Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Mar 2022 13:51:00 GMT
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: e404b2562b1d - releng/13.1 - OpenSSL: Merge OpenSSL 1.1.1n
Message-ID:  <202203181351.22IDp0AH041973@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch releng/13.1 has been updated by jkim:

URL: https://cgit.FreeBSD.org/src/commit/?id=e404b2562b1de8503ea2bfc9a1204b3b4c72511f

commit e404b2562b1de8503ea2bfc9a1204b3b4c72511f
Author:     Jung-uk Kim <jkim@FreeBSD.org>
AuthorDate: 2022-03-15 23:35:22 +0000
Commit:     Jung-uk Kim <jkim@FreeBSD.org>
CommitDate: 2022-03-18 13:49:32 +0000

    OpenSSL: Merge OpenSSL 1.1.1n
    
    Approved by:    re (delphij)
    
    (cherry picked from commit 5ac766ab8ec23e780f108b7903d46e553d5e39d1)
    (cherry picked from commit 97fe61d5bfdee2adc4d6ffb9b65a0cfb5bc5d317)
---
 crypto/openssl/CHANGES                             | 37 +++++++++++
 crypto/openssl/Configure                           | 22 +++----
 crypto/openssl/NEWS                                |  5 ++
 crypto/openssl/README                              |  2 +-
 crypto/openssl/apps/apps.c                         | 10 ++-
 crypto/openssl/apps/openssl.c                      |  6 +-
 crypto/openssl/apps/passwd.c                       | 10 +--
 crypto/openssl/apps/s_client.c                     | 11 ++++
 crypto/openssl/apps/s_socket.c                     |  4 +-
 crypto/openssl/config                              |  1 +
 crypto/openssl/crypto/asn1/charmap.h               |  2 +-
 crypto/openssl/crypto/bio/b_addr.c                 |  4 +-
 crypto/openssl/crypto/bn/bn_exp2.c                 |  4 +-
 crypto/openssl/crypto/bn/bn_prime.h                |  2 +-
 crypto/openssl/crypto/bn/bn_print.c                |  2 +-
 crypto/openssl/crypto/bn/bn_sqrt.c                 |  2 +-
 crypto/openssl/crypto/conf/conf_def.h              |  2 +-
 crypto/openssl/crypto/engine/eng_all.c             |  5 +-
 crypto/openssl/crypto/engine/eng_dyn.c             | 13 +++-
 crypto/openssl/crypto/evp/digest.c                 | 34 +++++++----
 crypto/openssl/crypto/lhash/lhash.c                |  8 ++-
 crypto/openssl/crypto/objects/obj_dat.c            |  7 ++-
 crypto/openssl/crypto/objects/obj_dat.h            |  2 +-
 crypto/openssl/crypto/objects/obj_xref.h           |  2 +-
 crypto/openssl/crypto/ui/ui_openssl.c              |  8 ++-
 crypto/openssl/crypto/x509/x509_vfy.c              | 13 ++--
 crypto/openssl/crypto/x509v3/v3_utl.c              | 19 ++++--
 crypto/openssl/doc/man1/cms.pod                    |  5 +-
 crypto/openssl/doc/man3/BIO_ctrl.pod               |  4 +-
 crypto/openssl/doc/man3/BIO_f_base64.pod           | 21 +++++--
 crypto/openssl/doc/man3/BN_add.pod                 |  2 +-
 crypto/openssl/doc/man3/DEFINE_STACK_OF.pod        |  3 +-
 crypto/openssl/doc/man3/OBJ_nid2obj.pod            | 34 +++++------
 crypto/openssl/doc/man3/SSL_CONF_cmd.pod           |  4 +-
 crypto/openssl/doc/man3/X509_STORE_CTX_new.pod     | 71 +++++++++++++++++++++-
 crypto/openssl/include/internal/sockets.h          |  4 +-
 crypto/openssl/include/openssl/engine.h            |  3 +-
 crypto/openssl/include/openssl/obj_mac.h           |  2 +-
 crypto/openssl/include/openssl/opensslv.h          |  4 +-
 crypto/openssl/ssl/s3_lib.c                        | 14 ++---
 crypto/openssl/ssl/ssl_cert.c                      |  7 ++-
 secure/lib/libcrypto/Makefile.inc                  |  4 +-
 secure/lib/libcrypto/man/man3/ADMISSIONS.3         |  2 +-
 .../libcrypto/man/man3/ASN1_INTEGER_get_int64.3    |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3   |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3    |  2 +-
 .../lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_STRING_new.3    |  2 +-
 .../lib/libcrypto/man/man3/ASN1_STRING_print_ex.3  |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_TIME_set.3      |  2 +-
 secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3      |  2 +-
 .../lib/libcrypto/man/man3/ASN1_generate_nconf.3   |  2 +-
 secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 |  2 +-
 secure/lib/libcrypto/man/man3/ASYNC_start_job.3    |  2 +-
 secure/lib/libcrypto/man/man3/BF_encrypt.3         |  2 +-
 secure/lib/libcrypto/man/man3/BIO_ADDR.3           |  2 +-
 secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_connect.3        |  2 +-
 secure/lib/libcrypto/man/man3/BIO_ctrl.3           |  6 +-
 secure/lib/libcrypto/man/man3/BIO_f_base64.3       | 23 +++++--
 secure/lib/libcrypto/man/man3/BIO_f_buffer.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_f_cipher.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_f_md.3           |  2 +-
 secure/lib/libcrypto/man/man3/BIO_f_null.3         |  2 +-
 secure/lib/libcrypto/man/man3/BIO_f_ssl.3          |  2 +-
 secure/lib/libcrypto/man/man3/BIO_find_type.3      |  2 +-
 secure/lib/libcrypto/man/man3/BIO_get_data.3       |  2 +-
 .../lib/libcrypto/man/man3/BIO_get_ex_new_index.3  |  2 +-
 secure/lib/libcrypto/man/man3/BIO_meth_new.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_new.3            |  2 +-
 secure/lib/libcrypto/man/man3/BIO_new_CMS.3        |  2 +-
 secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 |  2 +-
 secure/lib/libcrypto/man/man3/BIO_printf.3         |  2 +-
 secure/lib/libcrypto/man/man3/BIO_push.3           |  2 +-
 secure/lib/libcrypto/man/man3/BIO_read.3           |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_accept.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_bio.3          |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_connect.3      |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_fd.3           |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_file.3         |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_mem.3          |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_null.3         |  2 +-
 secure/lib/libcrypto/man/man3/BIO_s_socket.3       |  2 +-
 secure/lib/libcrypto/man/man3/BIO_set_callback.3   |  2 +-
 secure/lib/libcrypto/man/man3/BIO_should_retry.3   |  2 +-
 secure/lib/libcrypto/man/man3/BN_BLINDING_new.3    |  2 +-
 secure/lib/libcrypto/man/man3/BN_CTX_new.3         |  2 +-
 secure/lib/libcrypto/man/man3/BN_CTX_start.3       |  2 +-
 secure/lib/libcrypto/man/man3/BN_add.3             | 19 ++++--
 secure/lib/libcrypto/man/man3/BN_add_word.3        |  2 +-
 secure/lib/libcrypto/man/man3/BN_bn2bin.3          |  2 +-
 secure/lib/libcrypto/man/man3/BN_cmp.3             |  2 +-
 secure/lib/libcrypto/man/man3/BN_copy.3            |  2 +-
 secure/lib/libcrypto/man/man3/BN_generate_prime.3  |  2 +-
 secure/lib/libcrypto/man/man3/BN_mod_inverse.3     |  2 +-
 .../lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 |  2 +-
 .../lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 |  2 +-
 secure/lib/libcrypto/man/man3/BN_new.3             |  2 +-
 secure/lib/libcrypto/man/man3/BN_num_bytes.3       |  2 +-
 secure/lib/libcrypto/man/man3/BN_rand.3            |  2 +-
 secure/lib/libcrypto/man/man3/BN_security_bits.3   |  2 +-
 secure/lib/libcrypto/man/man3/BN_set_bit.3         |  2 +-
 secure/lib/libcrypto/man/man3/BN_swap.3            |  2 +-
 secure/lib/libcrypto/man/man3/BN_zero.3            |  2 +-
 secure/lib/libcrypto/man/man3/BUF_MEM_new.3        |  2 +-
 secure/lib/libcrypto/man/man3/CMS_add0_cert.3      |  2 +-
 .../libcrypto/man/man3/CMS_add1_recipient_cert.3   |  2 +-
 secure/lib/libcrypto/man/man3/CMS_add1_signer.3    |  2 +-
 secure/lib/libcrypto/man/man3/CMS_compress.3       |  2 +-
 secure/lib/libcrypto/man/man3/CMS_decrypt.3        |  2 +-
 secure/lib/libcrypto/man/man3/CMS_encrypt.3        |  2 +-
 secure/lib/libcrypto/man/man3/CMS_final.3          |  2 +-
 .../libcrypto/man/man3/CMS_get0_RecipientInfos.3   |  2 +-
 .../lib/libcrypto/man/man3/CMS_get0_SignerInfos.3  |  2 +-
 secure/lib/libcrypto/man/man3/CMS_get0_type.3      |  2 +-
 .../libcrypto/man/man3/CMS_get1_ReceiptRequest.3   |  2 +-
 secure/lib/libcrypto/man/man3/CMS_sign.3           |  2 +-
 secure/lib/libcrypto/man/man3/CMS_sign_receipt.3   |  2 +-
 secure/lib/libcrypto/man/man3/CMS_uncompress.3     |  2 +-
 secure/lib/libcrypto/man/man3/CMS_verify.3         |  2 +-
 secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 |  2 +-
 secure/lib/libcrypto/man/man3/CONF_modules_free.3  |  2 +-
 .../libcrypto/man/man3/CONF_modules_load_file.3    |  2 +-
 .../libcrypto/man/man3/CRYPTO_THREAD_run_once.3    |  2 +-
 .../libcrypto/man/man3/CRYPTO_get_ex_new_index.3   |  2 +-
 secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3      |  2 +-
 .../man/man3/CTLOG_STORE_get0_log_by_id.3          |  2 +-
 secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3    |  2 +-
 secure/lib/libcrypto/man/man3/CTLOG_new.3          |  2 +-
 .../libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3    |  2 +-
 secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3    |  5 +-
 secure/lib/libcrypto/man/man3/DES_random_key.3     |  2 +-
 secure/lib/libcrypto/man/man3/DH_generate_key.3    |  2 +-
 .../libcrypto/man/man3/DH_generate_parameters.3    |  2 +-
 secure/lib/libcrypto/man/man3/DH_get0_pqg.3        |  2 +-
 secure/lib/libcrypto/man/man3/DH_get_1024_160.3    |  2 +-
 secure/lib/libcrypto/man/man3/DH_meth_new.3        |  2 +-
 secure/lib/libcrypto/man/man3/DH_new.3             |  2 +-
 secure/lib/libcrypto/man/man3/DH_new_by_nid.3      |  2 +-
 secure/lib/libcrypto/man/man3/DH_set_method.3      |  2 +-
 secure/lib/libcrypto/man/man3/DH_size.3            |  2 +-
 secure/lib/libcrypto/man/man3/DSA_SIG_new.3        |  2 +-
 secure/lib/libcrypto/man/man3/DSA_do_sign.3        |  2 +-
 secure/lib/libcrypto/man/man3/DSA_dup_DH.3         |  2 +-
 secure/lib/libcrypto/man/man3/DSA_generate_key.3   |  2 +-
 .../libcrypto/man/man3/DSA_generate_parameters.3   |  2 +-
 secure/lib/libcrypto/man/man3/DSA_get0_pqg.3       |  2 +-
 secure/lib/libcrypto/man/man3/DSA_meth_new.3       |  2 +-
 secure/lib/libcrypto/man/man3/DSA_new.3            |  2 +-
 secure/lib/libcrypto/man/man3/DSA_set_method.3     |  2 +-
 secure/lib/libcrypto/man/man3/DSA_sign.3           |  2 +-
 secure/lib/libcrypto/man/man3/DSA_size.3           |  2 +-
 secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3  |  2 +-
 secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3  |  2 +-
 secure/lib/libcrypto/man/man3/DTLSv1_listen.3      |  2 +-
 secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3      |  2 +-
 .../lib/libcrypto/man/man3/ECPKParameters_print.3  |  2 +-
 .../lib/libcrypto/man/man3/EC_GFp_simple_method.3  |  2 +-
 secure/lib/libcrypto/man/man3/EC_GROUP_copy.3      |  2 +-
 secure/lib/libcrypto/man/man3/EC_GROUP_new.3       |  2 +-
 .../lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3  |  2 +-
 secure/lib/libcrypto/man/man3/EC_KEY_new.3         |  2 +-
 secure/lib/libcrypto/man/man3/EC_POINT_add.3       |  2 +-
 secure/lib/libcrypto/man/man3/EC_POINT_new.3       |  2 +-
 secure/lib/libcrypto/man/man3/ENGINE_add.3         |  2 +-
 secure/lib/libcrypto/man/man3/ERR_GET_LIB.3        |  2 +-
 secure/lib/libcrypto/man/man3/ERR_clear_error.3    |  2 +-
 secure/lib/libcrypto/man/man3/ERR_error_string.3   |  2 +-
 secure/lib/libcrypto/man/man3/ERR_get_error.3      |  2 +-
 .../libcrypto/man/man3/ERR_load_crypto_strings.3   |  2 +-
 secure/lib/libcrypto/man/man3/ERR_load_strings.3   |  2 +-
 secure/lib/libcrypto/man/man3/ERR_print_errors.3   |  2 +-
 secure/lib/libcrypto/man/man3/ERR_put_error.3      |  2 +-
 secure/lib/libcrypto/man/man3/ERR_remove_state.3   |  2 +-
 secure/lib/libcrypto/man/man3/ERR_set_mark.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_BytesToKey.3     |  2 +-
 .../man/man3/EVP_CIPHER_CTX_get_cipher_data.3      |  2 +-
 .../lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3   |  2 +-
 secure/lib/libcrypto/man/man3/EVP_DigestInit.3     |  2 +-
 secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 |  2 +-
 .../lib/libcrypto/man/man3/EVP_DigestVerifyInit.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_EncodeInit.3     |  2 +-
 secure/lib/libcrypto/man/man3/EVP_EncryptInit.3    |  2 +-
 secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3    |  2 +-
 secure/lib/libcrypto/man/man3/EVP_OpenInit.3       |  2 +-
 .../lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3   |  2 +-
 .../man/man3/EVP_PKEY_CTX_set1_pbe_pass.3          |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3  |  2 +-
 .../man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3  |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 |  2 +-
 .../man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3        |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_asn1_get_count.3   |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3   |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3    |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3   |  2 +-
 .../man/man3/EVP_PKEY_get_default_digest_nid.3     |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3    |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_meth_get_count.3   |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_new.3       |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_print_private.3    |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3      |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_size.3      |  2 +-
 secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3    |  2 +-
 .../libcrypto/man/man3/EVP_PKEY_verify_recover.3   |  2 +-
 secure/lib/libcrypto/man/man3/EVP_SealInit.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_SignInit.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_VerifyInit.3     |  2 +-
 secure/lib/libcrypto/man/man3/EVP_aes.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_aria.3           |  2 +-
 secure/lib/libcrypto/man/man3/EVP_bf_cbc.3         |  2 +-
 secure/lib/libcrypto/man/man3/EVP_blake2b512.3     |  2 +-
 secure/lib/libcrypto/man/man3/EVP_camellia.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3      |  2 +-
 secure/lib/libcrypto/man/man3/EVP_chacha20.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_des.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_desx_cbc.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_idea_cbc.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_md2.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_md4.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_md5.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_mdc2.3           |  2 +-
 secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3        |  2 +-
 secure/lib/libcrypto/man/man3/EVP_rc4.3            |  2 +-
 .../lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3  |  2 +-
 secure/lib/libcrypto/man/man3/EVP_ripemd160.3      |  2 +-
 secure/lib/libcrypto/man/man3/EVP_seed_cbc.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_sha1.3           |  2 +-
 secure/lib/libcrypto/man/man3/EVP_sha224.3         |  2 +-
 secure/lib/libcrypto/man/man3/EVP_sha3_224.3       |  2 +-
 secure/lib/libcrypto/man/man3/EVP_sm3.3            |  2 +-
 secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3        |  2 +-
 secure/lib/libcrypto/man/man3/EVP_whirlpool.3      |  2 +-
 secure/lib/libcrypto/man/man3/HMAC.3               |  2 +-
 secure/lib/libcrypto/man/man3/MD5.3                |  2 +-
 secure/lib/libcrypto/man/man3/MDC2_Init.3          |  2 +-
 secure/lib/libcrypto/man/man3/Makefile             |  4 ++
 secure/lib/libcrypto/man/man3/OBJ_nid2obj.3        | 35 +++++------
 secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3   |  2 +-
 secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3    |  2 +-
 .../libcrypto/man/man3/OCSP_request_add1_nonce.3   |  2 +-
 .../lib/libcrypto/man/man3/OCSP_resp_find_status.3 |  2 +-
 .../lib/libcrypto/man/man3/OCSP_response_status.3  |  2 +-
 secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3   |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_Applink.3    |  2 +-
 .../lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3   |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3   |  2 +-
 .../libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3    |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_config.3     |  2 +-
 .../lib/libcrypto/man/man3/OPENSSL_fork_prepare.3  |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3    |  2 +-
 .../lib/libcrypto/man/man3/OPENSSL_init_crypto.3   |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3   |  2 +-
 .../libcrypto/man/man3/OPENSSL_instrument_bus.3    |  2 +-
 .../man/man3/OPENSSL_load_builtin_modules.3        |  2 +-
 secure/lib/libcrypto/man/man3/OPENSSL_malloc.3     |  2 +-
 .../lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 |  2 +-
 secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3    |  2 +-
 secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3  |  2 +-
 secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3  |  2 +-
 secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3  |  2 +-
 secure/lib/libcrypto/man/man3/OSSL_STORE_open.3    |  2 +-
 .../man/man3/OpenSSL_add_all_algorithms.3          |  2 +-
 secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 |  2 +-
 secure/lib/libcrypto/man/man3/PEM_read.3           |  2 +-
 secure/lib/libcrypto/man/man3/PEM_read_CMS.3       |  2 +-
 .../libcrypto/man/man3/PEM_read_bio_PrivateKey.3   |  2 +-
 secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3    |  2 +-
 .../libcrypto/man/man3/PEM_write_bio_CMS_stream.3  |  2 +-
 .../man/man3/PEM_write_bio_PKCS7_stream.3          |  2 +-
 secure/lib/libcrypto/man/man3/PKCS12_create.3      |  2 +-
 secure/lib/libcrypto/man/man3/PKCS12_newpass.3     |  2 +-
 secure/lib/libcrypto/man/man3/PKCS12_parse.3       |  2 +-
 secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3  |  2 +-
 secure/lib/libcrypto/man/man3/PKCS7_decrypt.3      |  2 +-
 secure/lib/libcrypto/man/man3/PKCS7_encrypt.3      |  2 +-
 secure/lib/libcrypto/man/man3/PKCS7_sign.3         |  2 +-
 .../lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 |  2 +-
 secure/lib/libcrypto/man/man3/PKCS7_verify.3       |  2 +-
 secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 |  2 +-
 .../lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 |  2 +-
 secure/lib/libcrypto/man/man3/RAND_DRBG_new.3      |  2 +-
 secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3   |  2 +-
 .../libcrypto/man/man3/RAND_DRBG_set_callbacks.3   |  2 +-
 .../lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 |  2 +-
 secure/lib/libcrypto/man/man3/RAND_add.3           |  2 +-
 secure/lib/libcrypto/man/man3/RAND_bytes.3         |  2 +-
 secure/lib/libcrypto/man/man3/RAND_cleanup.3       |  2 +-
 secure/lib/libcrypto/man/man3/RAND_egd.3           |  2 +-
 secure/lib/libcrypto/man/man3/RAND_load_file.3     |  2 +-
 .../lib/libcrypto/man/man3/RAND_set_rand_method.3  |  2 +-
 secure/lib/libcrypto/man/man3/RC4_set_key.3        |  2 +-
 secure/lib/libcrypto/man/man3/RIPEMD160_Init.3     |  2 +-
 secure/lib/libcrypto/man/man3/RSA_blinding_on.3    |  2 +-
 secure/lib/libcrypto/man/man3/RSA_check_key.3      |  2 +-
 secure/lib/libcrypto/man/man3/RSA_generate_key.3   |  2 +-
 secure/lib/libcrypto/man/man3/RSA_get0_key.3       |  2 +-
 secure/lib/libcrypto/man/man3/RSA_meth_new.3       |  2 +-
 secure/lib/libcrypto/man/man3/RSA_new.3            |  2 +-
 .../man/man3/RSA_padding_add_PKCS1_type_1.3        |  2 +-
 secure/lib/libcrypto/man/man3/RSA_print.3          |  2 +-
 .../lib/libcrypto/man/man3/RSA_private_encrypt.3   |  2 +-
 secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 |  2 +-
 secure/lib/libcrypto/man/man3/RSA_set_method.3     |  2 +-
 secure/lib/libcrypto/man/man3/RSA_sign.3           |  2 +-
 .../man/man3/RSA_sign_ASN1_OCTET_STRING.3          |  2 +-
 secure/lib/libcrypto/man/man3/RSA_size.3           |  2 +-
 secure/lib/libcrypto/man/man3/SCT_new.3            |  2 +-
 secure/lib/libcrypto/man/man3/SCT_print.3          |  2 +-
 secure/lib/libcrypto/man/man3/SCT_validate.3       |  2 +-
 secure/lib/libcrypto/man/man3/SHA256_Init.3        |  2 +-
 secure/lib/libcrypto/man/man3/SMIME_read_CMS.3     |  2 +-
 secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3   |  2 +-
 secure/lib/libcrypto/man/man3/SMIME_write_CMS.3    |  2 +-
 secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3  |  2 +-
 .../lib/libcrypto/man/man3/SSL_CIPHER_get_name.3   |  2 +-
 .../man/man3/SSL_COMP_add_compression_method.3     |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3   |  2 +-
 .../libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3  |  2 +-
 .../libcrypto/man/man3/SSL_CONF_CTX_set_flags.3    |  2 +-
 .../libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3  |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3       |  6 +-
 secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3  |  2 +-
 .../libcrypto/man/man3/SSL_CTX_add1_chain_cert.3   |  2 +-
 .../man/man3/SSL_CTX_add_extra_chain_cert.3        |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_add_session.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_config.3     |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3       |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_dane_enable.3   |  2 +-
 .../libcrypto/man/man3/SSL_CTX_flush_sessions.3    |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_free.3       |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 |  2 +-
 .../libcrypto/man/man3/SSL_CTX_get_verify_mode.3   |  2 +-
 .../man/man3/SSL_CTX_has_client_custom_ext.3       |  2 +-
 .../man/man3/SSL_CTX_load_verify_locations.3       |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_new.3        |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_sess_number.3   |  2 +-
 .../man/man3/SSL_CTX_sess_set_cache_size.3         |  2 +-
 .../libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3   |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3  |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set1_curves.3   |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3  |  2 +-
 .../man/man3/SSL_CTX_set1_verify_cert_store.3      |  2 +-
 .../man/man3/SSL_CTX_set_alpn_select_cb.3          |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3   |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_cert_store.3    |  2 +-
 .../man/man3/SSL_CTX_set_cert_verify_callback.3    |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_cipher_list.3   |  2 +-
 .../man/man3/SSL_CTX_set_client_cert_cb.3          |  2 +-
 .../man/man3/SSL_CTX_set_client_hello_cb.3         |  2 +-
 .../man/man3/SSL_CTX_set_ct_validation_callback.3  |  2 +-
 .../man/man3/SSL_CTX_set_ctlog_list_file.3         |  2 +-
 .../man/man3/SSL_CTX_set_default_passwd_cb.3       |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3   |  2 +-
 .../man/man3/SSL_CTX_set_generate_session_id.3     |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_info_callback.3 |  2 +-
 .../man/man3/SSL_CTX_set_keylog_callback.3         |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 |  2 +-
 .../man/man3/SSL_CTX_set_min_proto_version.3       |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3   |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_msg_callback.3  |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_num_tickets.3   |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set_options.3   |  2 +-
 .../man/man3/SSL_CTX_set_psk_client_callback.3     |  2 +-
 .../man/man3/SSL_CTX_set_quiet_shutdown.3          |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_read_ahead.3    |  2 +-
 .../man/man3/SSL_CTX_set_record_padding_callback.3 |  2 +-
 .../man/man3/SSL_CTX_set_security_level.3          |  2 +-
 .../man/man3/SSL_CTX_set_session_cache_mode.3      |  2 +-
 .../man/man3/SSL_CTX_set_session_id_context.3      |  2 +-
 .../man/man3/SSL_CTX_set_session_ticket_cb.3       |  2 +-
 .../man/man3/SSL_CTX_set_split_send_fragment.3     |  2 +-
 .../libcrypto/man/man3/SSL_CTX_set_ssl_version.3   |  2 +-
 .../SSL_CTX_set_stateless_cookie_generate_cb.3     |  2 +-
 .../lib/libcrypto/man/man3/SSL_CTX_set_timeout.3   |  2 +-
 .../man3/SSL_CTX_set_tlsext_servername_callback.3  |  2 +-
 .../man/man3/SSL_CTX_set_tlsext_status_cb.3        |  2 +-
 .../man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3    |  2 +-
 .../man/man3/SSL_CTX_set_tlsext_use_srtp.3         |  2 +-
 .../man/man3/SSL_CTX_set_tmp_dh_callback.3         |  2 +-
 secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 |  2 +-
 .../libcrypto/man/man3/SSL_CTX_use_certificate.3   |  2 +-
 .../man/man3/SSL_CTX_use_psk_identity_hint.3       |  2 +-
 .../libcrypto/man/man3/SSL_CTX_use_serverinfo.3    |  2 +-
 secure/lib/libcrypto/man/man3/SSL_SESSION_free.3   |  2 +-
 .../libcrypto/man/man3/SSL_SESSION_get0_cipher.3   |  2 +-
 .../libcrypto/man/man3/SSL_SESSION_get0_hostname.3 |  2 +-
 .../man/man3/SSL_SESSION_get0_id_context.3         |  2 +-
 .../lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 |  2 +-
 .../man/man3/SSL_SESSION_get_compress_id.3         |  2 +-
 .../libcrypto/man/man3/SSL_SESSION_get_ex_data.3   |  2 +-
 .../man/man3/SSL_SESSION_get_protocol_version.3    |  2 +-
 .../lib/libcrypto/man/man3/SSL_SESSION_get_time.3  |  2 +-
 .../libcrypto/man/man3/SSL_SESSION_has_ticket.3    |  2 +-
 .../libcrypto/man/man3/SSL_SESSION_is_resumable.3  |  2 +-
 secure/lib/libcrypto/man/man3/SSL_SESSION_print.3  |  2 +-
 .../lib/libcrypto/man/man3/SSL_SESSION_set1_id.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_accept.3         |  2 +-
 .../lib/libcrypto/man/man3/SSL_alert_type_string.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3  |  2 +-
 secure/lib/libcrypto/man/man3/SSL_check_chain.3    |  2 +-
 secure/lib/libcrypto/man/man3/SSL_clear.3          |  2 +-
 secure/lib/libcrypto/man/man3/SSL_connect.3        |  2 +-
 secure/lib/libcrypto/man/man3/SSL_do_handshake.3   |  2 +-
 .../man/man3/SSL_export_keying_material.3          |  2 +-
 .../libcrypto/man/man3/SSL_extension_supported.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_free.3           |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3    |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_all_async_fds.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_ciphers.3    |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_client_random.3 |  2 +-
 .../libcrypto/man/man3/SSL_get_current_cipher.3    |  2 +-
 .../libcrypto/man/man3/SSL_get_default_timeout.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_error.3      |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_extms_support.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_fd.3         |  2 +-
 .../libcrypto/man/man3/SSL_get_peer_cert_chain.3   |  2 +-
 .../libcrypto/man/man3/SSL_get_peer_certificate.3  |  2 +-
 .../man/man3/SSL_get_peer_signature_nid.3          |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3  |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_psk_identity.3  |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_rbio.3       |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_session.3    |  2 +-
 .../libcrypto/man/man3/SSL_get_shared_sigalgs.3    |  2 +-
 .../lib/libcrypto/man/man3/SSL_get_verify_result.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_get_version.3    |  2 +-
 secure/lib/libcrypto/man/man3/SSL_in_init.3        |  2 +-
 secure/lib/libcrypto/man/man3/SSL_key_update.3     |  2 +-
 secure/lib/libcrypto/man/man3/SSL_library_init.3   |  2 +-
 .../libcrypto/man/man3/SSL_load_client_CA_file.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_new.3            |  2 +-
 secure/lib/libcrypto/man/man3/SSL_pending.3        |  2 +-
 secure/lib/libcrypto/man/man3/SSL_read.3           |  2 +-
 .../lib/libcrypto/man/man3/SSL_read_early_data.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_rstate_string.3  |  2 +-
 secure/lib/libcrypto/man/man3/SSL_session_reused.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_set1_host.3      |  2 +-
 secure/lib/libcrypto/man/man3/SSL_set_bio.3        |  2 +-
 .../lib/libcrypto/man/man3/SSL_set_connect_state.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_set_fd.3         |  2 +-
 secure/lib/libcrypto/man/man3/SSL_set_session.3    |  2 +-
 secure/lib/libcrypto/man/man3/SSL_set_shutdown.3   |  2 +-
 .../lib/libcrypto/man/man3/SSL_set_verify_result.3 |  2 +-
 secure/lib/libcrypto/man/man3/SSL_shutdown.3       |  2 +-
 secure/lib/libcrypto/man/man3/SSL_state_string.3   |  2 +-
 secure/lib/libcrypto/man/man3/SSL_want.3           |  2 +-
 secure/lib/libcrypto/man/man3/SSL_write.3          |  2 +-
 secure/lib/libcrypto/man/man3/UI_STRING.3          |  2 +-
 secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3    |  2 +-
 secure/lib/libcrypto/man/man3/UI_create_method.3   |  2 +-
 secure/lib/libcrypto/man/man3/UI_new.3             |  2 +-
 secure/lib/libcrypto/man/man3/X509V3_get_d2i.3     |  2 +-
 secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3     |  2 +-
 .../libcrypto/man/man3/X509_CRL_get0_by_serial.3   |  2 +-
 .../libcrypto/man/man3/X509_EXTENSION_set_object.3 |  2 +-
 secure/lib/libcrypto/man/man3/X509_LOOKUP.3        |  2 +-
 .../lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3  |  2 +-
 .../lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3  |  2 +-
 .../man/man3/X509_NAME_ENTRY_get_object.3          |  2 +-
 .../man/man3/X509_NAME_add_entry_by_txt.3          |  2 +-
 secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 |  2 +-
 .../man/man3/X509_NAME_get_index_by_NID.3          |  2 +-
 secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 |  2 +-
 secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3    |  2 +-
 secure/lib/libcrypto/man/man3/X509_SIG_get0.3      |  2 +-
 .../libcrypto/man/man3/X509_STORE_CTX_get_error.3  |  2 +-
 secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 | 70 ++++++++++++++++++++-
 .../man/man3/X509_STORE_CTX_set_verify_cb.3        |  2 +-
 .../lib/libcrypto/man/man3/X509_STORE_add_cert.3   |  2 +-
 .../lib/libcrypto/man/man3/X509_STORE_get0_param.3 |  2 +-
 secure/lib/libcrypto/man/man3/X509_STORE_new.3     |  2 +-
 .../man/man3/X509_STORE_set_verify_cb_func.3       |  2 +-
 .../man/man3/X509_VERIFY_PARAM_set_flags.3         |  2 +-
 secure/lib/libcrypto/man/man3/X509_check_ca.3      |  2 +-
 secure/lib/libcrypto/man/man3/X509_check_host.3    |  2 +-
 secure/lib/libcrypto/man/man3/X509_check_issued.3  |  2 +-
 .../libcrypto/man/man3/X509_check_private_key.3    |  2 +-
 secure/lib/libcrypto/man/man3/X509_check_purpose.3 |  2 +-
 secure/lib/libcrypto/man/man3/X509_cmp.3           |  2 +-
 secure/lib/libcrypto/man/man3/X509_cmp_time.3      |  2 +-
 secure/lib/libcrypto/man/man3/X509_digest.3        |  2 +-
 secure/lib/libcrypto/man/man3/X509_dup.3           |  2 +-
 .../lib/libcrypto/man/man3/X509_get0_notBefore.3   |  2 +-
 .../lib/libcrypto/man/man3/X509_get0_signature.3   |  2 +-
 secure/lib/libcrypto/man/man3/X509_get0_uids.3     |  2 +-
 .../libcrypto/man/man3/X509_get_extension_flags.3  |  2 +-
 secure/lib/libcrypto/man/man3/X509_get_pubkey.3    |  2 +-
 .../lib/libcrypto/man/man3/X509_get_serialNumber.3 |  2 +-
 .../lib/libcrypto/man/man3/X509_get_subject_name.3 |  2 +-
 secure/lib/libcrypto/man/man3/X509_get_version.3   |  2 +-
 secure/lib/libcrypto/man/man3/X509_new.3           |  2 +-
 secure/lib/libcrypto/man/man3/X509_sign.3          |  2 +-
 secure/lib/libcrypto/man/man3/X509_verify_cert.3   |  2 +-
 .../lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 |  2 +-
 secure/lib/libcrypto/man/man3/d2i_DHparams.3       |  2 +-
 .../libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3   |  2 +-
 secure/lib/libcrypto/man/man3/d2i_PrivateKey.3     |  2 +-
 secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3    |  2 +-
 secure/lib/libcrypto/man/man3/d2i_X509.3           |  2 +-
 secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 |  2 +-
 .../lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3  |  2 +-
 secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3    |  2 +-
 secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3       |  2 +-
 secure/lib/libcrypto/man/man5/x509v3_config.5      |  2 +-
 secure/lib/libcrypto/man/man7/Ed25519.7            |  2 +-
 secure/lib/libcrypto/man/man7/RAND.7               |  2 +-
 secure/lib/libcrypto/man/man7/RAND_DRBG.7          |  2 +-
 secure/lib/libcrypto/man/man7/RSA-PSS.7            |  2 +-
 secure/lib/libcrypto/man/man7/SM2.7                |  2 +-
 secure/lib/libcrypto/man/man7/X25519.7             |  2 +-
 secure/lib/libcrypto/man/man7/bio.7                |  2 +-
 secure/lib/libcrypto/man/man7/ct.7                 |  2 +-
 secure/lib/libcrypto/man/man7/des_modes.7          |  2 +-
 secure/lib/libcrypto/man/man7/evp.7                |  2 +-
 secure/lib/libcrypto/man/man7/ossl_store-file.7    |  2 +-
 secure/lib/libcrypto/man/man7/ossl_store.7         |  2 +-
 .../lib/libcrypto/man/man7/passphrase-encoding.7   |  2 +-
 secure/lib/libcrypto/man/man7/proxy-certificates.7 |  2 +-
 secure/lib/libcrypto/man/man7/scrypt.7             |  2 +-
 secure/lib/libcrypto/man/man7/ssl.7                |  2 +-
 secure/lib/libcrypto/man/man7/x509.7               |  2 +-
 secure/usr.bin/openssl/man/CA.pl.1                 |  2 +-
 secure/usr.bin/openssl/man/asn1parse.1             |  2 +-
 secure/usr.bin/openssl/man/ca.1                    |  2 +-
 secure/usr.bin/openssl/man/ciphers.1               |  2 +-
 secure/usr.bin/openssl/man/cms.1                   |  7 ++-
 secure/usr.bin/openssl/man/crl.1                   |  2 +-
 secure/usr.bin/openssl/man/crl2pkcs7.1             |  2 +-
 secure/usr.bin/openssl/man/dgst.1                  |  2 +-
 secure/usr.bin/openssl/man/dhparam.1               |  2 +-
 secure/usr.bin/openssl/man/dsa.1                   |  2 +-
 secure/usr.bin/openssl/man/dsaparam.1              |  2 +-
 secure/usr.bin/openssl/man/ec.1                    |  2 +-
 secure/usr.bin/openssl/man/ecparam.1               |  2 +-
 secure/usr.bin/openssl/man/enc.1                   |  2 +-
 secure/usr.bin/openssl/man/engine.1                |  2 +-
 secure/usr.bin/openssl/man/errstr.1                |  2 +-
 secure/usr.bin/openssl/man/gendsa.1                |  2 +-
 secure/usr.bin/openssl/man/genpkey.1               |  2 +-
 secure/usr.bin/openssl/man/genrsa.1                |  2 +-
 secure/usr.bin/openssl/man/list.1                  |  2 +-
 secure/usr.bin/openssl/man/nseq.1                  |  2 +-
 secure/usr.bin/openssl/man/ocsp.1                  |  2 +-
 secure/usr.bin/openssl/man/openssl.1               |  2 +-
 secure/usr.bin/openssl/man/passwd.1                |  2 +-
 secure/usr.bin/openssl/man/pkcs12.1                |  2 +-
 secure/usr.bin/openssl/man/pkcs7.1                 |  2 +-
 secure/usr.bin/openssl/man/pkcs8.1                 |  2 +-
 secure/usr.bin/openssl/man/pkey.1                  |  2 +-
 secure/usr.bin/openssl/man/pkeyparam.1             |  2 +-
 secure/usr.bin/openssl/man/pkeyutl.1               |  2 +-
 secure/usr.bin/openssl/man/prime.1                 |  2 +-
 secure/usr.bin/openssl/man/rand.1                  |  2 +-
 secure/usr.bin/openssl/man/req.1                   |  2 +-
 secure/usr.bin/openssl/man/rsa.1                   |  2 +-
 secure/usr.bin/openssl/man/rsautl.1                |  2 +-
 secure/usr.bin/openssl/man/s_client.1              |  2 +-
 secure/usr.bin/openssl/man/s_server.1              |  2 +-
 secure/usr.bin/openssl/man/s_time.1                |  2 +-
 secure/usr.bin/openssl/man/sess_id.1               |  2 +-
 secure/usr.bin/openssl/man/smime.1                 |  2 +-
 secure/usr.bin/openssl/man/speed.1                 |  2 +-
 secure/usr.bin/openssl/man/spkac.1                 |  2 +-
 secure/usr.bin/openssl/man/srp.1                   |  2 +-
 secure/usr.bin/openssl/man/storeutl.1              |  2 +-
 secure/usr.bin/openssl/man/ts.1                    |  2 +-
 secure/usr.bin/openssl/man/tsget.1                 |  2 +-
 secure/usr.bin/openssl/man/verify.1                |  2 +-
 secure/usr.bin/openssl/man/version.1               |  2 +-
 secure/usr.bin/openssl/man/x509.1                  |  2 +-
 577 files changed, 960 insertions(+), 686 deletions(-)

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 6484e7ea52bf..f6e01b982581 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,43 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
+
+  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+     for non-prime moduli.
+
+     Internally this function is used when parsing certificates that contain
+     elliptic curve public keys in compressed form or explicit elliptic curve
+     parameters with a base point encoded in compressed form.
+
+     It is possible to trigger the infinite loop by crafting a certificate that
+     has invalid explicit curve parameters.
+
+     Since certificate parsing happens prior to verification of the certificate
+     signature, any process that parses an externally supplied certificate may
+     thus be subject to a denial of service attack. The infinite loop can also
+     be reached when parsing crafted private keys as they can contain explicit
+     elliptic curve parameters.
+
+     Thus vulnerable situations include:
+
+      - TLS clients consuming server certificates
+      - TLS servers consuming client certificates
+      - Hosting providers taking certificates or private keys from customers
+      - Certificate authorities parsing certification requests from subscribers
+      - Anything else which parses ASN.1 elliptic curve parameters
+
+     Also any other applications that use the BN_mod_sqrt() where the attacker
+     can control the parameter values are vulnerable to this DoS issue.
+     (CVE-2022-0778)
+     [Tomáš Mráz]
+
+  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+     to the list of ciphersuites providing Perfect Forward Secrecy as
+     required by SECLEVEL >= 3.
+
+     [Dmitry Belyavskiy, Nicola Tuveri]
+
  Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
 
   *) Avoid loading of a dynamic engine twice.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index c1e2591b660a..92e59b9ce7a6 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -3190,25 +3190,25 @@ sub resolve_config {
         }
     }
 
-    foreach (sort keys %all_keys) {
-        my $previous = $combined_inheritance{$_};
+    foreach my $key (sort keys %all_keys) {
+        my $previous = $combined_inheritance{$key};
 
         # Current target doesn't have a value for the current key?
         # Assign it the default combiner, the rest of this loop body
         # will handle it just like any other coderef.
-        if (!exists $table{$target}->{$_}) {
-            $table{$target}->{$_} = $default_combiner;
+        if (!exists $table{$target}->{$key}) {
+            $table{$target}->{$key} = $default_combiner;
         }
 
-        $table{$target}->{$_} = process_values($table{$target}->{$_},
-                                               $combined_inheritance{$_},
-                                               $target, $_);
-        unless(defined($table{$target}->{$_})) {
-            delete $table{$target}->{$_};
+        $table{$target}->{$key} = process_values($table{$target}->{$key},
+                                               $combined_inheritance{$key},
+                                               $target, $key);
+        unless(defined($table{$target}->{$key})) {
+            delete $table{$target}->{$key};
         }
 #        if ($extra_checks &&
-#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$_})) {
-#            warn "$_ got replaced in $target\n";
+#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$key})) {
+#            warn "$key got replaced in $target\n";
 #        }
     }
 
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 0769464fefa2..f4ac262888ad 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
+
+      o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+        forever for non-prime moduli ([CVE-2022-0778])
+
   Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
 
       o None
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 50345c3c28eb..3e100933f388 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1m 14 Dec 2021
+ OpenSSL 1.1.1n 15 Mar 2022
 
  Copyright (c) 1998-2021 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index c06241abb975..1a92271595f1 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         int ui_flags = 0;
         const char *prompt_info = NULL;
         char *prompt;
+        int pw_min_len = PW_MIN_LENGTH;
 
         if (cb_data != NULL && cb_data->prompt_info != NULL)
             prompt_info = cb_data->prompt_info;
+        if (cb_data != NULL && cb_data->password != NULL
+                && *(const char*)cb_data->password != '\0')
+            pw_min_len = 1;
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
         if (!prompt) {
             BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         (void)UI_add_user_data(ui, cb_data);
 
         ok = UI_add_input_string(ui, prompt, ui_flags, buf,
-                                 PW_MIN_LENGTH, bufsiz - 1);
+                                 pw_min_len, bufsiz - 1);
 
         if (ok >= 0 && verify) {
             buff = app_malloc(bufsiz, "password buffer");
             ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
-                                      PW_MIN_LENGTH, bufsiz - 1, buf);
+                                      pw_min_len, bufsiz - 1, buf);
         }
         if (ok >= 0)
             do {
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index ff7b759a40b1..f35d57f2648c 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -120,7 +120,6 @@ int main(int argc, char *argv[])
 {
     FUNCTION f, *fp;
     LHASH_OF(FUNCTION) *prog = NULL;
-    char **copied_argv = NULL;
     char *p, *pname;
     char buf[1024];
     const char *prompt;
@@ -137,7 +136,7 @@ int main(int argc, char *argv[])
     bio_err = dup_bio_err(FORMAT_TEXT);
 
 #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
-    copied_argv = argv = copy_argv(&argc, argv);
+    argv = copy_argv(&argc, argv);
 #elif defined(_WIN32)
     /*
      * Replace argv[] with UTF-8 encoded strings.
@@ -258,7 +257,6 @@ int main(int argc, char *argv[])
     }
     ret = 1;
  end:
-    OPENSSL_free(copied_argv);
     OPENSSL_free(default_config_file);
     lh_FUNCTION_free(prog);
     OPENSSL_free(arg.argv);
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index d741d05335f8..af08ccd4ac0f 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
         n >>= 1;
     }
     if (!EVP_DigestFinal_ex(md, buf, NULL))
-        return NULL;
+        goto err;
 
     for (i = 0; i < 1000; i++) {
         if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
         n >>= 1;
     }
     if (!EVP_DigestFinal_ex(md, buf, NULL))
-        return NULL;
+        goto err;
 
     /* P sequence */
     if (!EVP_DigestInit_ex(md2, sha, NULL))
@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
             goto err;
 
     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-        return NULL;
+        goto err;
 
     if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
         goto err;
@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
             goto err;
 
     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-        return NULL;
+        goto err;
 
     if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
         goto err;
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index aa5841cd08e2..5664e7e04ec6 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
                        "%s: -proxy argument malformed or ambiguous\n", prog);
             goto end;
         }
+        if (servername == NULL && !noservername) {
+            res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+            if (!res) {
+                BIO_printf(bio_err,
+                        "%s: -connect argument malformed or ambiguous\n", prog);
+                goto end;
+            }
+            servername = sname_alloc;
+        }
     } else {
         int res = 1;
         char *tmp_host = host, *tmp_port = port;
@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index aee366d5f457..96f16d2931cd 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port,
 #endif
 
         if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
-                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+                         BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
             BIO_closesocket(*sock);
             *sock = INVALID_SOCKET;
             continue;
diff --git a/crypto/openssl/config b/crypto/openssl/config
index 26225ca2a9e5..49422981ae84 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -704,6 +704,7 @@ case "$GUESSOS" in
 			__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;;
   powerpc64-*-*bsd*)	OUT="BSD-generic64";
 			__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;
+  riscv64-*-*bsd*)	OUT="BSD-riscv64" ;;
   sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
   ia64-*-*bsd*)		OUT="BSD-ia64" ;;
   x86_64-*-dragonfly*)  OUT="BSD-x86_64" ;;
diff --git a/crypto/openssl/crypto/asn1/charmap.h b/crypto/openssl/crypto/asn1/charmap.h
index e234c9e615d0..5630291bd58c 100644
--- a/crypto/openssl/crypto/asn1/charmap.h
+++ b/crypto/openssl/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/bio/b_addr.c b/crypto/openssl/crypto/bio/b_addr.c
index 8ea32bce401b..0af7a330bc68 100644
--- a/crypto/openssl/crypto/bio/b_addr.c
+++ b/crypto/openssl/crypto/bio/b_addr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -744,7 +744,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
 # pragma pointer_size 32
 #endif
         /* Windows doesn't seem to have in_addr_t */
-#ifdef OPENSSL_SYS_WINDOWS
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
         static uint32_t he_fallback_address;
         static const char *he_fallback_addresses[] =
             { (char *)&he_fallback_address, NULL };
diff --git a/crypto/openssl/crypto/bn/bn_exp2.c b/crypto/openssl/crypto/bn/bn_exp2.c
index e542abe46fa1..eac0896e6869 100644
--- a/crypto/openssl/crypto/bn/bn_exp2.c
+++ b/crypto/openssl/crypto/bn/bn_exp2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
     bn_check_top(p2);
     bn_check_top(m);
 
-    if (!(m->d[0] & 1)) {
+    if (!BN_is_odd(m)) {
         BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
         return 0;
     }
diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/openssl/crypto/bn/bn_prime.h
index 1a25c285773a..8f2d7e995a01 100644
--- a/crypto/openssl/crypto/bn/bn_prime.h
+++ b/crypto/openssl/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index 69749a9fa7dc..17ac6e7cac1c 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -142,7 +142,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
         continue;
 
     if (i == 0 || i > INT_MAX / 4)
-        goto err;
+        return 0;
 
     num = i + neg;
     if (bn == NULL)
diff --git a/crypto/openssl/crypto/bn/bn_sqrt.c b/crypto/openssl/crypto/bn/bn_sqrt.c
index 53b0f559855c..6a42ce8a9413 100644
--- a/crypto/openssl/crypto/bn/bn_sqrt.c
+++ b/crypto/openssl/crypto/bn/bn_sqrt.c
@@ -1,5 +1,5 @@
*** 8109 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203181351.22IDp0AH041973>