Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 May 2019 21:54:13 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r348340 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/bio crypto/openssl/crypto/blake2 crypto/openssl/crypto/bn...
Message-ID:  <201905282154.x4SLsDLj016089@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue May 28 21:54:12 2019
New Revision: 348340
URL: https://svnweb.freebsd.org/changeset/base/348340

Log:
  Merge OpenSSL 1.1.1c.

Modified:
  head/crypto/openssl/CHANGES
  head/crypto/openssl/Configure
  head/crypto/openssl/INSTALL
  head/crypto/openssl/NEWS
  head/crypto/openssl/NOTES.PERL
  head/crypto/openssl/README
  head/crypto/openssl/apps/asn1pars.c
  head/crypto/openssl/apps/cms.c
  head/crypto/openssl/apps/enc.c
  head/crypto/openssl/apps/ocsp.c
  head/crypto/openssl/apps/s_cb.c
  head/crypto/openssl/apps/s_client.c
  head/crypto/openssl/apps/speed.c
  head/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
  head/crypto/openssl/crypto/bio/b_addr.c
  head/crypto/openssl/crypto/bio/bss_mem.c
  head/crypto/openssl/crypto/blake2/blake2b.c
  head/crypto/openssl/crypto/bn/asm/mips.pl
  head/crypto/openssl/crypto/bn/asm/ppc.pl
  head/crypto/openssl/crypto/bn/bn_ctx.c
  head/crypto/openssl/crypto/bn/bn_lib.c
  head/crypto/openssl/crypto/bn/bn_prime.c
  head/crypto/openssl/crypto/chacha/build.info
  head/crypto/openssl/crypto/conf/conf_sap.c
  head/crypto/openssl/crypto/dh/dh_check.c
  head/crypto/openssl/crypto/dh/dh_gen.c
  head/crypto/openssl/crypto/dh/dh_key.c
  head/crypto/openssl/crypto/dh/dh_pmeth.c
  head/crypto/openssl/crypto/dsa/dsa_gen.c
  head/crypto/openssl/crypto/dsa/dsa_ossl.c
  head/crypto/openssl/crypto/dsa/dsa_pmeth.c
  head/crypto/openssl/crypto/dso/dso_openssl.c
  head/crypto/openssl/crypto/ec/curve25519.c
  head/crypto/openssl/crypto/ec/curve448/curve448.c
  head/crypto/openssl/crypto/ec/curve448/curve448_tables.c
  head/crypto/openssl/crypto/ec/curve448/curve448utils.h
  head/crypto/openssl/crypto/ec/curve448/f_generic.c
  head/crypto/openssl/crypto/ec/curve448/scalar.c
  head/crypto/openssl/crypto/ec/ec2_oct.c
  head/crypto/openssl/crypto/ec/ec2_smpl.c
  head/crypto/openssl/crypto/ec/ec_ameth.c
  head/crypto/openssl/crypto/ec/ec_lib.c
  head/crypto/openssl/crypto/ec/ec_mult.c
  head/crypto/openssl/crypto/ec/ec_pmeth.c
  head/crypto/openssl/crypto/ec/ecdh_ossl.c
  head/crypto/openssl/crypto/ec/ecp_nistp521.c
  head/crypto/openssl/crypto/ec/ecp_nistz256.c
  head/crypto/openssl/crypto/ec/ecp_smpl.c
  head/crypto/openssl/crypto/err/err.c
  head/crypto/openssl/crypto/evp/digest.c
  head/crypto/openssl/crypto/evp/e_aes.c
  head/crypto/openssl/crypto/evp/e_aria.c
  head/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
  head/crypto/openssl/crypto/evp/p_lib.c
  head/crypto/openssl/crypto/evp/p_open.c
  head/crypto/openssl/crypto/hmac/hmac.c
  head/crypto/openssl/crypto/include/internal/dso_conf.h
  head/crypto/openssl/crypto/include/internal/dso_conf.h.in
  head/crypto/openssl/crypto/init.c
  head/crypto/openssl/crypto/mips_arch.h
  head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
  head/crypto/openssl/crypto/modes/ccm128.c
  head/crypto/openssl/crypto/o_str.c
  head/crypto/openssl/crypto/objects/obj_dat.h
  head/crypto/openssl/crypto/objects/objects.txt
  head/crypto/openssl/crypto/ocsp/ocsp_ext.c
  head/crypto/openssl/crypto/ocsp/ocsp_lib.c
  head/crypto/openssl/crypto/pem/pem_sign.c
  head/crypto/openssl/crypto/poly1305/build.info
  head/crypto/openssl/crypto/ppccap.c
  head/crypto/openssl/crypto/rand/drbg_lib.c
  head/crypto/openssl/crypto/rand/rand_lib.c
  head/crypto/openssl/crypto/rand/rand_unix.c
  head/crypto/openssl/crypto/rand/randfile.c
  head/crypto/openssl/crypto/rc4/build.info
  head/crypto/openssl/crypto/rsa/rsa_ameth.c
  head/crypto/openssl/crypto/rsa/rsa_gen.c
  head/crypto/openssl/crypto/rsa/rsa_oaep.c
  head/crypto/openssl/crypto/rsa/rsa_ossl.c
  head/crypto/openssl/crypto/rsa/rsa_pk1.c
  head/crypto/openssl/crypto/rsa/rsa_pmeth.c
  head/crypto/openssl/crypto/rsa/rsa_ssl.c
  head/crypto/openssl/crypto/rsa/rsa_x931g.c
  head/crypto/openssl/crypto/sha/keccak1600.c
  head/crypto/openssl/crypto/x509/x509_lu.c
  head/crypto/openssl/crypto/x509v3/v3_genn.c
  head/crypto/openssl/doc/man1/genpkey.pod
  head/crypto/openssl/doc/man1/pkeyutl.pod
  head/crypto/openssl/doc/man1/s_client.pod
  head/crypto/openssl/doc/man1/s_server.pod
  head/crypto/openssl/doc/man1/s_time.pod
  head/crypto/openssl/doc/man1/ts.pod
  head/crypto/openssl/doc/man3/ASN1_TIME_set.pod
  head/crypto/openssl/doc/man3/ASN1_generate_nconf.pod
  head/crypto/openssl/doc/man3/BIO_connect.pod
  head/crypto/openssl/doc/man3/BIO_push.pod
  head/crypto/openssl/doc/man3/BIO_s_file.pod
  head/crypto/openssl/doc/man3/BIO_s_mem.pod
  head/crypto/openssl/doc/man3/BN_CTX_start.pod
  head/crypto/openssl/doc/man3/BN_new.pod
  head/crypto/openssl/doc/man3/BN_rand.pod
  head/crypto/openssl/doc/man3/BN_security_bits.pod
  head/crypto/openssl/doc/man3/CMS_verify.pod
  head/crypto/openssl/doc/man3/CONF_modules_load_file.pod
  head/crypto/openssl/doc/man3/DES_random_key.pod
  head/crypto/openssl/doc/man3/ECDSA_SIG_new.pod
  head/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
  head/crypto/openssl/doc/man3/EVP_EncryptInit.pod
  head/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod
  head/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod
  head/crypto/openssl/doc/man3/EVP_chacha20.pod
  head/crypto/openssl/doc/man3/HMAC.pod
  head/crypto/openssl/doc/man3/OBJ_nid2obj.pod
  head/crypto/openssl/doc/man3/OCSP_cert_to_id.pod
  head/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod
  head/crypto/openssl/doc/man3/RAND_DRBG_generate.pod
  head/crypto/openssl/doc/man3/RAND_DRBG_get0_master.pod
  head/crypto/openssl/doc/man3/RAND_DRBG_new.pod
  head/crypto/openssl/doc/man3/RAND_DRBG_reseed.pod
  head/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod
  head/crypto/openssl/doc/man3/RAND_add.pod
  head/crypto/openssl/doc/man3/RAND_bytes.pod
  head/crypto/openssl/doc/man3/RAND_cleanup.pod
  head/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
  head/crypto/openssl/doc/man3/RSA_public_encrypt.pod
  head/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod
  head/crypto/openssl/doc/man3/SSL_CONF_cmd.pod
  head/crypto/openssl/doc/man3/SSL_CTX_load_verify_locations.pod
  head/crypto/openssl/doc/man3/SSL_CTX_new.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set1_sigalgs.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
  head/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
  head/crypto/openssl/doc/man3/SSL_get_error.pod
  head/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod
  head/crypto/openssl/doc/man3/SSL_read.pod
  head/crypto/openssl/doc/man3/SSL_session_reused.pod
  head/crypto/openssl/doc/man3/SSL_shutdown.pod
  head/crypto/openssl/doc/man3/SSL_write.pod
  head/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod
  head/crypto/openssl/doc/man3/X509_NAME_add_entry_by_txt.pod
  head/crypto/openssl/doc/man3/X509_NAME_get_index_by_NID.pod
  head/crypto/openssl/doc/man3/X509_get_subject_name.pod
  head/crypto/openssl/doc/man3/d2i_X509.pod
  head/crypto/openssl/e_os.h
  head/crypto/openssl/engines/e_padlock.c
  head/crypto/openssl/include/internal/dsoerr.h
  head/crypto/openssl/include/internal/refcount.h
  head/crypto/openssl/include/internal/tsan_assist.h
  head/crypto/openssl/include/openssl/err.h
  head/crypto/openssl/include/openssl/evp.h
  head/crypto/openssl/include/openssl/obj_mac.h
  head/crypto/openssl/include/openssl/ocsp.h
  head/crypto/openssl/include/openssl/opensslv.h
  head/crypto/openssl/include/openssl/ssl.h
  head/crypto/openssl/include/openssl/x509v3.h
  head/crypto/openssl/ssl/ssl_lib.c
  head/crypto/openssl/ssl/ssl_locl.h
  head/crypto/openssl/ssl/statem/extensions.c
  head/crypto/openssl/ssl/statem/extensions_clnt.c
  head/crypto/openssl/ssl/statem/extensions_srvr.c
  head/crypto/openssl/ssl/statem/statem_clnt.c
  head/crypto/openssl/ssl/statem/statem_srvr.c
  head/secure/lib/libcrypto/Makefile.inc
  head/secure/lib/libcrypto/Makefile.man
  head/secure/lib/libcrypto/Version.map
  head/secure/lib/libcrypto/man/ADMISSIONS.3
  head/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
  head/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
  head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
  head/secure/lib/libcrypto/man/ASN1_STRING_length.3
  head/secure/lib/libcrypto/man/ASN1_STRING_new.3
  head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  head/secure/lib/libcrypto/man/ASN1_TIME_set.3
  head/secure/lib/libcrypto/man/ASN1_TYPE_get.3
  head/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  head/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
  head/secure/lib/libcrypto/man/ASYNC_start_job.3
  head/secure/lib/libcrypto/man/BF_encrypt.3
  head/secure/lib/libcrypto/man/BIO_ADDR.3
  head/secure/lib/libcrypto/man/BIO_ADDRINFO.3
  head/secure/lib/libcrypto/man/BIO_connect.3
  head/secure/lib/libcrypto/man/BIO_ctrl.3
  head/secure/lib/libcrypto/man/BIO_f_base64.3
  head/secure/lib/libcrypto/man/BIO_f_buffer.3
  head/secure/lib/libcrypto/man/BIO_f_cipher.3
  head/secure/lib/libcrypto/man/BIO_f_md.3
  head/secure/lib/libcrypto/man/BIO_f_null.3
  head/secure/lib/libcrypto/man/BIO_f_ssl.3
  head/secure/lib/libcrypto/man/BIO_find_type.3
  head/secure/lib/libcrypto/man/BIO_get_data.3
  head/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
  head/secure/lib/libcrypto/man/BIO_meth_new.3
  head/secure/lib/libcrypto/man/BIO_new.3
  head/secure/lib/libcrypto/man/BIO_new_CMS.3
  head/secure/lib/libcrypto/man/BIO_parse_hostserv.3
  head/secure/lib/libcrypto/man/BIO_printf.3
  head/secure/lib/libcrypto/man/BIO_push.3
  head/secure/lib/libcrypto/man/BIO_read.3
  head/secure/lib/libcrypto/man/BIO_s_accept.3
  head/secure/lib/libcrypto/man/BIO_s_bio.3
  head/secure/lib/libcrypto/man/BIO_s_connect.3
  head/secure/lib/libcrypto/man/BIO_s_fd.3
  head/secure/lib/libcrypto/man/BIO_s_file.3
  head/secure/lib/libcrypto/man/BIO_s_mem.3
  head/secure/lib/libcrypto/man/BIO_s_null.3
  head/secure/lib/libcrypto/man/BIO_s_socket.3
  head/secure/lib/libcrypto/man/BIO_set_callback.3
  head/secure/lib/libcrypto/man/BIO_should_retry.3
  head/secure/lib/libcrypto/man/BN_BLINDING_new.3
  head/secure/lib/libcrypto/man/BN_CTX_new.3
  head/secure/lib/libcrypto/man/BN_CTX_start.3
  head/secure/lib/libcrypto/man/BN_add.3
  head/secure/lib/libcrypto/man/BN_add_word.3
  head/secure/lib/libcrypto/man/BN_bn2bin.3
  head/secure/lib/libcrypto/man/BN_cmp.3
  head/secure/lib/libcrypto/man/BN_copy.3
  head/secure/lib/libcrypto/man/BN_generate_prime.3
  head/secure/lib/libcrypto/man/BN_mod_inverse.3
  head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  head/secure/lib/libcrypto/man/BN_new.3
  head/secure/lib/libcrypto/man/BN_num_bytes.3
  head/secure/lib/libcrypto/man/BN_rand.3
  head/secure/lib/libcrypto/man/BN_security_bits.3
  head/secure/lib/libcrypto/man/BN_set_bit.3
  head/secure/lib/libcrypto/man/BN_swap.3
  head/secure/lib/libcrypto/man/BN_zero.3
  head/secure/lib/libcrypto/man/BUF_MEM_new.3
  head/secure/lib/libcrypto/man/CMS_add0_cert.3
  head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  head/secure/lib/libcrypto/man/CMS_add1_signer.3
  head/secure/lib/libcrypto/man/CMS_compress.3
  head/secure/lib/libcrypto/man/CMS_decrypt.3
  head/secure/lib/libcrypto/man/CMS_encrypt.3
  head/secure/lib/libcrypto/man/CMS_final.3
  head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  head/secure/lib/libcrypto/man/CMS_get0_type.3
  head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  head/secure/lib/libcrypto/man/CMS_sign.3
  head/secure/lib/libcrypto/man/CMS_sign_receipt.3
  head/secure/lib/libcrypto/man/CMS_uncompress.3
  head/secure/lib/libcrypto/man/CMS_verify.3
  head/secure/lib/libcrypto/man/CMS_verify_receipt.3
  head/secure/lib/libcrypto/man/CONF_modules_free.3
  head/secure/lib/libcrypto/man/CONF_modules_load_file.3
  head/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
  head/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
  head/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
  head/secure/lib/libcrypto/man/CTLOG_STORE_new.3
  head/secure/lib/libcrypto/man/CTLOG_new.3
  head/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
  head/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
  head/secure/lib/libcrypto/man/DES_random_key.3
  head/secure/lib/libcrypto/man/DH_generate_key.3
  head/secure/lib/libcrypto/man/DH_generate_parameters.3
  head/secure/lib/libcrypto/man/DH_get0_pqg.3
  head/secure/lib/libcrypto/man/DH_get_1024_160.3
  head/secure/lib/libcrypto/man/DH_meth_new.3
  head/secure/lib/libcrypto/man/DH_new.3
  head/secure/lib/libcrypto/man/DH_new_by_nid.3
  head/secure/lib/libcrypto/man/DH_set_method.3
  head/secure/lib/libcrypto/man/DH_size.3
  head/secure/lib/libcrypto/man/DSA_SIG_new.3
  head/secure/lib/libcrypto/man/DSA_do_sign.3
  head/secure/lib/libcrypto/man/DSA_dup_DH.3
  head/secure/lib/libcrypto/man/DSA_generate_key.3
  head/secure/lib/libcrypto/man/DSA_generate_parameters.3
  head/secure/lib/libcrypto/man/DSA_get0_pqg.3
  head/secure/lib/libcrypto/man/DSA_meth_new.3
  head/secure/lib/libcrypto/man/DSA_new.3
  head/secure/lib/libcrypto/man/DSA_set_method.3
  head/secure/lib/libcrypto/man/DSA_sign.3
  head/secure/lib/libcrypto/man/DSA_size.3
  head/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
  head/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
  head/secure/lib/libcrypto/man/DTLSv1_listen.3
  head/secure/lib/libcrypto/man/ECDSA_SIG_new.3
  head/secure/lib/libcrypto/man/ECPKParameters_print.3
  head/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  head/secure/lib/libcrypto/man/EC_GROUP_copy.3
  head/secure/lib/libcrypto/man/EC_GROUP_new.3
  head/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
  head/secure/lib/libcrypto/man/EC_KEY_new.3
  head/secure/lib/libcrypto/man/EC_POINT_add.3
  head/secure/lib/libcrypto/man/EC_POINT_new.3
  head/secure/lib/libcrypto/man/ENGINE_add.3
  head/secure/lib/libcrypto/man/ERR_GET_LIB.3
  head/secure/lib/libcrypto/man/ERR_clear_error.3
  head/secure/lib/libcrypto/man/ERR_error_string.3
  head/secure/lib/libcrypto/man/ERR_get_error.3
  head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  head/secure/lib/libcrypto/man/ERR_load_strings.3
  head/secure/lib/libcrypto/man/ERR_print_errors.3
  head/secure/lib/libcrypto/man/ERR_put_error.3
  head/secure/lib/libcrypto/man/ERR_remove_state.3
  head/secure/lib/libcrypto/man/ERR_set_mark.3
  head/secure/lib/libcrypto/man/EVP_BytesToKey.3
  head/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
  head/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
  head/secure/lib/libcrypto/man/EVP_DigestInit.3
  head/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  head/secure/lib/libcrypto/man/EVP_EncodeInit.3
  head/secure/lib/libcrypto/man/EVP_EncryptInit.3
  head/secure/lib/libcrypto/man/EVP_MD_meth_new.3
  head/secure/lib/libcrypto/man/EVP_OpenInit.3
  head/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
  head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
  head/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
  head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
  head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  head/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
  head/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_new.3
  head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  head/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  head/secure/lib/libcrypto/man/EVP_SealInit.3
  head/secure/lib/libcrypto/man/EVP_SignInit.3
  head/secure/lib/libcrypto/man/EVP_VerifyInit.3
  head/secure/lib/libcrypto/man/EVP_aes.3
  head/secure/lib/libcrypto/man/EVP_aria.3
  head/secure/lib/libcrypto/man/EVP_bf_cbc.3
  head/secure/lib/libcrypto/man/EVP_blake2b512.3
  head/secure/lib/libcrypto/man/EVP_camellia.3
  head/secure/lib/libcrypto/man/EVP_cast5_cbc.3
  head/secure/lib/libcrypto/man/EVP_chacha20.3
  head/secure/lib/libcrypto/man/EVP_des.3
  head/secure/lib/libcrypto/man/EVP_desx_cbc.3
  head/secure/lib/libcrypto/man/EVP_idea_cbc.3
  head/secure/lib/libcrypto/man/EVP_md2.3
  head/secure/lib/libcrypto/man/EVP_md4.3
  head/secure/lib/libcrypto/man/EVP_md5.3
  head/secure/lib/libcrypto/man/EVP_mdc2.3
  head/secure/lib/libcrypto/man/EVP_rc2_cbc.3
  head/secure/lib/libcrypto/man/EVP_rc4.3
  head/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
  head/secure/lib/libcrypto/man/EVP_ripemd160.3
  head/secure/lib/libcrypto/man/EVP_seed_cbc.3
  head/secure/lib/libcrypto/man/EVP_sha1.3
  head/secure/lib/libcrypto/man/EVP_sha224.3
  head/secure/lib/libcrypto/man/EVP_sha3_224.3
  head/secure/lib/libcrypto/man/EVP_sm3.3
  head/secure/lib/libcrypto/man/EVP_sm4_cbc.3
  head/secure/lib/libcrypto/man/EVP_whirlpool.3
  head/secure/lib/libcrypto/man/HMAC.3
  head/secure/lib/libcrypto/man/MD5.3
  head/secure/lib/libcrypto/man/MDC2_Init.3
  head/secure/lib/libcrypto/man/OBJ_nid2obj.3
  head/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
  head/secure/lib/libcrypto/man/OCSP_cert_to_id.3
  head/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
  head/secure/lib/libcrypto/man/OCSP_resp_find_status.3
  head/secure/lib/libcrypto/man/OCSP_response_status.3
  head/secure/lib/libcrypto/man/OCSP_sendreq_new.3
  head/secure/lib/libcrypto/man/OPENSSL_Applink.3
  head/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
  head/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
  head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  head/secure/lib/libcrypto/man/OPENSSL_config.3
  head/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
  head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  head/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
  head/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
  head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  head/secure/lib/libcrypto/man/OPENSSL_malloc.3
  head/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
  head/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
  head/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
  head/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
  head/secure/lib/libcrypto/man/OSSL_STORE_expect.3
  head/secure/lib/libcrypto/man/OSSL_STORE_open.3
  head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  head/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
  head/secure/lib/libcrypto/man/PEM_read.3
  head/secure/lib/libcrypto/man/PEM_read_CMS.3
  head/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
  head/secure/lib/libcrypto/man/PEM_read_bio_ex.3
  head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  head/secure/lib/libcrypto/man/PKCS12_create.3
  head/secure/lib/libcrypto/man/PKCS12_newpass.3
  head/secure/lib/libcrypto/man/PKCS12_parse.3
  head/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
  head/secure/lib/libcrypto/man/PKCS7_decrypt.3
  head/secure/lib/libcrypto/man/PKCS7_encrypt.3
  head/secure/lib/libcrypto/man/PKCS7_sign.3
  head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  head/secure/lib/libcrypto/man/PKCS7_verify.3
  head/secure/lib/libcrypto/man/RAND_DRBG_generate.3
  head/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
  head/secure/lib/libcrypto/man/RAND_DRBG_new.3
  head/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
  head/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
  head/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
  head/secure/lib/libcrypto/man/RAND_add.3
  head/secure/lib/libcrypto/man/RAND_bytes.3
  head/secure/lib/libcrypto/man/RAND_cleanup.3
  head/secure/lib/libcrypto/man/RAND_egd.3
  head/secure/lib/libcrypto/man/RAND_load_file.3
  head/secure/lib/libcrypto/man/RAND_set_rand_method.3
  head/secure/lib/libcrypto/man/RC4_set_key.3
  head/secure/lib/libcrypto/man/RIPEMD160_Init.3
  head/secure/lib/libcrypto/man/RSA_blinding_on.3
  head/secure/lib/libcrypto/man/RSA_check_key.3
  head/secure/lib/libcrypto/man/RSA_generate_key.3
  head/secure/lib/libcrypto/man/RSA_get0_key.3
  head/secure/lib/libcrypto/man/RSA_meth_new.3
  head/secure/lib/libcrypto/man/RSA_new.3
  head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  head/secure/lib/libcrypto/man/RSA_print.3
  head/secure/lib/libcrypto/man/RSA_private_encrypt.3
  head/secure/lib/libcrypto/man/RSA_public_encrypt.3
  head/secure/lib/libcrypto/man/RSA_set_method.3
  head/secure/lib/libcrypto/man/RSA_sign.3
  head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  head/secure/lib/libcrypto/man/RSA_size.3
  head/secure/lib/libcrypto/man/SCT_new.3
  head/secure/lib/libcrypto/man/SCT_print.3
  head/secure/lib/libcrypto/man/SCT_validate.3
  head/secure/lib/libcrypto/man/SHA256_Init.3
  head/secure/lib/libcrypto/man/SMIME_read_CMS.3
  head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  head/secure/lib/libcrypto/man/SMIME_write_CMS.3
  head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  head/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
  head/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
  head/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
  head/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
  head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
  head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
  head/secure/lib/libcrypto/man/SSL_CONF_cmd.3
  head/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
  head/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
  head/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
  head/secure/lib/libcrypto/man/SSL_CTX_add_session.3
  head/secure/lib/libcrypto/man/SSL_CTX_config.3
  head/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
  head/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
  head/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
  head/secure/lib/libcrypto/man/SSL_CTX_free.3
  head/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
  head/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
  head/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
  head/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
  head/secure/lib/libcrypto/man/SSL_CTX_new.3
  head/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
  head/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
  head/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_sessions.3
  head/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
  head/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
  head/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
  head/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_options.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
  head/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
  head/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
  head/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
  head/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
  head/secure/lib/libcrypto/man/SSL_SESSION_free.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
  head/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
  head/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
  head/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
  head/secure/lib/libcrypto/man/SSL_SESSION_print.3
  head/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
  head/secure/lib/libcrypto/man/SSL_accept.3
  head/secure/lib/libcrypto/man/SSL_alert_type_string.3
  head/secure/lib/libcrypto/man/SSL_alloc_buffers.3
  head/secure/lib/libcrypto/man/SSL_check_chain.3
  head/secure/lib/libcrypto/man/SSL_clear.3
  head/secure/lib/libcrypto/man/SSL_connect.3
  head/secure/lib/libcrypto/man/SSL_do_handshake.3
  head/secure/lib/libcrypto/man/SSL_export_keying_material.3
  head/secure/lib/libcrypto/man/SSL_extension_supported.3
  head/secure/lib/libcrypto/man/SSL_free.3
  head/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
  head/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
  head/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
  head/secure/lib/libcrypto/man/SSL_get_ciphers.3
  head/secure/lib/libcrypto/man/SSL_get_client_random.3
  head/secure/lib/libcrypto/man/SSL_get_current_cipher.3
  head/secure/lib/libcrypto/man/SSL_get_default_timeout.3
  head/secure/lib/libcrypto/man/SSL_get_error.3
  head/secure/lib/libcrypto/man/SSL_get_extms_support.3
  head/secure/lib/libcrypto/man/SSL_get_fd.3
  head/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
  head/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
  head/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
  head/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
  head/secure/lib/libcrypto/man/SSL_get_psk_identity.3
  head/secure/lib/libcrypto/man/SSL_get_rbio.3
  head/secure/lib/libcrypto/man/SSL_get_session.3
  head/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
  head/secure/lib/libcrypto/man/SSL_get_verify_result.3
  head/secure/lib/libcrypto/man/SSL_get_version.3
  head/secure/lib/libcrypto/man/SSL_in_init.3
  head/secure/lib/libcrypto/man/SSL_key_update.3
  head/secure/lib/libcrypto/man/SSL_library_init.3
  head/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
  head/secure/lib/libcrypto/man/SSL_new.3
  head/secure/lib/libcrypto/man/SSL_pending.3
  head/secure/lib/libcrypto/man/SSL_read.3
  head/secure/lib/libcrypto/man/SSL_read_early_data.3
  head/secure/lib/libcrypto/man/SSL_rstate_string.3
  head/secure/lib/libcrypto/man/SSL_session_reused.3
  head/secure/lib/libcrypto/man/SSL_set1_host.3
  head/secure/lib/libcrypto/man/SSL_set_bio.3
  head/secure/lib/libcrypto/man/SSL_set_connect_state.3
  head/secure/lib/libcrypto/man/SSL_set_fd.3
  head/secure/lib/libcrypto/man/SSL_set_session.3
  head/secure/lib/libcrypto/man/SSL_set_shutdown.3
  head/secure/lib/libcrypto/man/SSL_set_verify_result.3
  head/secure/lib/libcrypto/man/SSL_shutdown.3
  head/secure/lib/libcrypto/man/SSL_state_string.3
  head/secure/lib/libcrypto/man/SSL_want.3
  head/secure/lib/libcrypto/man/SSL_write.3
  head/secure/lib/libcrypto/man/UI_STRING.3
  head/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
  head/secure/lib/libcrypto/man/UI_create_method.3
  head/secure/lib/libcrypto/man/UI_new.3
  head/secure/lib/libcrypto/man/X509V3_get_d2i.3
  head/secure/lib/libcrypto/man/X509_ALGOR_dup.3
  head/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
  head/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
  head/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
  head/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
  head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  head/secure/lib/libcrypto/man/X509_NAME_get0_der.3
  head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  head/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  head/secure/lib/libcrypto/man/X509_PUBKEY_new.3
  head/secure/lib/libcrypto/man/X509_SIG_get0.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  head/secure/lib/libcrypto/man/X509_STORE_add_cert.3
  head/secure/lib/libcrypto/man/X509_STORE_get0_param.3
  head/secure/lib/libcrypto/man/X509_STORE_new.3
  head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  head/secure/lib/libcrypto/man/X509_check_ca.3
  head/secure/lib/libcrypto/man/X509_check_host.3
  head/secure/lib/libcrypto/man/X509_check_issued.3
  head/secure/lib/libcrypto/man/X509_check_private_key.3
  head/secure/lib/libcrypto/man/X509_cmp_time.3
  head/secure/lib/libcrypto/man/X509_digest.3
  head/secure/lib/libcrypto/man/X509_dup.3
  head/secure/lib/libcrypto/man/X509_get0_notBefore.3
  head/secure/lib/libcrypto/man/X509_get0_signature.3
  head/secure/lib/libcrypto/man/X509_get0_uids.3
  head/secure/lib/libcrypto/man/X509_get_extension_flags.3
  head/secure/lib/libcrypto/man/X509_get_pubkey.3
  head/secure/lib/libcrypto/man/X509_get_serialNumber.3
  head/secure/lib/libcrypto/man/X509_get_subject_name.3
  head/secure/lib/libcrypto/man/X509_get_version.3
  head/secure/lib/libcrypto/man/X509_new.3
  head/secure/lib/libcrypto/man/X509_sign.3
  head/secure/lib/libcrypto/man/X509_verify_cert.3
  head/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
  head/secure/lib/libcrypto/man/d2i_DHparams.3
  head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
  head/secure/lib/libcrypto/man/d2i_PrivateKey.3
  head/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
  head/secure/lib/libcrypto/man/d2i_X509.3
  head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  head/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
  head/secure/lib/libcrypto/man/o2i_SCT_LIST.3
  head/secure/usr.bin/openssl/man/CA.pl.1
  head/secure/usr.bin/openssl/man/asn1parse.1
  head/secure/usr.bin/openssl/man/ca.1
  head/secure/usr.bin/openssl/man/ciphers.1
  head/secure/usr.bin/openssl/man/cms.1
  head/secure/usr.bin/openssl/man/crl.1
  head/secure/usr.bin/openssl/man/crl2pkcs7.1
  head/secure/usr.bin/openssl/man/dgst.1
  head/secure/usr.bin/openssl/man/dhparam.1
  head/secure/usr.bin/openssl/man/dsa.1
  head/secure/usr.bin/openssl/man/dsaparam.1
  head/secure/usr.bin/openssl/man/ec.1
  head/secure/usr.bin/openssl/man/ecparam.1
  head/secure/usr.bin/openssl/man/enc.1
  head/secure/usr.bin/openssl/man/engine.1
  head/secure/usr.bin/openssl/man/errstr.1
  head/secure/usr.bin/openssl/man/gendsa.1
  head/secure/usr.bin/openssl/man/genpkey.1
  head/secure/usr.bin/openssl/man/genrsa.1
  head/secure/usr.bin/openssl/man/list.1
  head/secure/usr.bin/openssl/man/nseq.1
  head/secure/usr.bin/openssl/man/ocsp.1
  head/secure/usr.bin/openssl/man/openssl.1
  head/secure/usr.bin/openssl/man/passwd.1
  head/secure/usr.bin/openssl/man/pkcs12.1
  head/secure/usr.bin/openssl/man/pkcs7.1
  head/secure/usr.bin/openssl/man/pkcs8.1
  head/secure/usr.bin/openssl/man/pkey.1
  head/secure/usr.bin/openssl/man/pkeyparam.1
  head/secure/usr.bin/openssl/man/pkeyutl.1
  head/secure/usr.bin/openssl/man/prime.1
  head/secure/usr.bin/openssl/man/rand.1
  head/secure/usr.bin/openssl/man/req.1
  head/secure/usr.bin/openssl/man/rsa.1
  head/secure/usr.bin/openssl/man/rsautl.1
  head/secure/usr.bin/openssl/man/s_client.1
  head/secure/usr.bin/openssl/man/s_server.1
  head/secure/usr.bin/openssl/man/s_time.1
  head/secure/usr.bin/openssl/man/sess_id.1
  head/secure/usr.bin/openssl/man/smime.1
  head/secure/usr.bin/openssl/man/speed.1
  head/secure/usr.bin/openssl/man/spkac.1
  head/secure/usr.bin/openssl/man/srp.1
  head/secure/usr.bin/openssl/man/storeutl.1
  head/secure/usr.bin/openssl/man/ts.1
  head/secure/usr.bin/openssl/man/tsget.1
  head/secure/usr.bin/openssl/man/verify.1
  head/secure/usr.bin/openssl/man/version.1
  head/secure/usr.bin/openssl/man/x509.1
Directory Properties:
  head/crypto/openssl/   (props changed)

Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES	Tue May 28 21:10:35 2019	(r348339)
+++ head/crypto/openssl/CHANGES	Tue May 28 21:54:12 2019	(r348340)
@@ -7,6 +7,77 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1b and 1.1.1c [28 May 2019]
+
+  *) Add build tests for C++.  These are generated files that only do one
+     thing, to include one public OpenSSL head file each.  This tests that
+     the public header files can be usefully included in a C++ application.
+
+     This test isn't enabled by default.  It can be enabled with the option
+     'enable-buildtest-c++'.
+     [Richard Levitte]
+
+  *) Enable SHA3 pre-hashing for ECDSA and DSA.
+     [Patrick Steuer]
+
+  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+     This changes the size when using the genpkey app when no size is given. It
+     fixes an omission in earlier changes that changed all RSA, DSA and DH
+     generation apps to use 2048 bits by default.
+     [Kurt Roeckx]
+
+  *) Reorganize the manual pages to consistently have RETURN VALUES,
+     EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust
+     util/fix-doc-nits accordingly.
+     [Paul Yang, Joshua Lock]
+
+  *) Add the missing accessor EVP_PKEY_get0_engine()
+     [Matt Caswell]
+
+  *) Have apps like 's_client' and 's_server' output the signature scheme
+     along with other cipher suite parameters when debugging.
+     [Lorinczy Zsigmond]
+
+  *) Make OPENSSL_config() error agnostic again.
+     [Richard Levitte]
+
+  *) Do the error handling in RSA decryption constant time.
+     [Bernd Edlinger]
+
+  *) Prevent over long nonces in ChaCha20-Poly1305.
+
+     ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input
+     for every encryption operation. RFC 7539 specifies that the nonce value
+     (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length
+     and front pads the nonce with 0 bytes if it is less than 12
+     bytes. However it also incorrectly allows a nonce to be set of up to 16
+     bytes. In this case only the last 12 bytes are significant and any
+     additional leading bytes are ignored.
+
+     It is a requirement of using this cipher that nonce values are
+     unique. Messages encrypted using a reused nonce value are susceptible to
+     serious confidentiality and integrity attacks. If an application changes
+     the default nonce length to be longer than 12 bytes and then makes a
+     change to the leading bytes of the nonce expecting the new value to be a
+     new unique nonce then such an application could inadvertently encrypt
+     messages with a reused nonce.
+
+     Additionally the ignored bytes in a long nonce are not covered by the
+     integrity guarantee of this cipher. Any application that relies on the
+     integrity of these ignored leading bytes of a long nonce may be further
+     affected. Any OpenSSL internal use of this cipher, including in SSL/TLS,
+     is safe because no such use sets such a long nonce value. However user
+     applications that use this cipher directly and set a non-default nonce
+     length to be longer than 12 bytes may be vulnerable.
+
+     This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk
+     Greef of Ronomon.
+     (CVE-2019-1543)
+     [Matt Caswell]
+
+  *) Ensure that SM2 only uses SM3 as digest algorithm
+     [Paul Yang]
+
  Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
 
   *) Added SCA hardening for modular field inversion in EC_GROUP through

Modified: head/crypto/openssl/Configure
==============================================================================
--- head/crypto/openssl/Configure	Tue May 28 21:10:35 2019	(r348339)
+++ head/crypto/openssl/Configure	Tue May 28 21:54:12 2019	(r348340)
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
 my $orig_death_handler = $SIG{__DIE__};
 $SIG{__DIE__} = \&death_handler;
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -54,16 +54,14 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
 # [no-]threads  [don't] try to create a library that is suitable for
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
-# [no-]shared	[don't] try to create shared libraries when supported.
+# [no-]shared   [don't] try to create shared libraries when supported.
 # [no-]pic      [don't] try to build position independent code when supported.
 #               If disabled, it also disables shared and dynamic-engine.
 # no-asm        do not use assembler
-# no-dso        do not compile in any native shared-library methods. This
-#               will ensure that all methods just return NULL.
 # no-egd        do not compile support for the entropy-gathering daemon APIs
 # [no-]zlib     [don't] compile support for zlib compression.
-# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
-#		library and will be loaded in run-time by the OpenSSL library.
+# zlib-dynamic  Like "zlib", but the zlib library is expected to be a shared
+#               library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # enable-weak-ssl-ciphers
 #               Enable weak ciphers that are disabled by default.
@@ -75,7 +73,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
 # -static       while -static is also a pass-through compiler option (and
 #               as such is limited to environments where it's actually
 #               meaningful), it triggers a number configuration options,
-#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               namely no-pic, no-shared and no-threads. It is
 #               argued that the only reason to produce statically linked
 #               binaries (and in context it means executables linked with
 #               -static flag, and not just executables linked with static
@@ -90,21 +88,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
 #               production quality.
 #
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-#		provided to stack calls. Generates unique stack functions for
-#		each possible stack type.
-# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
-# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+#               provided to stack calls. Generates unique stack functions for
+#               each possible stack type.
+# BN_LLONG      use the type 'long long' in crypto/bn/bn.h
+# RC4_CHAR      use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # Following are set automatically by this script
 #
-# MD5_ASM	use some extra md5 assembler,
-# SHA1_ASM	use some extra sha1 assembler, must define L_ENDIAN for x86
-# RMD160_ASM	use some extra ripemd160 assembler,
-# SHA256_ASM	sha256_block is implemented in assembler
-# SHA512_ASM	sha512_block is implemented in assembler
-# AES_ASM	AES_[en|de]crypt is implemented in assembler
+# MD5_ASM       use some extra md5 assembler,
+# SHA1_ASM      use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASM    use some extra ripemd160 assembler,
+# SHA256_ASM    sha256_block is implemented in assembler
+# SHA512_ASM    sha512_block is implemented in assembler
+# AES_ASM       AES_[en|de]crypt is implemented in assembler
 
-# Minimum warning options... any contributions to OpenSSL should at least get
-# past these.
+# Minimum warning options... any contributions to OpenSSL should at least
+# get past these.  Note that we only use these with C compilers, not with
+# C++ compilers.
 
 # DEBUG_UNUSED enables __owur (warn unused result) checks.
 # -DPEDANTIC complements -pedantic and is meant to mask code that
@@ -119,22 +118,23 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
 # code, so we just tell compiler to be pedantic about everything
 # but 'long long' type.
 
-my $gcc_devteam_warn = "-DDEBUG_UNUSED"
-        . " -DPEDANTIC -pedantic -Wno-long-long"
-        . " -Wall"
-        . " -Wextra"
-        . " -Wno-unused-parameter"
-        . " -Wno-missing-field-initializers"
-        . " -Wswitch"
-        . " -Wsign-compare"
-        . " -Wmissing-prototypes"
-        . " -Wstrict-prototypes"
-        . " -Wshadow"
-        . " -Wformat"
-        . " -Wtype-limits"
-        . " -Wundef"
-        . " -Werror"
-        ;
+my @gcc_devteam_warn = qw(
+    -DDEBUG_UNUSED
+    -DPEDANTIC -pedantic -Wno-long-long
+    -Wall
+    -Wextra
+    -Wno-unused-parameter
+    -Wno-missing-field-initializers
+    -Wswitch
+    -Wsign-compare
+    -Wshadow
+    -Wformat
+    -Wtype-limits
+    -Wundef
+    -Werror
+    -Wmissing-prototypes
+    -Wstrict-prototypes
+);
 
 # These are used in addition to $gcc_devteam_warn when the compiler is clang.
 # TODO(openssl-team): fix problems and investigate if (at least) the
@@ -144,19 +144,16 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
 #       -Wlanguage-extension-token -- no, we use asm()
 #       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
-#       -Wunused-function -- no, it forces header use of safestack et al
-#                            DEFINE macros
-my $clang_devteam_warn = ""
-        . " -Wswitch-default"
-        . " -Wno-parentheses-equality"
-        . " -Wno-language-extension-token"
-        . " -Wno-extended-offsetof"
-        . " -Wconditional-uninitialized"
-        . " -Wincompatible-pointer-types-discards-qualifiers"
-        . " -Wmissing-variable-declarations"
-        . " -Wno-unknown-warning-option"
-        . " -Wno-unused-function"
-        ;
+my @clang_devteam_warn = qw(
+    -Wswitch-default
+    -Wno-parentheses-equality
+    -Wno-language-extension-token
+    -Wno-extended-offsetof
+    -Wconditional-uninitialized
+    -Wincompatible-pointer-types-discards-qualifiers
+    -Wno-unknown-warning-option
+    -Wmissing-variable-declarations
+);
 
 # This adds backtrace information to the memory leak info.  Is only used
 # when crypto-mdebug-backtrace is enabled.
@@ -225,20 +222,20 @@ if (grep /^reconf(igure)?$/, @argvcopy) {
     die "reconfiguring with other arguments present isn't supported"
         if scalar @argvcopy > 1;
     if (-f "./configdata.pm") {
-	my $file = "./configdata.pm";
-	unless (my $return = do $file) {
-	    die "couldn't parse $file: $@" if $@;
+        my $file = "./configdata.pm";
+        unless (my $return = do $file) {
+            die "couldn't parse $file: $@" if $@;
             die "couldn't do $file: $!"    unless defined $return;
             die "couldn't run $file"       unless $return;
-	}
+        }
 
-	@argvcopy = defined($configdata::config{perlargv}) ?
-	    @{$configdata::config{perlargv}} : ();
-	die "Incorrect data to reconfigure, please do a normal configuration\n"
-	    if (grep(/^reconf/,@argvcopy));
-	$config{perlenv} = $configdata::config{perlenv} // {};
+        @argvcopy = defined($configdata::config{perlargv}) ?
+            @{$configdata::config{perlargv}} : ();
+        die "Incorrect data to reconfigure, please do a normal configuration\n"
+            if (grep(/^reconf/,@argvcopy));
+        $config{perlenv} = $configdata::config{perlenv} // {};
     } else {
-	die "Insufficient data to reconfigure, please do a normal configuration\n";
+        die "Insufficient data to reconfigure, please do a normal configuration\n";
     }
 }
 
@@ -253,8 +250,8 @@ $config{shlib_version_history} = "unknown";
 collect_information(
     collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')),
     qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; },
-    qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/	     => sub { $config{version_num}=$1 },
-    qr/SHLIB_VERSION_NUMBER *"([^"]+)"/	     => sub { $config{shlib_version_number}=$1 },
+    qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/      => sub { $config{version_num}=$1 },
+    qr/SHLIB_VERSION_NUMBER *"([^"]+)"/      => sub { $config{shlib_version_number}=$1 },
     qr/SHLIB_VERSION_HISTORY *"([^"]*)"/     => sub { $config{shlib_version_history}=$1 }
     );
 if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; }
@@ -266,7 +263,7 @@ if ($config{shlib_version_history} ne "") { $config{sh
 die "erroneous version information in opensslv.h: ",
     "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n"
     if ($config{major} eq "" || $config{minor} eq ""
-	|| $config{shlib_major} eq "" ||  $config{shlib_minor} eq "");
+        || $config{shlib_major} eq "" ||  $config{shlib_minor} eq "");
 
 # Collect target configurations
 
@@ -335,6 +332,7 @@ my @disablables = (
     "autoload-config",
     "bf",
     "blake2",
+    "buildtest-c\\+\\+",
     "camellia",
     "capieng",
     "cast",
@@ -351,7 +349,6 @@ my @disablables = (
     "dgram",
     "dh",
     "dsa",
-    "dso",
     "dtls",
     "dynamic-engine",
     "ec",
@@ -419,71 +416,70 @@ my @disablables = (
     "zlib-dynamic",
     );
 foreach my $proto ((@tls, @dtls))
-	{
-	push(@disablables, $proto);
-	push(@disablables, "$proto-method") unless $proto eq "tls1_3";
-	}
+        {
+        push(@disablables, $proto);
+        push(@disablables, "$proto-method") unless $proto eq "tls1_3";
+        }
 
 my %deprecated_disablables = (
     "ssl2" => undef,
     "buf-freelists" => undef,
     "ripemd" => "rmd160",
     "ui" => "ui-console",
+    "dso" => "",                # Empty string means we're silent about it
     );
 
 # All of the following are disabled by default:
 
 our %disabled = ( # "what"         => "comment"
-		  "asan"		=> "default",
-		  "crypto-mdebug"       => "default",
-		  "crypto-mdebug-backtrace" => "default",
-		  "devcryptoeng"	=> "default",
-		  "ec_nistp_64_gcc_128" => "default",
-		  "egd"                 => "default",
-		  "external-tests"	=> "default",
-		  "fuzz-libfuzzer"	=> "default",
-		  "fuzz-afl"		=> "default",
-		  "heartbeats"          => "default",
-		  "md2"                 => "default",
+                  "asan"                => "default",
+                  "buildtest-c++"       => "default",
+                  "crypto-mdebug"       => "default",
+                  "crypto-mdebug-backtrace" => "default",
+                  "devcryptoeng"        => "default",
+                  "ec_nistp_64_gcc_128" => "default",
+                  "egd"                 => "default",
+                  "external-tests"      => "default",
+                  "fuzz-libfuzzer"      => "default",
+                  "fuzz-afl"            => "default",
+                  "heartbeats"          => "default",
+                  "md2"                 => "default",
                   "msan"                => "default",
-		  "rc5"                 => "default",
-		  "sctp"                => "default",
-		  "ssl-trace"           => "default",
-		  "ssl3"                => "default",
-		  "ssl3-method"         => "default",
-                  "ubsan"		=> "default",
-		  "unit-test"           => "default",
-		  "weak-ssl-ciphers"    => "default",
-		  "zlib"                => "default",
-		  "zlib-dynamic"        => "default",
-		);
+                  "rc5"                 => "default",
+                  "sctp"                => "default",
+                  "ssl-trace"           => "default",
+                  "ssl3"                => "default",
+                  "ssl3-method"         => "default",
+                  "ubsan"               => "default",
+                  "unit-test"           => "default",
+                  "weak-ssl-ciphers"    => "default",
+                  "zlib"                => "default",
+                  "zlib-dynamic"        => "default",
+                );
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
 my @disable_cascades = (
-    # "what"		=> [ "cascade", ... ]
+    # "what"            => [ "cascade", ... ]
     sub { $config{processor} eq "386" }
-			=> [ "sse2" ],
-    "ssl"		=> [ "ssl3" ],
-    "ssl3-method"	=> [ "ssl3" ],
-    "zlib"		=> [ "zlib-dynamic" ],
-    "des"		=> [ "mdc2" ],
-    "ec"		=> [ "ecdsa", "ecdh" ],
+                        => [ "sse2" ],
+    "ssl"               => [ "ssl3" ],
+    "ssl3-method"       => [ "ssl3" ],
+    "zlib"              => [ "zlib-dynamic" ],
+    "des"               => [ "mdc2" ],
+    "ec"                => [ "ecdsa", "ecdh" ],
 
-    "dgram"		=> [ "dtls", "sctp" ],
-    "sock"		=> [ "dgram" ],
-    "dtls"		=> [ @dtls ],
+    "dgram"             => [ "dtls", "sctp" ],
+    "sock"              => [ "dgram" ],
+    "dtls"              => [ @dtls ],
     sub { 0 == scalar grep { !$disabled{$_} } @dtls }
-			=> [ "dtls" ],
+                        => [ "dtls" ],
 
-    "tls"		=> [ @tls ],
+    "tls"               => [ @tls ],
     sub { 0 == scalar grep { !$disabled{$_} } @tls }
-			=> [ "tls" ],
+                        => [ "tls" ],
 
     "crypto-mdebug"     => [ "crypto-mdebug-backtrace" ],
 
-    # Without DSO, we can't load dynamic engines, so don't build them dynamic
-    "dso"               => [ "dynamic-engine" ],
-
     # Without position independent code, there can be no shared libraries or DSOs
     "pic"               => [ "shared" ],
     "shared"            => [ "dynamic-engine" ],
@@ -510,14 +506,14 @@ my @list = (reverse @tls);
 while ((my $first, my $second) = (shift @list, shift @list)) {
     last unless @list;
     push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
-			      => [ @list ] );
+                              => [ @list ] );
     unshift @list, $second;
 }
 my @list = (reverse @dtls);
 while ((my $first, my $second) = (shift @list, shift @list)) {
     last unless @list;
     push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} }
-			      => [ @list ] );
+                              => [ @list ] );
     unshift @list, $second;
 }
 
@@ -544,24 +540,24 @@ my %user = (
     AS          => undef,
     ASFLAGS     => [],
     CC          => env('CC'),
-    CFLAGS      => [],
+    CFLAGS      => [ env('CFLAGS') || () ],
     CXX         => env('CXX'),
-    CXXFLAGS    => [],
+    CXXFLAGS    => [ env('CXXFLAGS') || () ],
     CPP         => undef,
-    CPPFLAGS    => [],  # -D, -I, -Wp,
+    CPPFLAGS    => [ env('CPPFLAGS') || () ],  # -D, -I, -Wp,
     CPPDEFINES  => [],  # Alternative for -D
     CPPINCLUDES => [],  # Alternative for -I
     CROSS_COMPILE => env('CROSS_COMPILE'),
     HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'),
     LD          => undef,
-    LDFLAGS     => [],  # -L, -Wl,
-    LDLIBS      => [],  # -l
+    LDFLAGS     => [ env('LDFLAGS') || () ],  # -L, -Wl,
+    LDLIBS      => [ env('LDLIBS') || () ],  # -l
     MT          => undef,
     MTFLAGS     => [],
     PERL        => env('PERL') || ($^O ne "VMS" ? $^X : "perl"),
     RANLIB      => env('RANLIB'),
     RC          => env('RC') || env('WINDRES'),
-    RCFLAGS     => [],
+    RCFLAGS     => [ env('RCFLAGS') || () ],
     RM          => undef,
    );
 # Info about what "make variables" may be prefixed with the cross compiler
@@ -578,6 +574,7 @@ my %useradd = (
     CXXFLAGS    => [],
     LDFLAGS     => [],
     LDLIBS      => [],
+    RCFLAGS     => [],
    );
 
 my %user_synonyms = (
@@ -625,43 +622,43 @@ my %deprecated_options = ();
 my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom);
 my @seed_sources = ();
 while (@argvcopy)
-	{
-	$_ = shift @argvcopy;
+        {
+        $_ = shift @argvcopy;
 
-	# Support env variable assignments among the options
-	if (m|^(\w+)=(.+)?$|)
-		{
-		$cmdvars{$1} = $2;
-		# Every time a variable is given as a configuration argument,
-		# it acts as a reset if the variable.
-		if (exists $user{$1})
-			{
-			$user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef;
-			}
-		#if (exists $useradd{$1})
-		#	{
-		#	$useradd{$1} = [];
-		#	}
-		next;
-		}
+        # Support env variable assignments among the options
+        if (m|^(\w+)=(.+)?$|)
+                {
+                $cmdvars{$1} = $2;
+                # Every time a variable is given as a configuration argument,
+                # it acts as a reset if the variable.
+                if (exists $user{$1})
+                        {
+                        $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef;
+                        }
+                #if (exists $useradd{$1})
+                #       {
+                #       $useradd{$1} = [];
+                #       }
+                next;
+                }
 
-	# VMS is a case insensitive environment, and depending on settings
-	# out of our control, we may receive options uppercased.  Let's
-	# downcase at least the part before any equal sign.
-	if ($^O eq "VMS")
-		{
-		s/^([^=]*)/lc($1)/e;
-		}
+        # VMS is a case insensitive environment, and depending on settings
+        # out of our control, we may receive options uppercased.  Let's
+        # downcase at least the part before any equal sign.
+        if ($^O eq "VMS")
+                {
+                s/^([^=]*)/lc($1)/e;
+                }
 
-	# some people just can't read the instructions, clang people have to...
-	s/^-no-(?!integrated-as)/no-/;
+        # some people just can't read the instructions, clang people have to...
+        s/^-no-(?!integrated-as)/no-/;
 
-	# rewrite some options in "enable-..." form
-	s /^-?-?shared$/enable-shared/;
-	s /^sctp$/enable-sctp/;
-	s /^threads$/enable-threads/;
-	s /^zlib$/enable-zlib/;
-	s /^zlib-dynamic$/enable-zlib-dynamic/;
+        # rewrite some options in "enable-..." form
+        s /^-?-?shared$/enable-shared/;
+        s /^sctp$/enable-sctp/;
+        s /^threads$/enable-threads/;
+        s /^zlib$/enable-zlib/;
+        s /^zlib-dynamic$/enable-zlib-dynamic/;
 
         if (/^(no|disable|enable)-(.+)$/)
                 {
@@ -715,21 +712,24 @@ while (@argvcopy)
                         }
                 elsif (exists $deprecated_disablables{$1})
                         {
-                        $deprecated_options{$_} = 1;
-                        if (defined $deprecated_disablables{$1})
+                        if ($deprecated_disablables{$1} ne "")
                                 {
-                                $disabled{$deprecated_disablables{$1}} = "option";
+                                $deprecated_options{$_} = 1;
+                                if (defined $deprecated_disablables{$1})
+                                        {
+                                        $disabled{$deprecated_disablables{$1}} = "option";
+                                        }
                                 }
                         }
                 else
                         {
                         $disabled{$1} = "option";
                         }
-		# No longer an automatic choice
-		$auto_threads = 0 if ($1 eq "threads");
-		}
-	elsif (/^enable-(.+)$/)
-		{
+                # No longer an automatic choice
+                $auto_threads = 0 if ($1 eq "threads");
+                }
+        elsif (/^enable-(.+)$/)
+                {
                 if ($1 eq "static-engine")
                         {
                         $disabled{"dynamic-engine"} = "option";
@@ -742,173 +742,172 @@ while (@argvcopy)
                         {
                         delete $disabled{"zlib"};
                         }
-		my $algo = $1;
-		delete $disabled{$algo};
+                my $algo = $1;
+                delete $disabled{$algo};
 
-		# No longer an automatic choice
-		$auto_threads = 0 if ($1 eq "threads");
-		}
-	elsif (/^--strict-warnings$/)
-		{
-		$strict_warnings = 1;
-		}
-	elsif (/^--debug$/)
-		{
-		$config{build_type} = "debug";
-		}
-	elsif (/^--release$/)
-		{
-		$config{build_type} = "release";
-		}
-	elsif (/^386$/)
-		{ $config{processor}=386; }
-	elsif (/^fips$/)
-		{
-		die "FIPS mode not supported\n";
-		}
-	elsif (/^rsaref$/)
-		{
-		# No RSAref support any more since it's not needed.
-		# The check for the option is there so scripts aren't
-		# broken
-		}
-	elsif (/^nofipscanistercheck$/)
-		{
-		die "FIPS mode not supported\n";
-		}
-	elsif (/^[-+]/)
-		{
-		if (/^--prefix=(.*)$/)
-			{
-			$config{prefix}=$1;
-			die "Directory given with --prefix MUST be absolute\n"
-				unless file_name_is_absolute($config{prefix});
-			}
-		elsif (/^--api=(.*)$/)
-			{
-			$config{api}=$1;
-			}
-		elsif (/^--libdir=(.*)$/)
-			{
-			$config{libdir}=$1;
-			}
-		elsif (/^--openssldir=(.*)$/)
-			{
-			$config{openssldir}=$1;
-			}
-		elsif (/^--with-zlib-lib=(.*)$/)
-			{
-			$withargs{zlib_lib}=$1;
-			}
-		elsif (/^--with-zlib-include=(.*)$/)
-			{
-			$withargs{zlib_include}=$1;
-			}
-		elsif (/^--with-fuzzer-lib=(.*)$/)
-			{
-			$withargs{fuzzer_lib}=$1;
-			}
-		elsif (/^--with-fuzzer-include=(.*)$/)
-			{
-			$withargs{fuzzer_include}=$1;
-			}
-		elsif (/^--with-rand-seed=(.*)$/)
-			{
-			foreach my $x (split(m|,|, $1))
-			    {
-			    die "Unknown --with-rand-seed choice $x\n"
-				if ! grep { $x eq $_ } @known_seed_sources;
-			    push @seed_sources, $x;
-			    }
+                # No longer an automatic choice
+                $auto_threads = 0 if ($1 eq "threads");
+                }
+        elsif (/^--strict-warnings$/)
+                {
+                # Pretend that our strict flags is a C flag, and replace it
+                # with the proper flags later on
+                push @{$useradd{CFLAGS}}, '--ossl-strict-warnings';
+                $strict_warnings=1;
+                }
+        elsif (/^--debug$/)
+                {
+                $config{build_type} = "debug";
+                }
+        elsif (/^--release$/)
+                {
+                $config{build_type} = "release";
+                }
+        elsif (/^386$/)
+                { $config{processor}=386; }
+        elsif (/^fips$/)
+                {
+                die "FIPS mode not supported\n";
+                }
+        elsif (/^rsaref$/)
+                {
+                # No RSAref support any more since it's not needed.
+                # The check for the option is there so scripts aren't
+                # broken
+                }
+        elsif (/^nofipscanistercheck$/)
+                {
+                die "FIPS mode not supported\n";
+                }
+        elsif (/^[-+]/)
+                {
+                if (/^--prefix=(.*)$/)
+                        {
+                        $config{prefix}=$1;
+                        die "Directory given with --prefix MUST be absolute\n"
+                                unless file_name_is_absolute($config{prefix});
                         }
-		elsif (/^--cross-compile-prefix=(.*)$/)
-			{
-			$user{CROSS_COMPILE}=$1;
-			}
-		elsif (/^--config=(.*)$/)
-			{
-			read_config $1;
-			}
-		elsif (/^-l(.*)$/)
-			{
-			push @{$useradd{LDLIBS}}, $_;
-			}
-		elsif (/^-framework$/)
-			{
-			push @{$useradd{LDLIBS}}, $_, shift(@argvcopy);
-			}
-		elsif (/^-L(.*)$/ or /^-Wl,/)
-			{
-			push @{$useradd{LDFLAGS}}, $_;
-			}
-		elsif (/^-rpath$/ or /^-R$/)
-			# -rpath is the OSF1 rpath flag
-			# -R is the old Solaris rpath flag
-			{
-			my $rpath = shift(@argvcopy) || "";
-			$rpath .= " " if $rpath ne "";
-			push @{$useradd{LDFLAGS}}, $_, $rpath;
-			}
-		elsif (/^-static$/)
-			{
-			push @{$useradd{LDFLAGS}}, $_;
-			$disabled{"dso"} = "forced";
-			$disabled{"pic"} = "forced";
-			$disabled{"shared"} = "forced";
-			$disabled{"threads"} = "forced";
-			}
-		elsif (/^-D(.*)$/)
-			{
-			push @{$useradd{CPPDEFINES}}, $1;
-			}
-		elsif (/^-I(.*)$/)
-			{
-			push @{$useradd{CPPINCLUDES}}, $1;
-			}
-		elsif (/^-Wp,$/)
-			{
-			push @{$useradd{CPPFLAGS}}, $1;
-			}
-		else	# common if (/^[-+]/), just pass down...
-			{
-			$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
-			push @{$useradd{CFLAGS}}, $_;
-			push @{$useradd{CXXFLAGS}}, $_;
-			}
-		}
-	else
-		{
-		die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
-		$target=$_;
-		}
-	unless ($_ eq $target || /^no-/ || /^disable-/)
-		{
-		# "no-..." follows later after implied deactivations
-		# have been derived.  (Don't take this too seriously,
-		# we really only write OPTIONS to the Makefile out of
-		# nostalgia.)
+                elsif (/^--api=(.*)$/)
+                        {
+                        $config{api}=$1;
+                        }
+                elsif (/^--libdir=(.*)$/)
+                        {
+                        $config{libdir}=$1;
+                        }
+                elsif (/^--openssldir=(.*)$/)
+                        {
+                        $config{openssldir}=$1;
+                        }
+                elsif (/^--with-zlib-lib=(.*)$/)
+                        {
+                        $withargs{zlib_lib}=$1;
+                        }
+                elsif (/^--with-zlib-include=(.*)$/)
+                        {
+                        $withargs{zlib_include}=$1;
+                        }
+                elsif (/^--with-fuzzer-lib=(.*)$/)
+                        {
+                        $withargs{fuzzer_lib}=$1;
+                        }
+                elsif (/^--with-fuzzer-include=(.*)$/)
+                        {
+                        $withargs{fuzzer_include}=$1;
+                        }
+                elsif (/^--with-rand-seed=(.*)$/)
+                        {
+                        foreach my $x (split(m|,|, $1))
+                            {
+                            die "Unknown --with-rand-seed choice $x\n"
+                                if ! grep { $x eq $_ } @known_seed_sources;
+                            push @seed_sources, $x;
+                            }
+                        }
+                elsif (/^--cross-compile-prefix=(.*)$/)
+                        {
+                        $user{CROSS_COMPILE}=$1;
+                        }
+                elsif (/^--config=(.*)$/)
+                        {
+                        read_config $1;
+                        }
+                elsif (/^-l(.*)$/)
+                        {
+                        push @{$useradd{LDLIBS}}, $_;
+                        }
+                elsif (/^-framework$/)
+                        {
+                        push @{$useradd{LDLIBS}}, $_, shift(@argvcopy);
+                        }
+                elsif (/^-L(.*)$/ or /^-Wl,/)
+                        {
+                        push @{$useradd{LDFLAGS}}, $_;
+                        }
+                elsif (/^-rpath$/ or /^-R$/)
+                        # -rpath is the OSF1 rpath flag
+                        # -R is the old Solaris rpath flag
+                        {
+                        my $rpath = shift(@argvcopy) || "";
+                        $rpath .= " " if $rpath ne "";
+                        push @{$useradd{LDFLAGS}}, $_, $rpath;
+                        }
+                elsif (/^-static$/)
+                        {
+                        push @{$useradd{LDFLAGS}}, $_;
+                        }
+                elsif (/^-D(.*)$/)
+                        {
+                        push @{$useradd{CPPDEFINES}}, $1;
+                        }
+                elsif (/^-I(.*)$/)
+                        {
+                        push @{$useradd{CPPINCLUDES}}, $1;
+                        }
+                elsif (/^-Wp,$/)
+                        {
+                        push @{$useradd{CPPFLAGS}}, $1;
+                        }
+                else    # common if (/^[-+]/), just pass down...
+                        {
+                        $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+                        push @{$useradd{CFLAGS}}, $_;
+                        push @{$useradd{CXXFLAGS}}, $_;
+                        }
+                }
+        else
+                {
+                die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+                $target=$_;
+                }
+        unless ($_ eq $target || /^no-/ || /^disable-/)
+                {
+                # "no-..." follows later after implied deactivations
+                # have been derived.  (Don't take this too seriously,
+                # we really only write OPTIONS to the Makefile out of
+                # nostalgia.)
 
-		if ($config{options} eq "")
-			{ $config{options} = $_; }
-		else
-			{ $config{options} .= " ".$_; }
-		}
-	}
+                if ($config{options} eq "")
+                        { $config{options} = $_; }
+                else
+                        { $config{options} .= " ".$_; }
+                }
+        }
 
 if (defined($config{api}) && !exists $apitable->{$config{api}}) {
-	die "***** Unsupported api compatibility level: $config{api}\n",
+        die "***** Unsupported api compatibility level: $config{api}\n",
 }
 
 if (keys %deprecated_options)
-	{
-	warn "***** Deprecated options: ",
-		join(", ", keys %deprecated_options), "\n";
-	}
+        {
+        warn "***** Deprecated options: ",
+                join(", ", keys %deprecated_options), "\n";
+        }
 if (keys %unsupported_options)
-	{
-	die "***** Unsupported options: ",
-		join(", ", keys %unsupported_options), "\n";
-	}
+        {
+        die "***** Unsupported options: ",
+                join(", ", keys %unsupported_options), "\n";
+        }
 
 # If any %useradd entry has been set, we must check that the "make
 # variables" haven't been set.  We start by checking of any %useradd entry
@@ -964,36 +963,46 @@ if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFL
     && !$disabled{shared}
     && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
     die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
-	"***** any of asan, msan or ubsan\n";
+        "***** any of asan, msan or ubsan\n";
 }
 
-my @tocheckfor = (keys %disabled);
-while (@tocheckfor) {
-    my %new_tocheckfor = ();
-    my @cascade_copy = (@disable_cascades);
-    while (@cascade_copy) {
-	my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy);
-	if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
-	    foreach(grep { !defined($disabled{$_}) } @$descendents) {
-		$new_tocheckfor{$_} = 1; $disabled{$_} = "forced";
-	    }
-	}
+sub disable {
+    my $disable_type = shift;
+
+    for (@_) {
+        $disabled{$_} = $disable_type;
     }
-    @tocheckfor = (keys %new_tocheckfor);
+
+    my @tocheckfor = (@_ ? @_ : keys %disabled);
+    while (@tocheckfor) {
+        my %new_tocheckfor = ();
+        my @cascade_copy = (@disable_cascades);
+        while (@cascade_copy) {
+            my ($test, $descendents) =
+                (shift @cascade_copy, shift @cascade_copy);
+            if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
+                foreach (grep { !defined($disabled{$_}) } @$descendents) {
+                    $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade";
+                }
+            }
+        }
+        @tocheckfor = (keys %new_tocheckfor);
+    }
 }
+disable();                     # First cascade run
 
 our $die = sub { die @_; };
 if ($target eq "TABLE") {
     local $die = sub { warn @_; };
     foreach (sort keys %table) {
-	print_table_entry($_, "TABLE");
+        print_table_entry($_, "TABLE");
     }
     exit 0;
 }
 
 if ($target eq "LIST") {
     foreach (sort keys %table) {
-	print $_,"\n" unless $table{$_}->{template};
+        print $_,"\n" unless $table{$_}->{template};
     }
     exit 0;
 }
@@ -1002,7 +1011,7 @@ if ($target eq "HASH") {
     local $die = sub { warn @_; };
     print "%table = (\n";
     foreach (sort keys %table) {
-	print_table_entry($_, "HASH");
+        print_table_entry($_, "HASH");
     }
     exit 0;
 }
@@ -1033,7 +1042,7 @@ _____
 }
 push @{$config{openssl_other_defines}},
      map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
-	@seed_sources;
+        @seed_sources;
 
 # Backward compatibility?
 if ($target =~ m/^CygWin32(-.*)$/) {
@@ -1047,7 +1056,7 @@ if ($d) {
 
     # If we do not find debug-foo in the table, the target is set to foo.
     if (!$table{$target}) {
-	$target = $t;
+        $target = $t;
     }
 }
 
@@ -1064,47 +1073,11 @@ foreach (keys %target_attr_translate) {
 
 %target = ( %{$table{DEFAULTS}}, %target );
 
-# Make the flags to build DSOs the same as for shared libraries unless they
-# are already defined
-$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags};
-$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags};
-$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags};

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905282154.x4SLsDLj016089>