.3 stable/12/secure/lib/libcrypto/man/CMS_verify.3 stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/12/secure/lib/libcrypto/man/CONF_modules_free.3 stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3 stable/12/secure/lib/libcrypto/man/CTLOG_new.3 stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 stable/12/secure/lib/libcrypto/man/DES_random_key.3 stable/12/secure/lib/libcrypto/man/DH_generate_key.3 stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3 stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3 stable/12/secure/lib/libcrypto/man/DH_meth_new.3 stable/12/secure/lib/libcrypto/man/DH_new.3 stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3 stable/12/secure/lib/libcrypto/man/DH_set_method.3 stable/12/secure/lib/libcrypto/man/DH_size.3 stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/DSA_do_sign.3 stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/12/secure/lib/libcrypto/man/DSA_generate_key.3 stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3 stable/12/secure/lib/libcrypto/man/DSA_meth_new.3 stable/12/secure/lib/libcrypto/man/DSA_new.3 stable/12/secure/lib/libcrypto/man/DSA_set_method.3 stable/12/secure/lib/libcrypto/man/DSA_sign.3 stable/12/secure/lib/libcrypto/man/DSA_size.3 stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3 stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3 stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3 stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3 stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3 stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 stable/12/secure/lib/libcrypto/man/EC_KEY_new.3 stable/12/secure/lib/libcrypto/man/EC_POINT_add.3 stable/12/secure/lib/libcrypto/man/EC_POINT_new.3 stable/12/secure/lib/libcrypto/man/ENGINE_add.3 stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/12/secure/lib/libcrypto/man/ERR_clear_error.3 stable/12/secure/lib/libcrypto/man/ERR_error_string.3 stable/12/secure/lib/libcrypto/man/ERR_get_error.3 stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/12/secure/lib/libcrypto/man/ERR_load_strings.3 stable/12/secure/lib/libcrypto/man/ERR_print_errors.3 stable/12/secure/lib/libcrypto/man/ERR_put_error.3 stable/12/secure/lib/libcrypto/man/ERR_remove_state.3 stable/12/secure/lib/libcrypto/man/ERR_set_mark.3 stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3 stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/12/secure/lib/libcrypto/man/EVP_SealInit.3 stable/12/secure/lib/libcrypto/man/EVP_SignInit.3 stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/12/secure/lib/libcrypto/man/EVP_aes.3 stable/12/secure/lib/libcrypto/man/EVP_aria.3 stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3 stable/12/secure/lib/libcrypto/man/EVP_camellia.3 stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_chacha20.3 stable/12/secure/lib/libcrypto/man/EVP_des.3 stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_md2.3 stable/12/secure/lib/libcrypto/man/EVP_md4.3 stable/12/secure/lib/libcrypto/man/EVP_md5.3 stable/12/secure/lib/libcrypto/man/EVP_mdc2.3 stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_rc4.3 stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3 stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_sha1.3 stable/12/secure/lib/libcrypto/man/EVP_sha224.3 stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3 stable/12/secure/lib/libcrypto/man/EVP_sm3.3 stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3 stable/12/secure/lib/libcrypto/man/HMAC.3 stable/12/secure/lib/libcrypto/man/MD5.3 stable/12/secure/lib/libcrypto/man/MDC2_Init.3 stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3 stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3 stable/12/secure/lib/libcrypto/man/OCSP_response_status.3 stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3 stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/12/secure/lib/libcrypto/man/OPENSSL_config.3 stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3 stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3 stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 stable/12/secure/lib/libcrypto/man/PEM_read.3 stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3 stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3 stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/12/secure/lib/libcrypto/man/PKCS12_create.3 stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3 stable/12/secure/lib/libcrypto/man/PKCS12_parse.3 stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/12/secure/lib/libcrypto/man/PKCS7_sign.3 stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/12/secure/lib/libcrypto/man/PKCS7_verify.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 stable/12/secure/lib/libcrypto/man/RAND_add.3 stable/12/secure/lib/libcrypto/man/RAND_bytes.3 stable/12/secure/lib/libcrypto/man/RAND_cleanup.3 stable/12/secure/lib/libcrypto/man/RAND_egd.3 stable/12/secure/lib/libcrypto/man/RAND_load_file.3 stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/12/secure/lib/libcrypto/man/RC4_set_key.3 stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3 stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/12/secure/lib/libcrypto/man/RSA_check_key.3 stable/12/secure/lib/libcrypto/man/RSA_generate_key.3 stable/12/secure/lib/libcrypto/man/RSA_get0_key.3 stable/12/secure/lib/libcrypto/man/RSA_meth_new.3 stable/12/secure/lib/libcrypto/man/RSA_new.3 stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/12/secure/lib/libcrypto/man/RSA_print.3 stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/12/secure/lib/libcrypto/man/RSA_set_method.3 stable/12/secure/lib/libcrypto/man/RSA_sign.3 stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/12/secure/lib/libcrypto/man/RSA_size.3 stable/12/secure/lib/libcrypto/man/SCT_new.3 stable/12/secure/lib/libcrypto/man/SCT_print.3 stable/12/secure/lib/libcrypto/man/SCT_validate.3 stable/12/secure/lib/libcrypto/man/SHA256_Init.3 stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 stable/12/secure/lib/libcrypto/man/SSL_accept.3 stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3 stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3 stable/12/secure/lib/libcrypto/man/SSL_check_chain.3 stable/12/secure/lib/libcrypto/man/SSL_clear.3 stable/12/secure/lib/libcrypto/man/SSL_connect.3 stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3 stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3 stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3 stable/12/secure/lib/libcrypto/man/SSL_free.3 stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3 stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3 stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3 stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3 stable/12/secure/lib/libcrypto/man/SSL_get_error.3 stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3 stable/12/secure/lib/libcrypto/man/SSL_get_fd.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3 stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3 stable/12/secure/lib/libcrypto/man/SSL_get_session.3 stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3 stable/12/secure/lib/libcrypto/man/SSL_get_version.3 stable/12/secure/lib/libcrypto/man/SSL_in_init.3 stable/12/secure/lib/libcrypto/man/SSL_key_update.3 stable/12/secure/lib/libcrypto/man/SSL_library_init.3 stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 stable/12/secure/lib/libcrypto/man/SSL_new.3 stable/12/secure/lib/libcrypto/man/SSL_pending.3 stable/12/secure/lib/libcrypto/man/SSL_read.3 stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3 stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3 stable/12/secure/lib/libcrypto/man/SSL_session_reused.3 stable/12/secure/lib/libcrypto/man/SSL_set1_host.3 stable/12/secure/lib/libcrypto/man/SSL_set_bio.3 stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3 stable/12/secure/lib/libcrypto/man/SSL_set_fd.3 stable/12/secure/lib/libcrypto/man/SSL_set_session.3 stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3 stable/12/secure/lib/libcrypto/man/SSL_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_state_string.3 stable/12/secure/lib/libcrypto/man/SSL_want.3 stable/12/secure/lib/libcrypto/man/SSL_write.3 stable/12/secure/lib/libcrypto/man/UI_STRING.3 stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 stable/12/secure/lib/libcrypto/man/UI_create_method.3 stable/12/secure/lib/libcrypto/man/UI_new.3 stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3 stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3 stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3 stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3 stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3 stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3 stable/12/secure/lib/libcrypto/man/X509_STORE_new.3 stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/12/secure/lib/libcrypto/man/X509_check_ca.3 stable/12/secure/lib/libcrypto/man/X509_check_host.3 stable/12/secure/lib/libcrypto/man/X509_check_issued.3 stable/12/secure/lib/libcrypto/man/X509_check_private_key.3 stable/12/secure/lib/libcrypto/man/X509_cmp_time.3 stable/12/secure/lib/libcrypto/man/X509_digest.3 stable/12/secure/lib/libcrypto/man/X509_dup.3 stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3 stable/12/secure/lib/libcrypto/man/X509_get0_signature.3 stable/12/secure/lib/libcrypto/man/X509_get0_uids.3 stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3 stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3 stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3 stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3 stable/12/secure/lib/libcrypto/man/X509_get_version.3 stable/12/secure/lib/libcrypto/man/X509_new.3 stable/12/secure/lib/libcrypto/man/X509_sign.3 stable/12/secure/lib/libcrypto/man/X509_verify_cert.3 stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 stable/12/secure/lib/libcrypto/man/d2i_DHparams.3 stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3 stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 stable/12/secure/lib/libcrypto/man/d2i_X509.3 stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3 stable/12/secure/usr.bin/openssl/man/CA.pl.1 stable/12/secure/usr.bin/openssl/man/asn1parse.1 stable/12/secure/usr.bin/openssl/man/ca.1 stable/12/secure/usr.bin/openssl/man/ciphers.1 stable/12/secure/usr.bin/openssl/man/cms.1 stable/12/secure/usr.bin/openssl/man/crl.1 stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/12/secure/usr.bin/openssl/man/dgst.1 stable/12/secure/usr.bin/openssl/man/dhparam.1 stable/12/secure/usr.bin/openssl/man/dsa.1 stable/12/secure/usr.bin/openssl/man/dsaparam.1 stable/12/secure/usr.bin/openssl/man/ec.1 stable/12/secure/usr.bin/openssl/man/ecparam.1 stable/12/secure/usr.bin/openssl/man/enc.1 stable/12/secure/usr.bin/openssl/man/engine.1 stable/12/secure/usr.bin/openssl/man/errstr.1 stable/12/secure/usr.bin/openssl/man/gendsa.1 stable/12/secure/usr.bin/openssl/man/genpkey.1 stable/12/secure/usr.bin/openssl/man/genrsa.1 stable/12/secure/usr.bin/openssl/man/list.1 stable/12/secure/usr.bin/openssl/man/nseq.1 stable/12/secure/usr.bin/openssl/man/ocsp.1 stable/12/secure/usr.bin/openssl/man/openssl.1 stable/12/secure/usr.bin/openssl/man/passwd.1 stable/12/secure/usr.bin/openssl/man/pkcs12.1 stable/12/secure/usr.bin/openssl/man/pkcs7.1 stable/12/secure/usr.bin/openssl/man/pkcs8.1 stable/12/secure/usr.bin/openssl/man/pkey.1 stable/12/secure/usr.bin/openssl/man/pkeyparam.1 stable/12/secure/usr.bin/openssl/man/pkeyutl.1 stable/12/secure/usr.bin/openssl/man/prime.1 stable/12/secure/usr.bin/openssl/man/rand.1 stable/12/secure/usr.bin/openssl/man/req.1 stable/12/secure/usr.bin/openssl/man/rsa.1 stable/12/secure/usr.bin/openssl/man/rsautl.1 stable/12/secure/usr.bin/openssl/man/s_client.1 stable/12/secure/usr.bin/openssl/man/s_server.1 stable/12/secure/usr.bin/openssl/man/s_time.1 stable/12/secure/usr.bin/openssl/man/sess_id.1 stable/12/secure/usr.bin/openssl/man/smime.1 stable/12/secure/usr.bin/openssl/man/speed.1 stable/12/secure/usr.bin/openssl/man/spkac.1 stable/12/secure/usr.bin/openssl/man/srp.1 stable/12/secure/usr.bin/openssl/man/storeutl.1 stable/12/secure/usr.bin/openssl/man/ts.1 stable/12/secure/usr.bin/openssl/man/tsget.1 stable/12/secure/usr.bin/openssl/man/verify.1 stable/12/secure/usr.bin/openssl/man/version.1 stable/12/secure/usr.bin/openssl/man/x509.1 Directory Properties: stable/12/ (props changed) Modified: stable/12/crypto/openssl/CHANGES ============================================================================== --- stable/12/crypto/openssl/CHANGES Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/CHANGES Tue Feb 26 19:34:42 2019 (r344603) @@ -7,6 +7,44 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1a and 1.1.1b [26 Feb 2019] + + *) Added SCA hardening for modular field inversion in EC_GROUP through + a new dedicated field_inv() pointer in EC_METHOD. + This also addresses a leakage affecting conversions from projective + to affine coordinates. + [Billy Bob Brumley, Nicola Tuveri] + + *) Change the info callback signals for the start and end of a post-handshake + message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START + and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get + confused by this and assume that a TLSv1.2 renegotiation has started. This + can break KeyUpdate handling. Instead we no longer signal the start and end + of a post handshake message exchange (although the messages themselves are + still signalled). This could break some applications that were expecting + the old signals. However without this KeyUpdate is not usable for many + applications. + [Matt Caswell] + + *) Fix a bug in the computation of the endpoint-pair shared secret used + by DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime + switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling + interoperability with such broken implementations. However, enabling + this switch breaks interoperability with correct implementations. + + *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a + re-used X509_PUBKEY object if the second PUBKEY is malformed. + [Bernd Edlinger] + + *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0(). + [Richard Levitte] + + *) Remove the 'dist' target and add a tarball building script. The + 'dist' target has fallen out of use, and it shouldn't be + necessary to configure just to create a source distribution. + [Richard Levitte] + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] *) Timing vulnerability in DSA signature generation Modified: stable/12/crypto/openssl/CONTRIBUTING ============================================================================== --- stable/12/crypto/openssl/CONTRIBUTING Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/CONTRIBUTING Tue Feb 26 19:34:42 2019 (r344603) @@ -57,7 +57,7 @@ guidelines: 7. For user visible changes (API changes, behaviour changes, ...), consider adding a note in CHANGES. This could be a summarising description of the change, and could explain the grander details. - Have a look through existing entries for inspiration. + Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log oneliners. Also note that security fixes get an entry in CHANGES. This file helps users get more in depth information of what comes Modified: stable/12/crypto/openssl/Configure ============================================================================== --- stable/12/crypto/openssl/Configure Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/Configure Tue Feb 26 19:34:42 2019 (r344603) @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code +# -Wunused-function -- no, it forces header use of safestack et al +# DEFINE macros my $clang_devteam_warn = "" . " -Wswitch-default" . " -Wno-parentheses-equality" @@ -153,6 +155,7 @@ my $clang_devteam_warn = "" . " -Wincompatible-pointer-types-discards-qualifiers" . " -Wmissing-variable-declarations" . " -Wno-unknown-warning-option" + . " -Wno-unused-function" ; # This adds backtrace information to the memory leak info. Is only used @@ -374,6 +377,7 @@ my @disablables = ( "msan", "multiblock", "nextprotoneg", + "pinshared", "ocb", "ocsp", "pic", @@ -1110,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) { $disabled{$feature} = 'config'; } foreach my $feature (@{$target{enable}}) { - if ("default" eq ($disabled{$_} // "")) { + if ("default" eq ($disabled{$feature} // "")) { if (exists $deprecated_disablables{$feature}) { warn "***** config $target enables deprecated feature $feature\n"; } elsif (!grep { $feature eq $_ } @disablables) { die "***** config $target enables unknown feature $feature\n"; } - delete $disabled{$_}; + delete $disabled{$feature}; } } @@ -1370,6 +1374,7 @@ unless ($disabled{asm}) { push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); + push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/); if ($target{sha1_asm_src}) { push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); Modified: stable/12/crypto/openssl/INSTALL ============================================================================== --- stable/12/crypto/openssl/INSTALL Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/INSTALL Tue Feb 26 19:34:42 2019 (r344603) @@ -326,6 +326,11 @@ Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. + enable-devcryptoeng + Build the /dev/crypto engine. It is automatically selected + on BSD implementations, in which case it can be disabled with + no-devcryptoeng. + no-dso Don't build support for loading Dynamic Shared Objects. @@ -402,6 +407,24 @@ no-pic Don't build with support for Position Independent Code. + no-pinshared By default OpenSSL will attempt to stay in memory until the + process exits. This is so that libcrypto and libssl can be + properly cleaned up automatically via an "atexit()" handler. + The handler is registered by libcrypto and cleans up both + libraries. On some platforms the atexit() handler will run on + unload of libcrypto (if it has been dynamically loaded) + rather than at process exit. This option can be used to stop + OpenSSL from attempting to stay in memory until the process + exits. This could lead to crashes if either libcrypto or + libssl have already been unloaded at the point + that the atexit handler is invoked, e.g. on a platform which + calls atexit() on unload of the library, and libssl is + unloaded before libcrypto then a crash is likely to happen. + Applications can suppress running of the atexit() handler at + run time by using the OPENSSL_INIT_NO_ATEXIT option to + OPENSSL_init_crypto(). See the man page for it for further + details. + no-posix-io Don't use POSIX IO capabilities. @@ -941,10 +964,10 @@ * COMPILING existing applications - OpenSSL 1.1.0 hides a number of structures that were previously - open. This includes all internal libssl structures and a number - of EVP types. Accessor functions have been added to allow - controlled access to the structures' data. + Starting with version 1.1.0, OpenSSL hides a number of structures + that were previously open. This includes all internal libssl + structures and a number of EVP types. Accessor functions have + been added to allow controlled access to the structures' data. This means that some software needs to be rewritten to adapt to the new ways of doing things. This often amounts to allocating @@ -1047,7 +1070,7 @@ depend Rebuild the dependencies in the Makefiles. This is a legacy - option that no longer needs to be used in OpenSSL 1.1.0. + option that no longer needs to be used since OpenSSL 1.1.0. install Install all OpenSSL components. Modified: stable/12/crypto/openssl/LICENSE ============================================================================== --- stable/12/crypto/openssl/LICENSE Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/LICENSE Tue Feb 26 19:34:42 2019 (r344603) @@ -10,14 +10,14 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -72,21 +72,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -101,10 +101,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -116,7 +116,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence Modified: stable/12/crypto/openssl/NEWS ============================================================================== --- stable/12/crypto/openssl/NEWS Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/NEWS Tue Feb 26 19:34:42 2019 (r344603) @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] + + o Change the info callback signals for the start and end of a post-handshake + message exchange in TLSv1.3. + o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions + of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] o Timing vulnerability in DSA signature generation (CVE-2018-0734) Modified: stable/12/crypto/openssl/README ============================================================================== --- stable/12/crypto/openssl/README Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/README Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1a 20 Nov 2018 + OpenSSL 1.1.1b 26 Feb 2019 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/12/crypto/openssl/apps/apps.c ============================================================================== --- stable/12/crypto/openssl/apps/apps.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/apps.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr #else BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); #endif - dbattr_conf = app_load_config(buf); + dbattr_conf = app_load_config_quiet(buf); retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; @@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime) return ret; } -#elif defined(OPENSSL_SYSTEM_VXWORKS) +#elif defined(OPENSSL_SYS_VXWORKS) # include <time.h> double app_tminterval(int stop, int usertime) Modified: stable/12/crypto/openssl/apps/ct_log_list.cnf ============================================================================== --- stable/12/crypto/openssl/apps/ct_log_list.cnf Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/ct_log_list.cnf Tue Feb 26 19:34:42 2019 (r344603) @@ -2,8 +2,8 @@ # that are to be trusted. # Google's list of logs can be found here: -# www.certificate-transparency.org/known-logs +# www.certificate-transparency.org/known-logs # A Python program to convert the log list to OpenSSL's format can be # found here: -# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py # Use the "--openssl_output" flag. Modified: stable/12/crypto/openssl/apps/dh1024.pem ============================================================================== --- stable/12/crypto/openssl/apps/dh1024.pem Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/dh1024.pem Tue Feb 26 19:34:42 2019 (r344603) @@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9E /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC -----END DH PARAMETERS----- -These are the 1024-bit DH parameters from "Internet Key Exchange +These are the 1024-bit DH parameters from "Internet Key Exchange Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996 See https://tools.ietf.org/html/rfc2412 for how they were generated. Modified: stable/12/crypto/openssl/apps/dh2048.pem ============================================================================== --- stable/12/crypto/openssl/apps/dh2048.pem Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/dh2048.pem Tue Feb 26 19:34:42 2019 (r344603) @@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFx 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== -----END DH PARAMETERS----- -These are the 2048-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 2048-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. Modified: stable/12/crypto/openssl/apps/dh4096.pem ============================================================================== --- stable/12/crypto/openssl/apps/dh4096.pem Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/dh4096.pem Tue Feb 26 19:34:42 2019 (r344603) @@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTO HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= -----END DH PARAMETERS----- -These are the 4096-bit DH parameters from "More Modular Exponential -(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": +These are the 4096-bit DH parameters from "More Modular Exponential +(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": https://tools.ietf.org/html/rfc3526 See https://tools.ietf.org/html/rfc2412 for how they were generated. Modified: stable/12/crypto/openssl/apps/ocsp.c ============================================================================== --- stable/12/crypto/openssl/apps/ocsp.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/ocsp.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT # include <openssl/x509v3.h> # include <openssl/rand.h> -# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \ +#ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +# else +# define HAVE_FORK 1 +# endif +#endif + +#if HAVE_FORK +# undef NO_FORK +#else +# define NO_FORK +#endif + +# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) # define OCSP_DAEMON # include <sys/types.h> @@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT # define LOG_ERR 2 # endif +# if defined(OPENSSL_SYS_VXWORKS) +/* not supported */ +int setpgid(pid_t pid, pid_t pgid) +{ + errno = ENOSYS; + return 0; +} +/* not supported */ +pid_t fork(void) +{ + errno = ENOSYS; + return (pid_t) -1; +} +# endif /* Maximum leeway in validity period: default 5 minutes */ # define MAX_VALIDITY_PERIOD (5 * 60) @@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids) for (i = 0; i < multi; ++i) if (kidpids[i] != 0) (void)kill(kidpids[i], SIGTERM); + OPENSSL_free(kidpids); sleep(1); exit(ret); } @@ -977,7 +1006,6 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ - OPENSSL_free(kidpids); syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } Modified: stable/12/crypto/openssl/apps/openssl.cnf ============================================================================== --- stable/12/crypto/openssl/apps/openssl.cnf Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/openssl.cnf Tue Feb 26 19:34:42 2019 (r344603) @@ -19,7 +19,7 @@ oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: -# extensions = +# extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -116,7 +116,7 @@ x509_extensions = v3_ca # The extensions to add to the # input_password = secret # output_password = secret -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). Modified: stable/12/crypto/openssl/apps/pkcs12.c ============================================================================== --- stable/12/crypto/openssl/apps/pkcs12.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/pkcs12.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv) if (cpass != NULL) { mpass = cpass; noprompt = 1; + if (twopass) { + if (export_cert) + BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n"); + else + BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n"); + goto end; + } } else { cpass = pass; mpass = macpass; Modified: stable/12/crypto/openssl/apps/rehash.c ============================================================================== --- stable/12/crypto/openssl/apps/rehash.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/rehash.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com> * * Licensed under the OpenSSL license (the "License"). You may not use @@ -50,6 +50,26 @@ # define NAME_MAX 255 # endif # define MAX_COLLISIONS 256 + +# if defined(OPENSSL_SYS_VXWORKS) +/* + * VxWorks has no symbolic links + */ + +# define lstat(path, buf) stat(path, buf) + +int symlink(const char *target, const char *linkpath) +{ + errno = ENOSYS; + return -1; +} + +ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) +{ + errno = ENOSYS; + return -1; +} +# endif typedef struct hentry_st { struct hentry_st *next; Modified: stable/12/crypto/openssl/apps/s_cb.c ============================================================================== --- stable/12/crypto/openssl/apps/s_cb.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/s_cb.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,7 @@ #define COOKIE_SECRET_LENGTH 16 -VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 }; +VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 }; #ifndef OPENSSL_NO_SOCK static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; @@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, X509_verify_cert_error_string(err)); - if (verify_args.depth >= depth) { + if (verify_args.depth < 0 || verify_args.depth >= depth) { if (!verify_args.return_error) ok = 1; verify_args.error = err; Modified: stable/12/crypto/openssl/apps/s_client.c ============================================================================== --- stable/12/crypto/openssl/apps/s_client.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/s_client.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full) static int ocsp_resp_cb(SSL *s, void *arg); #endif static int ldap_ExtendedResponse_parse(const char *buf, long rem); +static int is_dNS_name(const char *host); static int saved_errno; @@ -596,6 +597,7 @@ typedef enum OPTION_choice { #endif OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, OPT_ENABLE_PHA, + OPT_SCTP_LABEL_BUG, OPT_R_ENUM } OPTION_CHOICE; @@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, + {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, @@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv) #endif char *psksessf = NULL; int enable_pha = 0; +#ifndef OPENSSL_NO_SCTP + int sctp_label_bug = 0; +#endif FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv) goto opthelp; break; case OPT_VERIFY_RET_ERROR: + verify = SSL_VERIFY_PEER; verify_args.return_error = 1; break; case OPT_VERIFY_QUIET: @@ -1323,6 +1330,11 @@ int s_client_main(int argc, char **argv) protocol = IPPROTO_SCTP; #endif break; + case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP + sctp_label_bug = 1; +#endif + break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv) } } +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) + SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; @@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv) SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { - if (servername == NULL) - servername = (host == NULL) ? "localhost" : host; - if (!SSL_set_tlsext_host_name(con, servername)) { + if (servername == NULL) { + if(host == NULL || is_dNS_name(host)) + servername = (host == NULL) ? "localhost" : host; + } + if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); goto end; @@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "RENEGOTIATING\n"); SSL_renegotiate(con); cbuf_len = 0; - } - - if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) + } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) && cmdletters) { BIO_printf(bio_err, "KEYUPDATE\n"); SSL_key_update(con, @@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf return ret; } +/* + * Host dNS Name verifier: used for checking that the hostname is in dNS format + * before setting it as SNI + */ +static int is_dNS_name(const char *host) +{ + const size_t MAX_LABEL_LENGTH = 63; + size_t i; + int isdnsname = 0; + size_t length = strlen(host); + size_t label_length = 0; + int all_numeric = 1; + + /* + * Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. + */ + for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) { + char c = host[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || c == '_') { + label_length += 1; + all_numeric = 0; + continue; + } + + if (c >= '0' && c <= '9') { + label_length += 1; + continue; + } + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < length - 1) { + if (c == '-') { + label_length += 1; + continue; + } + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && host[i + 1] != '.' + && host[i - 1] != '-' + && host[i + 1] != '-') { + label_length = 0; + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + /* dNS name must not be all numeric and labels must be shorter than 64 characters. */ + isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH); + + return isdnsname; +} #endif /* OPENSSL_NO_SOCK */ Modified: stable/12/crypto/openssl/apps/s_server.c ============================================================================== --- stable/12/crypto/openssl/apps/s_server.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/s_server.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -751,7 +751,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, - OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, + OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = { #endif #ifndef OPENSSL_NO_SCTP {"sctp", OPT_SCTP, '-', "Use SCTP"}, + {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, #endif #ifndef OPENSSL_NO_DH {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, @@ -1047,6 +1048,9 @@ int s_server_main(int argc, char *argv[]) const char *keylog_file = NULL; int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; +#ifndef OPENSSL_NO_SCTP + int sctp_label_bug = 0; +#endif /* Init of few remaining global variables */ local_argc = argc; @@ -1407,7 +1411,7 @@ int s_server_main(int argc, char *argv[]) for (p = psk_key = opt_arg(); *p; p++) { if (isxdigit(_UC(*p))) continue; - BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); goto end; } break; @@ -1490,6 +1494,11 @@ int s_server_main(int argc, char *argv[]) protocol = IPPROTO_SCTP; #endif break; + case OPT_SCTP_LABEL_BUG: +#ifndef OPENSSL_NO_SCTP + sctp_label_bug = 1; +#endif + break; case OPT_TIMEOUT: #ifndef OPENSSL_NO_DTLS enable_timeouts = 1; @@ -1792,6 +1801,12 @@ int s_server_main(int argc, char *argv[]) goto end; } } + +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) + SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + if (min_version != 0 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; @@ -2754,6 +2769,8 @@ static int init_ssl_connection(SSL *con) BIO_ADDR_free(client); return 0; } + + (void)BIO_ctrl_set_connected(wbio, client); BIO_ADDR_free(client); dtlslisten = 0; } else { Modified: stable/12/crypto/openssl/apps/speed.c ============================================================================== --- stable/12/crypto/openssl/apps/speed.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/speed.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -100,7 +100,7 @@ #include <openssl/modes.h> #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) # define HAVE_FORK 0 # else # define HAVE_FORK 1 @@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv) {"nistp192", NID_X9_62_prime192v1, 192}, {"nistp224", NID_secp224r1, 224}, {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, + {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, /* Binary Curves */ {"nistk163", NID_sect163k1, 163}, - {"nistk233", NID_sect233k1, 233}, + {"nistk233", NID_sect233k1, 233}, {"nistk283", NID_sect283k1, 283}, {"nistk409", NID_sect409k1, 409}, {"nistk571", NID_sect571k1, 571}, Modified: stable/12/crypto/openssl/apps/verify.c ============================================================================== --- stable/12/crypto/openssl/apps/verify.c Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/apps/verify.c Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx) cert_error, X509_STORE_CTX_get_error_depth(ctx), X509_verify_cert_error_string(cert_error)); + + /* + * Pretend that some errors are ok, so they don't stop further + * processing of the certificate chain. Setting ok = 1 does this. + * After X509_verify_cert() is done, we verify that there were + * no actual errors, even if the returned value was positive. + */ switch (cert_error) { case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(ctx); /* fall thru */ case X509_V_ERR_CERT_HAS_EXPIRED: - - /* - * since we are just checking the certificates, it is ok if they - * are self signed. But we should still warn the user. - */ + /* Continue even if the leaf is a self signed cert */ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* Continue after extension errors too */ case X509_V_ERR_INVALID_CA: Modified: stable/12/crypto/openssl/config ============================================================================== --- stable/12/crypto/openssl/config Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/config Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ THERE=`dirname $0` # pick up any command line args to config for i do -case "$i" in +case "$i" in -d*) options=$options" --debug";; -t*) DRYRUN="true" VERBOSE="true";; -v*) VERBOSE="true";; @@ -59,7 +59,7 @@ __CNF_LDLIBS= # Now test for ISC and SCO, since it is has a braindamaged uname. # -# We need to work around FreeBSD 1.1.5.1 +# We need to work around FreeBSD 1.1.5.1 ( XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'` if [ "x$XREL" != "x" ]; then @@ -363,7 +363,7 @@ esac # At this point we gone through all the one's # we know of: Punt -echo "${MACHINE}-whatever-${SYSTEM}" +echo "${MACHINE}-whatever-${SYSTEM}" exit 0 ) 2>/dev/null | ( @@ -433,7 +433,7 @@ fi CCVER=${CCVER:-0} -# read the output of the embedded GuessOS +# read the output of the embedded GuessOS read GUESSOS echo Operating system: $GUESSOS @@ -732,7 +732,7 @@ case "$GUESSOS" in *-*-[Uu]nix[Ww]are7) if [ "$CC" = "gcc" ]; then OUT="unixware-7-gcc" ; options="$options no-sse2" - else + else OUT="unixware-7" ; options="$options no-sse2" __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__" fi @@ -793,7 +793,7 @@ case "$GUESSOS" in OUT="aix64-gcc" fi elif [ $OBJECT_MODE -eq 64 ]; then - echo 'Your $OBJECT_MODE was found to be set to 64' + echo 'Your $OBJECT_MODE was found to be set to 64' OUT="aix64-cc" else OUT="aix-cc" @@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then exit 1 fi -# run Configure to check to see if we need to specify the +# run Configure to check to see if we need to specify the # compiler for the platform ... in which case we add it on # the end ... otherwise we leave it off @@ -920,7 +920,7 @@ if [ $? = "0" ]; then __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \ __CNF_LDLIBS="'$__CNF_LDLIBS'" \ $PERL $THERE/Configure $OUT $options - fi + fi if [ "$DRYRUN" = "false" ]; then # eval to make sure quoted options, possibly with spaces inside, # are treated right Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl ============================================================================== --- stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Tue Feb 26 19:31:33 2019 (r344602) +++ stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Tue Feb 26 19:34:42 2019 (r344603) @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -554,6 +554,7 @@ $code.=<<___; .type _x86_64_AES_encrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_encrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Te4 mov 32-128($inp),$acc2 @@ -587,6 +588,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact ___ @@ -1161,6 +1163,7 @@ $code.=<<___; .type _x86_64_AES_decrypt_compact,\@abi-omnipotent .align 16 _x86_64_AES_decrypt_compact: +.cfi_startproc lea 128($sbox),$inp # size optimization mov 0-128($inp),$acc1 # prefetch Td4 mov 32-128($inp),$acc2 @@ -1203,6 +1206,7 @@ $code.=<<___; xor 8($key),$s2 xor 12($key),$s3 .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact ___ @@ -1365,6 +1369,7 @@ AES_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent .align 16 _x86_64_AES_set_encrypt_key: +.cfi_startproc mov %esi,%ecx # %ecx=bits mov %rdi,%rsi # %rsi=userKey mov %rdx,%rdi # %rdi=key @@ -1546,6 +1551,7 @@ $code.=<<___; mov \$-1,%rax .Lexit: .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key ___ @@ -1728,7 +1734,9 @@ AES_cbc_encrypt: cmp \$0,%rdx # check length je .Lcbc_epilogue pushfq -.cfi_push 49 # %rflags +# This could be .cfi_push 49, but libunwind fails on registers it does not +# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. +.cfi_adjust_cfa_offset 8 push %rbx .cfi_push %rbx push %rbp @@ -1751,6 +1759,7 @@ AES_cbc_encrypt: cmp \$0,%r9 cmoveq %r10,$sbox +.cfi_remember_state mov OPENSSL_ia32cap_P(%rip),%r10d cmp \$$speed_limit,%rdx jb .Lcbc_slow_prologue @@ -1986,6 +1995,7 @@ AES_cbc_encrypt: #--------------------------- SLOW ROUTINE ---------------------------# .align 16 .Lcbc_slow_prologue: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902261934.x1QJYhd6018417>