Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Feb 2019 19:34:43 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r344603 - in stable/12: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto...
Message-ID:  <201902261934.x1QJYhd6018417@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue Feb 26 19:34:42 2019
New Revision: 344603
URL: https://svnweb.freebsd.org/changeset/base/344603

Log:
  MFC:	r344602
  
  Merge OpenSSL 1.1.1b.

Modified:
  stable/12/crypto/openssl/CHANGES
  stable/12/crypto/openssl/CONTRIBUTING
  stable/12/crypto/openssl/Configure
  stable/12/crypto/openssl/INSTALL
  stable/12/crypto/openssl/LICENSE
  stable/12/crypto/openssl/NEWS
  stable/12/crypto/openssl/README
  stable/12/crypto/openssl/apps/apps.c
  stable/12/crypto/openssl/apps/ct_log_list.cnf
  stable/12/crypto/openssl/apps/dh1024.pem
  stable/12/crypto/openssl/apps/dh2048.pem
  stable/12/crypto/openssl/apps/dh4096.pem
  stable/12/crypto/openssl/apps/ocsp.c
  stable/12/crypto/openssl/apps/openssl.cnf
  stable/12/crypto/openssl/apps/pkcs12.c
  stable/12/crypto/openssl/apps/rehash.c
  stable/12/crypto/openssl/apps/s_cb.c
  stable/12/crypto/openssl/apps/s_client.c
  stable/12/crypto/openssl/apps/s_server.c
  stable/12/crypto/openssl/apps/speed.c
  stable/12/crypto/openssl/apps/verify.c
  stable/12/crypto/openssl/config
  stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
  stable/12/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
  stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
  stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
  stable/12/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
  stable/12/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
  stable/12/crypto/openssl/crypto/armcap.c
  stable/12/crypto/openssl/crypto/asn1/a_digest.c
  stable/12/crypto/openssl/crypto/asn1/a_sign.c
  stable/12/crypto/openssl/crypto/asn1/a_verify.c
  stable/12/crypto/openssl/crypto/asn1/ameth_lib.c
  stable/12/crypto/openssl/crypto/asn1/charmap.h
  stable/12/crypto/openssl/crypto/asn1/charmap.pl
  stable/12/crypto/openssl/crypto/asn1/d2i_pu.c
  stable/12/crypto/openssl/crypto/bio/b_addr.c
  stable/12/crypto/openssl/crypto/bio/bss_file.c
  stable/12/crypto/openssl/crypto/bio/bss_mem.c
  stable/12/crypto/openssl/crypto/bn/asm/armv8-mont.pl
  stable/12/crypto/openssl/crypto/bn/asm/ia64.S
  stable/12/crypto/openssl/crypto/bn/asm/mips.pl
  stable/12/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
  stable/12/crypto/openssl/crypto/bn/asm/sparcv8plus.S
  stable/12/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
  stable/12/crypto/openssl/crypto/bn/bn_ctx.c
  stable/12/crypto/openssl/crypto/bn/bn_depr.c
  stable/12/crypto/openssl/crypto/bn/bn_div.c
  stable/12/crypto/openssl/crypto/bn/bn_exp.c
  stable/12/crypto/openssl/crypto/bn/bn_lib.c
  stable/12/crypto/openssl/crypto/bn/bn_prime.h
  stable/12/crypto/openssl/crypto/bn/bn_prime.pl
  stable/12/crypto/openssl/crypto/bn/bn_shift.c
  stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
  stable/12/crypto/openssl/crypto/cms/cms_kari.c
  stable/12/crypto/openssl/crypto/cms/cms_pwri.c
  stable/12/crypto/openssl/crypto/conf/conf_def.c
  stable/12/crypto/openssl/crypto/conf/conf_def.h
  stable/12/crypto/openssl/crypto/conf/conf_lib.c
  stable/12/crypto/openssl/crypto/conf/conf_mod.c
  stable/12/crypto/openssl/crypto/conf/conf_sap.c
  stable/12/crypto/openssl/crypto/conf/conf_ssl.c
  stable/12/crypto/openssl/crypto/conf/keysets.pl
  stable/12/crypto/openssl/crypto/cryptlib.c
  stable/12/crypto/openssl/crypto/des/asm/des_enc.m4
  stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c
  stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
  stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
  stable/12/crypto/openssl/crypto/ec/curve25519.c
  stable/12/crypto/openssl/crypto/ec/curve448/eddsa.c
  stable/12/crypto/openssl/crypto/ec/curve448/point_448.h
  stable/12/crypto/openssl/crypto/ec/ec2_smpl.c
  stable/12/crypto/openssl/crypto/ec/ec_ameth.c
  stable/12/crypto/openssl/crypto/ec/ec_err.c
  stable/12/crypto/openssl/crypto/ec/ec_lcl.h
  stable/12/crypto/openssl/crypto/ec/ecp_mont.c
  stable/12/crypto/openssl/crypto/ec/ecp_nist.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistz256.c
  stable/12/crypto/openssl/crypto/ec/ecp_smpl.c
  stable/12/crypto/openssl/crypto/ec/ecx_meth.c
  stable/12/crypto/openssl/crypto/engine/README
  stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
  stable/12/crypto/openssl/crypto/engine/eng_lib.c
  stable/12/crypto/openssl/crypto/err/err.c
  stable/12/crypto/openssl/crypto/err/openssl.txt
  stable/12/crypto/openssl/crypto/evp/evp_enc.c
  stable/12/crypto/openssl/crypto/evp/evp_err.c
  stable/12/crypto/openssl/crypto/evp/p_lib.c
  stable/12/crypto/openssl/crypto/include/internal/bn_int.h
  stable/12/crypto/openssl/crypto/init.c
  stable/12/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
  stable/12/crypto/openssl/crypto/objects/obj_dat.h
  stable/12/crypto/openssl/crypto/objects/obj_dat.pl
  stable/12/crypto/openssl/crypto/objects/obj_xref.h
  stable/12/crypto/openssl/crypto/objects/objects.pl
  stable/12/crypto/openssl/crypto/objects/objxref.pl
  stable/12/crypto/openssl/crypto/pem/pem_info.c
  stable/12/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
  stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
  stable/12/crypto/openssl/crypto/ppc_arch.h
  stable/12/crypto/openssl/crypto/ppccap.c
  stable/12/crypto/openssl/crypto/ppccpuid.pl
  stable/12/crypto/openssl/crypto/rand/rand_unix.c
  stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c
  stable/12/crypto/openssl/crypto/rsa/rsa_oaep.c
  stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c
  stable/12/crypto/openssl/crypto/rsa/rsa_pk1.c
  stable/12/crypto/openssl/crypto/rsa/rsa_ssl.c
  stable/12/crypto/openssl/crypto/rsa/rsa_x931g.c
  stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
  stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
  stable/12/crypto/openssl/crypto/srp/srp_lib.c
  stable/12/crypto/openssl/crypto/srp/srp_vfy.c
  stable/12/crypto/openssl/crypto/ui/ui_openssl.c
  stable/12/crypto/openssl/crypto/uid.c
  stable/12/crypto/openssl/crypto/x509/x509_vfy.c
  stable/12/crypto/openssl/crypto/x509/x_crl.c
  stable/12/crypto/openssl/crypto/x509/x_pubkey.c
  stable/12/crypto/openssl/crypto/x509/x_x509.c
  stable/12/crypto/openssl/doc/HOWTO/certificates.txt
  stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt
  stable/12/crypto/openssl/doc/fingerprints.txt
  stable/12/crypto/openssl/doc/man1/ca.pod
  stable/12/crypto/openssl/doc/man1/ciphers.pod
  stable/12/crypto/openssl/doc/man1/cms.pod
  stable/12/crypto/openssl/doc/man1/dgst.pod
  stable/12/crypto/openssl/doc/man1/ec.pod
  stable/12/crypto/openssl/doc/man1/enc.pod
  stable/12/crypto/openssl/doc/man1/genpkey.pod
  stable/12/crypto/openssl/doc/man1/ocsp.pod
  stable/12/crypto/openssl/doc/man1/pkcs12.pod
  stable/12/crypto/openssl/doc/man1/pkcs8.pod
  stable/12/crypto/openssl/doc/man1/req.pod
  stable/12/crypto/openssl/doc/man1/s_client.pod
  stable/12/crypto/openssl/doc/man1/s_server.pod
  stable/12/crypto/openssl/doc/man1/smime.pod
  stable/12/crypto/openssl/doc/man1/storeutl.pod
  stable/12/crypto/openssl/doc/man1/verify.pod
  stable/12/crypto/openssl/doc/man1/x509.pod
  stable/12/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
  stable/12/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
  stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod
  stable/12/crypto/openssl/doc/man3/BIO_new_CMS.pod
  stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod
  stable/12/crypto/openssl/doc/man3/BN_rand.pod
  stable/12/crypto/openssl/doc/man3/BN_security_bits.pod
  stable/12/crypto/openssl/doc/man3/BUF_MEM_new.pod
  stable/12/crypto/openssl/doc/man3/CMS_get0_type.pod
  stable/12/crypto/openssl/doc/man3/CONF_modules_load_file.pod
  stable/12/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod
  stable/12/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod
  stable/12/crypto/openssl/doc/man3/DH_size.pod
  stable/12/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod
  stable/12/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod
  stable/12/crypto/openssl/doc/man3/DTLSv1_listen.pod
  stable/12/crypto/openssl/doc/man3/EC_GROUP_copy.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_EncryptInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_new.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod
  stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod
  stable/12/crypto/openssl/doc/man3/HMAC.pod
  stable/12/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod
  stable/12/crypto/openssl/doc/man3/OPENSSL_malloc.pod
  stable/12/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_open.pod
  stable/12/crypto/openssl/doc/man3/PEM_read_bio_ex.pod
  stable/12/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod
  stable/12/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod
  stable/12/crypto/openssl/doc/man3/PKCS12_parse.pod
  stable/12/crypto/openssl/doc/man3/PKCS7_sign.pod
  stable/12/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod
  stable/12/crypto/openssl/doc/man3/RAND_bytes.pod
  stable/12/crypto/openssl/doc/man3/RIPEMD160_Init.pod
  stable/12/crypto/openssl/doc/man3/RSA_get0_key.pod
  stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
  stable/12/crypto/openssl/doc/man3/RSA_size.pod
  stable/12/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod
  stable/12/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd.pod
  stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_options.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_free.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod
  stable/12/crypto/openssl/doc/man3/SSL_export_keying_material.pod
  stable/12/crypto/openssl/doc/man3/SSL_extension_supported.pod
  stable/12/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod
  stable/12/crypto/openssl/doc/man3/SSL_get_error.pod
  stable/12/crypto/openssl/doc/man3/SSL_get_version.pod
  stable/12/crypto/openssl/doc/man3/SSL_key_update.pod
  stable/12/crypto/openssl/doc/man3/SSL_read.pod
  stable/12/crypto/openssl/doc/man3/SSL_read_early_data.pod
  stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod
  stable/12/crypto/openssl/doc/man3/SSL_shutdown.pod
  stable/12/crypto/openssl/doc/man3/SSL_want.pod
  stable/12/crypto/openssl/doc/man3/SSL_write.pod
  stable/12/crypto/openssl/doc/man3/UI_create_method.pod
  stable/12/crypto/openssl/doc/man3/UI_new.pod
  stable/12/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
  stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
  stable/12/crypto/openssl/doc/man3/X509_get0_signature.pod
  stable/12/crypto/openssl/doc/man3/X509_get_serialNumber.pod
  stable/12/crypto/openssl/doc/man3/X509_get_subject_name.pod
  stable/12/crypto/openssl/doc/man3/X509_sign.pod
  stable/12/crypto/openssl/doc/man3/d2i_PrivateKey.pod
  stable/12/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod
  stable/12/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod
  stable/12/crypto/openssl/doc/man5/config.pod
  stable/12/crypto/openssl/doc/man7/ct.pod
  stable/12/crypto/openssl/e_os.h
  stable/12/crypto/openssl/engines/e_dasync.c
  stable/12/crypto/openssl/include/internal/conf.h
  stable/12/crypto/openssl/include/internal/constant_time_locl.h
  stable/12/crypto/openssl/include/internal/cryptlib.h
  stable/12/crypto/openssl/include/internal/sockets.h
  stable/12/crypto/openssl/include/internal/thread_once.h
  stable/12/crypto/openssl/include/internal/tsan_assist.h
  stable/12/crypto/openssl/include/openssl/crypto.h
  stable/12/crypto/openssl/include/openssl/e_os2.h
  stable/12/crypto/openssl/include/openssl/ecerr.h
  stable/12/crypto/openssl/include/openssl/evp.h
  stable/12/crypto/openssl/include/openssl/evperr.h
  stable/12/crypto/openssl/include/openssl/lhash.h
  stable/12/crypto/openssl/include/openssl/obj_mac.h
  stable/12/crypto/openssl/include/openssl/opensslv.h
  stable/12/crypto/openssl/include/openssl/safestack.h
  stable/12/crypto/openssl/include/openssl/ssl.h
  stable/12/crypto/openssl/include/openssl/sslerr.h
  stable/12/crypto/openssl/include/openssl/x509_vfy.h
  stable/12/crypto/openssl/ssl/record/rec_layer_d1.c
  stable/12/crypto/openssl/ssl/record/rec_layer_s3.c
  stable/12/crypto/openssl/ssl/s3_enc.c
  stable/12/crypto/openssl/ssl/s3_lib.c
  stable/12/crypto/openssl/ssl/ssl_ciph.c
  stable/12/crypto/openssl/ssl/ssl_err.c
  stable/12/crypto/openssl/ssl/ssl_init.c
  stable/12/crypto/openssl/ssl/ssl_lib.c
  stable/12/crypto/openssl/ssl/ssl_locl.h
  stable/12/crypto/openssl/ssl/statem/extensions.c
  stable/12/crypto/openssl/ssl/statem/statem.c
  stable/12/crypto/openssl/ssl/statem/statem_clnt.c
  stable/12/crypto/openssl/ssl/statem/statem_lib.c
  stable/12/crypto/openssl/ssl/statem/statem_locl.h
  stable/12/crypto/openssl/ssl/statem/statem_srvr.c
  stable/12/crypto/openssl/ssl/t1_enc.c
  stable/12/crypto/openssl/ssl/t1_lib.c
  stable/12/crypto/openssl/ssl/tls13_enc.c
  stable/12/secure/lib/libcrypto/Makefile.inc
  stable/12/secure/lib/libcrypto/Makefile.man
  stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S
  stable/12/secure/lib/libcrypto/aarch64/armv8-mont.S
  stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/sha512-armv8.S
  stable/12/secure/lib/libcrypto/aarch64/vpaes-armv8.S
  stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/aesni-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/ghash-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/rsaz-avx2.S
  stable/12/secure/lib/libcrypto/amd64/vpaes-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/x86_64-mont5.S
  stable/12/secure/lib/libcrypto/man/ADMISSIONS.3
  stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
  stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
  stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3
  stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3
  stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
  stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3
  stable/12/secure/lib/libcrypto/man/BF_encrypt.3
  stable/12/secure/lib/libcrypto/man/BIO_ADDR.3
  stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3
  stable/12/secure/lib/libcrypto/man/BIO_connect.3
  stable/12/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/12/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/12/secure/lib/libcrypto/man/BIO_f_md.3
  stable/12/secure/lib/libcrypto/man/BIO_f_null.3
  stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/12/secure/lib/libcrypto/man/BIO_find_type.3
  stable/12/secure/lib/libcrypto/man/BIO_get_data.3
  stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
  stable/12/secure/lib/libcrypto/man/BIO_meth_new.3
  stable/12/secure/lib/libcrypto/man/BIO_new.3
  stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3
  stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3
  stable/12/secure/lib/libcrypto/man/BIO_printf.3
  stable/12/secure/lib/libcrypto/man/BIO_push.3
  stable/12/secure/lib/libcrypto/man/BIO_read.3
  stable/12/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/12/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/12/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/12/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/12/secure/lib/libcrypto/man/BIO_s_file.3
  stable/12/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/12/secure/lib/libcrypto/man/BIO_s_null.3
  stable/12/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/12/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/12/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/12/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/12/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/12/secure/lib/libcrypto/man/BN_add.3
  stable/12/secure/lib/libcrypto/man/BN_add_word.3
  stable/12/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/12/secure/lib/libcrypto/man/BN_cmp.3
  stable/12/secure/lib/libcrypto/man/BN_copy.3
  stable/12/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/12/secure/lib/libcrypto/man/BN_new.3
  stable/12/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/12/secure/lib/libcrypto/man/BN_rand.3
  stable/12/secure/lib/libcrypto/man/BN_security_bits.3
  stable/12/secure/lib/libcrypto/man/BN_set_bit.3
  stable/12/secure/lib/libcrypto/man/BN_swap.3
  stable/12/secure/lib/libcrypto/man/BN_zero.3
  stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3
  stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3
  stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3
  stable/12/secure/lib/libcrypto/man/CMS_compress.3
  stable/12/secure/lib/libcrypto/man/CMS_decrypt.3
  stable/12/secure/lib/libcrypto/man/CMS_encrypt.3
  stable/12/secure/lib/libcrypto/man/CMS_final.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_type.3
  stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  stable/12/secure/lib/libcrypto/man/CMS_sign.3
  stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3
  stable/12/secure/lib/libcrypto/man/CMS_uncompress.3
  stable/12/secure/lib/libcrypto/man/CMS_verify.3
  stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3
  stable/12/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
  stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
  stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
  stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3
  stable/12/secure/lib/libcrypto/man/CTLOG_new.3
  stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
  stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
  stable/12/secure/lib/libcrypto/man/DES_random_key.3
  stable/12/secure/lib/libcrypto/man/DH_generate_key.3
  stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3
  stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3
  stable/12/secure/lib/libcrypto/man/DH_meth_new.3
  stable/12/secure/lib/libcrypto/man/DH_new.3
  stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3
  stable/12/secure/lib/libcrypto/man/DH_set_method.3
  stable/12/secure/lib/libcrypto/man/DH_size.3
  stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/12/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/12/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3
  stable/12/secure/lib/libcrypto/man/DSA_meth_new.3
  stable/12/secure/lib/libcrypto/man/DSA_new.3
  stable/12/secure/lib/libcrypto/man/DSA_set_method.3
  stable/12/secure/lib/libcrypto/man/DSA_sign.3
  stable/12/secure/lib/libcrypto/man/DSA_size.3
  stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
  stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
  stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3
  stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3
  stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3
  stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3
  stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3
  stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
  stable/12/secure/lib/libcrypto/man/EC_KEY_new.3
  stable/12/secure/lib/libcrypto/man/EC_POINT_add.3
  stable/12/secure/lib/libcrypto/man/EC_POINT_new.3
  stable/12/secure/lib/libcrypto/man/ENGINE_add.3
  stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/12/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/12/secure/lib/libcrypto/man/ERR_error_string.3
  stable/12/secure/lib/libcrypto/man/ERR_get_error.3
  stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/12/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/12/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/12/secure/lib/libcrypto/man/ERR_put_error.3
  stable/12/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/12/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
  stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3
  stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  stable/12/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/12/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/12/secure/lib/libcrypto/man/EVP_aes.3
  stable/12/secure/lib/libcrypto/man/EVP_aria.3
  stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3
  stable/12/secure/lib/libcrypto/man/EVP_camellia.3
  stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_chacha20.3
  stable/12/secure/lib/libcrypto/man/EVP_des.3
  stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_md2.3
  stable/12/secure/lib/libcrypto/man/EVP_md4.3
  stable/12/secure/lib/libcrypto/man/EVP_md5.3
  stable/12/secure/lib/libcrypto/man/EVP_mdc2.3
  stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_rc4.3
  stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3
  stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_sha1.3
  stable/12/secure/lib/libcrypto/man/EVP_sha224.3
  stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3
  stable/12/secure/lib/libcrypto/man/EVP_sm3.3
  stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3
  stable/12/secure/lib/libcrypto/man/HMAC.3
  stable/12/secure/lib/libcrypto/man/MD5.3
  stable/12/secure/lib/libcrypto/man/MDC2_Init.3
  stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
  stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3
  stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
  stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3
  stable/12/secure/lib/libcrypto/man/OCSP_response_status.3
  stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3
  stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
  stable/12/secure/lib/libcrypto/man/PEM_read.3
  stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3
  stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
  stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3
  stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  stable/12/secure/lib/libcrypto/man/PKCS12_create.3
  stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3
  stable/12/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
  stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/12/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  stable/12/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
  stable/12/secure/lib/libcrypto/man/RAND_add.3
  stable/12/secure/lib/libcrypto/man/RAND_bytes.3
  stable/12/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/12/secure/lib/libcrypto/man/RAND_egd.3
  stable/12/secure/lib/libcrypto/man/RAND_load_file.3
  stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/12/secure/lib/libcrypto/man/RC4_set_key.3
  stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3
  stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/12/secure/lib/libcrypto/man/RSA_check_key.3
  stable/12/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/12/secure/lib/libcrypto/man/RSA_get0_key.3
  stable/12/secure/lib/libcrypto/man/RSA_meth_new.3
  stable/12/secure/lib/libcrypto/man/RSA_new.3
  stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/12/secure/lib/libcrypto/man/RSA_print.3
  stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/12/secure/lib/libcrypto/man/RSA_set_method.3
  stable/12/secure/lib/libcrypto/man/RSA_sign.3
  stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/12/secure/lib/libcrypto/man/RSA_size.3
  stable/12/secure/lib/libcrypto/man/SCT_new.3
  stable/12/secure/lib/libcrypto/man/SCT_print.3
  stable/12/secure/lib/libcrypto/man/SCT_validate.3
  stable/12/secure/lib/libcrypto/man/SHA256_Init.3
  stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3
  stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3
  stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
  stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
  stable/12/secure/lib/libcrypto/man/SSL_accept.3
  stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3
  stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3
  stable/12/secure/lib/libcrypto/man/SSL_check_chain.3
  stable/12/secure/lib/libcrypto/man/SSL_clear.3
  stable/12/secure/lib/libcrypto/man/SSL_connect.3
  stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3
  stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3
  stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3
  stable/12/secure/lib/libcrypto/man/SSL_free.3
  stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
  stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
  stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
  stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3
  stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3
  stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3
  stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3
  stable/12/secure/lib/libcrypto/man/SSL_get_error.3
  stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3
  stable/12/secure/lib/libcrypto/man/SSL_get_fd.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
  stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3
  stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3
  stable/12/secure/lib/libcrypto/man/SSL_get_session.3
  stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
  stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3
  stable/12/secure/lib/libcrypto/man/SSL_get_version.3
  stable/12/secure/lib/libcrypto/man/SSL_in_init.3
  stable/12/secure/lib/libcrypto/man/SSL_key_update.3
  stable/12/secure/lib/libcrypto/man/SSL_library_init.3
  stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
  stable/12/secure/lib/libcrypto/man/SSL_new.3
  stable/12/secure/lib/libcrypto/man/SSL_pending.3
  stable/12/secure/lib/libcrypto/man/SSL_read.3
  stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3
  stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3
  stable/12/secure/lib/libcrypto/man/SSL_session_reused.3
  stable/12/secure/lib/libcrypto/man/SSL_set1_host.3
  stable/12/secure/lib/libcrypto/man/SSL_set_bio.3
  stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3
  stable/12/secure/lib/libcrypto/man/SSL_set_fd.3
  stable/12/secure/lib/libcrypto/man/SSL_set_session.3
  stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3
  stable/12/secure/lib/libcrypto/man/SSL_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_state_string.3
  stable/12/secure/lib/libcrypto/man/SSL_want.3
  stable/12/secure/lib/libcrypto/man/SSL_write.3
  stable/12/secure/lib/libcrypto/man/UI_STRING.3
  stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
  stable/12/secure/lib/libcrypto/man/UI_create_method.3
  stable/12/secure/lib/libcrypto/man/UI_new.3
  stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3
  stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3
  stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
  stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
  stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
  stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3
  stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_new.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  stable/12/secure/lib/libcrypto/man/X509_check_ca.3
  stable/12/secure/lib/libcrypto/man/X509_check_host.3
  stable/12/secure/lib/libcrypto/man/X509_check_issued.3
  stable/12/secure/lib/libcrypto/man/X509_check_private_key.3
  stable/12/secure/lib/libcrypto/man/X509_cmp_time.3
  stable/12/secure/lib/libcrypto/man/X509_digest.3
  stable/12/secure/lib/libcrypto/man/X509_dup.3
  stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3
  stable/12/secure/lib/libcrypto/man/X509_get0_signature.3
  stable/12/secure/lib/libcrypto/man/X509_get0_uids.3
  stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3
  stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3
  stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3
  stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3
  stable/12/secure/lib/libcrypto/man/X509_get_version.3
  stable/12/secure/lib/libcrypto/man/X509_new.3
  stable/12/secure/lib/libcrypto/man/X509_sign.3
  stable/12/secure/lib/libcrypto/man/X509_verify_cert.3
  stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
  stable/12/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
  stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3
  stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
  stable/12/secure/lib/libcrypto/man/d2i_X509.3
  stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
  stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3
  stable/12/secure/usr.bin/openssl/man/CA.pl.1
  stable/12/secure/usr.bin/openssl/man/asn1parse.1
  stable/12/secure/usr.bin/openssl/man/ca.1
  stable/12/secure/usr.bin/openssl/man/ciphers.1
  stable/12/secure/usr.bin/openssl/man/cms.1
  stable/12/secure/usr.bin/openssl/man/crl.1
  stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/12/secure/usr.bin/openssl/man/dgst.1
  stable/12/secure/usr.bin/openssl/man/dhparam.1
  stable/12/secure/usr.bin/openssl/man/dsa.1
  stable/12/secure/usr.bin/openssl/man/dsaparam.1
  stable/12/secure/usr.bin/openssl/man/ec.1
  stable/12/secure/usr.bin/openssl/man/ecparam.1
  stable/12/secure/usr.bin/openssl/man/enc.1
  stable/12/secure/usr.bin/openssl/man/engine.1
  stable/12/secure/usr.bin/openssl/man/errstr.1
  stable/12/secure/usr.bin/openssl/man/gendsa.1
  stable/12/secure/usr.bin/openssl/man/genpkey.1
  stable/12/secure/usr.bin/openssl/man/genrsa.1
  stable/12/secure/usr.bin/openssl/man/list.1
  stable/12/secure/usr.bin/openssl/man/nseq.1
  stable/12/secure/usr.bin/openssl/man/ocsp.1
  stable/12/secure/usr.bin/openssl/man/openssl.1
  stable/12/secure/usr.bin/openssl/man/passwd.1
  stable/12/secure/usr.bin/openssl/man/pkcs12.1
  stable/12/secure/usr.bin/openssl/man/pkcs7.1
  stable/12/secure/usr.bin/openssl/man/pkcs8.1
  stable/12/secure/usr.bin/openssl/man/pkey.1
  stable/12/secure/usr.bin/openssl/man/pkeyparam.1
  stable/12/secure/usr.bin/openssl/man/pkeyutl.1
  stable/12/secure/usr.bin/openssl/man/prime.1
  stable/12/secure/usr.bin/openssl/man/rand.1
  stable/12/secure/usr.bin/openssl/man/req.1
  stable/12/secure/usr.bin/openssl/man/rsa.1
  stable/12/secure/usr.bin/openssl/man/rsautl.1
  stable/12/secure/usr.bin/openssl/man/s_client.1
  stable/12/secure/usr.bin/openssl/man/s_server.1
  stable/12/secure/usr.bin/openssl/man/s_time.1
  stable/12/secure/usr.bin/openssl/man/sess_id.1
  stable/12/secure/usr.bin/openssl/man/smime.1
  stable/12/secure/usr.bin/openssl/man/speed.1
  stable/12/secure/usr.bin/openssl/man/spkac.1
  stable/12/secure/usr.bin/openssl/man/srp.1
  stable/12/secure/usr.bin/openssl/man/storeutl.1
  stable/12/secure/usr.bin/openssl/man/ts.1
  stable/12/secure/usr.bin/openssl/man/tsget.1
  stable/12/secure/usr.bin/openssl/man/verify.1
  stable/12/secure/usr.bin/openssl/man/version.1
  stable/12/secure/usr.bin/openssl/man/x509.1
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/crypto/openssl/CHANGES
==============================================================================
--- stable/12/crypto/openssl/CHANGES	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/CHANGES	Tue Feb 26 19:34:42 2019	(r344603)
@@ -7,6 +7,44 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
+
+  *) Added SCA hardening for modular field inversion in EC_GROUP through
+     a new dedicated field_inv() pointer in EC_METHOD.
+     This also addresses a leakage affecting conversions from projective
+     to affine coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Change the info callback signals for the start and end of a post-handshake
+     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+     confused by this and assume that a TLSv1.2 renegotiation has started. This
+     can break KeyUpdate handling. Instead we no longer signal the start and end
+     of a post handshake message exchange (although the messages themselves are
+     still signalled). This could break some applications that were expecting
+     the old signals. However without this KeyUpdate is not usable for many
+     applications.
+     [Matt Caswell]
+
+  *) Fix a bug in the computation of the endpoint-pair shared secret used
+     by DTLS over SCTP. This breaks interoperability with older versions
+     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+     interoperability with such broken implementations. However, enabling
+     this switch breaks interoperability with correct implementations.
+
+  *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+     re-used X509_PUBKEY object if the second PUBKEY is malformed.
+     [Bernd Edlinger]
+
+  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+     [Richard Levitte]
+
+  *) Remove the 'dist' target and add a tarball building script.  The
+     'dist' target has fallen out of use, and it shouldn't be
+     necessary to configure just to create a source distribution.
+     [Richard Levitte]
+
  Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
 
   *) Timing vulnerability in DSA signature generation

Modified: stable/12/crypto/openssl/CONTRIBUTING
==============================================================================
--- stable/12/crypto/openssl/CONTRIBUTING	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/CONTRIBUTING	Tue Feb 26 19:34:42 2019	(r344603)
@@ -57,7 +57,7 @@ guidelines:
     7.  For user visible changes (API changes, behaviour changes, ...),
     consider adding a note in CHANGES.  This could be a summarising
     description of the change, and could explain the grander details.
-    Have a look through existing entries for inspiration. 
+    Have a look through existing entries for inspiration.
     Please note that this is NOT simply a copy of git-log oneliners.
     Also note that security fixes get an entry in CHANGES.
     This file helps users get more in depth information of what comes

Modified: stable/12/crypto/openssl/Configure
==============================================================================
--- stable/12/crypto/openssl/Configure	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/Configure	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
 #       -Wlanguage-extension-token -- no, we use asm()
 #       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
+#       -Wunused-function -- no, it forces header use of safestack et al
+#                            DEFINE macros
 my $clang_devteam_warn = ""
         . " -Wswitch-default"
         . " -Wno-parentheses-equality"
@@ -153,6 +155,7 @@ my $clang_devteam_warn = ""
         . " -Wincompatible-pointer-types-discards-qualifiers"
         . " -Wmissing-variable-declarations"
         . " -Wno-unknown-warning-option"
+        . " -Wno-unused-function"
         ;
 
 # This adds backtrace information to the memory leak info.  Is only used
@@ -374,6 +377,7 @@ my @disablables = (
     "msan",
     "multiblock",
     "nextprotoneg",
+    "pinshared",
     "ocb",
     "ocsp",
     "pic",
@@ -1110,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) {
     $disabled{$feature} = 'config';
 }
 foreach my $feature (@{$target{enable}}) {
-    if ("default" eq ($disabled{$_} // "")) {
+    if ("default" eq ($disabled{$feature} // "")) {
         if (exists $deprecated_disablables{$feature}) {
             warn "***** config $target enables deprecated feature $feature\n";
         } elsif (!grep { $feature eq $_ } @disablables) {
             die "***** config $target enables unknown feature $feature\n";
         }
-        delete $disabled{$_};
+        delete $disabled{$feature};
     }
 }
 
@@ -1370,6 +1374,7 @@ unless ($disabled{asm}) {
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
     push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
+    push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
 
     if ($target{sha1_asm_src}) {
 	push @{$config{lib_defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);

Modified: stable/12/crypto/openssl/INSTALL
==============================================================================
--- stable/12/crypto/openssl/INSTALL	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/INSTALL	Tue Feb 26 19:34:42 2019	(r344603)
@@ -326,6 +326,11 @@
                    Don't build support for datagram based BIOs. Selecting this
                    option will also force the disabling of DTLS.
 
+  enable-devcryptoeng
+                   Build the /dev/crypto engine.  It is automatically selected
+                   on BSD implementations, in which case it can be disabled with
+                   no-devcryptoeng.
+
   no-dso
                    Don't build support for loading Dynamic Shared Objects.
 
@@ -402,6 +407,24 @@
   no-pic
                    Don't build with support for Position Independent Code.
 
+  no-pinshared     By default OpenSSL will attempt to stay in memory until the
+                   process exits. This is so that libcrypto and libssl can be
+                   properly cleaned up automatically via an "atexit()" handler.
+                   The handler is registered by libcrypto and cleans up both
+                   libraries. On some platforms the atexit() handler will run on
+                   unload of libcrypto (if it has been dynamically loaded)
+                   rather than at process exit. This option can be used to stop
+                   OpenSSL from attempting to stay in memory until the process
+                   exits. This could lead to crashes if either libcrypto or
+                   libssl have already been unloaded at the point
+                   that the atexit handler is invoked, e.g. on a platform which
+                   calls atexit() on unload of the library, and libssl is
+                   unloaded before libcrypto then a crash is likely to happen.
+                   Applications can suppress running of the atexit() handler at
+                   run time by using the OPENSSL_INIT_NO_ATEXIT option to
+                   OPENSSL_init_crypto(). See the man page for it for further
+                   details.
+
   no-posix-io
                    Don't use POSIX IO capabilities.
 
@@ -941,10 +964,10 @@
 
   *  COMPILING existing applications
 
-     OpenSSL 1.1.0 hides a number of structures that were previously
-     open.  This includes all internal libssl structures and a number
-     of EVP types.  Accessor functions have been added to allow
-     controlled access to the structures' data.
+     Starting with version 1.1.0, OpenSSL hides a number of structures
+     that were previously open.  This includes all internal libssl
+     structures and a number of EVP types.  Accessor functions have
+     been added to allow controlled access to the structures' data.
 
      This means that some software needs to be rewritten to adapt to
      the new ways of doing things.  This often amounts to allocating
@@ -1047,7 +1070,7 @@
 
  depend
                 Rebuild the dependencies in the Makefiles. This is a legacy
-                option that no longer needs to be used in OpenSSL 1.1.0.
+                option that no longer needs to be used since OpenSSL 1.1.0.
 
  install
                 Install all OpenSSL components.

Modified: stable/12/crypto/openssl/LICENSE
==============================================================================
--- stable/12/crypto/openssl/LICENSE	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/LICENSE	Tue Feb 26 19:34:42 2019	(r344603)
@@ -10,14 +10,14 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -72,21 +72,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -101,10 +101,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -116,7 +116,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence

Modified: stable/12/crypto/openssl/NEWS
==============================================================================
--- stable/12/crypto/openssl/NEWS	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/NEWS	Tue Feb 26 19:34:42 2019	(r344603)
@@ -5,6 +5,13 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
+
+      o Change the info callback signals for the start and end of a post-handshake
+        message exchange in TLSv1.3.
+      o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
+        of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
+
   Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
 
       o Timing vulnerability in DSA signature generation (CVE-2018-0734)

Modified: stable/12/crypto/openssl/README
==============================================================================
--- stable/12/crypto/openssl/README	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/README	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1a 20 Nov 2018
+ OpenSSL 1.1.1b 26 Feb 2019
 
  Copyright (c) 1998-2018 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/12/crypto/openssl/apps/apps.c
==============================================================================
--- stable/12/crypto/openssl/apps/apps.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/apps.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr
 #else
     BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
 #endif
-    dbattr_conf = app_load_config(buf);
+    dbattr_conf = app_load_config_quiet(buf);
 
     retdb = app_malloc(sizeof(*retdb), "new DB");
     retdb->db = tmpdb;
@@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime)
 
     return ret;
 }
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
 # include <time.h>
 
 double app_tminterval(int stop, int usertime)

Modified: stable/12/crypto/openssl/apps/ct_log_list.cnf
==============================================================================
--- stable/12/crypto/openssl/apps/ct_log_list.cnf	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/ct_log_list.cnf	Tue Feb 26 19:34:42 2019	(r344603)
@@ -2,8 +2,8 @@
 # that are to be trusted.
 
 # Google's list of logs can be found here:
-#       www.certificate-transparency.org/known-logs 
+#       www.certificate-transparency.org/known-logs
 # A Python program to convert the log list to OpenSSL's format can be
 # found here:
-#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py 
+#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
 # Use the "--openssl_output" flag.

Modified: stable/12/crypto/openssl/apps/dh1024.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh1024.pem	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/dh1024.pem	Tue Feb 26 19:34:42 2019	(r344603)
@@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9E
 /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
 -----END DH PARAMETERS-----
 
-These are the 1024-bit DH parameters from "Internet Key Exchange 
+These are the 1024-bit DH parameters from "Internet Key Exchange
 Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.

Modified: stable/12/crypto/openssl/apps/dh2048.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh2048.pem	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/dh2048.pem	Tue Feb 26 19:34:42 2019	(r344603)
@@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFx
 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
 -----END DH PARAMETERS-----
 
-These are the 2048-bit DH parameters from "More Modular Exponential 
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+These are the 2048-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.

Modified: stable/12/crypto/openssl/apps/dh4096.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh4096.pem	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/dh4096.pem	Tue Feb 26 19:34:42 2019	(r344603)
@@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTO
 HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
 -----END DH PARAMETERS-----
 
-These are the 4096-bit DH parameters from "More Modular Exponential 
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+These are the 4096-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 
 See https://tools.ietf.org/html/rfc2412 for how they were generated.

Modified: stable/12/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/12/crypto/openssl/apps/ocsp.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/ocsp.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/x509v3.h>
 # include <openssl/rand.h>
 
-# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
      && !defined(OPENSSL_NO_POSIX_IO)
 #  define OCSP_DAEMON
 #  include <sys/types.h>
@@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT
 #  define LOG_ERR       2
 # endif
 
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+    errno = ENOSYS;
+    return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+    errno = ENOSYS;
+    return (pid_t) -1;
+}
+# endif
 /* Maximum leeway in validity period: default 5 minutes */
 # define MAX_VALIDITY_PERIOD    (5 * 60)
 
@@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids)
     for (i = 0; i < multi; ++i)
         if (kidpids[i] != 0)
             (void)kill(kidpids[i], SIGTERM);
+    OPENSSL_free(kidpids);
     sleep(1);
     exit(ret);
 }
@@ -977,7 +1006,6 @@ static void spawn_loop(void)
     }
 
     /* The loop above can only break on termsig */
-    OPENSSL_free(kidpids);
     syslog(LOG_INFO, "terminating on signal: %d", termsig);
     killall(0, kidpids);
 }

Modified: stable/12/crypto/openssl/apps/openssl.cnf
==============================================================================
--- stable/12/crypto/openssl/apps/openssl.cnf	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/openssl.cnf	Tue Feb 26 19:34:42 2019	(r344603)
@@ -19,7 +19,7 @@ oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions		= 
+# extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 
@@ -116,7 +116,7 @@ x509_extensions	= v3_ca	# The extensions to add to the
 # input_password = secret
 # output_password = secret
 
-# This sets a mask for permitted string types. There are several options. 
+# This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).

Modified: stable/12/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/12/crypto/openssl/apps/pkcs12.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/pkcs12.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
     if (cpass != NULL) {
         mpass = cpass;
         noprompt = 1;
+        if (twopass) {
+            if (export_cert)
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+            else
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+            goto end;
+        }
     } else {
         cpass = pass;
         mpass = macpass;

Modified: stable/12/crypto/openssl/apps/rehash.c
==============================================================================
--- stable/12/crypto/openssl/apps/rehash.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/rehash.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -50,6 +50,26 @@
 #  define NAME_MAX 255
 # endif
 # define MAX_COLLISIONS  256
+
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+    errno = ENOSYS;
+    return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+    errno = ENOSYS;
+    return -1;
+}
+# endif
 
 typedef struct hentry_st {
     struct hentry_st *next;

Modified: stable/12/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_cb.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/s_cb.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,7 +24,7 @@
 
 #define COOKIE_SECRET_LENGTH    16
 
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
 
 #ifndef OPENSSL_NO_SOCK
 static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
     if (!ok) {
         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
                    X509_verify_cert_error_string(err));
-        if (verify_args.depth >= depth) {
+        if (verify_args.depth < 0 || verify_args.depth >= depth) {
             if (!verify_args.return_error)
                 ok = 1;
             verify_args.error = err;

Modified: stable/12/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_client.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/s_client.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full)
 static int ocsp_resp_cb(SSL *s, void *arg);
 #endif
 static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static int is_dNS_name(const char *host);
 
 static int saved_errno;
 
@@ -596,6 +597,7 @@ typedef enum OPTION_choice {
 #endif
     OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
     OPT_ENABLE_PHA,
+    OPT_SCTP_LABEL_BUG,
     OPT_R_ENUM
 } OPTION_CHOICE;
 
@@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
     {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_SSL_TRACE
     {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
@@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv)
 #endif
     char *psksessf = NULL;
     int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
 
     FD_ZERO(&readfds);
     FD_ZERO(&writefds);
@@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_VERIFY_RET_ERROR:
+            verify = SSL_VERIFY_PEER;
             verify_args.return_error = 1;
             break;
         case OPT_VERIFY_QUIET:
@@ -1323,6 +1330,11 @@ int s_client_main(int argc, char **argv)
             protocol = IPPROTO_SCTP;
 #endif
             break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
         case OPT_TIMEOUT:
 #ifndef OPENSSL_NO_DTLS
             enable_timeouts = 1;
@@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv)
         }
     }
 
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
     if (min_version != 0
         && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
         goto end;
@@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv)
         SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
 
     if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
-        if (servername == NULL)
-            servername = (host == NULL) ? "localhost" : host;
-        if (!SSL_set_tlsext_host_name(con, servername)) {
+        if (servername == NULL) {
+            if(host == NULL || is_dNS_name(host)) 
+                servername = (host == NULL) ? "localhost" : host;
+        }
+        if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
             BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
             ERR_print_errors(bio_err);
             goto end;
@@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv)
                 BIO_printf(bio_err, "RENEGOTIATING\n");
                 SSL_renegotiate(con);
                 cbuf_len = 0;
-            }
-
-            if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+	    } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
                     && cmdletters) {
                 BIO_printf(bio_err, "KEYUPDATE\n");
                 SSL_key_update(con,
@@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf
     return ret;
 }
 
+/*
+ * Host dNS Name verifier: used for checking that the hostname is in dNS format 
+ * before setting it as SNI
+ */
+static int is_dNS_name(const char *host)
+{
+    const size_t MAX_LABEL_LENGTH = 63;
+    size_t i;
+    int isdnsname = 0;
+    size_t length = strlen(host);
+    size_t label_length = 0;
+    int all_numeric = 1;
+
+    /*
+     * Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.
+     */
+    for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
+        char c = host[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || c == '_') {
+            label_length += 1;
+            all_numeric = 0;
+            continue;
+        }
+
+        if (c >= '0' && c <= '9') {
+            label_length += 1;
+            continue;
+        }
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < length - 1) {
+            if (c == '-') {
+                label_length += 1;
+                continue;
+            }
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && host[i + 1] != '.'
+                && host[i - 1] != '-'
+                && host[i + 1] != '-') {
+                label_length = 0;
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
+    isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
+
+    return isdnsname;
+}
 #endif                          /* OPENSSL_NO_SOCK */

Modified: stable/12/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_server.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/s_server.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -751,7 +751,7 @@ typedef enum OPTION_choice {
     OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
     OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
     OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
-    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
     OPT_R_ENUM,
     OPT_S_ENUM,
     OPT_V_ENUM,
@@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
     {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_DH
     {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
@@ -1047,6 +1048,9 @@ int s_server_main(int argc, char *argv[])
     const char *keylog_file = NULL;
     int max_early_data = -1, recv_max_early_data = -1;
     char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
 
     /* Init of few remaining global variables */
     local_argc = argc;
@@ -1407,7 +1411,7 @@ int s_server_main(int argc, char *argv[])
             for (p = psk_key = opt_arg(); *p; p++) {
                 if (isxdigit(_UC(*p)))
                     continue;
-                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
                 goto end;
             }
             break;
@@ -1490,6 +1494,11 @@ int s_server_main(int argc, char *argv[])
             protocol = IPPROTO_SCTP;
 #endif
             break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
         case OPT_TIMEOUT:
 #ifndef OPENSSL_NO_DTLS
             enable_timeouts = 1;
@@ -1792,6 +1801,12 @@ int s_server_main(int argc, char *argv[])
             goto end;
         }
     }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
     if (min_version != 0
         && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
         goto end;
@@ -2754,6 +2769,8 @@ static int init_ssl_connection(SSL *con)
                     BIO_ADDR_free(client);
                     return 0;
                 }
+
+                (void)BIO_ctrl_set_connected(wbio, client);
                 BIO_ADDR_free(client);
                 dtlslisten = 0;
             } else {

Modified: stable/12/crypto/openssl/apps/speed.c
==============================================================================
--- stable/12/crypto/openssl/apps/speed.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/speed.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -100,7 +100,7 @@
 #include <openssl/modes.h>
 
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
@@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv)
         {"nistp192", NID_X9_62_prime192v1, 192},
         {"nistp224", NID_secp224r1, 224},
         {"nistp256", NID_X9_62_prime256v1, 256},
-        {"nistp384", NID_secp384r1, 384}, 
+        {"nistp384", NID_secp384r1, 384},
         {"nistp521", NID_secp521r1, 521},
         /* Binary Curves */
         {"nistk163", NID_sect163k1, 163},
-        {"nistk233", NID_sect233k1, 233}, 
+        {"nistk233", NID_sect233k1, 233},
         {"nistk283", NID_sect283k1, 283},
         {"nistk409", NID_sect409k1, 409},
         {"nistk571", NID_sect571k1, 571},

Modified: stable/12/crypto/openssl/apps/verify.c
==============================================================================
--- stable/12/crypto/openssl/apps/verify.c	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/apps/verify.c	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx)
                cert_error,
                X509_STORE_CTX_get_error_depth(ctx),
                X509_verify_cert_error_string(cert_error));
+
+        /*
+         * Pretend that some errors are ok, so they don't stop further
+         * processing of the certificate chain.  Setting ok = 1 does this.
+         * After X509_verify_cert() is done, we verify that there were
+         * no actual errors, even if the returned value was positive.
+         */
         switch (cert_error) {
         case X509_V_ERR_NO_EXPLICIT_POLICY:
             policies_print(ctx);
             /* fall thru */
         case X509_V_ERR_CERT_HAS_EXPIRED:
-
-            /*
-             * since we are just checking the certificates, it is ok if they
-             * are self signed. But we should still warn the user.
-             */
+            /* Continue even if the leaf is a self signed cert */
         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
             /* Continue after extension errors too */
         case X509_V_ERR_INVALID_CA:

Modified: stable/12/crypto/openssl/config
==============================================================================
--- stable/12/crypto/openssl/config	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/config	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@ THERE=`dirname $0`
 # pick up any command line args to config
 for i
 do
-case "$i" in 
+case "$i" in
 -d*) options=$options" --debug";;
 -t*) DRYRUN="true" VERBOSE="true";;
 -v*) VERBOSE="true";;
@@ -59,7 +59,7 @@ __CNF_LDLIBS=
 
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
-# We need to work around FreeBSD 1.1.5.1 
+# We need to work around FreeBSD 1.1.5.1
 (
 XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
 if [ "x$XREL" != "x" ]; then
@@ -363,7 +363,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
 
-echo "${MACHINE}-whatever-${SYSTEM}" 
+echo "${MACHINE}-whatever-${SYSTEM}"
 exit 0
 ) 2>/dev/null | (
 
@@ -433,7 +433,7 @@ fi
 
 CCVER=${CCVER:-0}
 
-# read the output of the embedded GuessOS 
+# read the output of the embedded GuessOS
 read GUESSOS
 
 echo Operating system: $GUESSOS
@@ -732,7 +732,7 @@ case "$GUESSOS" in
   *-*-[Uu]nix[Ww]are7)
 	if [ "$CC" = "gcc" ]; then
 	  OUT="unixware-7-gcc" ; options="$options no-sse2"
-	else    
+	else
 	  OUT="unixware-7" ; options="$options no-sse2"
 	  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
 	fi
@@ -793,7 +793,7 @@ case "$GUESSOS" in
             OUT="aix64-gcc"
           fi
 	elif [ $OBJECT_MODE -eq 64 ]; then
-	    echo 'Your $OBJECT_MODE was found to be set to 64' 
+	    echo 'Your $OBJECT_MODE was found to be set to 64'
 	    OUT="aix64-cc"
 	else
 	    OUT="aix-cc"
@@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then
 	exit 1
 fi
 
-# run Configure to check to see if we need to specify the 
+# run Configure to check to see if we need to specify the
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
 
@@ -920,7 +920,7 @@ if [ $? = "0" ]; then
 	 __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
 	 __CNF_LDLIBS="'$__CNF_LDLIBS'" \
 	 $PERL $THERE/Configure $OUT $options
-  fi  
+  fi
   if [ "$DRYRUN" = "false" ]; then
     # eval to make sure quoted options, possibly with spaces inside,
     # are treated right

Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
==============================================================================
--- stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl	Tue Feb 26 19:31:33 2019	(r344602)
+++ stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl	Tue Feb 26 19:34:42 2019	(r344603)
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -554,6 +554,7 @@ $code.=<<___;
 .type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_encrypt_compact:
+.cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Te4
 	mov	32-128($inp),$acc2
@@ -587,6 +588,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 ___
 
@@ -1161,6 +1163,7 @@ $code.=<<___;
 .type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_decrypt_compact:
+.cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Td4
 	mov	32-128($inp),$acc2
@@ -1203,6 +1206,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 ___
 
@@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align	16
 _x86_64_AES_set_encrypt_key:
+.cfi_startproc
 	mov	%esi,%ecx			# %ecx=bits
 	mov	%rdi,%rsi			# %rsi=userKey
 	mov	%rdx,%rdi			# %rdi=key
@@ -1546,6 +1551,7 @@ $code.=<<___;
 	mov	\$-1,%rax
 .Lexit:
 	.byte	0xf3,0xc3			# rep ret
+.cfi_endproc
 .size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 ___
 
@@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
 	pushfq
-.cfi_push	49		# %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset	8
 	push	%rbx
 .cfi_push	%rbx
 	push	%rbp
@@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
 	cmp	\$0,%r9
 	cmoveq	%r10,$sbox
 
+.cfi_remember_state
 	mov	OPENSSL_ia32cap_P(%rip),%r10d
 	cmp	\$$speed_limit,%rdx
 	jb	.Lcbc_slow_prologue
@@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
 #--------------------------- SLOW ROUTINE ---------------------------#
 .align	16
 .Lcbc_slow_prologue:

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902261934.x1QJYhd6018417>