From owner-svn-src-all@freebsd.org Fri Aug 17 18:33:00 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 802001077EDE; Fri, 17 Aug 2018 18:32:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3344F8D49C; Fri, 17 Aug 2018 18:32:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 149564728; Fri, 17 Aug 2018 18:32:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7HIWx0c086604; Fri, 17 Aug 2018 18:32:59 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7HIWrSP086571; Fri, 17 Aug 2018 18:32:53 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201808171832.w7HIWrSP086571@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Fri, 17 Aug 2018 18:32:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r337982 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/a... X-SVN-Group: stable-11 X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm crypto/openssl/crypto/... X-SVN-Commit-Revision: 337982 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Aug 2018 18:33:00 -0000 Author: jkim Date: Fri Aug 17 18:32:53 2018 New Revision: 337982 URL: https://svnweb.freebsd.org/changeset/base/337982 Log: MFC: r337791 Merge OpenSSL 1.0.2p. Added: stable/11/crypto/openssl/crypto/bn_int.h - copied unchanged from r337791, head/crypto/openssl/crypto/bn_int.h stable/11/crypto/openssl/doc/man3/ - copied from r337791, head/crypto/openssl/doc/man3/ stable/11/secure/lib/libcrypto/man/X509_cmp_time.3 - copied unchanged from r337791, head/secure/lib/libcrypto/man/X509_cmp_time.3 Modified: stable/11/crypto/openssl/CHANGES stable/11/crypto/openssl/CONTRIBUTING stable/11/crypto/openssl/Configure stable/11/crypto/openssl/Makefile stable/11/crypto/openssl/NEWS stable/11/crypto/openssl/README stable/11/crypto/openssl/apps/apps.c stable/11/crypto/openssl/apps/asn1pars.c stable/11/crypto/openssl/apps/ca.c stable/11/crypto/openssl/apps/ocsp.c stable/11/crypto/openssl/apps/passwd.c stable/11/crypto/openssl/apps/s_apps.h stable/11/crypto/openssl/apps/s_client.c stable/11/crypto/openssl/apps/s_server.c stable/11/crypto/openssl/apps/s_socket.c stable/11/crypto/openssl/apps/verify.c stable/11/crypto/openssl/crypto/Makefile stable/11/crypto/openssl/crypto/asn1/a_bool.c stable/11/crypto/openssl/crypto/asn1/a_object.c stable/11/crypto/openssl/crypto/asn1/a_strex.c stable/11/crypto/openssl/crypto/asn1/ameth_lib.c stable/11/crypto/openssl/crypto/asn1/asn1.h stable/11/crypto/openssl/crypto/asn1/asn1_err.c stable/11/crypto/openssl/crypto/asn1/tasn_enc.c stable/11/crypto/openssl/crypto/bio/bss_log.c stable/11/crypto/openssl/crypto/bio/bss_mem.c stable/11/crypto/openssl/crypto/bn/Makefile stable/11/crypto/openssl/crypto/bn/asm/armv4-mont.pl stable/11/crypto/openssl/crypto/bn/asm/ia64-mont.pl stable/11/crypto/openssl/crypto/bn/asm/mips-mont.pl stable/11/crypto/openssl/crypto/bn/asm/parisc-mont.pl stable/11/crypto/openssl/crypto/bn/asm/ppc-mont.pl stable/11/crypto/openssl/crypto/bn/asm/ppc64-mont.pl stable/11/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl stable/11/crypto/openssl/crypto/bn/asm/s390x-mont.pl stable/11/crypto/openssl/crypto/bn/asm/sparct4-mont.pl stable/11/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl stable/11/crypto/openssl/crypto/bn/asm/via-mont.pl stable/11/crypto/openssl/crypto/bn/asm/vis3-mont.pl stable/11/crypto/openssl/crypto/bn/asm/x86-mont.pl stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont.pl stable/11/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl stable/11/crypto/openssl/crypto/bn/bn.h stable/11/crypto/openssl/crypto/bn/bn_div.c stable/11/crypto/openssl/crypto/bn/bn_exp.c stable/11/crypto/openssl/crypto/bn/bn_gf2m.c stable/11/crypto/openssl/crypto/bn/bn_lcl.h stable/11/crypto/openssl/crypto/bn/bn_lib.c stable/11/crypto/openssl/crypto/bn/bn_mod.c stable/11/crypto/openssl/crypto/bn/bn_mont.c stable/11/crypto/openssl/crypto/bn/bn_sqr.c stable/11/crypto/openssl/crypto/conf/conf_api.c stable/11/crypto/openssl/crypto/dh/dh_key.c stable/11/crypto/openssl/crypto/dh/dh_pmeth.c stable/11/crypto/openssl/crypto/dsa/dsa.h stable/11/crypto/openssl/crypto/dsa/dsa_err.c stable/11/crypto/openssl/crypto/dsa/dsa_gen.c stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c stable/11/crypto/openssl/crypto/dsa/dsa_pmeth.c stable/11/crypto/openssl/crypto/ec/ec_ameth.c stable/11/crypto/openssl/crypto/ec/ec_lib.c stable/11/crypto/openssl/crypto/ec/ecp_nistz256.c stable/11/crypto/openssl/crypto/ecdsa/Makefile stable/11/crypto/openssl/crypto/ecdsa/ecdsatest.c stable/11/crypto/openssl/crypto/ecdsa/ecs_ossl.c stable/11/crypto/openssl/crypto/engine/eng_lib.c stable/11/crypto/openssl/crypto/engine/tb_asnmth.c stable/11/crypto/openssl/crypto/o_time.c stable/11/crypto/openssl/crypto/opensslv.h stable/11/crypto/openssl/crypto/pem/pem.h stable/11/crypto/openssl/crypto/pem/pem_lib.c stable/11/crypto/openssl/crypto/pem/pem_pk8.c stable/11/crypto/openssl/crypto/pem/pem_pkey.c stable/11/crypto/openssl/crypto/pem/pvkfmt.c stable/11/crypto/openssl/crypto/pkcs12/p12_asn.c stable/11/crypto/openssl/crypto/rsa/Makefile stable/11/crypto/openssl/crypto/rsa/rsa_eay.c stable/11/crypto/openssl/crypto/rsa/rsa_gen.c stable/11/crypto/openssl/crypto/rsa/rsa_oaep.c stable/11/crypto/openssl/crypto/rsa/rsa_pk1.c stable/11/crypto/openssl/crypto/rsa/rsa_sign.c stable/11/crypto/openssl/crypto/rsa/rsa_ssl.c stable/11/crypto/openssl/crypto/sha/asm/sha1-586.pl stable/11/crypto/openssl/crypto/sha/asm/sha256-586.pl stable/11/crypto/openssl/crypto/ui/ui_openssl.c stable/11/crypto/openssl/crypto/x509/x509_cmp.c stable/11/crypto/openssl/crypto/x509/x509_lu.c stable/11/crypto/openssl/crypto/x509/x509_vfy.c stable/11/crypto/openssl/crypto/x509v3/v3_purp.c stable/11/crypto/openssl/doc/apps/cms.pod stable/11/crypto/openssl/doc/apps/config.pod stable/11/crypto/openssl/doc/apps/genpkey.pod stable/11/crypto/openssl/doc/apps/s_client.pod stable/11/crypto/openssl/doc/crypto/BIO_s_fd.pod stable/11/crypto/openssl/doc/crypto/BN_add.pod stable/11/crypto/openssl/doc/crypto/BN_bn2bin.pod stable/11/crypto/openssl/doc/crypto/BN_generate_prime.pod stable/11/crypto/openssl/doc/crypto/CMS_encrypt.pod stable/11/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod stable/11/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod stable/11/crypto/openssl/doc/crypto/DSA_do_sign.pod stable/11/crypto/openssl/doc/crypto/DSA_sign.pod stable/11/crypto/openssl/doc/crypto/OBJ_nid2obj.pod stable/11/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod stable/11/crypto/openssl/doc/crypto/ecdsa.pod stable/11/crypto/openssl/doc/crypto/pem.pod stable/11/crypto/openssl/doc/fingerprints.txt stable/11/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod stable/11/crypto/openssl/doc/ssl/SSL_get_ciphers.pod stable/11/crypto/openssl/doc/ssl/SSL_get_session.pod stable/11/crypto/openssl/doc/ssl/SSL_get_version.pod stable/11/crypto/openssl/doc/ssl/ssl.pod stable/11/crypto/openssl/ssl/d1_both.c stable/11/crypto/openssl/ssl/s3_lib.c stable/11/crypto/openssl/ssl/s3_srvr.c stable/11/crypto/openssl/ssl/ssl.h stable/11/crypto/openssl/ssl/ssl_lib.c stable/11/crypto/openssl/ssl/ssl_locl.h stable/11/crypto/openssl/ssl/t1_lib.c stable/11/crypto/openssl/ssl/t1_trce.c stable/11/crypto/openssl/util/domd stable/11/secure/lib/libcrypto/Makefile.inc stable/11/secure/lib/libcrypto/Makefile.man stable/11/secure/lib/libcrypto/amd64/x86_64-mont.S stable/11/secure/lib/libcrypto/amd64/x86_64-mont5.S stable/11/secure/lib/libcrypto/arm/armv4-mont.S stable/11/secure/lib/libcrypto/i386/x86-mont.S stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3 stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/11/secure/lib/libcrypto/man/BIO_ctrl.3 stable/11/secure/lib/libcrypto/man/BIO_f_base64.3 stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/11/secure/lib/libcrypto/man/BIO_f_md.3 stable/11/secure/lib/libcrypto/man/BIO_f_null.3 stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/11/secure/lib/libcrypto/man/BIO_find_type.3 stable/11/secure/lib/libcrypto/man/BIO_new.3 stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/11/secure/lib/libcrypto/man/BIO_push.3 stable/11/secure/lib/libcrypto/man/BIO_read.3 stable/11/secure/lib/libcrypto/man/BIO_s_accept.3 stable/11/secure/lib/libcrypto/man/BIO_s_bio.3 stable/11/secure/lib/libcrypto/man/BIO_s_connect.3 stable/11/secure/lib/libcrypto/man/BIO_s_fd.3 stable/11/secure/lib/libcrypto/man/BIO_s_file.3 stable/11/secure/lib/libcrypto/man/BIO_s_mem.3 stable/11/secure/lib/libcrypto/man/BIO_s_null.3 stable/11/secure/lib/libcrypto/man/BIO_s_socket.3 stable/11/secure/lib/libcrypto/man/BIO_set_callback.3 stable/11/secure/lib/libcrypto/man/BIO_should_retry.3 stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_start.3 stable/11/secure/lib/libcrypto/man/BN_add.3 stable/11/secure/lib/libcrypto/man/BN_add_word.3 stable/11/secure/lib/libcrypto/man/BN_bn2bin.3 stable/11/secure/lib/libcrypto/man/BN_cmp.3 stable/11/secure/lib/libcrypto/man/BN_copy.3 stable/11/secure/lib/libcrypto/man/BN_generate_prime.3 stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/11/secure/lib/libcrypto/man/BN_new.3 stable/11/secure/lib/libcrypto/man/BN_num_bytes.3 stable/11/secure/lib/libcrypto/man/BN_rand.3 stable/11/secure/lib/libcrypto/man/BN_set_bit.3 stable/11/secure/lib/libcrypto/man/BN_swap.3 stable/11/secure/lib/libcrypto/man/BN_zero.3 stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/11/secure/lib/libcrypto/man/CMS_compress.3 stable/11/secure/lib/libcrypto/man/CMS_decrypt.3 stable/11/secure/lib/libcrypto/man/CMS_encrypt.3 stable/11/secure/lib/libcrypto/man/CMS_final.3 stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_type.3 stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/11/secure/lib/libcrypto/man/CMS_sign.3 stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/11/secure/lib/libcrypto/man/CMS_uncompress.3 stable/11/secure/lib/libcrypto/man/CMS_verify.3 stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/11/secure/lib/libcrypto/man/CONF_modules_free.3 stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/11/secure/lib/libcrypto/man/DH_generate_key.3 stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DH_new.3 stable/11/secure/lib/libcrypto/man/DH_set_method.3 stable/11/secure/lib/libcrypto/man/DH_size.3 stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/11/secure/lib/libcrypto/man/DSA_do_sign.3 stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/11/secure/lib/libcrypto/man/DSA_generate_key.3 stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DSA_new.3 stable/11/secure/lib/libcrypto/man/DSA_set_method.3 stable/11/secure/lib/libcrypto/man/DSA_sign.3 stable/11/secure/lib/libcrypto/man/DSA_size.3 stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3 stable/11/secure/lib/libcrypto/man/EC_KEY_new.3 stable/11/secure/lib/libcrypto/man/EC_POINT_add.3 stable/11/secure/lib/libcrypto/man/EC_POINT_new.3 stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/11/secure/lib/libcrypto/man/ERR_clear_error.3 stable/11/secure/lib/libcrypto/man/ERR_error_string.3 stable/11/secure/lib/libcrypto/man/ERR_get_error.3 stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/11/secure/lib/libcrypto/man/ERR_load_strings.3 stable/11/secure/lib/libcrypto/man/ERR_print_errors.3 stable/11/secure/lib/libcrypto/man/ERR_put_error.3 stable/11/secure/lib/libcrypto/man/ERR_remove_state.3 stable/11/secure/lib/libcrypto/man/ERR_set_mark.3 stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/11/secure/lib/libcrypto/man/EVP_SealInit.3 stable/11/secure/lib/libcrypto/man/EVP_SignInit.3 stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/11/secure/lib/libcrypto/man/OPENSSL_config.3 stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/11/secure/lib/libcrypto/man/PKCS12_create.3 stable/11/secure/lib/libcrypto/man/PKCS12_parse.3 stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/11/secure/lib/libcrypto/man/PKCS7_verify.3 stable/11/secure/lib/libcrypto/man/RAND_add.3 stable/11/secure/lib/libcrypto/man/RAND_bytes.3 stable/11/secure/lib/libcrypto/man/RAND_cleanup.3 stable/11/secure/lib/libcrypto/man/RAND_egd.3 stable/11/secure/lib/libcrypto/man/RAND_load_file.3 stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/11/secure/lib/libcrypto/man/RSA_check_key.3 stable/11/secure/lib/libcrypto/man/RSA_generate_key.3 stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/RSA_new.3 stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/11/secure/lib/libcrypto/man/RSA_print.3 stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_set_method.3 stable/11/secure/lib/libcrypto/man/RSA_sign.3 stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/11/secure/lib/libcrypto/man/RSA_size.3 stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/11/secure/lib/libcrypto/man/X509_check_host.3 stable/11/secure/lib/libcrypto/man/X509_check_private_key.3 stable/11/secure/lib/libcrypto/man/X509_new.3 stable/11/secure/lib/libcrypto/man/X509_verify_cert.3 stable/11/secure/lib/libcrypto/man/bio.3 stable/11/secure/lib/libcrypto/man/blowfish.3 stable/11/secure/lib/libcrypto/man/bn.3 stable/11/secure/lib/libcrypto/man/bn_internal.3 stable/11/secure/lib/libcrypto/man/buffer.3 stable/11/secure/lib/libcrypto/man/crypto.3 stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 stable/11/secure/lib/libcrypto/man/d2i_DHparams.3 stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3 stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_X509.3 stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/11/secure/lib/libcrypto/man/des.3 stable/11/secure/lib/libcrypto/man/dh.3 stable/11/secure/lib/libcrypto/man/dsa.3 stable/11/secure/lib/libcrypto/man/ec.3 stable/11/secure/lib/libcrypto/man/ecdsa.3 stable/11/secure/lib/libcrypto/man/engine.3 stable/11/secure/lib/libcrypto/man/err.3 stable/11/secure/lib/libcrypto/man/evp.3 stable/11/secure/lib/libcrypto/man/hmac.3 stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/11/secure/lib/libcrypto/man/lh_stats.3 stable/11/secure/lib/libcrypto/man/lhash.3 stable/11/secure/lib/libcrypto/man/md5.3 stable/11/secure/lib/libcrypto/man/mdc2.3 stable/11/secure/lib/libcrypto/man/pem.3 stable/11/secure/lib/libcrypto/man/rand.3 stable/11/secure/lib/libcrypto/man/rc4.3 stable/11/secure/lib/libcrypto/man/ripemd.3 stable/11/secure/lib/libcrypto/man/rsa.3 stable/11/secure/lib/libcrypto/man/sha.3 stable/11/secure/lib/libcrypto/man/threads.3 stable/11/secure/lib/libcrypto/man/ui.3 stable/11/secure/lib/libcrypto/man/ui_compat.3 stable/11/secure/lib/libcrypto/man/x509.3 stable/11/secure/lib/libssl/Makefile.man stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_free.3 stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/11/secure/lib/libssl/man/SSL_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 stable/11/secure/lib/libssl/man/SSL_SESSION_free.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/11/secure/lib/libssl/man/SSL_accept.3 stable/11/secure/lib/libssl/man/SSL_alert_type_string.3 stable/11/secure/lib/libssl/man/SSL_check_chain.3 stable/11/secure/lib/libssl/man/SSL_clear.3 stable/11/secure/lib/libssl/man/SSL_connect.3 stable/11/secure/lib/libssl/man/SSL_do_handshake.3 stable/11/secure/lib/libssl/man/SSL_export_keying_material.3 stable/11/secure/lib/libssl/man/SSL_free.3 stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/11/secure/lib/libssl/man/SSL_get_ciphers.3 stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/11/secure/lib/libssl/man/SSL_get_error.3 stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_get_fd.3 stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3 stable/11/secure/lib/libssl/man/SSL_get_rbio.3 stable/11/secure/lib/libssl/man/SSL_get_session.3 stable/11/secure/lib/libssl/man/SSL_get_verify_result.3 stable/11/secure/lib/libssl/man/SSL_get_version.3 stable/11/secure/lib/libssl/man/SSL_library_init.3 stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/11/secure/lib/libssl/man/SSL_new.3 stable/11/secure/lib/libssl/man/SSL_pending.3 stable/11/secure/lib/libssl/man/SSL_read.3 stable/11/secure/lib/libssl/man/SSL_rstate_string.3 stable/11/secure/lib/libssl/man/SSL_session_reused.3 stable/11/secure/lib/libssl/man/SSL_set_bio.3 stable/11/secure/lib/libssl/man/SSL_set_connect_state.3 stable/11/secure/lib/libssl/man/SSL_set_fd.3 stable/11/secure/lib/libssl/man/SSL_set_session.3 stable/11/secure/lib/libssl/man/SSL_set_shutdown.3 stable/11/secure/lib/libssl/man/SSL_set_verify_result.3 stable/11/secure/lib/libssl/man/SSL_shutdown.3 stable/11/secure/lib/libssl/man/SSL_state_string.3 stable/11/secure/lib/libssl/man/SSL_want.3 stable/11/secure/lib/libssl/man/SSL_write.3 stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/11/secure/lib/libssl/man/ssl.3 stable/11/secure/usr.bin/openssl/man/CA.pl.1 stable/11/secure/usr.bin/openssl/man/asn1parse.1 stable/11/secure/usr.bin/openssl/man/ca.1 stable/11/secure/usr.bin/openssl/man/ciphers.1 stable/11/secure/usr.bin/openssl/man/cms.1 stable/11/secure/usr.bin/openssl/man/crl.1 stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/11/secure/usr.bin/openssl/man/dgst.1 stable/11/secure/usr.bin/openssl/man/dhparam.1 stable/11/secure/usr.bin/openssl/man/dsa.1 stable/11/secure/usr.bin/openssl/man/dsaparam.1 stable/11/secure/usr.bin/openssl/man/ec.1 stable/11/secure/usr.bin/openssl/man/ecparam.1 stable/11/secure/usr.bin/openssl/man/enc.1 stable/11/secure/usr.bin/openssl/man/errstr.1 stable/11/secure/usr.bin/openssl/man/gendsa.1 stable/11/secure/usr.bin/openssl/man/genpkey.1 stable/11/secure/usr.bin/openssl/man/genrsa.1 stable/11/secure/usr.bin/openssl/man/nseq.1 stable/11/secure/usr.bin/openssl/man/ocsp.1 stable/11/secure/usr.bin/openssl/man/openssl.1 stable/11/secure/usr.bin/openssl/man/passwd.1 stable/11/secure/usr.bin/openssl/man/pkcs12.1 stable/11/secure/usr.bin/openssl/man/pkcs7.1 stable/11/secure/usr.bin/openssl/man/pkcs8.1 stable/11/secure/usr.bin/openssl/man/pkey.1 stable/11/secure/usr.bin/openssl/man/pkeyparam.1 stable/11/secure/usr.bin/openssl/man/pkeyutl.1 stable/11/secure/usr.bin/openssl/man/rand.1 stable/11/secure/usr.bin/openssl/man/req.1 stable/11/secure/usr.bin/openssl/man/rsa.1 stable/11/secure/usr.bin/openssl/man/rsautl.1 stable/11/secure/usr.bin/openssl/man/s_client.1 stable/11/secure/usr.bin/openssl/man/s_server.1 stable/11/secure/usr.bin/openssl/man/s_time.1 stable/11/secure/usr.bin/openssl/man/sess_id.1 stable/11/secure/usr.bin/openssl/man/smime.1 stable/11/secure/usr.bin/openssl/man/speed.1 stable/11/secure/usr.bin/openssl/man/spkac.1 stable/11/secure/usr.bin/openssl/man/ts.1 stable/11/secure/usr.bin/openssl/man/tsget.1 stable/11/secure/usr.bin/openssl/man/verify.1 stable/11/secure/usr.bin/openssl/man/version.1 stable/11/secure/usr.bin/openssl/man/x509.1 stable/11/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/11/ (props changed) Modified: stable/11/crypto/openssl/CHANGES ============================================================================== --- stable/11/crypto/openssl/CHANGES Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/CHANGES Fri Aug 17 18:32:53 2018 (r337982) @@ -7,6 +7,64 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2o and 1.0.2p [14 Aug 2018] + + *) Client DoS due to large DH parameter + + During key agreement in a TLS handshake using a DH(E) based ciphersuite a + malicious server can send a very large prime value to the client. This will + cause the client to spend an unreasonably long period of time generating a + key for this prime resulting in a hang until the client has finished. This + could be exploited in a Denial Of Service attack. + + This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken + (CVE-2018-0732) + [Guido Vranken] + + *) Cache timing vulnerability in RSA Key Generation + + The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to + a cache timing side channel attack. An attacker with sufficient access to + mount cache timing attacks during the RSA key generation process could + recover the private key. + + This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera + Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. + (CVE-2018-0737) + [Billy Brumley] + + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str + parameter is no longer accepted, as it leads to a corrupt table. NULL + pem_str is reserved for alias entries only. + [Richard Levitte] + + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia Käsper] + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] *) Constructed ASN.1 types with a recursive definition could exceed the stack Modified: stable/11/crypto/openssl/CONTRIBUTING ============================================================================== --- stable/11/crypto/openssl/CONTRIBUTING Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/CONTRIBUTING Fri Aug 17 18:32:53 2018 (r337982) @@ -1,27 +1,27 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------- +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. - 1. Anything other than trivial contributions will require a contributor - licensing agreement, giving us permission to use your code. See - https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + 1. Anything other than a trivial contribution requires a Contributor + License Agreement (CLA), giving us permission to use your code. See + https://www.openssl.org/policies/cla.html for details. If your + contribution is too small to require a CLA, put "CLA: trivial" on a + line by itself in your commit message body. + 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the year(s) updated): @@ -34,21 +34,21 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase - often. We do not accept merge commits; You will be asked to remove - them before a patch is considered acceptable. + often. We do not accept merge commits, you will have to remove them + (usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see - https://www.openssl.org/policies/codingstyle.html) and compile without - warnings. Where gcc or clang is availble you should use the + https://www.openssl.org/policies/codingstyle.html) and compile + without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. - Clean builds via Travis and AppVeyor are expected, and done whenever - a PR is created or updated. + platforms: try to ensure you only use portable features. Clean builds + via Travis and AppVeyor are required, and they are started automatically + whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/apps, doc/crypto - and doc/ssl for examples of our style. + documentation. Please look at the "pod" files in doc for + examples of our style. Modified: stable/11/crypto/openssl/Configure ============================================================================== --- stable/11/crypto/openssl/Configure Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/Configure Fri Aug 17 18:32:53 2018 (r337982) @@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled)) $depflags .= " -DOPENSSL_NO_$ALGO"; } } + if (/^comp$/) { $zlib = 0; } } print "\n"; @@ -1671,6 +1672,13 @@ while () { } close(PIPE); +# Xcode did not handle $cc -M before clang support +my $cc_as_makedepend = 0; +if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__}) + && !defined($predefined{__clang__}))) { + $cc_as_makedepend = 1; +} + if ($strict_warnings) { my $wopt; @@ -1730,14 +1738,14 @@ while () s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; Modified: stable/11/crypto/openssl/Makefile ============================================================================== --- stable/11/crypto/openssl/Makefile Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/Makefile Fri Aug 17 18:32:53 2018 (r337982) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2o +VERSION=1.0.2p MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 Modified: stable/11/crypto/openssl/NEWS ============================================================================== --- stable/11/crypto/openssl/NEWS Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/NEWS Fri Aug 17 18:32:53 2018 (r337982) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] + + o Client DoS due to large DH parameter (CVE-2018-0732) + o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] o Constructed ASN.1 types with a recursive definition could exceed the Modified: stable/11/crypto/openssl/README ============================================================================== --- stable/11/crypto/openssl/README Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/README Fri Aug 17 18:32:53 2018 (r337982) @@ -1,7 +1,7 @@ - OpenSSL 1.0.2o 27 Mar 2018 + OpenSSL 1.0.2p 14 Aug 2018 - Copyright (c) 1998-2015 The OpenSSL Project + Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. Modified: stable/11/crypto/openssl/apps/apps.c ============================================================================== --- stable/11/crypto/openssl/apps/apps.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/apps.c Fri Aug 17 18:32:53 2018 (r337982) @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } Modified: stable/11/crypto/openssl/apps/asn1pars.c ============================================================================== --- stable/11/crypto/openssl/apps/asn1pars.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/asn1pars.c Fri Aug 17 18:32:53 2018 (r337982) @@ -295,7 +295,7 @@ int MAIN(int argc, char **argv) ASN1_TYPE *atmp; int typ; j = atoi(sk_OPENSSL_STRING_value(osk, i)); - if (j == 0) { + if (j <= 0 || j >= tmplen) { BIO_printf(bio_err, "'%s' is an invalid number\n", sk_OPENSSL_STRING_value(osk, i)); continue; @@ -327,14 +327,14 @@ int MAIN(int argc, char **argv) num = tmplen; } - if (offset >= num) { - BIO_printf(bio_err, "Error: offset too large\n"); + if (offset < 0 || offset >= num) { + BIO_printf(bio_err, "Error: offset out of range\n"); goto end; } num -= offset; - if ((length == 0) || ((long)length > num)) + if (length == 0 || length > (unsigned int)num) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { Modified: stable/11/crypto/openssl/apps/ca.c ============================================================================== --- stable/11/crypto/openssl/apps/ca.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/ca.c Fri Aug 17 18:32:53 2018 (r337982) @@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv) if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto err; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto err; } } Modified: stable/11/crypto/openssl/apps/ocsp.c ============================================================================== --- stable/11/crypto/openssl/apps/ocsp.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/ocsp.c Fri Aug 17 18:32:53 2018 (r337982) @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -787,7 +787,6 @@ int MAIN(int argc, char **argv) OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; - ret = 0; goto end; } Modified: stable/11/crypto/openssl/apps/passwd.c ============================================================================== --- stable/11/crypto/openssl/apps/passwd.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/passwd.c Fri Aug 17 18:32:53 2018 (r337982) @@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char * out_buf[0] = '$'; out_buf[1] = 0; assert(strlen(magic) <= 4); /* "1" or "apr1" */ - strncat(out_buf, magic, 4); - strncat(out_buf, "$", 1); - strncat(out_buf, salt, 8); + BUF_strlcat(out_buf, magic, sizeof(out_buf)); + BUF_strlcat(out_buf, "$", sizeof(out_buf)); + BUF_strlcat(out_buf, salt, sizeof(out_buf)); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); Modified: stable/11/crypto/openssl/apps/s_apps.h ============================================================================== --- stable/11/crypto/openssl/apps/s_apps.h Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/s_apps.h Fri Aug 17 18:32:53 2018 (r337982) @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -152,9 +152,8 @@ typedef fd_mask fd_set; #define PROTOCOL "tcp" int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif Modified: stable/11/crypto/openssl/apps/s_client.c ============================================================================== --- stable/11/crypto/openssl/apps/s_client.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/s_client.c Fri Aug 17 18:32:53 2018 (r337982) @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -337,7 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err, " -prexit - print session information even on connection failure\n"); BIO_printf(bio_err, - " -showcerts - show all certificates in the chain\n"); + " -showcerts - Show all certificates sent by the server\n"); BIO_printf(bio_err, " -debug - extra output\n"); #ifdef WATT32 BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n"); Modified: stable/11/crypto/openssl/apps/s_server.c ============================================================================== --- stable/11/crypto/openssl/apps/s_server.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/s_server.c Fri Aug 17 18:32:53 2018 (r337982) @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -209,9 +209,9 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif -static int sv_body(char *hostname, int s, int stype, unsigned char *context); -static int www_body(char *hostname, int s, int stype, unsigned char *context); -static int rev_body(char *hostname, int s, int stype, unsigned char *context); +static int sv_body(int s, int stype, unsigned char *context); +static int www_body(int s, int stype, unsigned char *context); +static int rev_body(int s, int stype, unsigned char *context); static void close_accept_socket(void); static void sv_usage(void); static int init_ssl_connection(SSL *s); @@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[]) char *chCApath = NULL, *chCAfile = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL; unsigned char *context = NULL; +#ifndef OPENSSL_NO_DH char *dhfile = NULL; + int no_dhe = 0; +#endif int badop = 0; int ret = 1; int build_chain = 0; - int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; + int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0; int state = 0; const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; @@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_chain_file = *(++argv); - } else if (strcmp(*argv, "-dhparam") == 0) { + } +#ifndef OPENSSL_NO_DH + else if (strcmp(*argv, "-dhparam") == 0) { if (--argc < 1) goto bad; dhfile = *(++argv); - } else if (strcmp(*argv, "-dcertform") == 0) { + } +#endif + else if (strcmp(*argv, "-dcertform") == 0) { if (--argc < 1) goto bad; s_dcert_format = str2fmt(*(++argv)); @@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[]) verify_quiet = 1; } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { no_tmp_rsa = 1; - } else if (strcmp(*argv, "-no_dhe") == 0) { + } +#ifndef OPENSSL_NO_DH + else if (strcmp(*argv, "-no_dhe") == 0) { no_dhe = 1; - } else if (strcmp(*argv, "-no_ecdhe") == 0) { + } +#endif + else if (strcmp(*argv, "-no_ecdhe") == 0) { no_ecdhe = 1; } else if (strcmp(*argv, "-no_resume_ephemeral") == 0) { no_resume_ephemeral = 1; @@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(char *hostname, int s, int stype, unsigned char *context) +static int sv_body(int s, int stype, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file) } #endif -static int www_body(char *hostname, int s, int stype, unsigned char *context) +static int www_body(int s, int stype, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, return (ret); } -static int rev_body(char *hostname, int s, int stype, unsigned char *context) +static int rev_body(int s, int stype, unsigned char *context) { char *buf = NULL; int i; Modified: stable/11/crypto/openssl/apps/s_socket.c ============================================================================== --- stable/11/crypto/openssl/apps/s_socket.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/s_socket.c Fri Aug 17 18:32:53 2018 (r337982) @@ -109,7 +109,7 @@ static int ssl_sock_init(void); static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port, char *ip, int type); -static int do_accept(int acc_sock, int *sock, char **host); +static int do_accept(int acc_sock, int *sock); static int host_ip(char *str, unsigned char ip[4]); # ifdef OPENSSL_SYS_WIN16 @@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[ } int do_server(int port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) + int (*cb) (int s, int stype, unsigned char *context), + unsigned char *context, int naccept) { int sock; - char *name = NULL; int accept_socket = 0; int i; @@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret, } for (;;) { if (type == SOCK_STREAM) { - if (do_accept(accept_socket, &sock, &name) == 0) { + if (do_accept(accept_socket, &sock) == 0) { SHUTDOWN(accept_socket); return (0); } } else sock = accept_socket; - i = (*cb) (name, sock, type, context); - if (name != NULL) - OPENSSL_free(name); + i = (*cb) (sock, type, context); if (type == SOCK_STREAM) SHUTDOWN2(sock); if (naccept != -1) @@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type) return (init_server_long(sock, port, NULL, type)); } -static int do_accept(int acc_sock, int *sock, char **host) +static int do_accept(int acc_sock, int *sock) { int ret; - struct hostent *h1, *h2; - static struct sockaddr_in from; - int len; -/* struct linger ling; */ if (!ssl_sock_init()) - return (0); + return 0; # ifndef OPENSSL_SYS_WINDOWS redoit: # endif - memset((char *)&from, 0, sizeof(from)); - len = sizeof(from); /* * Note: under VMS with SOCKETSHR the fourth parameter is currently of * type (int *) whereas under other systems it is (void *) if you don't * have a cast it will choke the compiler: if you do have a cast then you * can either go for (int *) or (void *). */ - ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len); + ret = accept(acc_sock, NULL, NULL); if (ret == INVALID_SOCKET) { # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) int i; @@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **h fprintf(stderr, "errno=%d ", errno); perror("accept"); # endif - return (0); + return 0; } -/*- - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); - if (i < 0) { perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) { perror("keepalive"); return(0); } -*/ - - if (host == NULL) - goto end; -# ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ - h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, - sizeof(from.sin_addr.s_addr), AF_INET); -# else - h1 = gethostbyaddr((char *)&from.sin_addr, - sizeof(struct in_addr), AF_INET); -# endif - if (h1 == NULL) { - BIO_printf(bio_err, "bad gethostbyaddr\n"); - *host = NULL; - /* return(0); */ - } else { - if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) { - perror("OPENSSL_malloc"); - closesocket(ret); - return (0); - } - BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - - h2 = GetHostByName(*host); - if (h2 == NULL) { - BIO_printf(bio_err, "gethostbyname failure\n"); - closesocket(ret); - return (0); - } - if (h2->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); - closesocket(ret); - return (0); - } - } - end: *sock = ret; - return (1); + return 1; } int extract_host_port(char *str, char **host_ptr, unsigned char *ip, Modified: stable/11/crypto/openssl/apps/verify.c ============================================================================== --- stable/11/crypto/openssl/apps/verify.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/apps/verify.c Fri Aug 17 18:32:53 2018 (r337982) @@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { ERR_print_errors(bio_err); + X509_STORE_CTX_free(csc); goto end; } if (tchain) Modified: stable/11/crypto/openssl/crypto/Makefile ============================================================================== --- stable/11/crypto/openssl/crypto/Makefile Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/Makefile Fri Aug 17 18:32:53 2018 (r337982) @@ -46,7 +46,7 @@ SRC= $(LIBSRC) EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ - constant_time_locl.h $(EXHEADER) + constant_time_locl.h bn_int.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Modified: stable/11/crypto/openssl/crypto/asn1/a_bool.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_bool.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/a_bool.c Fri Aug 17 18:32:53 2018 (r337982) @@ -63,17 +63,31 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) { int r; - unsigned char *p; + unsigned char *p, *allocated = NULL; r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); if (pp == NULL) return (r); - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(r)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); - *(p++) = (unsigned char)a; - *pp = p; - return (r); + *p = (unsigned char)a; + + + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + 1; + return r; } int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) Modified: stable/11/crypto/openssl/crypto/asn1/a_object.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_object.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/a_object.c Fri Aug 17 18:32:53 2018 (r337982) @@ -66,7 +66,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) { - unsigned char *p; + unsigned char *p, *allocated = NULL; int objsize; if ((a == NULL) || (a->data == NULL)) @@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp if (pp == NULL || objsize == -1) return objsize; - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); memcpy(p, a->data, a->length); - p += a->length; - *pp = p; - return (objsize); + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + a->length; + return objsize; } int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) Modified: stable/11/crypto/openssl/crypto/asn1/a_strex.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/a_strex.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/a_strex.c Fri Aug 17 18:32:53 2018 (r337982) @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned char orflags, *p, *q; unsigned long c; p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: Modified: stable/11/crypto/openssl/crypto/asn1/ameth_lib.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/ameth_lib.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/ameth_lib.c Fri Aug 17 18:32:53 2018 (r337982) @@ -3,7 +3,7 @@ * 2006. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -304,6 +304,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int fl goto err; } else ameth->info = NULL; + + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; if (pem_str) { ameth->pem_str = BUF_strdup(pem_str); Modified: stable/11/crypto/openssl/crypto/asn1/asn1.h ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/asn1.h Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/asn1.h Fri Aug 17 18:32:53 2018 (r337982) @@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_DO_BUF 221 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_BOOLEAN 223 +# define ASN1_F_I2D_ASN1_OBJECT 222 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 # define ASN1_F_I2D_DSA_PUBKEY 161 @@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif Modified: stable/11/crypto/openssl/crypto/asn1/asn1_err.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/asn1_err.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/asn1_err.c Fri Aug 17 18:32:53 2018 (r337982) @@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, + {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, Modified: stable/11/crypto/openssl/crypto/asn1/tasn_enc.c ============================================================================== --- stable/11/crypto/openssl/crypto/asn1/tasn_enc.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/asn1/tasn_enc.c Fri Aug 17 18:32:53 2018 (r337982) @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; + if (cont == NULL || len == 0) + return -1; break; case V_ASN1_NULL: Modified: stable/11/crypto/openssl/crypto/bio/bss_log.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/bss_log.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/bio/bss_log.c Fri Aug 17 18:32:53 2018 (r337982) @@ -1,6 +1,6 @@ /* crypto/bio/bss_log.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *i if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; Modified: stable/11/crypto/openssl/crypto/bio/bss_mem.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/bss_mem.c Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/bio/bss_mem.c Fri Aug 17 18:32:53 2018 (r337982) @@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl) } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bm->length; if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) goto end; Modified: stable/11/crypto/openssl/crypto/bn/Makefile ============================================================================== --- stable/11/crypto/openssl/crypto/bn/Makefile Fri Aug 17 18:24:11 2018 (r337981) +++ stable/11/crypto/openssl/crypto/bn/Makefile Fri Aug 17 18:32:53 2018 (r337982) @@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/ bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h +bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c +bn_add.o: bn_lcl.h bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h +bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c +bn_asm.o: bn_lcl.h bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h +bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h +bn_blind.o: bn_blind.c bn_lcl.h bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_const.o: ../../include/openssl/opensslconf.h bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/ bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h +bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c +bn_ctx.o: bn_lcl.h bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h +bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h +bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c +bn_div.o: bn_lcl.h bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/ bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h +bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c +bn_exp2.o: bn_lcl.h bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h +bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c +bn_gcd.o: bn_lcl.h bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h +bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c +bn_gf2m.o: bn_lcl.h bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h +bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c +bn_kron.o: bn_lcl.h bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c +bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h +bn_lib.o: bn_lib.c bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***