svn commit: r360173 - in vendor-crypto/openssl/dist: . apps crypto/aes crypto/asn1 crypto/bio crypto/ec crypto/evp crypto/rand crypto/x509 crypto/x509v3 doc/man1 doc/man3 include/openssl ssl
Jung-uk Kim
jkim at FreeBSD.org
Tue Apr 21 19:07:49 UTC 2020
Author: jkim
Date: Tue Apr 21 19:07:46 2020
New Revision: 360173
URL: https://svnweb.freebsd.org/changeset/base/360173
Log:
Import OpenSSL 1.1.1g.
Added:
vendor-crypto/openssl/dist/doc/man3/X509_check_purpose.pod
Modified:
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/INSTALL
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/build.info
vendor-crypto/openssl/dist/apps/dhparam.c
vendor-crypto/openssl/dist/apps/dsa.c
vendor-crypto/openssl/dist/apps/dsaparam.c
vendor-crypto/openssl/dist/apps/ec.c
vendor-crypto/openssl/dist/apps/ecparam.c
vendor-crypto/openssl/dist/apps/engine.c
vendor-crypto/openssl/dist/apps/gendsa.c
vendor-crypto/openssl/dist/apps/genrsa.c
vendor-crypto/openssl/dist/apps/ocsp.c
vendor-crypto/openssl/dist/apps/pkcs12.c
vendor-crypto/openssl/dist/apps/rsa.c
vendor-crypto/openssl/dist/apps/rsautl.c
vendor-crypto/openssl/dist/apps/s_time.c
vendor-crypto/openssl/dist/apps/srp.c
vendor-crypto/openssl/dist/apps/ts.c
vendor-crypto/openssl/dist/crypto/aes/aes_core.c
vendor-crypto/openssl/dist/crypto/aes/aes_local.h
vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c
vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist/crypto/ec/ec_mult.c
vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c
vendor-crypto/openssl/dist/crypto/evp/e_aes.c
vendor-crypto/openssl/dist/crypto/rand/build.info
vendor-crypto/openssl/dist/crypto/rand/drbg_ctr.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/dist/doc/man1/s_time.pod
vendor-crypto/openssl/dist/doc/man3/EVP_aes.pod
vendor-crypto/openssl/dist/doc/man3/RAND_set_rand_method.pod
vendor-crypto/openssl/dist/include/openssl/opensslv.h
vendor-crypto/openssl/dist/ssl/t1_lib.c
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/CHANGES Tue Apr 21 19:07:46 2020 (r360173)
@@ -7,6 +7,27 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
+
+ *) Fixed segmentation fault in SSL_check_chain()
+ Server or client applications that call the SSL_check_chain() function
+ during or after a TLS 1.3 handshake may crash due to a NULL pointer
+ dereference as a result of incorrect handling of the
+ "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+ or unrecognised signature algorithm is received from the peer. This could
+ be exploited by a malicious peer in a Denial of Service attack.
+ (CVE-2020-1967)
+ [Benjamin Kaduk]
+
+ *) Added AES consttime code for no-asm configurations
+ an optional constant time support for AES was added
+ when building openssl for no-asm.
+ Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+ Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
+ At this time this feature is by default disabled.
+ It will be enabled by default in 3.0.
+ [Bernd Edlinger]
+
Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
*) Revert the change of EOF detection while reading in libssl to avoid
Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Apr 21 19:07:46 2020 (r360173)
@@ -11,7 +11,7 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.1.1e
+setenv OSSLVER 1.1.1g
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist/INSTALL
==============================================================================
--- vendor-crypto/openssl/dist/INSTALL Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/INSTALL Tue Apr 21 19:07:46 2020 (r360173)
@@ -535,9 +535,9 @@
conjunction with the "-DPEDANTIC" option (or the
--strict-warnings option).
- no-ui
- Don't build with the "UI" capability (i.e. the set of
- features enabling text based prompts).
+ no-ui-console
+ Don't build with the "UI" console method (i.e. the "UI"
+ method that enables text based console prompts).
enable-unit-test
Enable additional unit test APIs. This should not typically
Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/NEWS Tue Apr 21 19:07:46 2020 (r360173)
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+ o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
+
Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
o Revert the unexpected EOF reporting via SSL_ERROR_SSL
Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/README Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1f 31 Mar 2020
+ OpenSSL 1.1.1g 21 Apr 2020
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: vendor-crypto/openssl/dist/apps/build.info
==============================================================================
--- vendor-crypto/openssl/dist/apps/build.info Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/build.info Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,16 +1,17 @@
{- our @apps_openssl_src =
qw(openssl.c
- asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
- dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
- genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
- pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
+ asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c
+ enc.c errstr.c
+ genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c
+ pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
- srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
+ verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}
+
IF[{- !$disabled{apps} -}]
LIBS_NO_INST=libapps.a
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
@@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}]
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=libapps.a ../libssl
-
-IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
- GENERATE[openssl.rc]=../util/mkrc.pl openssl
- SOURCE[openssl]=openssl.rc
-ENDIF
+ IF[{- !$disabled{'des'} -}]
+ SOURCE[openssl]=pkcs12.c
+ DEPEND[pkcs12.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'ec'} -}]
+ SOURCE[openssl]=ec.c ecparam.c
+ DEPEND[ec.o]=progs.h
+ DEPEND[ecparam.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'ocsp'} -}]
+ SOURCE[openssl]=ocsp.c
+ DEPEND[ocsp.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'srp'} -}]
+ SOURCE[openssl]=srp.c
+ DEPEND[srp.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'ts'} -}]
+ SOURCE[openssl]=ts.c
+ DEPEND[ts.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'dh'} -}]
+ SOURCE[openssl]=dhparam.c
+ DEPEND[dhparam.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'dsa'} -}]
+ SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
+ DEPEND[dsa.o]=progs.h
+ DEPEND[dsaparam.o]=progs.h
+ DEPEND[gendsa.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'engine'} -}]
+ SOURCE[openssl]=engine.c
+ DEPEND[engine.o]=progs.h
+ ENDIF
+ IF[{- !$disabled{'rsa'} -}]
+ SOURCE[openssl]=rsa.c rsautl.c genrsa.c
+ DEPEND[rsa.o]=progs.h
+ DEPEND[rsautl.o]=progs.h
+ DEPEND[genrsa.o]=progs.h
+ ENDIF
+ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
+ GENERATE[openssl.rc]=../util/mkrc.pl openssl
+ SOURCE[openssl]=openssl.rc
+ ENDIF
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
Modified: vendor-crypto/openssl/dist/apps/dhparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dhparam.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/dhparam.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,29 +8,25 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DH
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/dh.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
-# ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-# endif
+#define DEFBITS 2048
-# define DEFBITS 2048
-
static int dh_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
@@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = {
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
-# endif
-# ifndef OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv)
if (g && !num)
num = DEFBITS;
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam && g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
-# endif
+#endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
@@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv)
BN_GENCB_set(cb, dh_cb, bio_err);
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa = DSA_new();
@@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv)
goto end;
}
} else
-# endif
+#endif
{
dh = DH_new();
BIO_printf(bio_err,
@@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv)
if (in == NULL)
goto end;
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
@@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv)
goto end;
}
} else
-# endif
+#endif
{
if (informat == FORMAT_ASN1) {
/*
@@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb)
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/dsa.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dsa.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/dsa.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,24 +8,20 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include <time.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/dsa.h>
-# include <openssl/evp.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/bn.h>
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
@@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_RC4
+#ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
-# endif
-# ifndef OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv)
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
-# ifndef OPENSSL_NO_RC4
+#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
-# endif
+#endif
int private = 0;
prog = opt_init(argc, argv, dsa_options);
@@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv)
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
}
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
@@ -229,13 +225,13 @@ int dsa_main(int argc, char **argv)
goto end;
}
assert(private);
-# ifdef OPENSSL_NO_RC4
+# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
-# else
+# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-# endif
+# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
@@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv)
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
-# endif
+#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
@@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv)
OPENSSL_free(passout);
return ret;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/dsaparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/dsaparam.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/dsaparam.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,23 +8,19 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-
static int dsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
@@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = {
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb)
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/ec.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ec.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/ec.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,20 +8,16 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_EC
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/evp.h>
-# include <openssl/pem.h>
-
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
@@ -62,9 +58,9 @@ const OPTIONS ec_options[] = {
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -280,4 +276,3 @@ int ec_main(int argc, char **argv)
OPENSSL_free(passout);
return ret;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/ecparam.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/ecparam.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -9,23 +9,19 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_EC
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
-# include <stdio.h>
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/ec.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
@@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = {
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
OPT_R_OPTIONS,
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv)
BIO_free_all(out);
return ret;
}
-
-#endif
Modified: vendor-crypto/openssl/dist/apps/engine.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/engine.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/engine.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,20 +8,16 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_ENGINE
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include "apps.h"
+#include "progs.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+#include <openssl/store.h>
-# include "apps.h"
-# include "progs.h"
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include <openssl/err.h>
-# include <openssl/engine.h>
-# include <openssl/ssl.h>
-# include <openssl/store.h>
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
@@ -486,4 +482,3 @@ int engine_main(int argc, char **argv)
BIO_free_all(out);
return ret;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/gendsa.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/gendsa.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/gendsa.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,23 +8,19 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_DSA
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
-# include <stdio.h>
-# include <string.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
@@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = {
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
{NULL}
};
@@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv)
OPENSSL_free(passout);
return ret;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/genrsa.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/genrsa.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/genrsa.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,28 +8,24 @@
*/
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_RSA
-NON_EMPTY_TRANSLATION_UNIT
-#else
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
-# include <stdio.h>
-# include <string.h>
-# include <sys/types.h>
-# include <sys/stat.h>
-# include "apps.h"
-# include "progs.h"
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/bn.h>
-# include <openssl/rsa.h>
-# include <openssl/evp.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/rand.h>
+#define DEFBITS 2048
+#define DEFPRIMES 2
-# define DEFBITS 2048
-# define DEFPRIMES 2
-
static int genrsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
@@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = {
OPT_R_OPTIONS,
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
+#endif
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
{NULL}
};
@@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb)
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
-#endif
Modified: vendor-crypto/openssl/dist/apps/ocsp.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c Tue Apr 21 17:51:54 2020 (r360172)
+++ vendor-crypto/openssl/dist/apps/ocsp.c Tue Apr 21 19:07:46 2020 (r360173)
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,65 +9,62 @@
#include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_OCSP
-NON_EMPTY_TRANSLATION_UNIT
-#else
-# ifdef OPENSSL_SYS_VMS
-# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
+#ifdef OPENSSL_SYS_VMS
+# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
* on OpenVMS */
-# endif
+#endif
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include <time.h>
-# include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <ctype.h>
/* Needs to be included before the openssl headers */
-# include "apps.h"
-# include "progs.h"
-# include "internal/sockets.h"
-# include <openssl/e_os2.h>
-# include <openssl/crypto.h>
-# include <openssl/err.h>
-# include <openssl/ssl.h>
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/x509v3.h>
-# include <openssl/rand.h>
+#include "apps.h"
+#include "progs.h"
+#include "internal/sockets.h"
+#include <openssl/e_os2.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
-# define HAVE_FORK 0
-# else
-# define HAVE_FORK 1
-# endif
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# define HAVE_FORK 0
+#else
+# define HAVE_FORK 1
#endif
+#endif
#if HAVE_FORK
-# undef NO_FORK
+#undef NO_FORK
#else
-# define NO_FORK
+#define NO_FORK
#endif
-# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
+#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
&& !defined(OPENSSL_NO_POSIX_IO)
-# define OCSP_DAEMON
-# include <sys/types.h>
-# include <sys/wait.h>
-# include <syslog.h>
-# include <signal.h>
-# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
-# else
-# undef LOG_INFO
-# undef LOG_WARNING
-# undef LOG_ERR
-# define LOG_INFO 0
-# define LOG_WARNING 1
-# define LOG_ERR 2
-# endif
+# define OCSP_DAEMON
+# include <sys/types.h>
+# include <sys/wait.h>
+# include <syslog.h>
+# include <signal.h>
+# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
+#else
+# undef LOG_INFO
+# undef LOG_WARNING
+# undef LOG_ERR
+# define LOG_INFO 0
+# define LOG_WARNING 1
+# define LOG_ERR 2
+#endif
-# if defined(OPENSSL_SYS_VXWORKS)
+#if defined(OPENSSL_SYS_VXWORKS)
/* not supported */
int setpgid(pid_t pid, pid_t pgid)
{
@@ -80,9 +77,9 @@ pid_t fork(void)
errno = ENOSYS;
return (pid_t) -1;
}
-# endif
+#endif
/* Maximum leeway in validity period: default 5 minutes */
-# define MAX_VALIDITY_PERIOD (5 * 60)
+#define MAX_VALIDITY_PERIOD (5 * 60)
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
const EVP_MD *cert_id_md, X509 *issuer,
@@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, ..
static char *prog;
static int multi = 0;
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
static int acfd = (int) INVALID_SOCKET;
static int index_changed(CA_DB *);
static void spawn_loop(void);
static int print_syslog(const char *str, size_t len, void *levPtr);
static void socket_timeout(int signum);
-# endif
+#endif
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path,
const STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout);
-# endif
+#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = {
"Don't include any certificates in response"},
{"resp_key_id", OPT_RESP_KEY_ID, '-',
"Identify response by signing certificate key ID"},
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
{"multi", OPT_MULTI, 'p', "run multiple responder processes"},
-# endif
+#endif
{"no_certs", OPT_NO_CERTS, '-',
"Don't include any certificates in signed request"},
{"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
@@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv)
trailing_md = 1;
break;
case OPT_MULTI:
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
multi = atoi(opt_arg());
-# endif
+#endif
break;
}
}
@@ -593,7 +590,7 @@ int ocsp_main(int argc, char **argv)
}
}
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
if (multi && acbio != NULL)
spawn_loop();
if (acbio != NULL && req_timeout > 0)
@@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv)
redo_accept:
if (acbio != NULL) {
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
if (index_changed(rdb)) {
CA_DB *newrdb = load_index(ridx_filename, NULL);
@@ -619,7 +616,7 @@ redo_accept:
ridx_filename);
}
}
-# endif
+#endif
req = NULL;
if (!do_responder(&req, &cbio, acbio, req_timeout))
@@ -688,16 +685,16 @@ redo_accept:
if (cbio != NULL)
send_ocsp_response(cbio, resp);
} else if (host != NULL) {
-# ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SOCK
resp = process_responder(req, host, path,
port, use_ssl, headers, req_timeout);
if (resp == NULL)
goto end;
-# else
+#else
BIO_printf(bio_err,
"Error creating connect BIO - sockets not supported.\n");
goto end;
-# endif
+#endif
} else if (respin != NULL) {
derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
if (derbio == NULL)
@@ -840,7 +837,7 @@ log_message(int level, const char *fmt, ...)
va_list ap;
va_start(ap, fmt);
-# ifdef OCSP_DAEMON
+#ifdef OCSP_DAEMON
if (multi) {
char buf[1024];
if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) {
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list