Date: Tue, 22 Sep 2020 16:18:32 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366004 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypt... Message-ID: <202009221618.08MGIW4j021556@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jkim Date: Tue Sep 22 16:18:31 2020 New Revision: 366004 URL: https://svnweb.freebsd.org/changeset/base/366004 Log: Merge OpenSSL 1.1.1h. Deleted: head/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl Modified: head/crypto/openssl/CHANGES head/crypto/openssl/Configure head/crypto/openssl/NEWS head/crypto/openssl/NOTES.PERL head/crypto/openssl/README head/crypto/openssl/apps/genpkey.c head/crypto/openssl/apps/rsa8192.pem head/crypto/openssl/apps/s_client.c head/crypto/openssl/apps/x509.c head/crypto/openssl/appveyor.yml head/crypto/openssl/crypto/aes/aes_core.c head/crypto/openssl/crypto/aes/aes_ige.c head/crypto/openssl/crypto/asn1/d2i_pr.c head/crypto/openssl/crypto/asn1/x_algor.c head/crypto/openssl/crypto/bio/b_print.c head/crypto/openssl/crypto/bio/bss_acpt.c head/crypto/openssl/crypto/bio/bss_conn.c head/crypto/openssl/crypto/bn/bn_gcd.c head/crypto/openssl/crypto/bn/bn_lib.c head/crypto/openssl/crypto/bn/bn_mpi.c head/crypto/openssl/crypto/cmac/cmac.c head/crypto/openssl/crypto/cms/cms_lib.c head/crypto/openssl/crypto/cms/cms_sd.c head/crypto/openssl/crypto/conf/conf_def.c head/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl head/crypto/openssl/crypto/ec/ec_ameth.c head/crypto/openssl/crypto/ec/ec_asn1.c head/crypto/openssl/crypto/ec/ec_err.c head/crypto/openssl/crypto/ec/ec_key.c head/crypto/openssl/crypto/ec/ec_lib.c head/crypto/openssl/crypto/ec/ec_local.h head/crypto/openssl/crypto/ec/ecp_nistp224.c head/crypto/openssl/crypto/ec/ecp_nistp521.c head/crypto/openssl/crypto/ec/ecp_nistz256.c head/crypto/openssl/crypto/engine/eng_lib.c head/crypto/openssl/crypto/err/openssl.txt head/crypto/openssl/crypto/evp/e_aes.c head/crypto/openssl/crypto/evp/encode.c head/crypto/openssl/crypto/mem_sec.c head/crypto/openssl/crypto/modes/cbc128.c head/crypto/openssl/crypto/modes/ccm128.c head/crypto/openssl/crypto/modes/cfb128.c head/crypto/openssl/crypto/modes/ctr128.c head/crypto/openssl/crypto/modes/gcm128.c head/crypto/openssl/crypto/modes/modes_local.h head/crypto/openssl/crypto/modes/ofb128.c head/crypto/openssl/crypto/modes/xts128.c head/crypto/openssl/crypto/o_str.c head/crypto/openssl/crypto/o_time.c head/crypto/openssl/crypto/pem/pem_err.c head/crypto/openssl/crypto/pem/pem_lib.c head/crypto/openssl/crypto/pem/pem_pkey.c head/crypto/openssl/crypto/pem/pvkfmt.c head/crypto/openssl/crypto/rand/drbg_ctr.c head/crypto/openssl/crypto/rand/drbg_lib.c head/crypto/openssl/crypto/rand/rand_lib.c head/crypto/openssl/crypto/rand/rand_local.h head/crypto/openssl/crypto/rand/rand_unix.c head/crypto/openssl/crypto/rand/randfile.c head/crypto/openssl/crypto/rsa/rsa_ameth.c head/crypto/openssl/crypto/store/loader_file.c head/crypto/openssl/crypto/store/store_lib.c head/crypto/openssl/crypto/ts/ts_rsp_sign.c head/crypto/openssl/crypto/ui/ui_openssl.c head/crypto/openssl/crypto/whrlpool/wp_block.c head/crypto/openssl/crypto/x509/x509_err.c head/crypto/openssl/crypto/x509/x509_local.h head/crypto/openssl/crypto/x509/x509_req.c head/crypto/openssl/crypto/x509/x509_txt.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/crypto/x509/x_pubkey.c head/crypto/openssl/crypto/x509v3/pcy_data.c head/crypto/openssl/crypto/x509v3/v3_alt.c head/crypto/openssl/crypto/x509v3/v3_purp.c head/crypto/openssl/doc/man1/CA.pl.pod head/crypto/openssl/doc/man1/ca.pod head/crypto/openssl/doc/man1/dgst.pod head/crypto/openssl/doc/man1/enc.pod head/crypto/openssl/doc/man1/ocsp.pod head/crypto/openssl/doc/man1/pkcs12.pod head/crypto/openssl/doc/man1/pkcs8.pod head/crypto/openssl/doc/man1/pkeyutl.pod head/crypto/openssl/doc/man1/s_client.pod head/crypto/openssl/doc/man1/s_server.pod head/crypto/openssl/doc/man1/s_time.pod head/crypto/openssl/doc/man1/sess_id.pod head/crypto/openssl/doc/man1/ts.pod head/crypto/openssl/doc/man1/tsget.pod head/crypto/openssl/doc/man1/verify.pod head/crypto/openssl/doc/man1/x509.pod head/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod head/crypto/openssl/doc/man3/ASN1_STRING_length.pod head/crypto/openssl/doc/man3/ASN1_TIME_set.pod head/crypto/openssl/doc/man3/ASN1_TYPE_get.pod head/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod head/crypto/openssl/doc/man3/ASYNC_start_job.pod head/crypto/openssl/doc/man3/BF_encrypt.pod head/crypto/openssl/doc/man3/BIO_ADDR.pod head/crypto/openssl/doc/man3/BIO_ADDRINFO.pod head/crypto/openssl/doc/man3/BIO_connect.pod head/crypto/openssl/doc/man3/BIO_ctrl.pod head/crypto/openssl/doc/man3/BIO_get_data.pod head/crypto/openssl/doc/man3/BIO_parse_hostserv.pod head/crypto/openssl/doc/man3/BIO_read.pod head/crypto/openssl/doc/man3/BIO_s_accept.pod head/crypto/openssl/doc/man3/BIO_s_bio.pod head/crypto/openssl/doc/man3/BIO_s_connect.pod head/crypto/openssl/doc/man3/BIO_s_file.pod head/crypto/openssl/doc/man3/BIO_set_callback.pod head/crypto/openssl/doc/man3/BN_add.pod head/crypto/openssl/doc/man3/BN_bn2bin.pod head/crypto/openssl/doc/man3/BN_generate_prime.pod head/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod head/crypto/openssl/doc/man3/BN_set_bit.pod head/crypto/openssl/doc/man3/CMS_verify.pod head/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod head/crypto/openssl/doc/man3/CRYPTO_memcmp.pod head/crypto/openssl/doc/man3/DES_random_key.pod head/crypto/openssl/doc/man3/DH_get0_pqg.pod head/crypto/openssl/doc/man3/DH_set_method.pod head/crypto/openssl/doc/man3/DSA_set_method.pod head/crypto/openssl/doc/man3/DTLSv1_listen.pod head/crypto/openssl/doc/man3/ECDSA_SIG_new.pod head/crypto/openssl/doc/man3/EC_GROUP_new.pod head/crypto/openssl/doc/man3/EC_KEY_new.pod head/crypto/openssl/doc/man3/EC_POINT_new.pod head/crypto/openssl/doc/man3/ENGINE_add.pod head/crypto/openssl/doc/man3/ERR_get_error.pod head/crypto/openssl/doc/man3/ERR_print_errors.pod head/crypto/openssl/doc/man3/ERR_put_error.pod head/crypto/openssl/doc/man3/EVP_DigestInit.pod head/crypto/openssl/doc/man3/EVP_DigestSignInit.pod head/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod head/crypto/openssl/doc/man3/EVP_EncodeInit.pod head/crypto/openssl/doc/man3/EVP_EncryptInit.pod head/crypto/openssl/doc/man3/EVP_OpenInit.pod head/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod head/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod head/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod head/crypto/openssl/doc/man3/EVP_PKEY_new.pod head/crypto/openssl/doc/man3/EVP_SealInit.pod head/crypto/openssl/doc/man3/EVP_SignInit.pod head/crypto/openssl/doc/man3/EVP_VerifyInit.pod head/crypto/openssl/doc/man3/HMAC.pod head/crypto/openssl/doc/man3/OCSP_cert_to_id.pod head/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod head/crypto/openssl/doc/man3/OCSP_resp_find_status.pod head/crypto/openssl/doc/man3/OCSP_sendreq_new.pod head/crypto/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod head/crypto/openssl/doc/man3/OPENSSL_config.pod head/crypto/openssl/doc/man3/OPENSSL_ia32cap.pod head/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod head/crypto/openssl/doc/man3/OPENSSL_init_ssl.pod head/crypto/openssl/doc/man3/OSSL_STORE_open.pod head/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod head/crypto/openssl/doc/man3/PKCS7_verify.pod head/crypto/openssl/doc/man3/RAND_DRBG_new.pod head/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod head/crypto/openssl/doc/man3/RAND_add.pod head/crypto/openssl/doc/man3/RAND_load_file.pod head/crypto/openssl/doc/man3/RSA_blinding_on.pod head/crypto/openssl/doc/man3/RSA_private_encrypt.pod head/crypto/openssl/doc/man3/RSA_set_method.pod head/crypto/openssl/doc/man3/SHA256_Init.pod head/crypto/openssl/doc/man3/SSL_CONF_cmd.pod head/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod head/crypto/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod head/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod head/crypto/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod head/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod head/crypto/openssl/doc/man3/SSL_CTX_set_options.pod head/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod head/crypto/openssl/doc/man3/SSL_CTX_set_read_ahead.pod head/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod head/crypto/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod head/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod head/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod head/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod head/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod head/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod head/crypto/openssl/doc/man3/SSL_accept.pod head/crypto/openssl/doc/man3/SSL_alloc_buffers.pod head/crypto/openssl/doc/man3/SSL_connect.pod head/crypto/openssl/doc/man3/SSL_do_handshake.pod head/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod head/crypto/openssl/doc/man3/SSL_get_error.pod head/crypto/openssl/doc/man3/SSL_new.pod head/crypto/openssl/doc/man3/SSL_pending.pod head/crypto/openssl/doc/man3/SSL_read.pod head/crypto/openssl/doc/man3/SSL_read_early_data.pod head/crypto/openssl/doc/man3/SSL_set1_host.pod head/crypto/openssl/doc/man3/SSL_set_bio.pod head/crypto/openssl/doc/man3/SSL_set_fd.pod head/crypto/openssl/doc/man3/SSL_set_shutdown.pod head/crypto/openssl/doc/man3/SSL_shutdown.pod head/crypto/openssl/doc/man3/SSL_state_string.pod head/crypto/openssl/doc/man3/SSL_want.pod head/crypto/openssl/doc/man3/SSL_write.pod head/crypto/openssl/doc/man3/UI_UTIL_read_pw.pod head/crypto/openssl/doc/man3/UI_create_method.pod head/crypto/openssl/doc/man3/UI_new.pod head/crypto/openssl/doc/man3/X509V3_get_d2i.pod head/crypto/openssl/doc/man3/X509_ALGOR_dup.pod head/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod head/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod head/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod head/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod head/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod head/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod head/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod head/crypto/openssl/doc/man3/X509_check_ca.pod head/crypto/openssl/doc/man3/X509_check_host.pod head/crypto/openssl/doc/man3/X509_check_issued.pod head/crypto/openssl/doc/man3/X509_check_purpose.pod head/crypto/openssl/doc/man3/X509_get0_signature.pod head/crypto/openssl/doc/man3/X509v3_get_ext_by_NID.pod head/crypto/openssl/doc/man3/d2i_DHparams.pod head/crypto/openssl/doc/man3/d2i_X509.pod head/crypto/openssl/doc/man5/config.pod head/crypto/openssl/doc/man5/x509v3_config.pod head/crypto/openssl/doc/man7/SM2.pod head/crypto/openssl/doc/man7/evp.pod head/crypto/openssl/doc/man7/ossl_store.pod head/crypto/openssl/e_os.h head/crypto/openssl/include/openssl/bn.h head/crypto/openssl/include/openssl/e_os2.h head/crypto/openssl/include/openssl/ec.h head/crypto/openssl/include/openssl/ecerr.h head/crypto/openssl/include/openssl/opensslconf.h.in head/crypto/openssl/include/openssl/opensslv.h head/crypto/openssl/include/openssl/pemerr.h head/crypto/openssl/include/openssl/ssl.h head/crypto/openssl/include/openssl/ssl3.h head/crypto/openssl/include/openssl/x509.h head/crypto/openssl/include/openssl/x509_vfy.h head/crypto/openssl/include/openssl/x509err.h head/crypto/openssl/ssl/bio_ssl.c head/crypto/openssl/ssl/record/ssl3_buffer.c head/crypto/openssl/ssl/ssl_conf.c head/crypto/openssl/ssl/ssl_lib.c head/crypto/openssl/ssl/ssl_rsa.c head/crypto/openssl/ssl/statem/extensions.c head/crypto/openssl/ssl/statem/extensions_srvr.c head/crypto/openssl/ssl/statem/statem_lib.c head/crypto/openssl/ssl/t1_lib.c head/crypto/openssl/ssl/t1_trce.c head/crypto/openssl/ssl/tls13_enc.c head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/arm/ecp_nistz256-armv4.S head/secure/lib/libcrypto/man/man3/ADMISSIONS.3 head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 head/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 head/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 head/secure/lib/libcrypto/man/man3/BF_encrypt.3 head/secure/lib/libcrypto/man/man3/BIO_ADDR.3 head/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 head/secure/lib/libcrypto/man/man3/BIO_connect.3 head/secure/lib/libcrypto/man/man3/BIO_ctrl.3 head/secure/lib/libcrypto/man/man3/BIO_f_base64.3 head/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 head/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 head/secure/lib/libcrypto/man/man3/BIO_f_md.3 head/secure/lib/libcrypto/man/man3/BIO_f_null.3 head/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 head/secure/lib/libcrypto/man/man3/BIO_find_type.3 head/secure/lib/libcrypto/man/man3/BIO_get_data.3 head/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 head/secure/lib/libcrypto/man/man3/BIO_meth_new.3 head/secure/lib/libcrypto/man/man3/BIO_new.3 head/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 head/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 head/secure/lib/libcrypto/man/man3/BIO_printf.3 head/secure/lib/libcrypto/man/man3/BIO_push.3 head/secure/lib/libcrypto/man/man3/BIO_read.3 head/secure/lib/libcrypto/man/man3/BIO_s_accept.3 head/secure/lib/libcrypto/man/man3/BIO_s_bio.3 head/secure/lib/libcrypto/man/man3/BIO_s_connect.3 head/secure/lib/libcrypto/man/man3/BIO_s_fd.3 head/secure/lib/libcrypto/man/man3/BIO_s_file.3 head/secure/lib/libcrypto/man/man3/BIO_s_mem.3 head/secure/lib/libcrypto/man/man3/BIO_s_null.3 head/secure/lib/libcrypto/man/man3/BIO_s_socket.3 head/secure/lib/libcrypto/man/man3/BIO_set_callback.3 head/secure/lib/libcrypto/man/man3/BIO_should_retry.3 head/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/man3/BN_CTX_new.3 head/secure/lib/libcrypto/man/man3/BN_CTX_start.3 head/secure/lib/libcrypto/man/man3/BN_add.3 head/secure/lib/libcrypto/man/man3/BN_add_word.3 head/secure/lib/libcrypto/man/man3/BN_bn2bin.3 head/secure/lib/libcrypto/man/man3/BN_cmp.3 head/secure/lib/libcrypto/man/man3/BN_copy.3 head/secure/lib/libcrypto/man/man3/BN_generate_prime.3 head/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 head/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/man3/BN_new.3 head/secure/lib/libcrypto/man/man3/BN_num_bytes.3 head/secure/lib/libcrypto/man/man3/BN_rand.3 head/secure/lib/libcrypto/man/man3/BN_security_bits.3 head/secure/lib/libcrypto/man/man3/BN_set_bit.3 head/secure/lib/libcrypto/man/man3/BN_swap.3 head/secure/lib/libcrypto/man/man3/BN_zero.3 head/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 head/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 head/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 head/secure/lib/libcrypto/man/man3/CMS_compress.3 head/secure/lib/libcrypto/man/man3/CMS_decrypt.3 head/secure/lib/libcrypto/man/man3/CMS_encrypt.3 head/secure/lib/libcrypto/man/man3/CMS_final.3 head/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/man3/CMS_get0_type.3 head/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/man3/CMS_sign.3 head/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/man3/CMS_uncompress.3 head/secure/lib/libcrypto/man/man3/CMS_verify.3 head/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/man3/CONF_modules_free.3 head/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 head/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 head/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 head/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 head/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 head/secure/lib/libcrypto/man/man3/CTLOG_new.3 head/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 head/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 head/secure/lib/libcrypto/man/man3/DES_random_key.3 head/secure/lib/libcrypto/man/man3/DH_generate_key.3 head/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 head/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 head/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 head/secure/lib/libcrypto/man/man3/DH_meth_new.3 head/secure/lib/libcrypto/man/man3/DH_new.3 head/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 head/secure/lib/libcrypto/man/man3/DH_set_method.3 head/secure/lib/libcrypto/man/man3/DH_size.3 head/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 head/secure/lib/libcrypto/man/man3/DSA_do_sign.3 head/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 head/secure/lib/libcrypto/man/man3/DSA_generate_key.3 head/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 head/secure/lib/libcrypto/man/man3/DSA_meth_new.3 head/secure/lib/libcrypto/man/man3/DSA_new.3 head/secure/lib/libcrypto/man/man3/DSA_set_method.3 head/secure/lib/libcrypto/man/man3/DSA_sign.3 head/secure/lib/libcrypto/man/man3/DSA_size.3 head/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 head/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 head/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 head/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 head/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 head/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 head/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 head/secure/lib/libcrypto/man/man3/EC_KEY_new.3 head/secure/lib/libcrypto/man/man3/EC_POINT_add.3 head/secure/lib/libcrypto/man/man3/EC_POINT_new.3 head/secure/lib/libcrypto/man/man3/ENGINE_add.3 head/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/man3/ERR_clear_error.3 head/secure/lib/libcrypto/man/man3/ERR_error_string.3 head/secure/lib/libcrypto/man/man3/ERR_get_error.3 head/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/man3/ERR_load_strings.3 head/secure/lib/libcrypto/man/man3/ERR_print_errors.3 head/secure/lib/libcrypto/man/man3/ERR_put_error.3 head/secure/lib/libcrypto/man/man3/ERR_remove_state.3 head/secure/lib/libcrypto/man/man3/ERR_set_mark.3 head/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 head/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 head/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 head/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/man3/EVP_SealInit.3 head/secure/lib/libcrypto/man/man3/EVP_SignInit.3 head/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/man3/EVP_aes.3 head/secure/lib/libcrypto/man/man3/EVP_aria.3 head/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 head/secure/lib/libcrypto/man/man3/EVP_camellia.3 head/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_chacha20.3 head/secure/lib/libcrypto/man/man3/EVP_des.3 head/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_md2.3 head/secure/lib/libcrypto/man/man3/EVP_md4.3 head/secure/lib/libcrypto/man/man3/EVP_md5.3 head/secure/lib/libcrypto/man/man3/EVP_mdc2.3 head/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_rc4.3 head/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 head/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_sha1.3 head/secure/lib/libcrypto/man/man3/EVP_sha224.3 head/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 head/secure/lib/libcrypto/man/man3/EVP_sm3.3 head/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 head/secure/lib/libcrypto/man/man3/HMAC.3 head/secure/lib/libcrypto/man/man3/MD5.3 head/secure/lib/libcrypto/man/man3/MDC2_Init.3 head/secure/lib/libcrypto/man/man3/Makefile head/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 head/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 head/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 head/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 head/secure/lib/libcrypto/man/man3/OCSP_response_status.3 head/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 head/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 head/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 head/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/man3/OPENSSL_config.3 head/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 head/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 head/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 head/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 head/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 head/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 head/secure/lib/libcrypto/man/man3/PEM_read.3 head/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 head/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 head/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 head/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/man3/PKCS12_create.3 head/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 head/secure/lib/libcrypto/man/man3/PKCS12_parse.3 head/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 head/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/man3/PKCS7_sign.3 head/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/man3/PKCS7_verify.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 head/secure/lib/libcrypto/man/man3/RAND_add.3 head/secure/lib/libcrypto/man/man3/RAND_bytes.3 head/secure/lib/libcrypto/man/man3/RAND_cleanup.3 head/secure/lib/libcrypto/man/man3/RAND_egd.3 head/secure/lib/libcrypto/man/man3/RAND_load_file.3 head/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/man3/RC4_set_key.3 head/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 head/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 head/secure/lib/libcrypto/man/man3/RSA_check_key.3 head/secure/lib/libcrypto/man/man3/RSA_generate_key.3 head/secure/lib/libcrypto/man/man3/RSA_get0_key.3 head/secure/lib/libcrypto/man/man3/RSA_meth_new.3 head/secure/lib/libcrypto/man/man3/RSA_new.3 head/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/man3/RSA_print.3 head/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/man3/RSA_set_method.3 head/secure/lib/libcrypto/man/man3/RSA_sign.3 head/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/man3/RSA_size.3 head/secure/lib/libcrypto/man/man3/SCT_new.3 head/secure/lib/libcrypto/man/man3/SCT_print.3 head/secure/lib/libcrypto/man/man3/SCT_validate.3 head/secure/lib/libcrypto/man/man3/SHA256_Init.3 head/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 head/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 head/secure/lib/libcrypto/man/man3/SSL_accept.3 head/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 head/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 head/secure/lib/libcrypto/man/man3/SSL_check_chain.3 head/secure/lib/libcrypto/man/man3/SSL_clear.3 head/secure/lib/libcrypto/man/man3/SSL_connect.3 head/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 head/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 head/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 head/secure/lib/libcrypto/man/man3/SSL_free.3 head/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 head/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 head/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 head/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 head/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 head/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 head/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 head/secure/lib/libcrypto/man/man3/SSL_get_error.3 head/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 head/secure/lib/libcrypto/man/man3/SSL_get_fd.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 head/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 head/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 head/secure/lib/libcrypto/man/man3/SSL_get_session.3 head/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 head/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 head/secure/lib/libcrypto/man/man3/SSL_get_version.3 head/secure/lib/libcrypto/man/man3/SSL_in_init.3 head/secure/lib/libcrypto/man/man3/SSL_key_update.3 head/secure/lib/libcrypto/man/man3/SSL_library_init.3 head/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 head/secure/lib/libcrypto/man/man3/SSL_new.3 head/secure/lib/libcrypto/man/man3/SSL_pending.3 head/secure/lib/libcrypto/man/man3/SSL_read.3 head/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 head/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 head/secure/lib/libcrypto/man/man3/SSL_session_reused.3 head/secure/lib/libcrypto/man/man3/SSL_set1_host.3 head/secure/lib/libcrypto/man/man3/SSL_set_bio.3 head/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 head/secure/lib/libcrypto/man/man3/SSL_set_fd.3 head/secure/lib/libcrypto/man/man3/SSL_set_session.3 head/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 head/secure/lib/libcrypto/man/man3/SSL_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_state_string.3 head/secure/lib/libcrypto/man/man3/SSL_want.3 head/secure/lib/libcrypto/man/man3/SSL_write.3 head/secure/lib/libcrypto/man/man3/UI_STRING.3 head/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 head/secure/lib/libcrypto/man/man3/UI_create_method.3 head/secure/lib/libcrypto/man/man3/UI_new.3 head/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 head/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 head/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 head/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 head/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 head/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 head/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 head/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 head/secure/lib/libcrypto/man/man3/X509_STORE_new.3 head/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/man3/X509_check_ca.3 head/secure/lib/libcrypto/man/man3/X509_check_host.3 head/secure/lib/libcrypto/man/man3/X509_check_issued.3 head/secure/lib/libcrypto/man/man3/X509_check_private_key.3 head/secure/lib/libcrypto/man/man3/X509_check_purpose.3 head/secure/lib/libcrypto/man/man3/X509_cmp.3 head/secure/lib/libcrypto/man/man3/X509_cmp_time.3 head/secure/lib/libcrypto/man/man3/X509_digest.3 head/secure/lib/libcrypto/man/man3/X509_dup.3 head/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 head/secure/lib/libcrypto/man/man3/X509_get0_signature.3 head/secure/lib/libcrypto/man/man3/X509_get0_uids.3 head/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 head/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 head/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 head/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 head/secure/lib/libcrypto/man/man3/X509_get_version.3 head/secure/lib/libcrypto/man/man3/X509_new.3 head/secure/lib/libcrypto/man/man3/X509_sign.3 head/secure/lib/libcrypto/man/man3/X509_verify_cert.3 head/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 head/secure/lib/libcrypto/man/man3/d2i_DHparams.3 head/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 head/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 head/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 head/secure/lib/libcrypto/man/man3/d2i_X509.3 head/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 head/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 head/secure/lib/libcrypto/man/man5/x509v3_config.5 head/secure/lib/libcrypto/man/man7/Ed25519.7 head/secure/lib/libcrypto/man/man7/RAND.7 head/secure/lib/libcrypto/man/man7/RAND_DRBG.7 head/secure/lib/libcrypto/man/man7/RSA-PSS.7 head/secure/lib/libcrypto/man/man7/SM2.7 head/secure/lib/libcrypto/man/man7/X25519.7 head/secure/lib/libcrypto/man/man7/bio.7 head/secure/lib/libcrypto/man/man7/ct.7 head/secure/lib/libcrypto/man/man7/des_modes.7 head/secure/lib/libcrypto/man/man7/evp.7 head/secure/lib/libcrypto/man/man7/ossl_store-file.7 head/secure/lib/libcrypto/man/man7/ossl_store.7 head/secure/lib/libcrypto/man/man7/passphrase-encoding.7 head/secure/lib/libcrypto/man/man7/proxy-certificates.7 head/secure/lib/libcrypto/man/man7/scrypt.7 head/secure/lib/libcrypto/man/man7/ssl.7 head/secure/lib/libcrypto/man/man7/x509.7 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/engine.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/list.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/prime.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/srp.1 head/secure/usr.bin/openssl/man/storeutl.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/CHANGES Tue Sep 22 16:18:31 2020 (r366004) @@ -7,6 +7,33 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1g and 1.1.1h [22 Sep 2020] + + *) Certificates with explicit curve parameters are now disallowed in + verification chains if the X509_V_FLAG_X509_STRICT flag is used. + [Tomas Mraz] + + *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + [Viktor Dukhovni] + + *) Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + [Tomas Mraz] + + *) The Oracle Developer Studio compiler will start reporting deprecated APIs + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] *) Fixed segmentation fault in SSL_check_chain() Modified: head/crypto/openssl/Configure ============================================================================== --- head/crypto/openssl/Configure Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/Configure Tue Sep 22 16:18:31 2020 (r366004) @@ -217,12 +217,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; @@ -3422,6 +3435,27 @@ sub absolutedir { use Cwd qw/realpath/; return realpath($dir); +} + +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same } sub quotify { Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/NEWS Tue Sep 22 16:18:31 2020 (r366004) @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] + + o Disallow explicit curve parameters in verifications chains when + X509_V_FLAG_X509_STRICT is used + o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS + contexts + o Oracle Developer Studio will start reporting deprecation warnings + Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967) Modified: head/crypto/openssl/NOTES.PERL ============================================================================== --- head/crypto/openssl/NOTES.PERL Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/NOTES.PERL Tue Sep 22 16:18:31 2020 (r366004) @@ -109,7 +109,7 @@ $ cpan -f -i Text::Template - Note: on VMS, you must quote any argument that contains upper case + Note: on VMS, you must quote any argument that contains uppercase characters, so the lines above would be: $ cpan -i "Text::Template" Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/README Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1g 21 Apr 2020 + OpenSSL 1.1.1h 22 Sep 2020 Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: head/crypto/openssl/apps/genpkey.c ============================================================================== --- head/crypto/openssl/apps/genpkey.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/apps/genpkey.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -191,10 +194,9 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - - ret = 0; end: EVP_PKEY_free(pkey); Modified: head/crypto/openssl/apps/rsa8192.pem ============================================================================== --- head/crypto/openssl/apps/rsa8192.pem Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/apps/rsa8192.pem Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLeb yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWv rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - Modified: head/crypto/openssl/apps/s_client.c ============================================================================== --- head/crypto/openssl/apps/s_client.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/apps/s_client.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv) case OPT_SSL3: min_version = SSL3_VERSION; max_version = SSL3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_1: min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS Modified: head/crypto/openssl/apps/x509.c ============================================================================== --- head/crypto/openssl/apps/x509.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/apps/x509.c Tue Sep 22 16:18:31 2020 (r366004) @@ -140,9 +140,9 @@ const OPTIONS x509_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, Modified: head/crypto/openssl/appveyor.yml ============================================================================== --- head/crypto/openssl/appveyor.yml Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/appveyor.yml Tue Sep 22 16:18:31 2020 (r366004) @@ -46,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } Modified: head/crypto/openssl/crypto/aes/aes_core.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_core.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/aes/aes_core.c Tue Sep 22 16:18:31 2020 (r366004) @@ -673,357 +673,6 @@ void AES_decrypt(const unsigned char *in, unsigned cha InvCipher(in, out, rk, key->rounds); } - -# ifndef OPENSSL_SMALL_FOOTPRINT -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec); - -static void RawToBits(const u8 raw[64], u64 bits[8]) -{ - int i, j; - u64 in, out; - - memset(bits, 0, 64); - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((u64)raw[i * 8 + j]) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - bits[j] |= (out & 0xFFuLL) << (8 * i); - out = out >> 8; - } - } -} - -static void BitsToRaw(const u64 bits[8], u8 raw[64]) -{ - int i, j; - u64 in, out; - - for (i = 0; i < 8; i++) { - in = 0; - for (j = 0; j < 8; j++) - in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j); - out = in & 0xF0F0F0F00F0F0F0FuLL; - out |= (in & 0x0F0F0F0F00000000uLL) >> 28; - out |= (in & 0x00000000F0F0F0F0uLL) << 28; - in = out & 0xCCCC3333CCCC3333uLL; - in |= (out & 0x3333000033330000uLL) >> 14; - in |= (out & 0x0000CCCC0000CCCCuLL) << 14; - out = in & 0xAA55AA55AA55AA55uLL; - out |= (in & 0x5500550055005500uLL) >> 7; - out |= (in & 0x00AA00AA00AA00AAuLL) << 7; - for (j = 0; j < 8; j++) { - raw[i * 8 + j] = (u8)out; - out = out >> 8; - } - } -} - -static void BitsXtime(u64 state[8]) -{ - u64 b; - - b = state[7]; - state[7] = state[6]; - state[6] = state[5]; - state[5] = state[4]; - state[4] = state[3] ^ b; - state[3] = state[2] ^ b; - state[2] = state[1]; - state[1] = state[0] ^ b; - state[0] = b; -} - -/* - * This S-box implementation follows a circuit described in - * Boyar and Peralta: "A new combinational logic minimization - * technique with applications to cryptology." - * https://eprint.iacr.org/2009/191.pdf - * - * The math is similar to above, in that it uses - * a tower field of GF(2^2^2^2) but with a different - * basis representation, that is better suited to - * logic designs. - */ -static void BitsSub(u64 state[8]) -{ - u64 x0, x1, x2, x3, x4, x5, x6, x7; - u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11; - u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21; - u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11; - u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21; - u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31; - u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41; - u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51; - u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61; - u64 t62, t63, t64, t65, t66, t67; - u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11; - u64 z12, z13, z14, z15, z16, z17; - u64 s0, s1, s2, s3, s4, s5, s6, s7; - - x7 = state[0]; - x6 = state[1]; - x5 = state[2]; - x4 = state[3]; - x3 = state[4]; - x2 = state[5]; - x1 = state[6]; - x0 = state[7]; - y14 = x3 ^ x5; - y13 = x0 ^ x6; - y9 = x0 ^ x3; - y8 = x0 ^ x5; - t0 = x1 ^ x2; - y1 = t0 ^ x7; - y4 = y1 ^ x3; - y12 = y13 ^ y14; - y2 = y1 ^ x0; - y5 = y1 ^ x6; - y3 = y5 ^ y8; - t1 = x4 ^ y12; - y15 = t1 ^ x5; - y20 = t1 ^ x1; - y6 = y15 ^ x7; - y10 = y15 ^ t0; - y11 = y20 ^ y9; - y7 = x7 ^ y11; - y17 = y10 ^ y11; - y19 = y10 ^ y8; - y16 = t0 ^ y11; - y21 = y13 ^ y16; - y18 = x0 ^ y16; - t2 = y12 & y15; - t3 = y3 & y6; - t4 = t3 ^ t2; - t5 = y4 & x7; - t6 = t5 ^ t2; - t7 = y13 & y16; - t8 = y5 & y1; - t9 = t8 ^ t7; - t10 = y2 & y7; - t11 = t10 ^ t7; - t12 = y9 & y11; - t13 = y14 & y17; - t14 = t13 ^ t12; - t15 = y8 & y10; - t16 = t15 ^ t12; - t17 = t4 ^ t14; - t18 = t6 ^ t16; - t19 = t9 ^ t14; - t20 = t11 ^ t16; - t21 = t17 ^ y20; - t22 = t18 ^ y19; - t23 = t19 ^ y21; - t24 = t20 ^ y18; - t25 = t21 ^ t22; - t26 = t21 & t23; - t27 = t24 ^ t26; - t28 = t25 & t27; - t29 = t28 ^ t22; - t30 = t23 ^ t24; - t31 = t22 ^ t26; - t32 = t31 & t30; - t33 = t32 ^ t24; - t34 = t23 ^ t33; - t35 = t27 ^ t33; - t36 = t24 & t35; - t37 = t36 ^ t34; - t38 = t27 ^ t36; - t39 = t29 & t38; - t40 = t25 ^ t39; - t41 = t40 ^ t37; - t42 = t29 ^ t33; - t43 = t29 ^ t40; - t44 = t33 ^ t37; - t45 = t42 ^ t41; - z0 = t44 & y15; - z1 = t37 & y6; - z2 = t33 & x7; - z3 = t43 & y16; - z4 = t40 & y1; - z5 = t29 & y7; - z6 = t42 & y11; - z7 = t45 & y17; - z8 = t41 & y10; - z9 = t44 & y12; - z10 = t37 & y3; - z11 = t33 & y4; - z12 = t43 & y13; - z13 = t40 & y5; - z14 = t29 & y2; - z15 = t42 & y9; - z16 = t45 & y14; - z17 = t41 & y8; - t46 = z15 ^ z16; - t47 = z10 ^ z11; - t48 = z5 ^ z13; - t49 = z9 ^ z10; - t50 = z2 ^ z12; - t51 = z2 ^ z5; - t52 = z7 ^ z8; - t53 = z0 ^ z3; - t54 = z6 ^ z7; - t55 = z16 ^ z17; - t56 = z12 ^ t48; - t57 = t50 ^ t53; - t58 = z4 ^ t46; - t59 = z3 ^ t54; - t60 = t46 ^ t57; - t61 = z14 ^ t57; - t62 = t52 ^ t58; - t63 = t49 ^ t58; - t64 = z4 ^ t59; - t65 = t61 ^ t62; - t66 = z1 ^ t63; - s0 = t59 ^ t63; - s6 = ~(t56 ^ t62); - s7 = ~(t48 ^ t60); - t67 = t64 ^ t65; - s3 = t53 ^ t66; - s4 = t51 ^ t66; - s5 = t47 ^ t65; - s1 = ~(t64 ^ s3); - s2 = ~(t55 ^ t67); - state[0] = s7; - state[1] = s6; - state[2] = s5; - state[3] = s4; - state[4] = s3; - state[5] = s2; - state[6] = s1; - state[7] = s0; -} - -static void BitsShiftRows(u64 state[8]) -{ - u64 s, s0; - int i; - - for (i = 0; i < 8; i++) { - s = state[i]; - s0 = s & 0x1111111111111111uLL; - s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12); - s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8); - s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4); - state[i] = s0; - } -} - -static void BitsMixColumns(u64 state[8]) -{ - u64 s1, s; - u64 s0[8]; - int i; - - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s1; - s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2); - s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1); - s ^= s1; - s0[i] = s; - } - BitsXtime(state); - for (i = 0; i < 8; i++) { - s1 = state[i]; - s = s0[i]; - s ^= s1; - s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3); - state[i] = s; - } -} - -static void BitsAddRoundKey(u64 state[8], const u64 key[8]) -{ - int i; - - for (i = 0; i < 8; i++) - state[i] ^= key[i]; -} - -void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, - size_t blocks, const AES_KEY *key, - const unsigned char *ivec) -{ - struct { - u8 cipher[64]; - u64 state[8]; - u64 rd_key[AES_MAXNR + 1][8]; - } *bs; - u32 ctr32; - int i; - - ctr32 = GETU32(ivec + 12); - if (blocks >= 4 - && (bs = OPENSSL_malloc(sizeof(*bs)))) { - for (i = 0; i < key->rounds + 1; i++) { - memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16); - memcpy(bs->cipher + 16, bs->cipher, 16); - memcpy(bs->cipher + 32, bs->cipher, 32); - RawToBits(bs->cipher, bs->rd_key[i]); - } - while (blocks) { - memcpy(bs->cipher, ivec, 12); - PUTU32(bs->cipher + 12, ctr32); - ctr32++; - memcpy(bs->cipher + 16, ivec, 12); - PUTU32(bs->cipher + 28, ctr32); - ctr32++; - memcpy(bs->cipher + 32, ivec, 12); - PUTU32(bs->cipher + 44, ctr32); - ctr32++; - memcpy(bs->cipher + 48, ivec, 12); - PUTU32(bs->cipher + 60, ctr32); - ctr32++; - RawToBits(bs->cipher, bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[0]); - for (i = 1; i < key->rounds; i++) { - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsMixColumns(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[i]); - } - BitsSub(bs->state); - BitsShiftRows(bs->state); - BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]); - BitsToRaw(bs->state, bs->cipher); - for (i = 0; i < 64 && blocks; i++) { - out[i] = in[i] ^ bs->cipher[i]; - if ((i & 15) == 15) - blocks--; - } - in += i; - out += i; - } - OPENSSL_clear_free(bs, sizeof(*bs)); - } else { - unsigned char cipher[16]; - - while (blocks) { - memcpy(cipher, ivec, 12); - PUTU32(cipher + 12, ctr32); - AES_encrypt(cipher, cipher, key); - for (i = 0; i < 16; i++) - out[i] = in[i] ^ cipher[i]; - in += 16; - out += 16; - ctr32++; - blocks--; - } - } -} -# endif #elif !defined(AES_ASM) /*- Te0[x] = S [x].[02, 01, 01, 03]; Modified: head/crypto/openssl/crypto/aes/aes_ige.c ============================================================================== --- head/crypto/openssl/crypto/aes/aes_ige.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/aes/aes_ige.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,16 +12,20 @@ #include <openssl/aes.h> #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 #else # define UNALIGNED_MEMOPS_ARE_FAST 0 +#endif + +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; #endif #if UNALIGNED_MEMOPS_ARE_FAST Modified: head/crypto/openssl/crypto/asn1/d2i_pr.c ============================================================================== --- head/crypto/openssl/crypto/asn1/d2i_pr.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/asn1/d2i_pr.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; Modified: head/crypto/openssl/crypto/asn1/x_algor.c ============================================================================== --- head/crypto/openssl/crypto/asn1/x_algor.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/asn1/x_algor.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -91,4 +91,36 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALG if (!a->parameter && !b->parameter) return 0; return ASN1_TYPE_cmp(a->parameter, b->parameter); +} + +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) +{ + if (src == NULL || dest == NULL) + return 0; + + if (dest->algorithm) + ASN1_OBJECT_free(dest->algorithm); + dest->algorithm = NULL; + + if (dest->parameter) + ASN1_TYPE_free(dest->parameter); + dest->parameter = NULL; + + if (src->algorithm) + if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) + return 0; + + if (src->parameter) { + dest->parameter = ASN1_TYPE_new(); + if (dest->parameter == NULL) + return 0; + + /* Assuming this is also correct for a BOOL. + * set does copy as a side effect. + */ + if (ASN1_TYPE_set1(dest->parameter, + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + } + return 1; } Modified: head/crypto/openssl/crypto/bio/b_print.c ============================================================================== --- head/crypto/openssl/crypto/bio/b_print.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/bio/b_print.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -635,7 +635,11 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } Modified: head/crypto/openssl/crypto/bio/bss_acpt.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_acpt.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/bio/bss_acpt.c Tue Sep 22 16:18:31 2020 (r366004) @@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = BUF_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { Modified: head/crypto/openssl/crypto/bio/bss_conn.c ============================================================================== --- head/crypto/openssl/crypto/bio/bss_conn.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/bio/bss_conn.c Tue Sep 22 16:18:31 2020 (r366004) @@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname, @@ -407,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -421,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = BUF_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; Modified: head/crypto/openssl/crypto/bn/bn_gcd.c ============================================================================== --- head/crypto/openssl/crypto/bn/bn_gcd.c Tue Sep 22 15:54:18 2020 (r366003) +++ head/crypto/openssl/crypto/bn/bn_gcd.c Tue Sep 22 16:18:31 2020 (r366004) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,22 +10,189 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) + goto err; + + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } + } + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009221618.08MGIW4j021556>