From owner-svn-src-all@freebsd.org Tue Apr 21 19:38:39 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E25502B7783; Tue, 21 Apr 2020 19:38:39 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 496DQ622jwz3yYy; Tue, 21 Apr 2020 19:38:38 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1E4996614; Tue, 21 Apr 2020 19:38:36 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03LJcaSP093048; Tue, 21 Apr 2020 19:38:36 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03LJcXQr092913; Tue, 21 Apr 2020 19:38:33 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <202004211938.03LJcXQr092913@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 21 Apr 2020 19:38:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360175 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/ec crypto/openssl/crypto/evp c... X-SVN-Group: head X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto/aes crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/ec crypto/openssl/crypto/evp crypto/openssl/crypto/rand... X-SVN-Commit-Revision: 360175 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2020 19:38:40 -0000 Author: jkim Date: Tue Apr 21 19:38:32 2020 New Revision: 360175 URL: https://svnweb.freebsd.org/changeset/base/360175 Log: Merge OpenSSL 1.1.1g. Added: head/crypto/openssl/doc/man3/X509_check_purpose.pod - copied unchanged from r360173, vendor-crypto/openssl/dist/doc/man3/X509_check_purpose.pod head/secure/lib/libcrypto/man/man3/X509_check_purpose.3 (contents, props changed) Modified: head/crypto/openssl/CHANGES head/crypto/openssl/INSTALL head/crypto/openssl/NEWS head/crypto/openssl/README head/crypto/openssl/apps/build.info head/crypto/openssl/apps/dhparam.c head/crypto/openssl/apps/dsa.c head/crypto/openssl/apps/dsaparam.c head/crypto/openssl/apps/ec.c head/crypto/openssl/apps/ecparam.c head/crypto/openssl/apps/engine.c head/crypto/openssl/apps/gendsa.c head/crypto/openssl/apps/genrsa.c head/crypto/openssl/apps/ocsp.c head/crypto/openssl/apps/pkcs12.c head/crypto/openssl/apps/rsa.c head/crypto/openssl/apps/rsautl.c head/crypto/openssl/apps/s_time.c head/crypto/openssl/apps/srp.c head/crypto/openssl/apps/ts.c head/crypto/openssl/crypto/aes/aes_core.c head/crypto/openssl/crypto/aes/aes_local.h head/crypto/openssl/crypto/asn1/asn1_lib.c head/crypto/openssl/crypto/bio/bss_acpt.c head/crypto/openssl/crypto/ec/ec_asn1.c head/crypto/openssl/crypto/ec/ec_lib.c head/crypto/openssl/crypto/ec/ec_mult.c head/crypto/openssl/crypto/ec/ecp_smpl.c head/crypto/openssl/crypto/evp/e_aes.c head/crypto/openssl/crypto/rand/build.info head/crypto/openssl/crypto/rand/drbg_ctr.c head/crypto/openssl/crypto/x509/x509_vfy.c head/crypto/openssl/crypto/x509v3/v3_purp.c head/crypto/openssl/doc/man1/s_time.pod head/crypto/openssl/doc/man3/EVP_aes.pod head/crypto/openssl/doc/man3/RAND_set_rand_method.pod head/crypto/openssl/include/openssl/opensslv.h head/secure/lib/libcrypto/Makefile.inc head/secure/lib/libcrypto/man/man3/ADMISSIONS.3 head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 head/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 head/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 head/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 head/secure/lib/libcrypto/man/man3/BF_encrypt.3 head/secure/lib/libcrypto/man/man3/BIO_ADDR.3 head/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 head/secure/lib/libcrypto/man/man3/BIO_connect.3 head/secure/lib/libcrypto/man/man3/BIO_ctrl.3 head/secure/lib/libcrypto/man/man3/BIO_f_base64.3 head/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 head/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 head/secure/lib/libcrypto/man/man3/BIO_f_md.3 head/secure/lib/libcrypto/man/man3/BIO_f_null.3 head/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 head/secure/lib/libcrypto/man/man3/BIO_find_type.3 head/secure/lib/libcrypto/man/man3/BIO_get_data.3 head/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 head/secure/lib/libcrypto/man/man3/BIO_meth_new.3 head/secure/lib/libcrypto/man/man3/BIO_new.3 head/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 head/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 head/secure/lib/libcrypto/man/man3/BIO_printf.3 head/secure/lib/libcrypto/man/man3/BIO_push.3 head/secure/lib/libcrypto/man/man3/BIO_read.3 head/secure/lib/libcrypto/man/man3/BIO_s_accept.3 head/secure/lib/libcrypto/man/man3/BIO_s_bio.3 head/secure/lib/libcrypto/man/man3/BIO_s_connect.3 head/secure/lib/libcrypto/man/man3/BIO_s_fd.3 head/secure/lib/libcrypto/man/man3/BIO_s_file.3 head/secure/lib/libcrypto/man/man3/BIO_s_mem.3 head/secure/lib/libcrypto/man/man3/BIO_s_null.3 head/secure/lib/libcrypto/man/man3/BIO_s_socket.3 head/secure/lib/libcrypto/man/man3/BIO_set_callback.3 head/secure/lib/libcrypto/man/man3/BIO_should_retry.3 head/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 head/secure/lib/libcrypto/man/man3/BN_CTX_new.3 head/secure/lib/libcrypto/man/man3/BN_CTX_start.3 head/secure/lib/libcrypto/man/man3/BN_add.3 head/secure/lib/libcrypto/man/man3/BN_add_word.3 head/secure/lib/libcrypto/man/man3/BN_bn2bin.3 head/secure/lib/libcrypto/man/man3/BN_cmp.3 head/secure/lib/libcrypto/man/man3/BN_copy.3 head/secure/lib/libcrypto/man/man3/BN_generate_prime.3 head/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 head/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 head/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 head/secure/lib/libcrypto/man/man3/BN_new.3 head/secure/lib/libcrypto/man/man3/BN_num_bytes.3 head/secure/lib/libcrypto/man/man3/BN_rand.3 head/secure/lib/libcrypto/man/man3/BN_security_bits.3 head/secure/lib/libcrypto/man/man3/BN_set_bit.3 head/secure/lib/libcrypto/man/man3/BN_swap.3 head/secure/lib/libcrypto/man/man3/BN_zero.3 head/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 head/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 head/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 head/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 head/secure/lib/libcrypto/man/man3/CMS_compress.3 head/secure/lib/libcrypto/man/man3/CMS_decrypt.3 head/secure/lib/libcrypto/man/man3/CMS_encrypt.3 head/secure/lib/libcrypto/man/man3/CMS_final.3 head/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 head/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 head/secure/lib/libcrypto/man/man3/CMS_get0_type.3 head/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 head/secure/lib/libcrypto/man/man3/CMS_sign.3 head/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 head/secure/lib/libcrypto/man/man3/CMS_uncompress.3 head/secure/lib/libcrypto/man/man3/CMS_verify.3 head/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 head/secure/lib/libcrypto/man/man3/CONF_modules_free.3 head/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 head/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 head/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 head/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 head/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 head/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 head/secure/lib/libcrypto/man/man3/CTLOG_new.3 head/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 head/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 head/secure/lib/libcrypto/man/man3/DES_random_key.3 head/secure/lib/libcrypto/man/man3/DH_generate_key.3 head/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 head/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 head/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 head/secure/lib/libcrypto/man/man3/DH_meth_new.3 head/secure/lib/libcrypto/man/man3/DH_new.3 head/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 head/secure/lib/libcrypto/man/man3/DH_set_method.3 head/secure/lib/libcrypto/man/man3/DH_size.3 head/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 head/secure/lib/libcrypto/man/man3/DSA_do_sign.3 head/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 head/secure/lib/libcrypto/man/man3/DSA_generate_key.3 head/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 head/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 head/secure/lib/libcrypto/man/man3/DSA_meth_new.3 head/secure/lib/libcrypto/man/man3/DSA_new.3 head/secure/lib/libcrypto/man/man3/DSA_set_method.3 head/secure/lib/libcrypto/man/man3/DSA_sign.3 head/secure/lib/libcrypto/man/man3/DSA_size.3 head/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 head/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 head/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 head/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 head/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 head/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 head/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 head/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 head/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 head/secure/lib/libcrypto/man/man3/EC_KEY_new.3 head/secure/lib/libcrypto/man/man3/EC_POINT_add.3 head/secure/lib/libcrypto/man/man3/EC_POINT_new.3 head/secure/lib/libcrypto/man/man3/ENGINE_add.3 head/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 head/secure/lib/libcrypto/man/man3/ERR_clear_error.3 head/secure/lib/libcrypto/man/man3/ERR_error_string.3 head/secure/lib/libcrypto/man/man3/ERR_get_error.3 head/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 head/secure/lib/libcrypto/man/man3/ERR_load_strings.3 head/secure/lib/libcrypto/man/man3/ERR_print_errors.3 head/secure/lib/libcrypto/man/man3/ERR_put_error.3 head/secure/lib/libcrypto/man/man3/ERR_remove_state.3 head/secure/lib/libcrypto/man/man3/ERR_set_mark.3 head/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 head/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 head/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 head/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 head/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 head/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 head/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 head/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 head/secure/lib/libcrypto/man/man3/EVP_SealInit.3 head/secure/lib/libcrypto/man/man3/EVP_SignInit.3 head/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 head/secure/lib/libcrypto/man/man3/EVP_aes.3 head/secure/lib/libcrypto/man/man3/EVP_aria.3 head/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 head/secure/lib/libcrypto/man/man3/EVP_camellia.3 head/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_chacha20.3 head/secure/lib/libcrypto/man/man3/EVP_des.3 head/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_md2.3 head/secure/lib/libcrypto/man/man3/EVP_md4.3 head/secure/lib/libcrypto/man/man3/EVP_md5.3 head/secure/lib/libcrypto/man/man3/EVP_mdc2.3 head/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_rc4.3 head/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 head/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_sha1.3 head/secure/lib/libcrypto/man/man3/EVP_sha224.3 head/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 head/secure/lib/libcrypto/man/man3/EVP_sm3.3 head/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 head/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 head/secure/lib/libcrypto/man/man3/HMAC.3 head/secure/lib/libcrypto/man/man3/MD5.3 head/secure/lib/libcrypto/man/man3/MDC2_Init.3 head/secure/lib/libcrypto/man/man3/Makefile head/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 head/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 head/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 head/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 head/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 head/secure/lib/libcrypto/man/man3/OCSP_response_status.3 head/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 head/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 head/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 head/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 head/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 head/secure/lib/libcrypto/man/man3/OPENSSL_config.3 head/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 head/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 head/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 head/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 head/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 head/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 head/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 head/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 head/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 head/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 head/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 head/secure/lib/libcrypto/man/man3/PEM_read.3 head/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 head/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 head/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 head/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 head/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 head/secure/lib/libcrypto/man/man3/PKCS12_create.3 head/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 head/secure/lib/libcrypto/man/man3/PKCS12_parse.3 head/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 head/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 head/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 head/secure/lib/libcrypto/man/man3/PKCS7_sign.3 head/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 head/secure/lib/libcrypto/man/man3/PKCS7_verify.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 head/secure/lib/libcrypto/man/man3/RAND_add.3 head/secure/lib/libcrypto/man/man3/RAND_bytes.3 head/secure/lib/libcrypto/man/man3/RAND_cleanup.3 head/secure/lib/libcrypto/man/man3/RAND_egd.3 head/secure/lib/libcrypto/man/man3/RAND_load_file.3 head/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 head/secure/lib/libcrypto/man/man3/RC4_set_key.3 head/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 head/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 head/secure/lib/libcrypto/man/man3/RSA_check_key.3 head/secure/lib/libcrypto/man/man3/RSA_generate_key.3 head/secure/lib/libcrypto/man/man3/RSA_get0_key.3 head/secure/lib/libcrypto/man/man3/RSA_meth_new.3 head/secure/lib/libcrypto/man/man3/RSA_new.3 head/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 head/secure/lib/libcrypto/man/man3/RSA_print.3 head/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 head/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 head/secure/lib/libcrypto/man/man3/RSA_set_method.3 head/secure/lib/libcrypto/man/man3/RSA_sign.3 head/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 head/secure/lib/libcrypto/man/man3/RSA_size.3 head/secure/lib/libcrypto/man/man3/SCT_new.3 head/secure/lib/libcrypto/man/man3/SCT_print.3 head/secure/lib/libcrypto/man/man3/SCT_validate.3 head/secure/lib/libcrypto/man/man3/SHA256_Init.3 head/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 head/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 head/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 head/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 head/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 head/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 head/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 head/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 head/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 head/secure/lib/libcrypto/man/man3/SSL_accept.3 head/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 head/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 head/secure/lib/libcrypto/man/man3/SSL_check_chain.3 head/secure/lib/libcrypto/man/man3/SSL_clear.3 head/secure/lib/libcrypto/man/man3/SSL_connect.3 head/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 head/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 head/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 head/secure/lib/libcrypto/man/man3/SSL_free.3 head/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 head/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 head/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 head/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 head/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 head/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 head/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 head/secure/lib/libcrypto/man/man3/SSL_get_error.3 head/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 head/secure/lib/libcrypto/man/man3/SSL_get_fd.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 head/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 head/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 head/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 head/secure/lib/libcrypto/man/man3/SSL_get_session.3 head/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 head/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 head/secure/lib/libcrypto/man/man3/SSL_get_version.3 head/secure/lib/libcrypto/man/man3/SSL_in_init.3 head/secure/lib/libcrypto/man/man3/SSL_key_update.3 head/secure/lib/libcrypto/man/man3/SSL_library_init.3 head/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 head/secure/lib/libcrypto/man/man3/SSL_new.3 head/secure/lib/libcrypto/man/man3/SSL_pending.3 head/secure/lib/libcrypto/man/man3/SSL_read.3 head/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 head/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 head/secure/lib/libcrypto/man/man3/SSL_session_reused.3 head/secure/lib/libcrypto/man/man3/SSL_set1_host.3 head/secure/lib/libcrypto/man/man3/SSL_set_bio.3 head/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 head/secure/lib/libcrypto/man/man3/SSL_set_fd.3 head/secure/lib/libcrypto/man/man3/SSL_set_session.3 head/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 head/secure/lib/libcrypto/man/man3/SSL_shutdown.3 head/secure/lib/libcrypto/man/man3/SSL_state_string.3 head/secure/lib/libcrypto/man/man3/SSL_want.3 head/secure/lib/libcrypto/man/man3/SSL_write.3 head/secure/lib/libcrypto/man/man3/UI_STRING.3 head/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 head/secure/lib/libcrypto/man/man3/UI_create_method.3 head/secure/lib/libcrypto/man/man3/UI_new.3 head/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 head/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 head/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 head/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 head/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 head/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 head/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 head/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 head/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 head/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 head/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 head/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 head/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 head/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 head/secure/lib/libcrypto/man/man3/X509_STORE_new.3 head/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 head/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 head/secure/lib/libcrypto/man/man3/X509_check_ca.3 head/secure/lib/libcrypto/man/man3/X509_check_host.3 head/secure/lib/libcrypto/man/man3/X509_check_issued.3 head/secure/lib/libcrypto/man/man3/X509_check_private_key.3 head/secure/lib/libcrypto/man/man3/X509_cmp.3 head/secure/lib/libcrypto/man/man3/X509_cmp_time.3 head/secure/lib/libcrypto/man/man3/X509_digest.3 head/secure/lib/libcrypto/man/man3/X509_dup.3 head/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 head/secure/lib/libcrypto/man/man3/X509_get0_signature.3 head/secure/lib/libcrypto/man/man3/X509_get0_uids.3 head/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 head/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 head/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 head/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 head/secure/lib/libcrypto/man/man3/X509_get_version.3 head/secure/lib/libcrypto/man/man3/X509_new.3 head/secure/lib/libcrypto/man/man3/X509_sign.3 head/secure/lib/libcrypto/man/man3/X509_verify_cert.3 head/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 head/secure/lib/libcrypto/man/man3/d2i_DHparams.3 head/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 head/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 head/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 head/secure/lib/libcrypto/man/man3/d2i_X509.3 head/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 head/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 head/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 head/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 head/secure/lib/libcrypto/man/man5/x509v3_config.5 head/secure/lib/libcrypto/man/man7/Ed25519.7 head/secure/lib/libcrypto/man/man7/RAND.7 head/secure/lib/libcrypto/man/man7/RAND_DRBG.7 head/secure/lib/libcrypto/man/man7/RSA-PSS.7 head/secure/lib/libcrypto/man/man7/SM2.7 head/secure/lib/libcrypto/man/man7/X25519.7 head/secure/lib/libcrypto/man/man7/bio.7 head/secure/lib/libcrypto/man/man7/ct.7 head/secure/lib/libcrypto/man/man7/des_modes.7 head/secure/lib/libcrypto/man/man7/evp.7 head/secure/lib/libcrypto/man/man7/ossl_store-file.7 head/secure/lib/libcrypto/man/man7/ossl_store.7 head/secure/lib/libcrypto/man/man7/passphrase-encoding.7 head/secure/lib/libcrypto/man/man7/proxy-certificates.7 head/secure/lib/libcrypto/man/man7/scrypt.7 head/secure/lib/libcrypto/man/man7/ssl.7 head/secure/lib/libcrypto/man/man7/x509.7 head/secure/usr.bin/openssl/man/CA.pl.1 head/secure/usr.bin/openssl/man/asn1parse.1 head/secure/usr.bin/openssl/man/ca.1 head/secure/usr.bin/openssl/man/ciphers.1 head/secure/usr.bin/openssl/man/cms.1 head/secure/usr.bin/openssl/man/crl.1 head/secure/usr.bin/openssl/man/crl2pkcs7.1 head/secure/usr.bin/openssl/man/dgst.1 head/secure/usr.bin/openssl/man/dhparam.1 head/secure/usr.bin/openssl/man/dsa.1 head/secure/usr.bin/openssl/man/dsaparam.1 head/secure/usr.bin/openssl/man/ec.1 head/secure/usr.bin/openssl/man/ecparam.1 head/secure/usr.bin/openssl/man/enc.1 head/secure/usr.bin/openssl/man/engine.1 head/secure/usr.bin/openssl/man/errstr.1 head/secure/usr.bin/openssl/man/gendsa.1 head/secure/usr.bin/openssl/man/genpkey.1 head/secure/usr.bin/openssl/man/genrsa.1 head/secure/usr.bin/openssl/man/list.1 head/secure/usr.bin/openssl/man/nseq.1 head/secure/usr.bin/openssl/man/ocsp.1 head/secure/usr.bin/openssl/man/openssl.1 head/secure/usr.bin/openssl/man/passwd.1 head/secure/usr.bin/openssl/man/pkcs12.1 head/secure/usr.bin/openssl/man/pkcs7.1 head/secure/usr.bin/openssl/man/pkcs8.1 head/secure/usr.bin/openssl/man/pkey.1 head/secure/usr.bin/openssl/man/pkeyparam.1 head/secure/usr.bin/openssl/man/pkeyutl.1 head/secure/usr.bin/openssl/man/prime.1 head/secure/usr.bin/openssl/man/rand.1 head/secure/usr.bin/openssl/man/req.1 head/secure/usr.bin/openssl/man/rsa.1 head/secure/usr.bin/openssl/man/rsautl.1 head/secure/usr.bin/openssl/man/s_client.1 head/secure/usr.bin/openssl/man/s_server.1 head/secure/usr.bin/openssl/man/s_time.1 head/secure/usr.bin/openssl/man/sess_id.1 head/secure/usr.bin/openssl/man/smime.1 head/secure/usr.bin/openssl/man/speed.1 head/secure/usr.bin/openssl/man/spkac.1 head/secure/usr.bin/openssl/man/srp.1 head/secure/usr.bin/openssl/man/storeutl.1 head/secure/usr.bin/openssl/man/ts.1 head/secure/usr.bin/openssl/man/tsget.1 head/secure/usr.bin/openssl/man/verify.1 head/secure/usr.bin/openssl/man/version.1 head/secure/usr.bin/openssl/man/x509.1 Directory Properties: head/crypto/openssl/ (props changed) Modified: head/crypto/openssl/CHANGES ============================================================================== --- head/crypto/openssl/CHANGES Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/CHANGES Tue Apr 21 19:38:32 2020 (r360175) @@ -7,6 +7,27 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] + + *) Fixed segmentation fault in SSL_check_chain() + Server or client applications that call the SSL_check_chain() function + during or after a TLS 1.3 handshake may crash due to a NULL pointer + dereference as a result of incorrect handling of the + "signature_algorithms_cert" TLS extension. The crash occurs if an invalid + or unrecognised signature algorithm is received from the peer. This could + be exploited by a malicious peer in a Denial of Service attack. + (CVE-2020-1967) + [Benjamin Kaduk] + + *) Added AES consttime code for no-asm configurations + an optional constant time support for AES was added + when building openssl for no-asm. + Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME + Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME + At this time this feature is by default disabled. + It will be enabled by default in 3.0. + [Bernd Edlinger] + Changes between 1.1.1e and 1.1.1f [31 Mar 2020] *) Revert the change of EOF detection while reading in libssl to avoid Modified: head/crypto/openssl/INSTALL ============================================================================== --- head/crypto/openssl/INSTALL Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/INSTALL Tue Apr 21 19:38:32 2020 (r360175) @@ -535,9 +535,9 @@ conjunction with the "-DPEDANTIC" option (or the --strict-warnings option). - no-ui - Don't build with the "UI" capability (i.e. the set of - features enabling text based prompts). + no-ui-console + Don't build with the "UI" console method (i.e. the "UI" + method that enables text based console prompts). enable-unit-test Enable additional unit test APIs. This should not typically Modified: head/crypto/openssl/NEWS ============================================================================== --- head/crypto/openssl/NEWS Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/NEWS Tue Apr 21 19:38:32 2020 (r360175) @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] + + o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967) + Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] o Revert the unexpected EOF reporting via SSL_ERROR_SSL Modified: head/crypto/openssl/README ============================================================================== --- head/crypto/openssl/README Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/README Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1f 31 Mar 2020 + OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: head/crypto/openssl/apps/build.info ============================================================================== --- head/crypto/openssl/apps/build.info Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/build.info Tue Apr 21 19:38:32 2020 (r360175) @@ -1,16 +1,17 @@ {- our @apps_openssl_src = qw(openssl.c - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c - pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c + enc.c errstr.c + genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c + pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c - srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + verify.c version.c x509.c rehash.c storeutl.c); our @apps_lib_src = ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), split(/\s+/, $target{apps_aux_src}) ); our @apps_init_src = split(/\s+/, $target{apps_init_src}); "" -} + IF[{- !$disabled{apps} -}] LIBS_NO_INST=libapps.a SOURCE[libapps.a]={- join(" ", @apps_lib_src) -} @@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}] SOURCE[openssl]={- join(" ", @apps_openssl_src) -} INCLUDE[openssl]=.. ../include DEPEND[openssl]=libapps.a ../libssl - -IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] - GENERATE[openssl.rc]=../util/mkrc.pl openssl - SOURCE[openssl]=openssl.rc -ENDIF + IF[{- !$disabled{'des'} -}] + SOURCE[openssl]=pkcs12.c + DEPEND[pkcs12.o]=progs.h + ENDIF + IF[{- !$disabled{'ec'} -}] + SOURCE[openssl]=ec.c ecparam.c + DEPEND[ec.o]=progs.h + DEPEND[ecparam.o]=progs.h + ENDIF + IF[{- !$disabled{'ocsp'} -}] + SOURCE[openssl]=ocsp.c + DEPEND[ocsp.o]=progs.h + ENDIF + IF[{- !$disabled{'srp'} -}] + SOURCE[openssl]=srp.c + DEPEND[srp.o]=progs.h + ENDIF + IF[{- !$disabled{'ts'} -}] + SOURCE[openssl]=ts.c + DEPEND[ts.o]=progs.h + ENDIF + IF[{- !$disabled{'dh'} -}] + SOURCE[openssl]=dhparam.c + DEPEND[dhparam.o]=progs.h + ENDIF + IF[{- !$disabled{'dsa'} -}] + SOURCE[openssl]=dsa.c dsaparam.c gendsa.c + DEPEND[dsa.o]=progs.h + DEPEND[dsaparam.o]=progs.h + DEPEND[gendsa.o]=progs.h + ENDIF + IF[{- !$disabled{'engine'} -}] + SOURCE[openssl]=engine.c + DEPEND[engine.o]=progs.h + ENDIF + IF[{- !$disabled{'rsa'} -}] + SOURCE[openssl]=rsa.c rsautl.c genrsa.c + DEPEND[rsa.o]=progs.h + DEPEND[rsautl.o]=progs.h + DEPEND[genrsa.o]=progs.h + ENDIF + IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] + GENERATE[openssl.rc]=../util/mkrc.pl openssl + SOURCE[openssl]=openssl.rc + ENDIF {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } @apps_openssl_src) -} Modified: head/crypto/openssl/apps/dhparam.c ============================================================================== --- head/crypto/openssl/apps/dhparam.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/dhparam.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,29 +8,25 @@ */ #include -#ifdef OPENSSL_NO_DH -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#ifndef OPENSSL_NO_DSA +# include +#endif -# ifndef OPENSSL_NO_DSA -# include -# endif +#define DEFBITS 2048 -# define DEFBITS 2048 - static int dh_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { @@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv) if (g && !num) num = DEFBITS; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam && g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } -# endif +#endif out = bio_open_default(outfile, 'w', outformat); if (out == NULL) @@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv) BN_GENCB_set(cb, dh_cb, bio_err); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa = DSA_new(); @@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { dh = DH_new(); BIO_printf(bio_err, @@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv) if (in == NULL) goto end; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; @@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { if (informat == FORMAT_ASN1) { /* @@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif Modified: head/crypto/openssl/apps/dsa.c ============================================================================== --- head/crypto/openssl/apps/dsa.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/dsa.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,24 +8,20 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, @@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int i, modulus = 0, pubin = 0, pubout = 0, ret = 1; -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 int pvk_encr = 2; -# endif +#endif int private = 0; prog = opt_init(argc, argv, dsa_options); @@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv) i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); } -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); @@ -229,13 +225,13 @@ int dsa_main(int argc, char **argv) goto end; } assert(private); -# ifdef OPENSSL_NO_RC4 +# ifdef OPENSSL_NO_RC4 BIO_printf(bio_err, "PVK format not supported\n"); EVP_PKEY_free(pk); goto end; -# else +# else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif +# endif } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); } else { @@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv) i = i2b_PrivateKey_bio(out, pk); } EVP_PKEY_free(pk); -# endif +#endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif Modified: head/crypto/openssl/apps/dsaparam.c ============================================================================== --- head/crypto/openssl/apps/dsaparam.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/dsaparam.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include - static int dsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { @@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = { {"noout", OPT_NOOUT, '-', "No output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif Modified: head/crypto/openssl/apps/ec.c ============================================================================== --- head/crypto/openssl/apps/ec.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/ec.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,20 +8,16 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include - static OPT_PAIR conv_forms[] = { {"compressed", POINT_CONVERSION_COMPRESSED}, {"uncompressed", POINT_CONVERSION_UNCOMPRESSED}, @@ -62,9 +58,9 @@ const OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -280,4 +276,3 @@ int ec_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif Modified: head/crypto/openssl/apps/ecparam.c ============================================================================== --- head/crypto/openssl/apps/ecparam.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/ecparam.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -9,23 +9,19 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, @@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = { "Specifies the way the ec parameters are encoded"}, {"genkey", OPT_GENKEY, '-', "Generate ec key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv) BIO_free_all(out); return ret; } - -#endif Modified: head/crypto/openssl/apps/engine.c ============================================================================== --- head/crypto/openssl/apps/engine.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/engine.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,20 +8,16 @@ */ #include -#ifdef OPENSSL_NO_ENGINE -NON_EMPTY_TRANSLATION_UNIT -#else +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, @@ -486,4 +482,3 @@ int engine_main(int argc, char **argv) BIO_free_all(out); return ret; } -#endif Modified: head/crypto/openssl/apps/gendsa.c ============================================================================== --- head/crypto/openssl/apps/gendsa.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/gendsa.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, @@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, OPT_R_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif Modified: head/crypto/openssl/apps/genrsa.c ============================================================================== --- head/crypto/openssl/apps/genrsa.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/genrsa.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,28 +8,24 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include +#include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include -# include +#define DEFBITS 2048 +#define DEFPRIMES 2 -# define DEFBITS 2048 -# define DEFPRIMES 2 - static int genrsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { @@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = { OPT_R_OPTIONS, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, {NULL} }; @@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif Modified: head/crypto/openssl/apps/ocsp.c ============================================================================== --- head/crypto/openssl/apps/ocsp.c Tue Apr 21 19:08:22 2020 (r360174) +++ head/crypto/openssl/apps/ocsp.c Tue Apr 21 19:38:32 2020 (r360175) @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,65 +9,62 @@ #include -#ifdef OPENSSL_NO_OCSP -NON_EMPTY_TRANSLATION_UNIT -#else -# ifdef OPENSSL_SYS_VMS -# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined +#ifdef OPENSSL_SYS_VMS +# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ -# endif +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include /* Needs to be included before the openssl headers */ -# include "apps.h" -# include "progs.h" -# include "internal/sockets.h" -# include -# include -# include -# include -# include -# include -# include -# include +#include "apps.h" +#include "progs.h" +#include "internal/sockets.h" +#include +#include +#include +#include +#include +#include +#include +#include #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +#else +# define HAVE_FORK 1 #endif +#endif #if HAVE_FORK -# undef NO_FORK +#undef NO_FORK #else -# define NO_FORK +#define NO_FORK #endif -# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ +#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) -# define OCSP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_INFO 0 -# define LOG_WARNING 1 -# define LOG_ERR 2 -# endif +# define OCSP_DAEMON +# include +# include +# include +# include +# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +#else +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_INFO 0 +# define LOG_WARNING 1 +# define LOG_ERR 2 +#endif -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) /* not supported */ int setpgid(pid_t pid, pid_t pgid) { @@ -80,9 +77,9 @@ pid_t fork(void) errno = ENOSYS; return (pid_t) -1; } -# endif +#endif /* Maximum leeway in validity period: default 5 minutes */ -# define MAX_VALIDITY_PERIOD (5 * 60) +#define MAX_VALIDITY_PERIOD (5 * 60) static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, @@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, .. static char *prog; static int multi = 0; -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static int acfd = (int) INVALID_SOCKET; static int index_changed(CA_DB *); static void spawn_loop(void); static int print_syslog(const char *str, size_t len, void *levPtr); static void socket_timeout(int signum); -# endif +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); -# endif +#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = { "Don't include any certificates in response"}, {"resp_key_id", OPT_RESP_KEY_ID, '-', "Identify response by signing certificate key ID"}, -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, -# endif +#endif {"no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request"}, {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', @@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv) trailing_md = 1; break; case OPT_MULTI: -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON multi = atoi(opt_arg()); -# endif +#endif break; } } @@ -593,7 +590,7 @@ int ocsp_main(int argc, char **argv) } } -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi && acbio != NULL) spawn_loop(); if (acbio != NULL && req_timeout > 0) @@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv) redo_accept: if (acbio != NULL) { -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); @@ -619,7 +616,7 @@ redo_accept: ridx_filename); } } -# endif +#endif req = NULL; if (!do_responder(&req, &cbio, acbio, req_timeout)) @@ -688,16 +685,16 @@ redo_accept: if (cbio != NULL) send_ocsp_response(cbio, resp); } else if (host != NULL) { -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK resp = process_responder(req, host, path, port, use_ssl, headers, req_timeout); if (resp == NULL) goto end; -# else +#else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; -# endif +#endif } else if (respin != NULL) { derbio = bio_open_default(respin, 'r', FORMAT_ASN1); if (derbio == NULL) @@ -840,7 +837,7 @@ log_message(int level, const char *fmt, ...) va_list ap; va_start(ap, fmt); -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi) { char buf[1024]; if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { @@ -849,7 +846,7 @@ log_message(int level, const char *fmt, ...) if (level >= LOG_ERR) ERR_print_errors_cb(print_syslog, &level); } -# endif +#endif if (!multi) { BIO_printf(bio_err, "%s: ", prog); BIO_vprintf(bio_err, fmt, ap); @@ -858,7 +855,7 @@ log_message(int level, const char *fmt, ...) va_end(ap); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***