git: 0d0c8621fd18 - main - openssl: Import OpenSSL 3.0.16
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Mar 2025 06:43:13 UTC
The branch main has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=0d0c8621fd181e507f0fb50ffcca606faf66a8c2
commit 0d0c8621fd181e507f0fb50ffcca606faf66a8c2
Merge: 47f4137e44b8 1c34280346af
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2025-03-14 06:40:59 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-03-14 06:40:59 +0000
openssl: Import OpenSSL 3.0.16
This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)
Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49296
crypto/openssl/CHANGES.md | 33 ++
crypto/openssl/Configurations/unix-Makefile.tmpl | 2 +-
crypto/openssl/NEWS.md | 16 +
crypto/openssl/NOTES-NONSTOP.md | 7 +-
crypto/openssl/README.md | 28 +-
crypto/openssl/VERSION.dat | 4 +-
crypto/openssl/apps/asn1parse.c | 5 +-
crypto/openssl/apps/cms.c | 39 ++-
crypto/openssl/apps/engine.c | 8 +-
crypto/openssl/apps/lib/http_server.c | 7 +-
crypto/openssl/apps/lib/s_cb.c | 24 +-
crypto/openssl/apps/lib/s_socket.c | 13 +-
crypto/openssl/apps/lib/vms_term_sock.c | 10 +-
crypto/openssl/apps/passwd.c | 3 +-
crypto/openssl/apps/pkcs12.c | 5 +-
crypto/openssl/apps/pkeyutl.c | 5 +-
crypto/openssl/apps/rehash.c | 5 +
crypto/openssl/apps/smime.c | 20 +-
crypto/openssl/apps/speed.c | 373 ++++++++++++++++-----
crypto/openssl/configdata.pm.in | 4 +-
crypto/openssl/crypto/asn1/a_bitstr.c | 41 ++-
crypto/openssl/crypto/asn1/a_strnid.c | 10 +-
crypto/openssl/crypto/asn1/a_time.c | 57 ++--
crypto/openssl/crypto/asn1/asn1_gen.c | 5 +-
crypto/openssl/crypto/asn1/asn_mime.c | 2 +
crypto/openssl/crypto/bio/bio_addr.c | 9 +-
crypto/openssl/crypto/bio/bio_sock.c | 4 +-
crypto/openssl/crypto/bio/bss_log.c | 2 +-
crypto/openssl/crypto/bn/asm/armv8-mont.pl | 4 +-
crypto/openssl/crypto/bn/bn_exp.c | 23 +-
crypto/openssl/crypto/bn/bn_gf2m.c | 28 +-
crypto/openssl/crypto/bn/rsaz_exp_x2.c | 8 +-
crypto/openssl/crypto/cmp/cmp_client.c | 5 +-
crypto/openssl/crypto/cms/cms_asn1.c | 19 +-
crypto/openssl/crypto/cms/cms_dh.c | 2 +-
crypto/openssl/crypto/cms/cms_env.c | 9 -
crypto/openssl/crypto/cms/cms_err.c | 102 +++---
crypto/openssl/crypto/cms/cms_kari.c | 9 +-
crypto/openssl/crypto/cms/cms_lib.c | 15 +-
crypto/openssl/crypto/cms/cms_local.h | 2 +-
crypto/openssl/crypto/cms/cms_rsa.c | 5 +-
crypto/openssl/crypto/cms/cms_sd.c | 20 +-
crypto/openssl/crypto/cms/cms_smime.c | 3 +-
crypto/openssl/crypto/core_fetch.c | 5 +-
crypto/openssl/crypto/dso/dso_dl.c | 13 +-
crypto/openssl/crypto/dso/dso_dlfcn.c | 9 +-
crypto/openssl/crypto/dso/dso_win32.c | 16 +-
crypto/openssl/crypto/ec/ec_asn1.c | 2 +-
crypto/openssl/crypto/ec/ec_backend.c | 8 +-
crypto/openssl/crypto/ec/ec_lib.c | 9 +-
crypto/openssl/crypto/ec/ec_oct.c | 4 +
crypto/openssl/crypto/encode_decode/encoder_pkey.c | 6 +-
crypto/openssl/crypto/err/openssl.txt | 4 +-
crypto/openssl/crypto/evp/ctrl_params_translate.c | 12 +-
crypto/openssl/crypto/evp/m_sigver.c | 12 +-
crypto/openssl/crypto/http/http_client.c | 19 +-
crypto/openssl/crypto/http/http_lib.c | 22 +-
crypto/openssl/crypto/pem/pem_pk8.c | 4 +-
crypto/openssl/crypto/pkcs12/p12_crt.c | 6 +-
crypto/openssl/crypto/pkcs7/pk7_doit.c | 6 +-
crypto/openssl/crypto/pkcs7/pk7_lib.c | 5 +
crypto/openssl/crypto/sm2/sm2_sign.c | 10 +-
crypto/openssl/crypto/srp/srp_vfy.c | 2 +
crypto/openssl/crypto/threads_win.c | 3 +-
crypto/openssl/crypto/trace.c | 2 +-
crypto/openssl/crypto/ui/ui_util.c | 12 +-
crypto/openssl/crypto/x509/v3_admis.c | 34 +-
crypto/openssl/crypto/x509/v3_san.c | 3 +-
crypto/openssl/crypto/x509/x509_cmp.c | 4 +-
crypto/openssl/crypto/x509/x_all.c | 4 +-
crypto/openssl/demos/cipher/aesccm.c | 2 +-
crypto/openssl/doc/man1/openssl-ca.pod.in | 2 +-
crypto/openssl/doc/man1/openssl-cmp.pod.in | 11 +-
crypto/openssl/doc/man1/openssl-cms.pod.in | 9 +-
crypto/openssl/doc/man1/openssl-fipsinstall.pod.in | 4 +
crypto/openssl/doc/man1/openssl-ocsp.pod.in | 30 +-
crypto/openssl/doc/man1/openssl-pkeyutl.pod.in | 77 +++--
crypto/openssl/doc/man1/openssl-req.pod.in | 4 +-
crypto/openssl/doc/man1/openssl-s_client.pod.in | 77 ++++-
crypto/openssl/doc/man1/openssl-s_server.pod.in | 11 +-
crypto/openssl/doc/man1/openssl-s_time.pod.in | 1 +
crypto/openssl/doc/man1/openssl-smime.pod.in | 4 +-
crypto/openssl/doc/man1/openssl-ts.pod.in | 2 +
.../doc/man1/openssl-verification-options.pod | 194 ++++++-----
crypto/openssl/doc/man1/openssl.pod | 107 +-----
crypto/openssl/doc/man3/ASN1_TIME_set.pod | 10 +-
crypto/openssl/doc/man3/ASN1_aux_cb.pod | 6 +-
crypto/openssl/doc/man3/BIO_s_accept.pod | 6 +-
crypto/openssl/doc/man3/BIO_s_connect.pod | 2 +-
crypto/openssl/doc/man3/ECDSA_sign.pod | 4 +-
crypto/openssl/doc/man3/EVP_EncryptInit.pod | 16 +-
crypto/openssl/doc/man3/EVP_PKEY_decapsulate.pod | 9 +-
crypto/openssl/doc/man3/EVP_PKEY_encapsulate.pod | 7 +-
crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod | 6 +-
crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod | 4 +-
crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 11 +-
crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 6 +-
crypto/openssl/doc/man3/OSSL_PARAM.pod | 2 +-
crypto/openssl/doc/man3/OSSL_trace_enabled.pod | 8 +-
crypto/openssl/doc/man3/SSL_CTX_new.pod | 10 +-
crypto/openssl/doc/man3/SSL_get_shared_sigalgs.pod | 2 +-
crypto/openssl/doc/man3/SSL_set_bio.pod | 9 +
crypto/openssl/doc/man3/X509V3_set_ctx.pod | 5 +-
crypto/openssl/doc/man3/X509_STORE_CTX_new.pod | 19 +-
crypto/openssl/doc/man3/X509_add_cert.pod | 3 +-
crypto/openssl/doc/man3/X509_load_http.pod | 3 +
crypto/openssl/doc/man7/EVP_KDF-HKDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-KB.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-PBKDF2.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-SS.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-SSHKDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-TLS13_KDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-TLS1_PRF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-X942-ASN1.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-X963.pod | 2 +
crypto/openssl/doc/man7/EVP_SIGNATURE-DSA.pod | 4 +-
crypto/openssl/doc/man7/openssl-env.pod | 93 +++++
crypto/openssl/doc/man7/provider.pod | 12 +
crypto/openssl/engines/e_afalg.c | 4 +-
crypto/openssl/engines/e_loader_attic.c | 2 +-
crypto/openssl/include/crypto/bn.h | 5 +-
crypto/openssl/include/crypto/cmserr.h | 2 +-
crypto/openssl/include/openssl/cmserr.h | 3 +-
crypto/openssl/include/openssl/http.h | 5 +-
crypto/openssl/providers/fips-sources.checksums | 254 +++++++-------
crypto/openssl/providers/fips.checksum | 2 +-
.../implementations/ciphers/cipher_aes_ocb.c | 12 +-
.../encode_decode/encode_key2text.c | 3 +-
.../openssl/providers/implementations/kdfs/hkdf.c | 2 +-
.../providers/implementations/kdfs/scrypt.c | 5 +-
.../providers/implementations/kem/rsa_kem.c | 54 ++-
.../providers/implementations/keymgmt/dsa_kmgmt.c | 2 +-
.../providers/implementations/keymgmt/ecx_kmgmt.c | 2 +-
.../implementations/keymgmt/mac_legacy_kmgmt.c | 6 +-
.../implementations/signature/eddsa_sig.c | 3 +-
.../implementations/storemgmt/file_store.c | 2 +-
crypto/openssl/ssl/statem/extensions_srvr.c | 2 +-
crypto/openssl/ssl/statem/statem_srvr.c | 6 +-
crypto/openssl/test/acvp_test.c | 2 +-
crypto/openssl/test/build.info | 6 +-
crypto/openssl/test/cmactest.c | 8 +-
crypto/openssl/test/conf_include_test.c | 2 +-
crypto/openssl/test/drbgtest.c | 2 +-
crypto/openssl/test/ec_internal_test.c | 51 +++
crypto/openssl/test/enginetest.c | 4 +-
crypto/openssl/test/evp_kdf_test.c | 28 +-
crypto/openssl/test/evp_libctx_test.c | 126 ++++---
crypto/openssl/test/hmactest.c | 12 +-
crypto/openssl/test/memleaktest.c | 4 +-
crypto/openssl/test/p_test.c | 34 +-
crypto/openssl/test/pkcs12_format_test.c | 9 +-
crypto/openssl/test/property_test.c | 41 ++-
crypto/openssl/test/recipes/03-test_fipsinstall.t | 4 +
.../openssl/test/recipes/04-test_encoder_decoder.t | 29 +-
crypto/openssl/test/recipes/25-test_verify.t | 8 +-
.../recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 10 +
crypto/openssl/test/recipes/80-test_cmp_http.t | 4 +-
.../80-test_cmp_http_data/test_connection.csv | 4 +-
crypto/openssl/test/recipes/80-test_cms.t | 81 ++++-
crypto/openssl/test/sslapitest.c | 5 +-
crypto/openssl/test/testutil/tests.c | 3 +-
crypto/openssl/test/threadstest.c | 2 +-
crypto/openssl/util/check-format-commit.sh | 193 ++++++-----
crypto/openssl/util/check-format.pl | 14 +-
crypto/openssl/util/mkbuildinf.pl | 12 +-
crypto/openssl/util/perl/OpenSSL/Template.pm | 9 +
166 files changed, 2042 insertions(+), 1082 deletions(-)
diff --cc crypto/openssl/README.md
index 5184a461bb17,000000000000..477f5cbb7d12
mode 100644,000000..100644
--- a/crypto/openssl/README.md
+++ b/crypto/openssl/README.md
@@@ -1,224 -1,0 +1,212 @@@
+Welcome to the OpenSSL Project
+==============================
+
+[![openssl logo]][www.openssl.org]
+
+[![github actions ci badge]][github actions ci]
+[![appveyor badge]][appveyor jobs]
+
+OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit
+for the Transport Layer Security (TLS) protocol formerly known as the
+Secure Sockets Layer (SSL) protocol. The protocol implementation is based
+on a full-strength general purpose cryptographic library, which can also
+be used stand-alone.
+
+OpenSSL is descended from the SSLeay library developed by Eric A. Young
+and Tim J. Hudson.
+
+The official Home Page of the OpenSSL Project is [www.openssl.org].
+
+Table of Contents
+=================
+
+ - [Overview](#overview)
+ - [Download](#download)
+ - [Build and Install](#build-and-install)
+ - [Documentation](#documentation)
+ - [License](#license)
+ - [Support](#support)
+ - [Contributing](#contributing)
+ - [Legalities](#legalities)
+
+Overview
+========
+
+The OpenSSL toolkit includes:
+
+- **libssl**
+ an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]).
+
+- **libcrypto**
+ a full-strength general purpose cryptographic library. It constitutes the
+ basis of the TLS implementation, but can also be used independently.
+
+- **openssl**
+ the OpenSSL command line tool, a swiss army knife for cryptographic tasks,
+ testing and analyzing. It can be used for
+ - creation of key parameters
+ - creation of X.509 certificates, CSRs and CRLs
+ - calculation of message digests
+ - encryption and decryption
+ - SSL/TLS client and server tests
+ - handling of S/MIME signed or encrypted mail
+ - and more...
+
+Download
+========
+
+For Production Use
+------------------
+
+Source code tarballs of the official releases can be downloaded from
- [www.openssl.org/source](https://www.openssl.org/source).
++[openssl-library.org/source/](https://openssl-library.org/source/).
+The OpenSSL project does not distribute the toolkit in binary form.
+
+However, for a large variety of operating systems precompiled versions
+of the OpenSSL toolkit are available. In particular on Linux and other
+Unix operating systems it is normally recommended to link against the
+precompiled shared libraries provided by the distributor or vendor.
+
+For Testing and Development
+---------------------------
+
+Although testing and development could in theory also be done using
+the source tarballs, having a local copy of the git repository with
+the entire project history gives you much more insight into the
+code base.
+
- The official OpenSSL Git Repository is located at [git.openssl.org].
- There is a GitHub mirror of the repository at [github.com/openssl/openssl],
++The main OpenSSL Git repository is private.
++There is a public GitHub mirror of it at [github.com/openssl/openssl],
+which is updated automatically from the former on every commit.
+
- A local copy of the Git Repository can be obtained by cloning it from
- the original OpenSSL repository using
-
- git clone git://git.openssl.org/openssl.git
-
- or from the GitHub mirror using
++A local copy of the Git repository can be obtained by cloning it from
++the GitHub mirror using
+
+ git clone https://github.com/openssl/openssl.git
+
+If you intend to contribute to OpenSSL, either to fix bugs or contribute
- new features, you need to fork the OpenSSL repository openssl/openssl on
- GitHub and clone your public fork instead.
++new features, you need to fork the GitHub mirror and clone your public fork
++instead.
+
+ git clone https://github.com/yourname/openssl.git
+
+This is necessary, because all development of OpenSSL nowadays is done via
+GitHub pull requests. For more details, see [Contributing](#contributing).
+
+Build and Install
+=================
+
+After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for
+detailed instructions about building and installing OpenSSL. For some
+platforms, the installation instructions are amended by a platform specific
+document.
+
+ * [Notes for UNIX-like platforms](NOTES-UNIX.md)
+ * [Notes for Android platforms](NOTES-ANDROID.md)
+ * [Notes for Windows platforms](NOTES-WINDOWS.md)
+ * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
+ * [Notes for the OpenVMS platform](NOTES-VMS.md)
+ * [Notes on Perl](NOTES-PERL.md)
+ * [Notes on Valgrind](NOTES-VALGRIND.md)
+
+Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found
+in the [migration_guide(7ossl)] manual page.
+
+Documentation
+=============
+
+Manual Pages
+------------
+
+The manual pages for the master branch and all current stable releases are
+available online.
+
+- [OpenSSL master](https://www.openssl.org/docs/manmaster)
+- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0)
+- [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1)
+
+Wiki
+----
+
+There is a Wiki at [wiki.openssl.org] which is currently not very active.
+It contains a lot of useful information, not all of which is up to date.
+
+License
+=======
+
+OpenSSL is licensed under the Apache License 2.0, which means that
+you are free to get and use it for commercial and non-commercial
+purposes as long as you fulfill its conditions.
+
+See the [LICENSE.txt](LICENSE.txt) file for more details.
+
+Support
+=======
+
+There are various ways to get in touch. The correct channel depends on
+your requirement. see the [SUPPORT](SUPPORT.md) file for more details.
+
+Contributing
+============
+
+If you are interested and willing to contribute to the OpenSSL project,
+please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file.
+
+Legalities
+==========
+
+A number of nations restrict the use or export of cryptography. If you are
+potentially subject to such restrictions you should seek legal advice before
+attempting to develop or distribute cryptographic code.
+
+Copyright
+=========
+
- Copyright (c) 1998-2024 The OpenSSL Project
++Copyright (c) 1998-2025 The OpenSSL Project
+
+Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+
+All rights reserved.
+
+<!-- Links -->
+
+[www.openssl.org]:
+ <https://www.openssl.org>
+ "OpenSSL Homepage"
+
- [git.openssl.org]:
- <https://git.openssl.org>
- "OpenSSL Git Repository"
-
- [git.openssl.org]:
- <https://git.openssl.org>
- "OpenSSL Git Repository"
-
+[github.com/openssl/openssl]:
+ <https://github.com/openssl/openssl>
+ "OpenSSL GitHub Mirror"
+
+[wiki.openssl.org]:
+ <https://wiki.openssl.org>
+ "OpenSSL Wiki"
+
+[migration_guide(7ossl)]:
+ <https://www.openssl.org/docs/man3.0/man7/migration_guide.html>
+ "OpenSSL Migration Guide"
+
+[RFC 8446]:
+ <https://tools.ietf.org/html/rfc8446>
+
+<!-- Logos and Badges -->
+
+[openssl logo]:
+ doc/images/openssl.svg
+ "OpenSSL Logo"
+
+[github actions ci badge]:
+ <https://github.com/openssl/openssl/workflows/GitHub%20CI/badge.svg>
+ "GitHub Actions CI Status"
+
+[github actions ci]:
+ <https://github.com/openssl/openssl/actions?query=workflow%3A%22GitHub+CI%22>
+ "GitHub Actions CI"
+
+[appveyor badge]:
+ <https://ci.appveyor.com/api/projects/status/8e10o7xfrg73v98f/branch/master?svg=true>
+ "AppVeyor Build Status"
+
+[appveyor jobs]:
+ <https://ci.appveyor.com/project/openssl/openssl/branch/master>
+ "AppVeyor Jobs"