Date: Tue, 28 May 2019 21:54:13 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r348340 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/bio crypto/openssl/crypto/blake2 crypto/openssl/crypto/bn... Message-ID: <201905282154.x4SLsDLj016089@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue May 28 21:54:12 2019 New Revision: 348340 URL: https://svnweb.freebsd.org/changeset/base/348340 Log: Merge OpenSSL 1.1.1c. Modified: head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/INSTALL head/crypto/openssl/NEWS head/crypto/openssl/NOTES.PERL head/crypto/openssl/README head/crypto/openssl/apps/asn1pars.c head/crypto/openssl/apps/cms.c head/crypto/openssl/apps/enc.c head/crypto/openssl/apps/ocsp.c head/crypto/openssl/apps/s_cb.c head/crypto/openssl/apps/s_client.c head/crypto/openssl/apps/speed.c head/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl head/crypto/openssl/crypto/bio/b_addr.c head/crypto/openssl/crypto/bio/bss_mem.c head/crypto/openssl/crypto/blake2/blake2b.c head/crypto/openssl/crypto/bn/asm/mips.pl head/crypto/openssl/crypto/bn/asm/ppc.pl head/crypto/openssl/crypto/bn/bn_ctx.c head/crypto/openssl/crypto/bn/bn_lib.c head/crypto/openssl/crypto/bn/bn_prime.c head/crypto/openssl/crypto/chacha/build.info head/crypto/openssl/crypto/conf/conf_sap.c head/crypto/openssl/crypto/dh/dh_check.c head/crypto/openssl/crypto/dh/dh_gen.c head/crypto/openssl/crypto/dh/dh_key.c head/crypto/openssl/crypto/dh/dh_pmeth.c head/crypto/openssl/crypto/dsa/dsa_gen.c head/crypto/openssl/crypto/dsa/dsa_ossl.c head/crypto/openssl/crypto/dsa/dsa_pmeth.c head/crypto/openssl/crypto/dso/dso_openssl.c head/crypto/openssl/crypto/ec/curve25519.c head/crypto/openssl/crypto/ec/curve448/curve448.c head/crypto/openssl/crypto/ec/curve448/curve448_tables.c head/crypto/openssl/crypto/ec/curve448/curve448utils.h head/crypto/openssl/crypto/ec/curve448/f_generic.c head/crypto/openssl/crypto/ec/curve448/scalar.c head/crypto/openssl/crypto/ec/ec2_oct.c head/crypto/openssl/crypto/ec/ec2_smpl.c head/crypto/openssl/crypto/ec/ec_ameth.c head/crypto/openssl/crypto/ec/ec_lib.c head/crypto/openssl/crypto/ec/ec_mult.c head/crypto/openssl/crypto/ec/ec_pmeth.c head/crypto/openssl/crypto/ec/ecdh_ossl.c head/crypto/openssl/crypto/ec/ecp_nistp521.c head/crypto/openssl/crypto/ec/ecp_nistz256.c head/crypto/openssl/crypto/ec/ecp_smpl.c head/crypto/openssl/crypto/err/err.c head/crypto/openssl/crypto/evp/digest.c head/crypto/openssl/crypto/evp/e_aes.c head/crypto/openssl/crypto/evp/e_aria.c head/crypto/openssl/crypto/evp/e_chacha20_poly1305.c head/crypto/openssl/crypto/evp/p_lib.c head/crypto/openssl/crypto/evp/p_open.c head/crypto/openssl/crypto/hmac/hmac.c head/crypto/openssl/crypto/include/internal/dso_conf.h head/crypto/openssl/crypto/include/internal/dso_conf.h.in head/crypto/openssl/crypto/init.c head/crypto/openssl/crypto/mips_arch.h head/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl head/crypto/openssl/crypto/modes/ccm128.c head/crypto/openssl/crypto/o_str.c head/crypto/openssl/crypto/objects/obj_dat.h head/crypto/openssl/crypto/objects/objects.txt head/crypto/openssl/crypto/ocsp/ocsp_ext.c head/crypto/openssl/crypto/ocsp/ocsp_lib.c head/crypto/openssl/crypto/pem/pem_sign.c head/crypto/openssl/crypto/poly1305/build.info head/crypto/openssl/crypto/ppccap.c head/crypto/openssl/crypto/rand/drbg_lib.c head/crypto/openssl/crypto/rand/rand_lib.c head/crypto/openssl/crypto/rand/rand_unix.c head/crypto/openssl/crypto/rand/randfile.c head/crypto/openssl/crypto/rc4/build.info head/crypto/openssl/crypto/rsa/rsa_ameth.c head/crypto/openssl/crypto/rsa/rsa_gen.c head/crypto/openssl/crypto/rsa/rsa_oaep.c head/crypto/openssl/crypto/rsa/rsa_ossl.c head/crypto/openssl/crypto/rsa/rsa_pk1.c head/crypto/openssl/crypto/rsa/rsa_pmeth.c head/crypto/openssl/crypto/rsa/rsa_ssl.c head/crypto/openssl/crypto/rsa/rsa_x931g.c head/crypto/openssl/crypto/sha/keccak1600.c head/crypto/openssl/crypto/x509/x509_lu.c head/crypto/openssl/crypto/x509v3/v3_genn.c head/crypto/openssl/doc/man1/genpkey.pod head/crypto/openssl/doc/man1/pkeyutl.pod head/crypto/openssl/doc/man1/s_client.pod head/crypto/openssl/doc/man1/s_server.pod head/crypto/openssl/doc/man1/s_time.pod head/crypto/openssl/doc/man1/ts.pod head/crypto/openssl/doc/man3/ASN1_TIME_set.pod head/crypto/openssl/doc/man3/ASN1_generate_nconf.pod head/crypto/openssl/doc/man3/BIO_connect.pod head/crypto/openssl/doc/man3/BIO_push.pod head/crypto/openssl/doc/man3/BIO_s_file.pod head/crypto/openssl/doc/man3/BIO_s_mem.pod head/crypto/openssl/doc/man3/BN_CTX_start.pod head/crypto/openssl/doc/man3/BN_new.pod head/crypto/openssl/doc/man3/BN_rand.pod head/crypto/openssl/doc/man3/BN_security_bits.pod head/crypto/openssl/doc/man3/CMS_verify.pod head/crypto/openssl/doc/man3/CONF_modules_load_file.pod head/crypto/openssl/doc/man3/DES_random_key.pod head/crypto/openssl/doc/man3/ECDSA_SIG_new.pod head/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod head/crypto/openssl/doc/man3/EVP_EncryptInit.pod head/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod head/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod head/crypto/openssl/doc/man3/EVP_chacha20.pod head/crypto/openssl/doc/man3/HMAC.pod head/crypto/openssl/doc/man3/OBJ_nid2obj.pod head/crypto/openssl/doc/man3/OCSP_cert_to_id.pod head/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod head/crypto/openssl/doc/man3/RAND_DRBG_generate.pod head/crypto/openssl/doc/man3/RAND_DRBG_get0_master.pod head/crypto/openssl/doc/man3/RAND_DRBG_new.pod head/crypto/openssl/doc/man3/RAND_DRBG_reseed.pod head/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod head/crypto/openssl/doc/man3/RAND_add.pod head/crypto/openssl/doc/man3/RAND_bytes.pod head/crypto/openssl/doc/man3/RAND_cleanup.pod head/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod head/crypto/openssl/doc/man3/RSA_public_encrypt.pod head/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod head/crypto/openssl/doc/man3/SSL_CONF_cmd.pod head/crypto/openssl/doc/man3/SSL_CTX_load_verify_locations.pod head/crypto/openssl/doc/man3/SSL_CTX_new.pod head/crypto/openssl/doc/man3/SSL_CTX_set1_sigalgs.pod head/crypto/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod head/crypto/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod head/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod head/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod head/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod head/crypto/openssl/doc/man3/SSL_get_error.pod head/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod head/crypto/openssl/doc/man3/SSL_read.pod head/crypto/openssl/doc/man3/SSL_session_reused.pod head/crypto/openssl/doc/man3/SSL_shutdown.pod head/crypto/openssl/doc/man3/SSL_write.pod head/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod head/crypto/openssl/doc/man3/X509_NAME_add_entry_by_txt.pod head/crypto/openssl/doc/man3/X509_NAME_get_index_by_NID.pod head/crypto/openssl/doc/man3/X509_get_subject_name.pod head/crypto/openssl/doc/man3/d2i_X509.pod head/crypto/openssl/e_os.h head/crypto/openssl/engines/e_padlock.c head/crypto/openssl/include/internal/dsoerr.h head/crypto/openssl/include/internal/refcount.h head/crypto/openssl/include/internal/tsan_assist.h head/crypto/openssl/include/openssl/err.h head/crypto/openssl/include/openssl/evp.h head/crypto/openssl/include/openssl/obj_mac.h head/crypto/openssl/include/openssl/ocsp.h head/crypto/openssl/include/openssl/opensslv.h head/crypto/openssl/include/openssl/ssl.h head/crypto/openssl/include/openssl/x509v3.h head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/ssl/ssl_locl.h head/crypto/openssl/ssl/statem/extensions.c head/crypto/openssl/ssl/statem/extensions_clnt.c head/crypto/openssl/ssl/statem/extensions_srvr.c head/crypto/openssl/ssl/statem/statem_clnt.c head/crypto/openssl/ssl/statem/statem_srvr.c head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/Makefile.man head/secure/lib/libcrypto/Version.map head/secure/lib/libcrypto/man/ADMISSIONS.3 head/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 head/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 head/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 head/secure/lib/libcrypto/man/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/ASN1_TYPE_get.3 head/secure/lib/libcrypto/man/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 head/secure/lib/libcrypto/man/ASYNC_start_job.3 head/secure/lib/libcrypto/man/BF_encrypt.3 head/secure/lib/libcrypto/man/BIO_ADDR.3 head/secure/lib/libcrypto/man/BIO_ADDRINFO.3 head/secure/lib/libcrypto/man/BIO_connect.3 head/secure/lib/libcrypto/man/BIO_ctrl.3 head/secure/lib/libcrypto/man/BIO_f_base64.3 head/secure/lib/libcrypto/man/BIO_f_buffer.3 head/secure/lib/libcrypto/man/BIO_f_cipher.3 head/secure/lib/libcrypto/man/BIO_f_md.3 head/secure/lib/libcrypto/man/BIO_f_null.3 head/secure/lib/libcrypto/man/BIO_f_ssl.3 head/secure/lib/libcrypto/man/BIO_find_type.3 head/secure/lib/libcrypto/man/BIO_get_data.3 head/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 head/secure/lib/libcrypto/man/BIO_meth_new.3 head/secure/lib/libcrypto/man/BIO_new.3 head/secure/lib/libcrypto/man/BIO_new_CMS.3 head/secure/lib/libcrypto/man/BIO_parse_hostserv.3 head/secure/lib/libcrypto/man/BIO_printf.3 head/secure/lib/libcrypto/man/BIO_push.3 head/secure/lib/libcrypto/man/BIO_read.3 head/secure/lib/libcrypto/man/BIO_s_accept.3 head/secure/lib/libcrypto/man/BIO_s_bio.3 head/secure/lib/libcrypto/man/BIO_s_connect.3 head/secure/lib/libcrypto/man/BIO_s_fd.3 head/secure/lib/libcrypto/man/BIO_s_file.3 head/secure/lib/libcrypto/man/BIO_s_mem.3 head/secure/lib/libcrypto/man/BIO_s_null.3 head/secure/lib/libcrypto/man/BIO_s_socket.3 head/secure/lib/libcrypto/man/BIO_set_callback.3 head/secure/lib/libcrypto/man/BIO_should_retry.3 head/secure/lib/libcrypto/man/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/BN_CTX_new.3 head/secure/lib/libcrypto/man/BN_CTX_start.3 head/secure/lib/libcrypto/man/BN_add.3 head/secure/lib/libcrypto/man/BN_add_word.3 head/secure/lib/libcrypto/man/BN_bn2bin.3 head/secure/lib/libcrypto/man/BN_cmp.3 head/secure/lib/libcrypto/man/BN_copy.3 head/secure/lib/libcrypto/man/BN_generate_prime.3 head/secure/lib/libcrypto/man/BN_mod_inverse.3 head/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/BN_new.3 head/secure/lib/libcrypto/man/BN_num_bytes.3 head/secure/lib/libcrypto/man/BN_rand.3 head/secure/lib/libcrypto/man/BN_security_bits.3 head/secure/lib/libcrypto/man/BN_set_bit.3 head/secure/lib/libcrypto/man/BN_swap.3 head/secure/lib/libcrypto/man/BN_zero.3 head/secure/lib/libcrypto/man/BUF_MEM_new.3 head/secure/lib/libcrypto/man/CMS_add0_cert.3 head/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/CMS_add1_signer.3 head/secure/lib/libcrypto/man/CMS_compress.3 head/secure/lib/libcrypto/man/CMS_decrypt.3 head/secure/lib/libcrypto/man/CMS_encrypt.3 head/secure/lib/libcrypto/man/CMS_final.3 head/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/CMS_get0_type.3 head/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/CMS_sign.3 head/secure/lib/libcrypto/man/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/CMS_uncompress.3 head/secure/lib/libcrypto/man/CMS_verify.3 head/secure/lib/libcrypto/man/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/CONF_modules_free.3 head/secure/lib/libcrypto/man/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 head/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 head/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 head/secure/lib/libcrypto/man/CTLOG_STORE_new.3 head/secure/lib/libcrypto/man/CTLOG_new.3 head/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 head/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 head/secure/lib/libcrypto/man/DES_random_key.3 head/secure/lib/libcrypto/man/DH_generate_key.3 head/secure/lib/libcrypto/man/DH_generate_parameters.3 head/secure/lib/libcrypto/man/DH_get0_pqg.3 head/secure/lib/libcrypto/man/DH_get_1024_160.3 head/secure/lib/libcrypto/man/DH_meth_new.3 head/secure/lib/libcrypto/man/DH_new.3 head/secure/lib/libcrypto/man/DH_new_by_nid.3 head/secure/lib/libcrypto/man/DH_set_method.3 head/secure/lib/libcrypto/man/DH_size.3 head/secure/lib/libcrypto/man/DSA_SIG_new.3 head/secure/lib/libcrypto/man/DSA_do_sign.3 head/secure/lib/libcrypto/man/DSA_dup_DH.3 head/secure/lib/libcrypto/man/DSA_generate_key.3 head/secure/lib/libcrypto/man/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/DSA_get0_pqg.3 head/secure/lib/libcrypto/man/DSA_meth_new.3 head/secure/lib/libcrypto/man/DSA_new.3 head/secure/lib/libcrypto/man/DSA_set_method.3 head/secure/lib/libcrypto/man/DSA_sign.3 head/secure/lib/libcrypto/man/DSA_size.3 head/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 head/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 head/secure/lib/libcrypto/man/DTLSv1_listen.3 head/secure/lib/libcrypto/man/ECDSA_SIG_new.3 head/secure/lib/libcrypto/man/ECPKParameters_print.3 head/secure/lib/libcrypto/man/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/EC_GROUP_new.3 head/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 head/secure/lib/libcrypto/man/EC_KEY_new.3 head/secure/lib/libcrypto/man/EC_POINT_add.3 head/secure/lib/libcrypto/man/EC_POINT_new.3 head/secure/lib/libcrypto/man/ENGINE_add.3 head/secure/lib/libcrypto/man/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/ERR_clear_error.3 head/secure/lib/libcrypto/man/ERR_error_string.3 head/secure/lib/libcrypto/man/ERR_get_error.3 head/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/ERR_load_strings.3 head/secure/lib/libcrypto/man/ERR_print_errors.3 head/secure/lib/libcrypto/man/ERR_put_error.3 head/secure/lib/libcrypto/man/ERR_remove_state.3 head/secure/lib/libcrypto/man/ERR_set_mark.3 head/secure/lib/libcrypto/man/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 head/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 head/secure/lib/libcrypto/man/EVP_DigestInit.3 head/secure/lib/libcrypto/man/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/EVP_EncodeInit.3 head/secure/lib/libcrypto/man/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/EVP_MD_meth_new.3 head/secure/lib/libcrypto/man/EVP_OpenInit.3 head/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 head/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 head/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 head/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 head/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 head/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/EVP_SealInit.3 head/secure/lib/libcrypto/man/EVP_SignInit.3 head/secure/lib/libcrypto/man/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/EVP_aes.3 head/secure/lib/libcrypto/man/EVP_aria.3 head/secure/lib/libcrypto/man/EVP_bf_cbc.3 head/secure/lib/libcrypto/man/EVP_blake2b512.3 head/secure/lib/libcrypto/man/EVP_camellia.3 head/secure/lib/libcrypto/man/EVP_cast5_cbc.3 head/secure/lib/libcrypto/man/EVP_chacha20.3 head/secure/lib/libcrypto/man/EVP_des.3 head/secure/lib/libcrypto/man/EVP_desx_cbc.3 head/secure/lib/libcrypto/man/EVP_idea_cbc.3 head/secure/lib/libcrypto/man/EVP_md2.3 head/secure/lib/libcrypto/man/EVP_md4.3 head/secure/lib/libcrypto/man/EVP_md5.3 head/secure/lib/libcrypto/man/EVP_mdc2.3 head/secure/lib/libcrypto/man/EVP_rc2_cbc.3 head/secure/lib/libcrypto/man/EVP_rc4.3 head/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 head/secure/lib/libcrypto/man/EVP_ripemd160.3 head/secure/lib/libcrypto/man/EVP_seed_cbc.3 head/secure/lib/libcrypto/man/EVP_sha1.3 head/secure/lib/libcrypto/man/EVP_sha224.3 head/secure/lib/libcrypto/man/EVP_sha3_224.3 head/secure/lib/libcrypto/man/EVP_sm3.3 head/secure/lib/libcrypto/man/EVP_sm4_cbc.3 head/secure/lib/libcrypto/man/EVP_whirlpool.3 head/secure/lib/libcrypto/man/HMAC.3 head/secure/lib/libcrypto/man/MD5.3 head/secure/lib/libcrypto/man/MDC2_Init.3 head/secure/lib/libcrypto/man/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 head/secure/lib/libcrypto/man/OCSP_cert_to_id.3 head/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 head/secure/lib/libcrypto/man/OCSP_resp_find_status.3 head/secure/lib/libcrypto/man/OCSP_response_status.3 head/secure/lib/libcrypto/man/OCSP_sendreq_new.3 head/secure/lib/libcrypto/man/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 head/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 head/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/OPENSSL_config.3 head/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 head/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 head/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 head/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/OPENSSL_malloc.3 head/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 head/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 head/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 head/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 head/secure/lib/libcrypto/man/OSSL_STORE_expect.3 head/secure/lib/libcrypto/man/OSSL_STORE_open.3 head/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 head/secure/lib/libcrypto/man/PEM_read.3 head/secure/lib/libcrypto/man/PEM_read_CMS.3 head/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 head/secure/lib/libcrypto/man/PEM_read_bio_ex.3 head/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/PKCS12_create.3 head/secure/lib/libcrypto/man/PKCS12_newpass.3 head/secure/lib/libcrypto/man/PKCS12_parse.3 head/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 head/secure/lib/libcrypto/man/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/PKCS7_sign.3 head/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/PKCS7_verify.3 head/secure/lib/libcrypto/man/RAND_DRBG_generate.3 head/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 head/secure/lib/libcrypto/man/RAND_DRBG_new.3 head/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 head/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 head/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 head/secure/lib/libcrypto/man/RAND_add.3 head/secure/lib/libcrypto/man/RAND_bytes.3 head/secure/lib/libcrypto/man/RAND_cleanup.3 head/secure/lib/libcrypto/man/RAND_egd.3 head/secure/lib/libcrypto/man/RAND_load_file.3 head/secure/lib/libcrypto/man/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/RC4_set_key.3 head/secure/lib/libcrypto/man/RIPEMD160_Init.3 head/secure/lib/libcrypto/man/RSA_blinding_on.3 head/secure/lib/libcrypto/man/RSA_check_key.3 head/secure/lib/libcrypto/man/RSA_generate_key.3 head/secure/lib/libcrypto/man/RSA_get0_key.3 head/secure/lib/libcrypto/man/RSA_meth_new.3 head/secure/lib/libcrypto/man/RSA_new.3 head/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/RSA_print.3 head/secure/lib/libcrypto/man/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/RSA_set_method.3 head/secure/lib/libcrypto/man/RSA_sign.3 head/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/RSA_size.3 head/secure/lib/libcrypto/man/SCT_new.3 head/secure/lib/libcrypto/man/SCT_print.3 head/secure/lib/libcrypto/man/SCT_validate.3 head/secure/lib/libcrypto/man/SHA256_Init.3 head/secure/lib/libcrypto/man/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 head/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 head/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libcrypto/man/SSL_CONF_cmd.3 head/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 head/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 head/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libcrypto/man/SSL_CTX_add_session.3 head/secure/lib/libcrypto/man/SSL_CTX_config.3 head/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 head/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 head/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 head/secure/lib/libcrypto/man/SSL_CTX_free.3 head/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 head/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 head/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 head/secure/lib/libcrypto/man/SSL_CTX_new.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_sessions.3 head/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 head/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 head/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 head/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 head/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 head/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 head/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 head/secure/lib/libcrypto/man/SSL_CTX_set_options.3 head/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 head/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 head/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 head/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 head/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 head/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 head/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 head/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 head/secure/lib/libcrypto/man/SSL_SESSION_free.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 head/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 head/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 head/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 head/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 head/secure/lib/libcrypto/man/SSL_SESSION_print.3 head/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 head/secure/lib/libcrypto/man/SSL_accept.3 head/secure/lib/libcrypto/man/SSL_alert_type_string.3 head/secure/lib/libcrypto/man/SSL_alloc_buffers.3 head/secure/lib/libcrypto/man/SSL_check_chain.3 head/secure/lib/libcrypto/man/SSL_clear.3 head/secure/lib/libcrypto/man/SSL_connect.3 head/secure/lib/libcrypto/man/SSL_do_handshake.3 head/secure/lib/libcrypto/man/SSL_export_keying_material.3 head/secure/lib/libcrypto/man/SSL_extension_supported.3 head/secure/lib/libcrypto/man/SSL_free.3 head/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 head/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 head/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 head/secure/lib/libcrypto/man/SSL_get_ciphers.3 head/secure/lib/libcrypto/man/SSL_get_client_random.3 head/secure/lib/libcrypto/man/SSL_get_current_cipher.3 head/secure/lib/libcrypto/man/SSL_get_default_timeout.3 head/secure/lib/libcrypto/man/SSL_get_error.3 head/secure/lib/libcrypto/man/SSL_get_extms_support.3 head/secure/lib/libcrypto/man/SSL_get_fd.3 head/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 head/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 head/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 head/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 head/secure/lib/libcrypto/man/SSL_get_psk_identity.3 head/secure/lib/libcrypto/man/SSL_get_rbio.3 head/secure/lib/libcrypto/man/SSL_get_session.3 head/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 head/secure/lib/libcrypto/man/SSL_get_verify_result.3 head/secure/lib/libcrypto/man/SSL_get_version.3 head/secure/lib/libcrypto/man/SSL_in_init.3 head/secure/lib/libcrypto/man/SSL_key_update.3 head/secure/lib/libcrypto/man/SSL_library_init.3 head/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 head/secure/lib/libcrypto/man/SSL_new.3 head/secure/lib/libcrypto/man/SSL_pending.3 head/secure/lib/libcrypto/man/SSL_read.3 head/secure/lib/libcrypto/man/SSL_read_early_data.3 head/secure/lib/libcrypto/man/SSL_rstate_string.3 head/secure/lib/libcrypto/man/SSL_session_reused.3 head/secure/lib/libcrypto/man/SSL_set1_host.3 head/secure/lib/libcrypto/man/SSL_set_bio.3 head/secure/lib/libcrypto/man/SSL_set_connect_state.3 head/secure/lib/libcrypto/man/SSL_set_fd.3 head/secure/lib/libcrypto/man/SSL_set_session.3 head/secure/lib/libcrypto/man/SSL_set_shutdown.3 head/secure/lib/libcrypto/man/SSL_set_verify_result.3 head/secure/lib/libcrypto/man/SSL_shutdown.3 head/secure/lib/libcrypto/man/SSL_state_string.3 head/secure/lib/libcrypto/man/SSL_want.3 head/secure/lib/libcrypto/man/SSL_write.3 head/secure/lib/libcrypto/man/UI_STRING.3 head/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 head/secure/lib/libcrypto/man/UI_create_method.3 head/secure/lib/libcrypto/man/UI_new.3 head/secure/lib/libcrypto/man/X509V3_get_d2i.3 head/secure/lib/libcrypto/man/X509_ALGOR_dup.3 head/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 head/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 head/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 head/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 head/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/X509_NAME_get0_der.3 head/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/X509_PUBKEY_new.3 head/secure/lib/libcrypto/man/X509_SIG_get0.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/X509_STORE_add_cert.3 head/secure/lib/libcrypto/man/X509_STORE_get0_param.3 head/secure/lib/libcrypto/man/X509_STORE_new.3 head/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/X509_check_ca.3 head/secure/lib/libcrypto/man/X509_check_host.3 head/secure/lib/libcrypto/man/X509_check_issued.3 head/secure/lib/libcrypto/man/X509_check_private_key.3 head/secure/lib/libcrypto/man/X509_cmp_time.3 head/secure/lib/libcrypto/man/X509_digest.3 head/secure/lib/libcrypto/man/X509_dup.3 head/secure/lib/libcrypto/man/X509_get0_notBefore.3 head/secure/lib/libcrypto/man/X509_get0_signature.3 head/secure/lib/libcrypto/man/X509_get0_uids.3 head/secure/lib/libcrypto/man/X509_get_extension_flags.3 head/secure/lib/libcrypto/man/X509_get_pubkey.3 head/secure/lib/libcrypto/man/X509_get_serialNumber.3 head/secure/lib/libcrypto/man/X509_get_subject_name.3 head/secure/lib/libcrypto/man/X509_get_version.3 head/secure/lib/libcrypto/man/X509_new.3 head/secure/lib/libcrypto/man/X509_sign.3 head/secure/lib/libcrypto/man/X509_verify_cert.3 head/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 head/secure/lib/libcrypto/man/d2i_DHparams.3 head/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 head/secure/lib/libcrypto/man/d2i_PrivateKey.3 head/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 head/secure/lib/libcrypto/man/d2i_X509.3 head/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 head/secure/lib/libcrypto/man/o2i_SCT_LIST.3 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/engine.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/list.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/prime.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/srp.1 head/secure/usr.bin/openssl/man/storeutl.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Tue May 28 21:10:35 2019 (r348339) +++ head/crypto/openssl/CHANGES Tue May 28 21:54:12 2019 (r348340) @@ -7,6 +7,77 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1b and 1.1.1c [28 May 2019] + + *) Add build tests for C++. These are generated files that only do one + thing, to include one public OpenSSL head file each. This tests that + the public header files can be usefully included in a C++ application. + + This test isn't enabled by default. It can be enabled with the option + 'enable-buildtest-c++'. + [Richard Levitte] + + *) Enable SHA3 pre-hashing for ECDSA and DSA. + [Patrick Steuer] + + *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024. + This changes the size when using the genpkey app when no size is given. It + fixes an omission in earlier changes that changed all RSA, DSA and DH + generation apps to use 2048 bits by default. + [Kurt Roeckx] + + *) Reorganize the manual pages to consistently have RETURN VALUES, + EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust + util/fix-doc-nits accordingly. + [Paul Yang, Joshua Lock] + + *) Add the missing accessor EVP_PKEY_get0_engine() + [Matt Caswell] + + *) Have apps like 's_client' and 's_server' output the signature scheme + along with other cipher suite parameters when debugging. + [Lorinczy Zsigmond] + + *) Make OPENSSL_config() error agnostic again. + [Richard Levitte] + + *) Do the error handling in RSA decryption constant time. + [Bernd Edlinger] + + *) Prevent over long nonces in ChaCha20-Poly1305. + + ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input + for every encryption operation. RFC 7539 specifies that the nonce value + (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length + and front pads the nonce with 0 bytes if it is less than 12 + bytes. However it also incorrectly allows a nonce to be set of up to 16 + bytes. In this case only the last 12 bytes are significant and any + additional leading bytes are ignored. + + It is a requirement of using this cipher that nonce values are + unique. Messages encrypted using a reused nonce value are susceptible to + serious confidentiality and integrity attacks. If an application changes + the default nonce length to be longer than 12 bytes and then makes a + change to the leading bytes of the nonce expecting the new value to be a + new unique nonce then such an application could inadvertently encrypt + messages with a reused nonce. + + Additionally the ignored bytes in a long nonce are not covered by the + integrity guarantee of this cipher. Any application that relies on the + integrity of these ignored leading bytes of a long nonce may be further + affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, + is safe because no such use sets such a long nonce value. However user + applications that use this cipher directly and set a non-default nonce + length to be longer than 12 bytes may be vulnerable. + + This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk + Greef of Ronomon. + (CVE-2019-1543) + [Matt Caswell] + + *) Ensure that SM2 only uses SM3 as digest algorithm + [Paul Yang] + Changes between 1.1.1a and 1.1.1b [26 Feb 2019] *) Added SCA hardening for modular field inversion in EC_GROUP through Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Tue May 28 21:10:35 2019 (r348339) +++ head/crypto/openssl/Configure Tue May 28 21:54:12 2019 (r348340) @@ -24,7 +24,7 @@ use OpenSSL::Glob; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; -my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -54,16 +54,14 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable- # [no-]threads [don't] try to create a library that is suitable for # multithreaded applications (default is "threads" if we # know how to do it) -# [no-]shared [don't] try to create shared libraries when supported. +# [no-]shared [don't] try to create shared libraries when supported. # [no-]pic [don't] try to build position independent code when supported. # If disabled, it also disables shared and dynamic-engine. # no-asm do not use assembler -# no-dso do not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. # no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. -# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared -# library and will be loaded in run-time by the OpenSSL library. +# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared +# library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # enable-weak-ssl-ciphers # Enable weak ciphers that are disabled by default. @@ -75,7 +73,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable- # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, -# namely no-dso, no-pic, no-shared and no-threads. It is +# namely no-pic, no-shared and no-threads. It is # argued that the only reason to produce statically linked # binaries (and in context it means executables linked with # -static flag, and not just executables linked with static @@ -90,21 +88,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable- # production quality. # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items -# provided to stack calls. Generates unique stack functions for -# each possible stack type. -# BN_LLONG use the type 'long long' in crypto/bn/bn.h -# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h +# provided to stack calls. Generates unique stack functions for +# each possible stack type. +# BN_LLONG use the type 'long long' in crypto/bn/bn.h +# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h # Following are set automatically by this script # -# MD5_ASM use some extra md5 assembler, -# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 -# RMD160_ASM use some extra ripemd160 assembler, -# SHA256_ASM sha256_block is implemented in assembler -# SHA512_ASM sha512_block is implemented in assembler -# AES_ASM AES_[en|de]crypt is implemented in assembler +# MD5_ASM use some extra md5 assembler, +# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assembler, +# SHA256_ASM sha256_block is implemented in assembler +# SHA512_ASM sha512_block is implemented in assembler +# AES_ASM AES_[en|de]crypt is implemented in assembler -# Minimum warning options... any contributions to OpenSSL should at least get -# past these. +# Minimum warning options... any contributions to OpenSSL should at least +# get past these. Note that we only use these with C compilers, not with +# C++ compilers. # DEBUG_UNUSED enables __owur (warn unused result) checks. # -DPEDANTIC complements -pedantic and is meant to mask code that @@ -119,22 +118,23 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable- # code, so we just tell compiler to be pedantic about everything # but 'long long' type. -my $gcc_devteam_warn = "-DDEBUG_UNUSED" - . " -DPEDANTIC -pedantic -Wno-long-long" - . " -Wall" - . " -Wextra" - . " -Wno-unused-parameter" - . " -Wno-missing-field-initializers" - . " -Wswitch" - . " -Wsign-compare" - . " -Wmissing-prototypes" - . " -Wstrict-prototypes" - . " -Wshadow" - . " -Wformat" - . " -Wtype-limits" - . " -Wundef" - . " -Werror" - ; +my @gcc_devteam_warn = qw( + -DDEBUG_UNUSED + -DPEDANTIC -pedantic -Wno-long-long + -Wall + -Wextra + -Wno-unused-parameter + -Wno-missing-field-initializers + -Wswitch + -Wsign-compare + -Wshadow + -Wformat + -Wtype-limits + -Wundef + -Werror + -Wmissing-prototypes + -Wstrict-prototypes +); # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the @@ -144,19 +144,16 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code -# -Wunused-function -- no, it forces header use of safestack et al -# DEFINE macros -my $clang_devteam_warn = "" - . " -Wswitch-default" - . " -Wno-parentheses-equality" - . " -Wno-language-extension-token" - . " -Wno-extended-offsetof" - . " -Wconditional-uninitialized" - . " -Wincompatible-pointer-types-discards-qualifiers" - . " -Wmissing-variable-declarations" - . " -Wno-unknown-warning-option" - . " -Wno-unused-function" - ; +my @clang_devteam_warn = qw( + -Wswitch-default + -Wno-parentheses-equality + -Wno-language-extension-token + -Wno-extended-offsetof + -Wconditional-uninitialized + -Wincompatible-pointer-types-discards-qualifiers + -Wno-unknown-warning-option + -Wmissing-variable-declarations +); # This adds backtrace information to the memory leak info. Is only used # when crypto-mdebug-backtrace is enabled. @@ -225,20 +222,20 @@ if (grep /^reconf(igure)?$/, @argvcopy) { die "reconfiguring with other arguments present isn't supported" if scalar @argvcopy > 1; if (-f "./configdata.pm") { - my $file = "./configdata.pm"; - unless (my $return = do $file) { - die "couldn't parse $file: $@" if $@; + my $file = "./configdata.pm"; + unless (my $return = do $file) { + die "couldn't parse $file: $@" if $@; die "couldn't do $file: $!" unless defined $return; die "couldn't run $file" unless $return; - } + } - @argvcopy = defined($configdata::config{perlargv}) ? - @{$configdata::config{perlargv}} : (); - die "Incorrect data to reconfigure, please do a normal configuration\n" - if (grep(/^reconf/,@argvcopy)); - $config{perlenv} = $configdata::config{perlenv} // {}; + @argvcopy = defined($configdata::config{perlargv}) ? + @{$configdata::config{perlargv}} : (); + die "Incorrect data to reconfigure, please do a normal configuration\n" + if (grep(/^reconf/,@argvcopy)); + $config{perlenv} = $configdata::config{perlenv} // {}; } else { - die "Insufficient data to reconfigure, please do a normal configuration\n"; + die "Insufficient data to reconfigure, please do a normal configuration\n"; } } @@ -253,8 +250,8 @@ $config{shlib_version_history} = "unknown"; collect_information( collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')), qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; }, - qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 }, - qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 }, + qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 }, + qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 }, qr/SHLIB_VERSION_HISTORY *"([^"]*)"/ => sub { $config{shlib_version_history}=$1 } ); if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; } @@ -266,7 +263,7 @@ if ($config{shlib_version_history} ne "") { $config{sh die "erroneous version information in opensslv.h: ", "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n" if ($config{major} eq "" || $config{minor} eq "" - || $config{shlib_major} eq "" || $config{shlib_minor} eq ""); + || $config{shlib_major} eq "" || $config{shlib_minor} eq ""); # Collect target configurations @@ -335,6 +332,7 @@ my @disablables = ( "autoload-config", "bf", "blake2", + "buildtest-c\\+\\+", "camellia", "capieng", "cast", @@ -351,7 +349,6 @@ my @disablables = ( "dgram", "dh", "dsa", - "dso", "dtls", "dynamic-engine", "ec", @@ -419,71 +416,70 @@ my @disablables = ( "zlib-dynamic", ); foreach my $proto ((@tls, @dtls)) - { - push(@disablables, $proto); - push(@disablables, "$proto-method") unless $proto eq "tls1_3"; - } + { + push(@disablables, $proto); + push(@disablables, "$proto-method") unless $proto eq "tls1_3"; + } my %deprecated_disablables = ( "ssl2" => undef, "buf-freelists" => undef, "ripemd" => "rmd160", "ui" => "ui-console", + "dso" => "", # Empty string means we're silent about it ); # All of the following are disabled by default: our %disabled = ( # "what" => "comment" - "asan" => "default", - "crypto-mdebug" => "default", - "crypto-mdebug-backtrace" => "default", - "devcryptoeng" => "default", - "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "external-tests" => "default", - "fuzz-libfuzzer" => "default", - "fuzz-afl" => "default", - "heartbeats" => "default", - "md2" => "default", + "asan" => "default", + "buildtest-c++" => "default", + "crypto-mdebug" => "default", + "crypto-mdebug-backtrace" => "default", + "devcryptoeng" => "default", + "ec_nistp_64_gcc_128" => "default", + "egd" => "default", + "external-tests" => "default", + "fuzz-libfuzzer" => "default", + "fuzz-afl" => "default", + "heartbeats" => "default", + "md2" => "default", "msan" => "default", - "rc5" => "default", - "sctp" => "default", - "ssl-trace" => "default", - "ssl3" => "default", - "ssl3-method" => "default", - "ubsan" => "default", - "unit-test" => "default", - "weak-ssl-ciphers" => "default", - "zlib" => "default", - "zlib-dynamic" => "default", - ); + "rc5" => "default", + "sctp" => "default", + "ssl-trace" => "default", + "ssl3" => "default", + "ssl3-method" => "default", + "ubsan" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + ); # Note: => pair form used for aesthetics, not to truly make a hash table my @disable_cascades = ( - # "what" => [ "cascade", ... ] + # "what" => [ "cascade", ... ] sub { $config{processor} eq "386" } - => [ "sse2" ], - "ssl" => [ "ssl3" ], - "ssl3-method" => [ "ssl3" ], - "zlib" => [ "zlib-dynamic" ], - "des" => [ "mdc2" ], - "ec" => [ "ecdsa", "ecdh" ], + => [ "sse2" ], + "ssl" => [ "ssl3" ], + "ssl3-method" => [ "ssl3" ], + "zlib" => [ "zlib-dynamic" ], + "des" => [ "mdc2" ], + "ec" => [ "ecdsa", "ecdh" ], - "dgram" => [ "dtls", "sctp" ], - "sock" => [ "dgram" ], - "dtls" => [ @dtls ], + "dgram" => [ "dtls", "sctp" ], + "sock" => [ "dgram" ], + "dtls" => [ @dtls ], sub { 0 == scalar grep { !$disabled{$_} } @dtls } - => [ "dtls" ], + => [ "dtls" ], - "tls" => [ @tls ], + "tls" => [ @tls ], sub { 0 == scalar grep { !$disabled{$_} } @tls } - => [ "tls" ], + => [ "tls" ], "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # Without DSO, we can't load dynamic engines, so don't build them dynamic - "dso" => [ "dynamic-engine" ], - # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], @@ -510,14 +506,14 @@ my @list = (reverse @tls); while ((my $first, my $second) = (shift @list, shift @list)) { last unless @list; push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); + => [ @list ] ); unshift @list, $second; } my @list = (reverse @dtls); while ((my $first, my $second) = (shift @list, shift @list)) { last unless @list; push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); + => [ @list ] ); unshift @list, $second; } @@ -544,24 +540,24 @@ my %user = ( AS => undef, ASFLAGS => [], CC => env('CC'), - CFLAGS => [], + CFLAGS => [ env('CFLAGS') || () ], CXX => env('CXX'), - CXXFLAGS => [], + CXXFLAGS => [ env('CXXFLAGS') || () ], CPP => undef, - CPPFLAGS => [], # -D, -I, -Wp, + CPPFLAGS => [ env('CPPFLAGS') || () ], # -D, -I, -Wp, CPPDEFINES => [], # Alternative for -D CPPINCLUDES => [], # Alternative for -I CROSS_COMPILE => env('CROSS_COMPILE'), HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'), LD => undef, - LDFLAGS => [], # -L, -Wl, - LDLIBS => [], # -l + LDFLAGS => [ env('LDFLAGS') || () ], # -L, -Wl, + LDLIBS => [ env('LDLIBS') || () ], # -l MT => undef, MTFLAGS => [], PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"), RANLIB => env('RANLIB'), RC => env('RC') || env('WINDRES'), - RCFLAGS => [], + RCFLAGS => [ env('RCFLAGS') || () ], RM => undef, ); # Info about what "make variables" may be prefixed with the cross compiler @@ -578,6 +574,7 @@ my %useradd = ( CXXFLAGS => [], LDFLAGS => [], LDLIBS => [], + RCFLAGS => [], ); my %user_synonyms = ( @@ -625,43 +622,43 @@ my %deprecated_options = (); my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom); my @seed_sources = (); while (@argvcopy) - { - $_ = shift @argvcopy; + { + $_ = shift @argvcopy; - # Support env variable assignments among the options - if (m|^(\w+)=(.+)?$|) - { - $cmdvars{$1} = $2; - # Every time a variable is given as a configuration argument, - # it acts as a reset if the variable. - if (exists $user{$1}) - { - $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; - } - #if (exists $useradd{$1}) - # { - # $useradd{$1} = []; - # } - next; - } + # Support env variable assignments among the options + if (m|^(\w+)=(.+)?$|) + { + $cmdvars{$1} = $2; + # Every time a variable is given as a configuration argument, + # it acts as a reset if the variable. + if (exists $user{$1}) + { + $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; + } + #if (exists $useradd{$1}) + # { + # $useradd{$1} = []; + # } + next; + } - # VMS is a case insensitive environment, and depending on settings - # out of our control, we may receive options uppercased. Let's - # downcase at least the part before any equal sign. - if ($^O eq "VMS") - { - s/^([^=]*)/lc($1)/e; - } + # VMS is a case insensitive environment, and depending on settings + # out of our control, we may receive options uppercased. Let's + # downcase at least the part before any equal sign. + if ($^O eq "VMS") + { + s/^([^=]*)/lc($1)/e; + } - # some people just can't read the instructions, clang people have to... - s/^-no-(?!integrated-as)/no-/; + # some people just can't read the instructions, clang people have to... + s/^-no-(?!integrated-as)/no-/; - # rewrite some options in "enable-..." form - s /^-?-?shared$/enable-shared/; - s /^sctp$/enable-sctp/; - s /^threads$/enable-threads/; - s /^zlib$/enable-zlib/; - s /^zlib-dynamic$/enable-zlib-dynamic/; + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^sctp$/enable-sctp/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; if (/^(no|disable|enable)-(.+)$/) { @@ -715,21 +712,24 @@ while (@argvcopy) } elsif (exists $deprecated_disablables{$1}) { - $deprecated_options{$_} = 1; - if (defined $deprecated_disablables{$1}) + if ($deprecated_disablables{$1} ne "") { - $disabled{$deprecated_disablables{$1}} = "option"; + $deprecated_options{$_} = 1; + if (defined $deprecated_disablables{$1}) + { + $disabled{$deprecated_disablables{$1}} = "option"; + } } } else { $disabled{$1} = "option"; } - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^enable-(.+)$/) - { + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^enable-(.+)$/) + { if ($1 eq "static-engine") { $disabled{"dynamic-engine"} = "option"; @@ -742,173 +742,172 @@ while (@argvcopy) { delete $disabled{"zlib"}; } - my $algo = $1; - delete $disabled{$algo}; + my $algo = $1; + delete $disabled{$algo}; - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^--strict-warnings$/) - { - $strict_warnings = 1; - } - elsif (/^--debug$/) - { - $config{build_type} = "debug"; - } - elsif (/^--release$/) - { - $config{build_type} = "release"; - } - elsif (/^386$/) - { $config{processor}=386; } - elsif (/^fips$/) - { - die "FIPS mode not supported\n"; - } - elsif (/^rsaref$/) - { - # No RSAref support any more since it's not needed. - # The check for the option is there so scripts aren't - # broken - } - elsif (/^nofipscanistercheck$/) - { - die "FIPS mode not supported\n"; - } - elsif (/^[-+]/) - { - if (/^--prefix=(.*)$/) - { - $config{prefix}=$1; - die "Directory given with --prefix MUST be absolute\n" - unless file_name_is_absolute($config{prefix}); - } - elsif (/^--api=(.*)$/) - { - $config{api}=$1; - } - elsif (/^--libdir=(.*)$/) - { - $config{libdir}=$1; - } - elsif (/^--openssldir=(.*)$/) - { - $config{openssldir}=$1; - } - elsif (/^--with-zlib-lib=(.*)$/) - { - $withargs{zlib_lib}=$1; - } - elsif (/^--with-zlib-include=(.*)$/) - { - $withargs{zlib_include}=$1; - } - elsif (/^--with-fuzzer-lib=(.*)$/) - { - $withargs{fuzzer_lib}=$1; - } - elsif (/^--with-fuzzer-include=(.*)$/) - { - $withargs{fuzzer_include}=$1; - } - elsif (/^--with-rand-seed=(.*)$/) - { - foreach my $x (split(m|,|, $1)) - { - die "Unknown --with-rand-seed choice $x\n" - if ! grep { $x eq $_ } @known_seed_sources; - push @seed_sources, $x; - } + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^--strict-warnings$/) + { + # Pretend that our strict flags is a C flag, and replace it + # with the proper flags later on + push @{$useradd{CFLAGS}}, '--ossl-strict-warnings'; + $strict_warnings=1; + } + elsif (/^--debug$/) + { + $config{build_type} = "debug"; + } + elsif (/^--release$/) + { + $config{build_type} = "release"; + } + elsif (/^386$/) + { $config{processor}=386; } + elsif (/^fips$/) + { + die "FIPS mode not supported\n"; + } + elsif (/^rsaref$/) + { + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken + } + elsif (/^nofipscanistercheck$/) + { + die "FIPS mode not supported\n"; + } + elsif (/^[-+]/) + { + if (/^--prefix=(.*)$/) + { + $config{prefix}=$1; + die "Directory given with --prefix MUST be absolute\n" + unless file_name_is_absolute($config{prefix}); } - elsif (/^--cross-compile-prefix=(.*)$/) - { - $user{CROSS_COMPILE}=$1; - } - elsif (/^--config=(.*)$/) - { - read_config $1; - } - elsif (/^-l(.*)$/) - { - push @{$useradd{LDLIBS}}, $_; - } - elsif (/^-framework$/) - { - push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); - } - elsif (/^-L(.*)$/ or /^-Wl,/) - { - push @{$useradd{LDFLAGS}}, $_; - } - elsif (/^-rpath$/ or /^-R$/) - # -rpath is the OSF1 rpath flag - # -R is the old Solaris rpath flag - { - my $rpath = shift(@argvcopy) || ""; - $rpath .= " " if $rpath ne ""; - push @{$useradd{LDFLAGS}}, $_, $rpath; - } - elsif (/^-static$/) - { - push @{$useradd{LDFLAGS}}, $_; - $disabled{"dso"} = "forced"; - $disabled{"pic"} = "forced"; - $disabled{"shared"} = "forced"; - $disabled{"threads"} = "forced"; - } - elsif (/^-D(.*)$/) - { - push @{$useradd{CPPDEFINES}}, $1; - } - elsif (/^-I(.*)$/) - { - push @{$useradd{CPPINCLUDES}}, $1; - } - elsif (/^-Wp,$/) - { - push @{$useradd{CPPFLAGS}}, $1; - } - else # common if (/^[-+]/), just pass down... - { - $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - push @{$useradd{CFLAGS}}, $_; - push @{$useradd{CXXFLAGS}}, $_; - } - } - else - { - die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); - $target=$_; - } - unless ($_ eq $target || /^no-/ || /^disable-/) - { - # "no-..." follows later after implied deactivations - # have been derived. (Don't take this too seriously, - # we really only write OPTIONS to the Makefile out of - # nostalgia.) + elsif (/^--api=(.*)$/) + { + $config{api}=$1; + } + elsif (/^--libdir=(.*)$/) + { + $config{libdir}=$1; + } + elsif (/^--openssldir=(.*)$/) + { + $config{openssldir}=$1; + } + elsif (/^--with-zlib-lib=(.*)$/) + { + $withargs{zlib_lib}=$1; + } + elsif (/^--with-zlib-include=(.*)$/) + { + $withargs{zlib_include}=$1; + } + elsif (/^--with-fuzzer-lib=(.*)$/) + { + $withargs{fuzzer_lib}=$1; + } + elsif (/^--with-fuzzer-include=(.*)$/) + { + $withargs{fuzzer_include}=$1; + } + elsif (/^--with-rand-seed=(.*)$/) + { + foreach my $x (split(m|,|, $1)) + { + die "Unknown --with-rand-seed choice $x\n" + if ! grep { $x eq $_ } @known_seed_sources; + push @seed_sources, $x; + } + } + elsif (/^--cross-compile-prefix=(.*)$/) + { + $user{CROSS_COMPILE}=$1; + } + elsif (/^--config=(.*)$/) + { + read_config $1; + } + elsif (/^-l(.*)$/) + { + push @{$useradd{LDLIBS}}, $_; + } + elsif (/^-framework$/) + { + push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); + } + elsif (/^-L(.*)$/ or /^-Wl,/) + { + push @{$useradd{LDFLAGS}}, $_; + } + elsif (/^-rpath$/ or /^-R$/) + # -rpath is the OSF1 rpath flag + # -R is the old Solaris rpath flag + { + my $rpath = shift(@argvcopy) || ""; + $rpath .= " " if $rpath ne ""; + push @{$useradd{LDFLAGS}}, $_, $rpath; + } + elsif (/^-static$/) + { + push @{$useradd{LDFLAGS}}, $_; + } + elsif (/^-D(.*)$/) + { + push @{$useradd{CPPDEFINES}}, $1; + } + elsif (/^-I(.*)$/) + { + push @{$useradd{CPPINCLUDES}}, $1; + } + elsif (/^-Wp,$/) + { + push @{$useradd{CPPFLAGS}}, $1; + } + else # common if (/^[-+]/), just pass down... + { + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; + } + } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied deactivations + # have been derived. (Don't take this too seriously, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) - if ($config{options} eq "") - { $config{options} = $_; } - else - { $config{options} .= " ".$_; } - } - } + if ($config{options} eq "") + { $config{options} = $_; } + else + { $config{options} .= " ".$_; } + } + } if (defined($config{api}) && !exists $apitable->{$config{api}}) { - die "***** Unsupported api compatibility level: $config{api}\n", + die "***** Unsupported api compatibility level: $config{api}\n", } if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } # If any %useradd entry has been set, we must check that the "make # variables" haven't been set. We start by checking of any %useradd entry @@ -964,36 +963,46 @@ if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFL && !$disabled{shared} && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { die "***** Cannot simultaneously use -rpath, shared libraries, and\n", - "***** any of asan, msan or ubsan\n"; + "***** any of asan, msan or ubsan\n"; } -my @tocheckfor = (keys %disabled); -while (@tocheckfor) { - my %new_tocheckfor = (); - my @cascade_copy = (@disable_cascades); - while (@cascade_copy) { - my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy); - if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { - foreach(grep { !defined($disabled{$_}) } @$descendents) { - $new_tocheckfor{$_} = 1; $disabled{$_} = "forced"; - } - } +sub disable { + my $disable_type = shift; + + for (@_) { + $disabled{$_} = $disable_type; } - @tocheckfor = (keys %new_tocheckfor); + + my @tocheckfor = (@_ ? @_ : keys %disabled); + while (@tocheckfor) { + my %new_tocheckfor = (); + my @cascade_copy = (@disable_cascades); + while (@cascade_copy) { + my ($test, $descendents) = + (shift @cascade_copy, shift @cascade_copy); + if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { + foreach (grep { !defined($disabled{$_}) } @$descendents) { + $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade"; + } + } + } + @tocheckfor = (keys %new_tocheckfor); + } } +disable(); # First cascade run our $die = sub { die @_; }; if ($target eq "TABLE") { local $die = sub { warn @_; }; foreach (sort keys %table) { - print_table_entry($_, "TABLE"); + print_table_entry($_, "TABLE"); } exit 0; } if ($target eq "LIST") { foreach (sort keys %table) { - print $_,"\n" unless $table{$_}->{template}; + print $_,"\n" unless $table{$_}->{template}; } exit 0; } @@ -1002,7 +1011,7 @@ if ($target eq "HASH") { local $die = sub { warn @_; }; print "%table = (\n"; foreach (sort keys %table) { - print_table_entry($_, "HASH"); + print_table_entry($_, "HASH"); } exit 0; } @@ -1033,7 +1042,7 @@ _____ } push @{$config{openssl_other_defines}}, map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" } - @seed_sources; + @seed_sources; # Backward compatibility? if ($target =~ m/^CygWin32(-.*)$/) { @@ -1047,7 +1056,7 @@ if ($d) { # If we do not find debug-foo in the table, the target is set to foo. if (!$table{$target}) { - $target = $t; + $target = $t; } } @@ -1064,47 +1073,11 @@ foreach (keys %target_attr_translate) { %target = ( %{$table{DEFAULTS}}, %target ); -# Make the flags to build DSOs the same as for shared libraries unless they -# are already defined -$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; -$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; -$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905282154.x4SLsDLj016089>