svn commit: r365997 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/chacha/asm crypto/cmac crypto/cms crypto/conf cryp...
Jung-uk Kim
jkim at FreeBSD.org
Tue Sep 22 14:27:15 UTC 2020
Author: jkim
Date: Tue Sep 22 14:27:08 2020
New Revision: 365997
URL: https://svnweb.freebsd.org/changeset/base/365997
Log:
Import OpenSSL 1.1.1h.
Deleted:
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-avx2.pl
Modified:
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/NOTES.PERL
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/genpkey.c
vendor-crypto/openssl/dist/apps/rsa8192.pem
vendor-crypto/openssl/dist/apps/s_client.c
vendor-crypto/openssl/dist/apps/x509.c
vendor-crypto/openssl/dist/appveyor.yml
vendor-crypto/openssl/dist/crypto/aes/aes_core.c
vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl
vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c
vendor-crypto/openssl/dist/crypto/asn1/x_algor.c
vendor-crypto/openssl/dist/crypto/bio/b_print.c
vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c
vendor-crypto/openssl/dist/crypto/bn/bn_lib.c
vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c
vendor-crypto/openssl/dist/crypto/chacha/asm/chacha-x86.pl
vendor-crypto/openssl/dist/crypto/chacha/asm/chacha-x86_64.pl
vendor-crypto/openssl/dist/crypto/cmac/cmac.c
vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
vendor-crypto/openssl/dist/crypto/cms/cms_sd.c
vendor-crypto/openssl/dist/crypto/conf/conf_def.c
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-armv4.pl
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl
vendor-crypto/openssl/dist/crypto/ec/asm/x25519-x86_64.pl
vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c
vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c
vendor-crypto/openssl/dist/crypto/ec/ec_err.c
vendor-crypto/openssl/dist/crypto/ec/ec_key.c
vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist/crypto/ec/ec_local.h
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp224.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256.c
vendor-crypto/openssl/dist/crypto/engine/eng_lib.c
vendor-crypto/openssl/dist/crypto/err/openssl.txt
vendor-crypto/openssl/dist/crypto/evp/e_aes.c
vendor-crypto/openssl/dist/crypto/evp/encode.c
vendor-crypto/openssl/dist/crypto/mem_sec.c
vendor-crypto/openssl/dist/crypto/modes/asm/aesni-gcm-x86_64.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl
vendor-crypto/openssl/dist/crypto/modes/cbc128.c
vendor-crypto/openssl/dist/crypto/modes/ccm128.c
vendor-crypto/openssl/dist/crypto/modes/cfb128.c
vendor-crypto/openssl/dist/crypto/modes/ctr128.c
vendor-crypto/openssl/dist/crypto/modes/gcm128.c
vendor-crypto/openssl/dist/crypto/modes/modes_local.h
vendor-crypto/openssl/dist/crypto/modes/ofb128.c
vendor-crypto/openssl/dist/crypto/modes/xts128.c
vendor-crypto/openssl/dist/crypto/o_str.c
vendor-crypto/openssl/dist/crypto/o_time.c
vendor-crypto/openssl/dist/crypto/pem/pem_err.c
vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c
vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c
vendor-crypto/openssl/dist/crypto/poly1305/asm/poly1305-x86.pl
vendor-crypto/openssl/dist/crypto/poly1305/asm/poly1305-x86_64.pl
vendor-crypto/openssl/dist/crypto/rand/drbg_ctr.c
vendor-crypto/openssl/dist/crypto/rand/drbg_lib.c
vendor-crypto/openssl/dist/crypto/rand/rand_lib.c
vendor-crypto/openssl/dist/crypto/rand/rand_local.h
vendor-crypto/openssl/dist/crypto/rand/rand_unix.c
vendor-crypto/openssl/dist/crypto/rand/randfile.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-mb-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
vendor-crypto/openssl/dist/crypto/store/loader_file.c
vendor-crypto/openssl/dist/crypto/store/store_lib.c
vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c
vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist/crypto/whrlpool/wp_block.c
vendor-crypto/openssl/dist/crypto/x509/x509_err.c
vendor-crypto/openssl/dist/crypto/x509/x509_local.h
vendor-crypto/openssl/dist/crypto/x509/x509_req.c
vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/crypto/x509/x_pubkey.c
vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/dist/doc/man1/CA.pl.pod
vendor-crypto/openssl/dist/doc/man1/ca.pod
vendor-crypto/openssl/dist/doc/man1/dgst.pod
vendor-crypto/openssl/dist/doc/man1/enc.pod
vendor-crypto/openssl/dist/doc/man1/ocsp.pod
vendor-crypto/openssl/dist/doc/man1/pkcs12.pod
vendor-crypto/openssl/dist/doc/man1/pkcs8.pod
vendor-crypto/openssl/dist/doc/man1/pkeyutl.pod
vendor-crypto/openssl/dist/doc/man1/s_client.pod
vendor-crypto/openssl/dist/doc/man1/s_server.pod
vendor-crypto/openssl/dist/doc/man1/s_time.pod
vendor-crypto/openssl/dist/doc/man1/sess_id.pod
vendor-crypto/openssl/dist/doc/man1/ts.pod
vendor-crypto/openssl/dist/doc/man1/tsget.pod
vendor-crypto/openssl/dist/doc/man1/verify.pod
vendor-crypto/openssl/dist/doc/man1/x509.pod
vendor-crypto/openssl/dist/doc/man3/ASN1_INTEGER_get_int64.pod
vendor-crypto/openssl/dist/doc/man3/ASN1_STRING_length.pod
vendor-crypto/openssl/dist/doc/man3/ASN1_TIME_set.pod
vendor-crypto/openssl/dist/doc/man3/ASN1_TYPE_get.pod
vendor-crypto/openssl/dist/doc/man3/ASYNC_WAIT_CTX_new.pod
vendor-crypto/openssl/dist/doc/man3/ASYNC_start_job.pod
vendor-crypto/openssl/dist/doc/man3/BF_encrypt.pod
vendor-crypto/openssl/dist/doc/man3/BIO_ADDR.pod
vendor-crypto/openssl/dist/doc/man3/BIO_ADDRINFO.pod
vendor-crypto/openssl/dist/doc/man3/BIO_connect.pod
vendor-crypto/openssl/dist/doc/man3/BIO_ctrl.pod
vendor-crypto/openssl/dist/doc/man3/BIO_get_data.pod
vendor-crypto/openssl/dist/doc/man3/BIO_parse_hostserv.pod
vendor-crypto/openssl/dist/doc/man3/BIO_read.pod
vendor-crypto/openssl/dist/doc/man3/BIO_s_accept.pod
vendor-crypto/openssl/dist/doc/man3/BIO_s_bio.pod
vendor-crypto/openssl/dist/doc/man3/BIO_s_connect.pod
vendor-crypto/openssl/dist/doc/man3/BIO_s_file.pod
vendor-crypto/openssl/dist/doc/man3/BIO_set_callback.pod
vendor-crypto/openssl/dist/doc/man3/BN_add.pod
vendor-crypto/openssl/dist/doc/man3/BN_bn2bin.pod
vendor-crypto/openssl/dist/doc/man3/BN_generate_prime.pod
vendor-crypto/openssl/dist/doc/man3/BN_mod_mul_montgomery.pod
vendor-crypto/openssl/dist/doc/man3/BN_set_bit.pod
vendor-crypto/openssl/dist/doc/man3/CMS_verify.pod
vendor-crypto/openssl/dist/doc/man3/CRYPTO_THREAD_run_once.pod
vendor-crypto/openssl/dist/doc/man3/CRYPTO_memcmp.pod
vendor-crypto/openssl/dist/doc/man3/DES_random_key.pod
vendor-crypto/openssl/dist/doc/man3/DH_get0_pqg.pod
vendor-crypto/openssl/dist/doc/man3/DH_set_method.pod
vendor-crypto/openssl/dist/doc/man3/DSA_set_method.pod
vendor-crypto/openssl/dist/doc/man3/DTLSv1_listen.pod
vendor-crypto/openssl/dist/doc/man3/ECDSA_SIG_new.pod
vendor-crypto/openssl/dist/doc/man3/EC_GROUP_new.pod
vendor-crypto/openssl/dist/doc/man3/EC_KEY_new.pod
vendor-crypto/openssl/dist/doc/man3/EC_POINT_new.pod
vendor-crypto/openssl/dist/doc/man3/ENGINE_add.pod
vendor-crypto/openssl/dist/doc/man3/ERR_get_error.pod
vendor-crypto/openssl/dist/doc/man3/ERR_print_errors.pod
vendor-crypto/openssl/dist/doc/man3/ERR_put_error.pod
vendor-crypto/openssl/dist/doc/man3/EVP_DigestInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_DigestSignInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_DigestVerifyInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_EncodeInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_EncryptInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_OpenInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_CTX_ctrl.pod
vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_CTX_new.pod
vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_keygen.pod
vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_new.pod
vendor-crypto/openssl/dist/doc/man3/EVP_SealInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_SignInit.pod
vendor-crypto/openssl/dist/doc/man3/EVP_VerifyInit.pod
vendor-crypto/openssl/dist/doc/man3/HMAC.pod
vendor-crypto/openssl/dist/doc/man3/OCSP_cert_to_id.pod
vendor-crypto/openssl/dist/doc/man3/OCSP_request_add1_nonce.pod
vendor-crypto/openssl/dist/doc/man3/OCSP_resp_find_status.pod
vendor-crypto/openssl/dist/doc/man3/OCSP_sendreq_new.pod
vendor-crypto/openssl/dist/doc/man3/OPENSSL_LH_COMPFUNC.pod
vendor-crypto/openssl/dist/doc/man3/OPENSSL_config.pod
vendor-crypto/openssl/dist/doc/man3/OPENSSL_ia32cap.pod
vendor-crypto/openssl/dist/doc/man3/OPENSSL_init_crypto.pod
vendor-crypto/openssl/dist/doc/man3/OPENSSL_init_ssl.pod
vendor-crypto/openssl/dist/doc/man3/OSSL_STORE_open.pod
vendor-crypto/openssl/dist/doc/man3/PEM_read_bio_PrivateKey.pod
vendor-crypto/openssl/dist/doc/man3/PKCS7_verify.pod
vendor-crypto/openssl/dist/doc/man3/RAND_DRBG_new.pod
vendor-crypto/openssl/dist/doc/man3/RAND_DRBG_set_callbacks.pod
vendor-crypto/openssl/dist/doc/man3/RAND_add.pod
vendor-crypto/openssl/dist/doc/man3/RAND_load_file.pod
vendor-crypto/openssl/dist/doc/man3/RSA_blinding_on.pod
vendor-crypto/openssl/dist/doc/man3/RSA_private_encrypt.pod
vendor-crypto/openssl/dist/doc/man3/RSA_set_method.pod
vendor-crypto/openssl/dist/doc/man3/SHA256_Init.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CONF_cmd.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_dane_enable.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_alpn_select_cb.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_generate_session_id.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_info_callback.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_max_cert_list.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_mode.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_options.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_psk_client_callback.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_read_ahead.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_security_level.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_session_cache_mode.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_session_id_context.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_session_ticket_cb.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_split_send_fragment.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
vendor-crypto/openssl/dist/doc/man3/SSL_CTX_use_psk_identity_hint.pod
vendor-crypto/openssl/dist/doc/man3/SSL_accept.pod
vendor-crypto/openssl/dist/doc/man3/SSL_alloc_buffers.pod
vendor-crypto/openssl/dist/doc/man3/SSL_connect.pod
vendor-crypto/openssl/dist/doc/man3/SSL_do_handshake.pod
vendor-crypto/openssl/dist/doc/man3/SSL_get_all_async_fds.pod
vendor-crypto/openssl/dist/doc/man3/SSL_get_error.pod
vendor-crypto/openssl/dist/doc/man3/SSL_new.pod
vendor-crypto/openssl/dist/doc/man3/SSL_pending.pod
vendor-crypto/openssl/dist/doc/man3/SSL_read.pod
vendor-crypto/openssl/dist/doc/man3/SSL_read_early_data.pod
vendor-crypto/openssl/dist/doc/man3/SSL_set1_host.pod
vendor-crypto/openssl/dist/doc/man3/SSL_set_bio.pod
vendor-crypto/openssl/dist/doc/man3/SSL_set_fd.pod
vendor-crypto/openssl/dist/doc/man3/SSL_set_shutdown.pod
vendor-crypto/openssl/dist/doc/man3/SSL_shutdown.pod
vendor-crypto/openssl/dist/doc/man3/SSL_state_string.pod
vendor-crypto/openssl/dist/doc/man3/SSL_want.pod
vendor-crypto/openssl/dist/doc/man3/SSL_write.pod
vendor-crypto/openssl/dist/doc/man3/UI_UTIL_read_pw.pod
vendor-crypto/openssl/dist/doc/man3/UI_create_method.pod
vendor-crypto/openssl/dist/doc/man3/UI_new.pod
vendor-crypto/openssl/dist/doc/man3/X509V3_get_d2i.pod
vendor-crypto/openssl/dist/doc/man3/X509_ALGOR_dup.pod
vendor-crypto/openssl/dist/doc/man3/X509_LOOKUP_hash_dir.pod
vendor-crypto/openssl/dist/doc/man3/X509_LOOKUP_meth_new.pod
vendor-crypto/openssl/dist/doc/man3/X509_STORE_CTX_get_error.pod
vendor-crypto/openssl/dist/doc/man3/X509_STORE_CTX_new.pod
vendor-crypto/openssl/dist/doc/man3/X509_STORE_CTX_set_verify_cb.pod
vendor-crypto/openssl/dist/doc/man3/X509_STORE_set_verify_cb_func.pod
vendor-crypto/openssl/dist/doc/man3/X509_VERIFY_PARAM_set_flags.pod
vendor-crypto/openssl/dist/doc/man3/X509_check_ca.pod
vendor-crypto/openssl/dist/doc/man3/X509_check_host.pod
vendor-crypto/openssl/dist/doc/man3/X509_check_issued.pod
vendor-crypto/openssl/dist/doc/man3/X509_check_purpose.pod
vendor-crypto/openssl/dist/doc/man3/X509_get0_signature.pod
vendor-crypto/openssl/dist/doc/man3/X509v3_get_ext_by_NID.pod
vendor-crypto/openssl/dist/doc/man3/d2i_DHparams.pod
vendor-crypto/openssl/dist/doc/man3/d2i_X509.pod
vendor-crypto/openssl/dist/doc/man5/config.pod
vendor-crypto/openssl/dist/doc/man5/x509v3_config.pod
vendor-crypto/openssl/dist/doc/man7/SM2.pod
vendor-crypto/openssl/dist/doc/man7/evp.pod
vendor-crypto/openssl/dist/doc/man7/ossl_store.pod
vendor-crypto/openssl/dist/e_os.h
vendor-crypto/openssl/dist/include/openssl/bn.h
vendor-crypto/openssl/dist/include/openssl/e_os2.h
vendor-crypto/openssl/dist/include/openssl/ec.h
vendor-crypto/openssl/dist/include/openssl/ecerr.h
vendor-crypto/openssl/dist/include/openssl/opensslconf.h.in
vendor-crypto/openssl/dist/include/openssl/opensslv.h
vendor-crypto/openssl/dist/include/openssl/pemerr.h
vendor-crypto/openssl/dist/include/openssl/ssl.h
vendor-crypto/openssl/dist/include/openssl/ssl3.h
vendor-crypto/openssl/dist/include/openssl/x509.h
vendor-crypto/openssl/dist/include/openssl/x509_vfy.h
vendor-crypto/openssl/dist/include/openssl/x509err.h
vendor-crypto/openssl/dist/ssl/bio_ssl.c
vendor-crypto/openssl/dist/ssl/record/ssl3_buffer.c
vendor-crypto/openssl/dist/ssl/ssl_conf.c
vendor-crypto/openssl/dist/ssl/ssl_lib.c
vendor-crypto/openssl/dist/ssl/ssl_rsa.c
vendor-crypto/openssl/dist/ssl/statem/extensions.c
vendor-crypto/openssl/dist/ssl/statem/extensions_srvr.c
vendor-crypto/openssl/dist/ssl/statem/statem_lib.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/ssl/t1_trce.c
vendor-crypto/openssl/dist/ssl/tls13_enc.c
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/CHANGES Tue Sep 22 14:27:08 2020 (r365997)
@@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
+
+ *) Certificates with explicit curve parameters are now disallowed in
+ verification chains if the X509_V_FLAG_X509_STRICT flag is used.
+ [Tomas Mraz]
+
+ *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+ ignore TLS protocol version bounds when configuring DTLS-based contexts, and
+ conversely, silently ignore DTLS protocol version bounds when configuring
+ TLS-based contexts. The commands can be repeated to set bounds of both
+ types. The same applies with the corresponding "min_protocol" and
+ "max_protocol" command-line switches, in case some application uses both TLS
+ and DTLS.
+
+ SSL_CTX instances that are created for a fixed protocol version (e.g.
+ TLSv1_server_method()) also silently ignore version bounds. Previously
+ attempts to apply bounds to these protocol versions would result in an
+ error. Now only the "version-flexible" SSL_CTX instances are subject to
+ limits in configuration files in command-line options.
+ [Viktor Dukhovni]
+
+ *) Handshake now fails if Extended Master Secret extension is dropped
+ on renegotiation.
+ [Tomas Mraz]
+
+ *) The Oracle Developer Studio compiler will start reporting deprecated APIs
+
Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
*) Fixed segmentation fault in SSL_check_chain()
Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/Configure Tue Sep 22 14:27:08 2020 (r365997)
@@ -217,12 +217,22 @@ sub resolve_config;
# Unified build supports separate build dir
my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
+
+# File::Spec::Unix doesn't detect case insensitivity, so we make sure to
+# check if the source and build directory are really the same, and make
+# them so. This avoids all kinds of confusion later on.
+# We must check @File::Spec::ISA rather than using File::Spec->isa() to
+# know if File::Spec ended up loading File::Spec::Unix.
+$srcdir = $blddir
+ if (grep(/::Unix$/, @File::Spec::ISA)
+ && samedir($srcdir, $blddir));
+
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
-$config{sourcedir} = abs2rel($srcdir);
-$config{builddir} = abs2rel($blddir);
+$config{sourcedir} = abs2rel($srcdir, $blddir);
+$config{builddir} = abs2rel($blddir, $blddir);
# Collect reconfiguration information if needed
my @argvcopy=@ARGV;
@@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) {
print "Using os-specific seed configuration\n";
push @seed_sources, 'os';
}
+if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) {
+ delete $disabled{'egd'};
+}
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
@@ -3422,6 +3435,27 @@ sub absolutedir {
use Cwd qw/realpath/;
return realpath($dir);
+}
+
+# Check if all paths are one and the same, using stat. They must both exist
+# We need this for the cases when File::Spec doesn't detect case insensitivity
+# (File::Spec::Unix assumes case sensitivity)
+sub samedir {
+ die "samedir expects two arguments\n" unless scalar @_ == 2;
+
+ my @stat0 = stat($_[0]); # First argument
+ my @stat1 = stat($_[1]); # Second argument
+
+ die "Couldn't stat $_[0]" unless @stat0;
+ die "Couldn't stat $_[1]" unless @stat1;
+
+ # Compare device number
+ return 0 unless ($stat0[0] == $stat1[0]);
+ # Compare "inode". The perl manual recommends comparing as
+ # string rather than as number.
+ return 0 unless ($stat0[1] eq $stat1[1]);
+
+ return 1; # All the same
}
sub quotify {
Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade
==============================================================================
--- vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/FREEBSD-upgrade Tue Sep 22 14:27:08 2020 (r365997)
@@ -11,7 +11,7 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
-setenv OSSLVER 1.1.1g
+setenv OSSLVER 1.1.1h
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
Modified: vendor-crypto/openssl/dist/NEWS
==============================================================================
--- vendor-crypto/openssl/dist/NEWS Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/NEWS Tue Sep 22 14:27:08 2020 (r365997)
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+
+ o Disallow explicit curve parameters in verifications chains when
+ X509_V_FLAG_X509_STRICT is used
+ o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+ contexts
+ o Oracle Developer Studio will start reporting deprecation warnings
+
Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
Modified: vendor-crypto/openssl/dist/NOTES.PERL
==============================================================================
--- vendor-crypto/openssl/dist/NOTES.PERL Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/NOTES.PERL Tue Sep 22 14:27:08 2020 (r365997)
@@ -109,7 +109,7 @@
$ cpan -f -i Text::Template
- Note: on VMS, you must quote any argument that contains upper case
+ Note: on VMS, you must quote any argument that contains uppercase
characters, so the lines above would be:
$ cpan -i "Text::Template"
Modified: vendor-crypto/openssl/dist/README
==============================================================================
--- vendor-crypto/openssl/dist/README Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/README Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1g 21 Apr 2020
+ OpenSSL 1.1.1h 22 Sep 2020
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: vendor-crypto/openssl/dist/apps/genpkey.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/genpkey.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/apps/genpkey.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv)
goto end;
}
+ ret = 0;
+
if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
+ ret = 1;
}
if (text) {
@@ -191,10 +194,9 @@ int genpkey_main(int argc, char **argv)
if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
+ ret = 1;
}
}
-
- ret = 0;
end:
EVP_PKEY_free(pkey);
Modified: vendor-crypto/openssl/dist/apps/rsa8192.pem
==============================================================================
--- vendor-crypto/openssl/dist/apps/rsa8192.pem Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/apps/rsa8192.pem Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
-
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
@@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLeb
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
-22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
+2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
@@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWv
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
-----END RSA PRIVATE KEY-----
-
Modified: vendor-crypto/openssl/dist/apps/s_client.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/s_client.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/apps/s_client.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv)
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
+ socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+ isdtls = 0;
+#endif
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
+ socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+ isdtls = 0;
+#endif
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
+ socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+ isdtls = 0;
+#endif
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
+ socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+ isdtls = 0;
+#endif
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
+ socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+ isdtls = 0;
+#endif
break;
case OPT_DTLS:
#ifndef OPENSSL_NO_DTLS
Modified: vendor-crypto/openssl/dist/apps/x509.c
==============================================================================
--- vendor-crypto/openssl/dist/apps/x509.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/apps/x509.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -140,9 +140,9 @@ const OPTIONS x509_options[] = {
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
- "Print old-style (MD5) issuer hash value"},
- {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
+ {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+ "Print old-style (MD5) issuer hash value"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
Modified: vendor-crypto/openssl/dist/appveyor.yml
==============================================================================
--- vendor-crypto/openssl/dist/appveyor.yml Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/appveyor.yml Tue Sep 22 14:27:08 2020 (r365997)
@@ -46,7 +46,8 @@ before_build:
- cd ..
- ps: >-
if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
- -or (&git log -2 | Select-String "\[extended tests\]") ) {
+ -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT |
+ Select-String "\[extended tests\]") ) {
$env:EXTENDED_TESTS="yes"
}
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_core.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_core.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_core.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -673,357 +673,6 @@ void AES_decrypt(const unsigned char *in, unsigned cha
InvCipher(in, out, rk, key->rounds);
}
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
- size_t blocks, const AES_KEY *key,
- const unsigned char *ivec);
-
-static void RawToBits(const u8 raw[64], u64 bits[8])
-{
- int i, j;
- u64 in, out;
-
- memset(bits, 0, 64);
- for (i = 0; i < 8; i++) {
- in = 0;
- for (j = 0; j < 8; j++)
- in |= ((u64)raw[i * 8 + j]) << (8 * j);
- out = in & 0xF0F0F0F00F0F0F0FuLL;
- out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
- out |= (in & 0x00000000F0F0F0F0uLL) << 28;
- in = out & 0xCCCC3333CCCC3333uLL;
- in |= (out & 0x3333000033330000uLL) >> 14;
- in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
- out = in & 0xAA55AA55AA55AA55uLL;
- out |= (in & 0x5500550055005500uLL) >> 7;
- out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
- for (j = 0; j < 8; j++) {
- bits[j] |= (out & 0xFFuLL) << (8 * i);
- out = out >> 8;
- }
- }
-}
-
-static void BitsToRaw(const u64 bits[8], u8 raw[64])
-{
- int i, j;
- u64 in, out;
-
- for (i = 0; i < 8; i++) {
- in = 0;
- for (j = 0; j < 8; j++)
- in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j);
- out = in & 0xF0F0F0F00F0F0F0FuLL;
- out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
- out |= (in & 0x00000000F0F0F0F0uLL) << 28;
- in = out & 0xCCCC3333CCCC3333uLL;
- in |= (out & 0x3333000033330000uLL) >> 14;
- in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
- out = in & 0xAA55AA55AA55AA55uLL;
- out |= (in & 0x5500550055005500uLL) >> 7;
- out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
- for (j = 0; j < 8; j++) {
- raw[i * 8 + j] = (u8)out;
- out = out >> 8;
- }
- }
-}
-
-static void BitsXtime(u64 state[8])
-{
- u64 b;
-
- b = state[7];
- state[7] = state[6];
- state[6] = state[5];
- state[5] = state[4];
- state[4] = state[3] ^ b;
- state[3] = state[2] ^ b;
- state[2] = state[1];
- state[1] = state[0] ^ b;
- state[0] = b;
-}
-
-/*
- * This S-box implementation follows a circuit described in
- * Boyar and Peralta: "A new combinational logic minimization
- * technique with applications to cryptology."
- * https://eprint.iacr.org/2009/191.pdf
- *
- * The math is similar to above, in that it uses
- * a tower field of GF(2^2^2^2) but with a different
- * basis representation, that is better suited to
- * logic designs.
- */
-static void BitsSub(u64 state[8])
-{
- u64 x0, x1, x2, x3, x4, x5, x6, x7;
- u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11;
- u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21;
- u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11;
- u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21;
- u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31;
- u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41;
- u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51;
- u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61;
- u64 t62, t63, t64, t65, t66, t67;
- u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11;
- u64 z12, z13, z14, z15, z16, z17;
- u64 s0, s1, s2, s3, s4, s5, s6, s7;
-
- x7 = state[0];
- x6 = state[1];
- x5 = state[2];
- x4 = state[3];
- x3 = state[4];
- x2 = state[5];
- x1 = state[6];
- x0 = state[7];
- y14 = x3 ^ x5;
- y13 = x0 ^ x6;
- y9 = x0 ^ x3;
- y8 = x0 ^ x5;
- t0 = x1 ^ x2;
- y1 = t0 ^ x7;
- y4 = y1 ^ x3;
- y12 = y13 ^ y14;
- y2 = y1 ^ x0;
- y5 = y1 ^ x6;
- y3 = y5 ^ y8;
- t1 = x4 ^ y12;
- y15 = t1 ^ x5;
- y20 = t1 ^ x1;
- y6 = y15 ^ x7;
- y10 = y15 ^ t0;
- y11 = y20 ^ y9;
- y7 = x7 ^ y11;
- y17 = y10 ^ y11;
- y19 = y10 ^ y8;
- y16 = t0 ^ y11;
- y21 = y13 ^ y16;
- y18 = x0 ^ y16;
- t2 = y12 & y15;
- t3 = y3 & y6;
- t4 = t3 ^ t2;
- t5 = y4 & x7;
- t6 = t5 ^ t2;
- t7 = y13 & y16;
- t8 = y5 & y1;
- t9 = t8 ^ t7;
- t10 = y2 & y7;
- t11 = t10 ^ t7;
- t12 = y9 & y11;
- t13 = y14 & y17;
- t14 = t13 ^ t12;
- t15 = y8 & y10;
- t16 = t15 ^ t12;
- t17 = t4 ^ t14;
- t18 = t6 ^ t16;
- t19 = t9 ^ t14;
- t20 = t11 ^ t16;
- t21 = t17 ^ y20;
- t22 = t18 ^ y19;
- t23 = t19 ^ y21;
- t24 = t20 ^ y18;
- t25 = t21 ^ t22;
- t26 = t21 & t23;
- t27 = t24 ^ t26;
- t28 = t25 & t27;
- t29 = t28 ^ t22;
- t30 = t23 ^ t24;
- t31 = t22 ^ t26;
- t32 = t31 & t30;
- t33 = t32 ^ t24;
- t34 = t23 ^ t33;
- t35 = t27 ^ t33;
- t36 = t24 & t35;
- t37 = t36 ^ t34;
- t38 = t27 ^ t36;
- t39 = t29 & t38;
- t40 = t25 ^ t39;
- t41 = t40 ^ t37;
- t42 = t29 ^ t33;
- t43 = t29 ^ t40;
- t44 = t33 ^ t37;
- t45 = t42 ^ t41;
- z0 = t44 & y15;
- z1 = t37 & y6;
- z2 = t33 & x7;
- z3 = t43 & y16;
- z4 = t40 & y1;
- z5 = t29 & y7;
- z6 = t42 & y11;
- z7 = t45 & y17;
- z8 = t41 & y10;
- z9 = t44 & y12;
- z10 = t37 & y3;
- z11 = t33 & y4;
- z12 = t43 & y13;
- z13 = t40 & y5;
- z14 = t29 & y2;
- z15 = t42 & y9;
- z16 = t45 & y14;
- z17 = t41 & y8;
- t46 = z15 ^ z16;
- t47 = z10 ^ z11;
- t48 = z5 ^ z13;
- t49 = z9 ^ z10;
- t50 = z2 ^ z12;
- t51 = z2 ^ z5;
- t52 = z7 ^ z8;
- t53 = z0 ^ z3;
- t54 = z6 ^ z7;
- t55 = z16 ^ z17;
- t56 = z12 ^ t48;
- t57 = t50 ^ t53;
- t58 = z4 ^ t46;
- t59 = z3 ^ t54;
- t60 = t46 ^ t57;
- t61 = z14 ^ t57;
- t62 = t52 ^ t58;
- t63 = t49 ^ t58;
- t64 = z4 ^ t59;
- t65 = t61 ^ t62;
- t66 = z1 ^ t63;
- s0 = t59 ^ t63;
- s6 = ~(t56 ^ t62);
- s7 = ~(t48 ^ t60);
- t67 = t64 ^ t65;
- s3 = t53 ^ t66;
- s4 = t51 ^ t66;
- s5 = t47 ^ t65;
- s1 = ~(t64 ^ s3);
- s2 = ~(t55 ^ t67);
- state[0] = s7;
- state[1] = s6;
- state[2] = s5;
- state[3] = s4;
- state[4] = s3;
- state[5] = s2;
- state[6] = s1;
- state[7] = s0;
-}
-
-static void BitsShiftRows(u64 state[8])
-{
- u64 s, s0;
- int i;
-
- for (i = 0; i < 8; i++) {
- s = state[i];
- s0 = s & 0x1111111111111111uLL;
- s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12);
- s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8);
- s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4);
- state[i] = s0;
- }
-}
-
-static void BitsMixColumns(u64 state[8])
-{
- u64 s1, s;
- u64 s0[8];
- int i;
-
- for (i = 0; i < 8; i++) {
- s1 = state[i];
- s = s1;
- s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2);
- s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1);
- s ^= s1;
- s0[i] = s;
- }
- BitsXtime(state);
- for (i = 0; i < 8; i++) {
- s1 = state[i];
- s = s0[i];
- s ^= s1;
- s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3);
- state[i] = s;
- }
-}
-
-static void BitsAddRoundKey(u64 state[8], const u64 key[8])
-{
- int i;
-
- for (i = 0; i < 8; i++)
- state[i] ^= key[i];
-}
-
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
- size_t blocks, const AES_KEY *key,
- const unsigned char *ivec)
-{
- struct {
- u8 cipher[64];
- u64 state[8];
- u64 rd_key[AES_MAXNR + 1][8];
- } *bs;
- u32 ctr32;
- int i;
-
- ctr32 = GETU32(ivec + 12);
- if (blocks >= 4
- && (bs = OPENSSL_malloc(sizeof(*bs)))) {
- for (i = 0; i < key->rounds + 1; i++) {
- memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16);
- memcpy(bs->cipher + 16, bs->cipher, 16);
- memcpy(bs->cipher + 32, bs->cipher, 32);
- RawToBits(bs->cipher, bs->rd_key[i]);
- }
- while (blocks) {
- memcpy(bs->cipher, ivec, 12);
- PUTU32(bs->cipher + 12, ctr32);
- ctr32++;
- memcpy(bs->cipher + 16, ivec, 12);
- PUTU32(bs->cipher + 28, ctr32);
- ctr32++;
- memcpy(bs->cipher + 32, ivec, 12);
- PUTU32(bs->cipher + 44, ctr32);
- ctr32++;
- memcpy(bs->cipher + 48, ivec, 12);
- PUTU32(bs->cipher + 60, ctr32);
- ctr32++;
- RawToBits(bs->cipher, bs->state);
- BitsAddRoundKey(bs->state, bs->rd_key[0]);
- for (i = 1; i < key->rounds; i++) {
- BitsSub(bs->state);
- BitsShiftRows(bs->state);
- BitsMixColumns(bs->state);
- BitsAddRoundKey(bs->state, bs->rd_key[i]);
- }
- BitsSub(bs->state);
- BitsShiftRows(bs->state);
- BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]);
- BitsToRaw(bs->state, bs->cipher);
- for (i = 0; i < 64 && blocks; i++) {
- out[i] = in[i] ^ bs->cipher[i];
- if ((i & 15) == 15)
- blocks--;
- }
- in += i;
- out += i;
- }
- OPENSSL_clear_free(bs, sizeof(*bs));
- } else {
- unsigned char cipher[16];
-
- while (blocks) {
- memcpy(cipher, ivec, 12);
- PUTU32(cipher + 12, ctr32);
- AES_encrypt(cipher, cipher, key);
- for (i = 0; i < 16; i++)
- out[i] = in[i] ^ cipher[i];
- in += 16;
- out += 16;
- ctr32++;
- blocks--;
- }
- }
-}
-# endif
#elif !defined(AES_ASM)
/*-
Te0[x] = S [x].[02, 01, 01, 03];
Modified: vendor-crypto/openssl/dist/crypto/aes/aes_ige.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ige.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/aes/aes_ige.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,16 +12,20 @@
#include <openssl/aes.h>
#include "aes_local.h"
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
- unsigned long data[N_WORDS];
-} aes_block_t;
-
/* XXX: probably some better way to do this */
#if defined(__i386__) || defined(__x86_64__)
# define UNALIGNED_MEMOPS_ARE_FAST 1
#else
# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+ unsigned long data[N_WORDS];
+#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST
+} aes_block_t __attribute((__aligned__(1)));
+#else
+} aes_block_t;
#endif
#if UNALIGNED_MEMOPS_ARE_FAST
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM
$avx = ($1>=10) + ($1>=11);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10);
-$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0);
$shaext=1; ### set to zero if compiling for 1.0.1
Modified: vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM
$avx = ($1>=10) + ($1>=12);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
Modified: vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const
goto err;
EVP_PKEY_free(ret);
ret = tmp;
+ if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+ goto err;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
Modified: vendor-crypto/openssl/dist/crypto/asn1/x_algor.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_algor.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/asn1/x_algor.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -91,4 +91,36 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALG
if (!a->parameter && !b->parameter)
return 0;
return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
+
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
+{
+ if (src == NULL || dest == NULL)
+ return 0;
+
+ if (dest->algorithm)
+ ASN1_OBJECT_free(dest->algorithm);
+ dest->algorithm = NULL;
+
+ if (dest->parameter)
+ ASN1_TYPE_free(dest->parameter);
+ dest->parameter = NULL;
+
+ if (src->algorithm)
+ if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
+ return 0;
+
+ if (src->parameter) {
+ dest->parameter = ASN1_TYPE_new();
+ if (dest->parameter == NULL)
+ return 0;
+
+ /* Assuming this is also correct for a BOOL.
+ * set does copy as a side effect.
+ */
+ if (ASN1_TYPE_set1(dest->parameter,
+ src->parameter->type, src->parameter->value.ptr) == 0)
+ return 0;
+ }
+ return 1;
}
Modified: vendor-crypto/openssl/dist/crypto/bio/b_print.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_print.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bio/b_print.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -635,7 +635,11 @@ fmtfp(char **sbuffer,
fvalue = tmpvalue;
}
ufvalue = abs_val(fvalue);
- if (ufvalue > ULONG_MAX) {
+ /*
+ * By subtracting 65535 (2^16-1) we cancel the low order 15 bits
+ * of ULONG_MAX to avoid using imprecise floating point values.
+ */
+ if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) {
/* Number too big */
return 0;
}
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void
b->init = 1;
} else if (num == 1) {
OPENSSL_free(data->param_serv);
- data->param_serv = BUF_strdup(ptr);
- b->init = 1;
+ if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL)
+ ret = 0;
+ else
+ b->init = 1;
} else if (num == 2) {
data->bind_mode |= BIO_SOCK_NONBLOCK;
} else if (num == 3) {
Modified: vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_conn.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bio/bss_conn.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
case BIO_CONN_S_BLOCKED_CONNECT:
i = BIO_sock_error(b->num);
- if (i) {
+ if (i != 0) {
BIO_clear_retry_flags(b);
+ if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) {
+ /*
+ * if there are more addresses to try, do that first
+ */
+ BIO_closesocket(b->num);
+ c->state = BIO_CONN_S_CREATE_SOCKET;
+ ERR_clear_error();
+ break;
+ }
SYSerr(SYS_F_CONNECT, i);
ERR_add_error_data(4,
"hostname=", c->param_hostname,
@@ -407,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void
case BIO_C_SET_CONNECT:
if (ptr != NULL) {
b->init = 1;
- if (num == 0) {
+ if (num == 0) { /* BIO_set_conn_hostname */
char *hold_service = data->param_service;
/* We affect the hostname regardless. However, the input
* string might contain a host:service spec, so we must
* parse it, which might or might not affect the service
*/
+
OPENSSL_free(data->param_hostname);
data->param_hostname = NULL;
ret = BIO_parse_hostserv(ptr,
@@ -421,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void
BIO_PARSE_PRIO_HOST);
if (hold_service != data->param_service)
OPENSSL_free(hold_service);
- } else if (num == 1) {
+ } else if (num == 1) { /* BIO_set_conn_port */
OPENSSL_free(data->param_service);
- data->param_service = BUF_strdup(ptr);
- } else if (num == 2) {
+ if ((data->param_service = OPENSSL_strdup(ptr)) == NULL)
+ ret = 0;
+ } else if (num == 2) { /* BIO_set_conn_address */
const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+ char *host = BIO_ADDR_hostname_string(addr, 1);
+ char *service = BIO_ADDR_service_string(addr, 1);
+
+ ret = host != NULL && service != NULL;
if (ret) {
- data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
- data->param_service = BIO_ADDR_service_string(addr, 1);
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname = host;
+ OPENSSL_free(data->param_service);
+ data->param_service = service;
BIO_ADDRINFO_free(data->addr_first);
data->addr_first = NULL;
data->addr_iter = NULL;
+ } else {
+ OPENSSL_free(host);
+ OPENSSL_free(service);
}
- } else if (num == 3) {
+ } else if (num == 3) { /* BIO_set_conn_ip_family */
data->connect_family = *(int *)ptr;
} else {
ret = 0;
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM
$addx = ($1>=11);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{AS
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{AS
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Tue Sep 22 14:27:08 2020 (r365997)
@@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{AS
$addx = ($1>=12);
}
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
Modified: vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c
==============================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c Tue Sep 22 14:15:06 2020 (r365996)
+++ vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c Tue Sep 22 14:27:08 2020 (r365997)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,22 +10,189 @@
#include "internal/cryptlib.h"
#include "bn_local.h"
-/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx);
-
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+/*
+ * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
+ *
+ * This is a static function, we ensure all callers in this file pass valid
+ * arguments: all passed pointers here are non-NULL.
+ */
+static ossl_inline
+BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx, int *pnoinv)
{
- BIGNUM *rv;
- int noinv;
- rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
- if (noinv)
- BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
- return rv;
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM *ret = NULL;
+ int sign;
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL)
+ goto err;
+
+ if (in == NULL)
+ R = BN_new();
+ else
+ R = in;
+ if (R == NULL)
+ goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
+ A->neg = 0;
+
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list