svn commit: r368472 - in head: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/chac...
Jung-uk Kim
jkim at FreeBSD.org
Wed Dec 9 02:05:25 UTC 2020
Author: jkim
Date: Wed Dec 9 02:05:14 2020
New Revision: 368472
URL: https://svnweb.freebsd.org/changeset/base/368472
Log:
Merge OpenSSL 1.1.1i.
Modified:
head/crypto/openssl/CHANGES
head/crypto/openssl/NEWS
head/crypto/openssl/README
head/crypto/openssl/apps/ca.c
head/crypto/openssl/apps/cms.c
head/crypto/openssl/config
head/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
head/crypto/openssl/crypto/armcap.c
head/crypto/openssl/crypto/asn1/tasn_dec.c
head/crypto/openssl/crypto/asn1/tasn_enc.c
head/crypto/openssl/crypto/bio/b_addr.c
head/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
head/crypto/openssl/crypto/cms/cms_smime.c
head/crypto/openssl/crypto/evp/bio_ok.c
head/crypto/openssl/crypto/modes/modes_local.h
head/crypto/openssl/crypto/pkcs7/pk7_smime.c
head/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
head/crypto/openssl/crypto/rand/rand_unix.c
head/crypto/openssl/crypto/sha/asm/sha1-armv8.pl
head/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
head/crypto/openssl/crypto/x509/x509_att.c
head/crypto/openssl/crypto/x509/x509_cmp.c
head/crypto/openssl/crypto/x509/x509_vfy.c
head/crypto/openssl/crypto/x509v3/v3_genn.c
head/crypto/openssl/doc/man1/verify.pod
head/crypto/openssl/doc/man3/BN_set_bit.pod
head/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
head/crypto/openssl/include/openssl/opensslv.h
head/crypto/openssl/include/openssl/x509.h
head/crypto/openssl/ssl/record/rec_layer_d1.c
head/crypto/openssl/ssl/s3_lib.c
head/crypto/openssl/ssl/ssl_lib.c
head/crypto/openssl/ssl/ssl_sess.c
head/crypto/openssl/ssl/statem/statem_clnt.c
head/crypto/openssl/ssl/statem/statem_srvr.c
head/secure/lib/libcrypto/Makefile.inc
head/secure/lib/libcrypto/man/man3/ADMISSIONS.3
head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3
head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3
head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3
head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3
head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3
head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3
head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3
head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3
head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3
head/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3
head/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3
head/secure/lib/libcrypto/man/man3/ASYNC_start_job.3
head/secure/lib/libcrypto/man/man3/BF_encrypt.3
head/secure/lib/libcrypto/man/man3/BIO_ADDR.3
head/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3
head/secure/lib/libcrypto/man/man3/BIO_connect.3
head/secure/lib/libcrypto/man/man3/BIO_ctrl.3
head/secure/lib/libcrypto/man/man3/BIO_f_buffer.3
head/secure/lib/libcrypto/man/man3/BIO_f_cipher.3
head/secure/lib/libcrypto/man/man3/BIO_f_md.3
head/secure/lib/libcrypto/man/man3/BIO_f_ssl.3
head/secure/lib/libcrypto/man/man3/BIO_find_type.3
head/secure/lib/libcrypto/man/man3/BIO_get_data.3
head/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3
head/secure/lib/libcrypto/man/man3/BIO_meth_new.3
head/secure/lib/libcrypto/man/man3/BIO_new.3
head/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3
head/secure/lib/libcrypto/man/man3/BIO_printf.3
head/secure/lib/libcrypto/man/man3/BIO_push.3
head/secure/lib/libcrypto/man/man3/BIO_read.3
head/secure/lib/libcrypto/man/man3/BIO_s_accept.3
head/secure/lib/libcrypto/man/man3/BIO_s_bio.3
head/secure/lib/libcrypto/man/man3/BIO_s_connect.3
head/secure/lib/libcrypto/man/man3/BIO_s_fd.3
head/secure/lib/libcrypto/man/man3/BIO_s_file.3
head/secure/lib/libcrypto/man/man3/BIO_s_mem.3
head/secure/lib/libcrypto/man/man3/BIO_s_socket.3
head/secure/lib/libcrypto/man/man3/BIO_set_callback.3
head/secure/lib/libcrypto/man/man3/BIO_should_retry.3
head/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3
head/secure/lib/libcrypto/man/man3/BN_CTX_new.3
head/secure/lib/libcrypto/man/man3/BN_CTX_start.3
head/secure/lib/libcrypto/man/man3/BN_add.3
head/secure/lib/libcrypto/man/man3/BN_add_word.3
head/secure/lib/libcrypto/man/man3/BN_bn2bin.3
head/secure/lib/libcrypto/man/man3/BN_cmp.3
head/secure/lib/libcrypto/man/man3/BN_copy.3
head/secure/lib/libcrypto/man/man3/BN_generate_prime.3
head/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3
head/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3
head/secure/lib/libcrypto/man/man3/BN_new.3
head/secure/lib/libcrypto/man/man3/BN_num_bytes.3
head/secure/lib/libcrypto/man/man3/BN_rand.3
head/secure/lib/libcrypto/man/man3/BN_set_bit.3
head/secure/lib/libcrypto/man/man3/BN_zero.3
head/secure/lib/libcrypto/man/man3/BUF_MEM_new.3
head/secure/lib/libcrypto/man/man3/CMS_add0_cert.3
head/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3
head/secure/lib/libcrypto/man/man3/CMS_add1_signer.3
head/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3
head/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3
head/secure/lib/libcrypto/man/man3/CMS_get0_type.3
head/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3
head/secure/lib/libcrypto/man/man3/CMS_verify.3
head/secure/lib/libcrypto/man/man3/CONF_modules_free.3
head/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3
head/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3
head/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3
head/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3
head/secure/lib/libcrypto/man/man3/CTLOG_new.3
head/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3
head/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3
head/secure/lib/libcrypto/man/man3/DES_random_key.3
head/secure/lib/libcrypto/man/man3/DH_generate_key.3
head/secure/lib/libcrypto/man/man3/DH_generate_parameters.3
head/secure/lib/libcrypto/man/man3/DH_get0_pqg.3
head/secure/lib/libcrypto/man/man3/DH_get_1024_160.3
head/secure/lib/libcrypto/man/man3/DH_meth_new.3
head/secure/lib/libcrypto/man/man3/DH_new.3
head/secure/lib/libcrypto/man/man3/DH_new_by_nid.3
head/secure/lib/libcrypto/man/man3/DH_set_method.3
head/secure/lib/libcrypto/man/man3/DH_size.3
head/secure/lib/libcrypto/man/man3/DSA_SIG_new.3
head/secure/lib/libcrypto/man/man3/DSA_do_sign.3
head/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3
head/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3
head/secure/lib/libcrypto/man/man3/DSA_meth_new.3
head/secure/lib/libcrypto/man/man3/DSA_new.3
head/secure/lib/libcrypto/man/man3/DSA_set_method.3
head/secure/lib/libcrypto/man/man3/DSA_sign.3
head/secure/lib/libcrypto/man/man3/DSA_size.3
head/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3
head/secure/lib/libcrypto/man/man3/DTLSv1_listen.3
head/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3
head/secure/lib/libcrypto/man/man3/ECPKParameters_print.3
head/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3
head/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3
head/secure/lib/libcrypto/man/man3/EC_GROUP_new.3
head/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3
head/secure/lib/libcrypto/man/man3/EC_KEY_new.3
head/secure/lib/libcrypto/man/man3/EC_POINT_add.3
head/secure/lib/libcrypto/man/man3/EC_POINT_new.3
head/secure/lib/libcrypto/man/man3/ENGINE_add.3
head/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3
head/secure/lib/libcrypto/man/man3/ERR_error_string.3
head/secure/lib/libcrypto/man/man3/ERR_get_error.3
head/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3
head/secure/lib/libcrypto/man/man3/ERR_load_strings.3
head/secure/lib/libcrypto/man/man3/ERR_print_errors.3
head/secure/lib/libcrypto/man/man3/ERR_put_error.3
head/secure/lib/libcrypto/man/man3/ERR_remove_state.3
head/secure/lib/libcrypto/man/man3/ERR_set_mark.3
head/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3
head/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3
head/secure/lib/libcrypto/man/man3/EVP_DigestInit.3
head/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3
head/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3
head/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3
head/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3
head/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3
head/secure/lib/libcrypto/man/man3/EVP_OpenInit.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_size.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3
head/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3
head/secure/lib/libcrypto/man/man3/EVP_SealInit.3
head/secure/lib/libcrypto/man/man3/EVP_SignInit.3
head/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3
head/secure/lib/libcrypto/man/man3/EVP_aes.3
head/secure/lib/libcrypto/man/man3/EVP_aria.3
head/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_blake2b512.3
head/secure/lib/libcrypto/man/man3/EVP_camellia.3
head/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_chacha20.3
head/secure/lib/libcrypto/man/man3/EVP_des.3
head/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_md5.3
head/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_rc4.3
head/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3
head/secure/lib/libcrypto/man/man3/EVP_sha224.3
head/secure/lib/libcrypto/man/man3/EVP_sha3_224.3
head/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3
head/secure/lib/libcrypto/man/man3/HMAC.3
head/secure/lib/libcrypto/man/man3/MD5.3
head/secure/lib/libcrypto/man/man3/MDC2_Init.3
head/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3
head/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3
head/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3
head/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3
head/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3
head/secure/lib/libcrypto/man/man3/OCSP_response_status.3
head/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3
head/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3
head/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3
head/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3
head/secure/lib/libcrypto/man/man3/OPENSSL_config.3
head/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3
head/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3
head/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3
head/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3
head/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3
head/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3
head/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3
head/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3
head/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3
head/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3
head/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3
head/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3
head/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3
head/secure/lib/libcrypto/man/man3/PEM_read.3
head/secure/lib/libcrypto/man/man3/PEM_read_CMS.3
head/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3
head/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3
head/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3
head/secure/lib/libcrypto/man/man3/PKCS7_verify.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3
head/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3
head/secure/lib/libcrypto/man/man3/RAND_add.3
head/secure/lib/libcrypto/man/man3/RAND_bytes.3
head/secure/lib/libcrypto/man/man3/RAND_egd.3
head/secure/lib/libcrypto/man/man3/RAND_load_file.3
head/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3
head/secure/lib/libcrypto/man/man3/RC4_set_key.3
head/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3
head/secure/lib/libcrypto/man/man3/RSA_blinding_on.3
head/secure/lib/libcrypto/man/man3/RSA_check_key.3
head/secure/lib/libcrypto/man/man3/RSA_generate_key.3
head/secure/lib/libcrypto/man/man3/RSA_get0_key.3
head/secure/lib/libcrypto/man/man3/RSA_meth_new.3
head/secure/lib/libcrypto/man/man3/RSA_new.3
head/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3
head/secure/lib/libcrypto/man/man3/RSA_print.3
head/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3
head/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3
head/secure/lib/libcrypto/man/man3/RSA_set_method.3
head/secure/lib/libcrypto/man/man3/RSA_sign.3
head/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3
head/secure/lib/libcrypto/man/man3/RSA_size.3
head/secure/lib/libcrypto/man/man3/SCT_new.3
head/secure/lib/libcrypto/man/man3/SCT_print.3
head/secure/lib/libcrypto/man/man3/SCT_validate.3
head/secure/lib/libcrypto/man/man3/SHA256_Init.3
head/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3
head/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3
head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3
head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3
head/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3
head/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_config.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_new.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3
head/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3
head/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3
head/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3
head/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3
head/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3
head/secure/lib/libcrypto/man/man3/SSL_extension_supported.3
head/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3
head/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3
head/secure/lib/libcrypto/man/man3/SSL_get_client_random.3
head/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3
head/secure/lib/libcrypto/man/man3/SSL_get_fd.3
head/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3
head/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3
head/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3
head/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3
head/secure/lib/libcrypto/man/man3/SSL_get_rbio.3
head/secure/lib/libcrypto/man/man3/SSL_get_session.3
head/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3
head/secure/lib/libcrypto/man/man3/SSL_get_version.3
head/secure/lib/libcrypto/man/man3/SSL_in_init.3
head/secure/lib/libcrypto/man/man3/SSL_key_update.3
head/secure/lib/libcrypto/man/man3/SSL_library_init.3
head/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3
head/secure/lib/libcrypto/man/man3/SSL_new.3
head/secure/lib/libcrypto/man/man3/SSL_pending.3
head/secure/lib/libcrypto/man/man3/SSL_read.3
head/secure/lib/libcrypto/man/man3/SSL_read_early_data.3
head/secure/lib/libcrypto/man/man3/SSL_rstate_string.3
head/secure/lib/libcrypto/man/man3/SSL_set1_host.3
head/secure/lib/libcrypto/man/man3/SSL_set_bio.3
head/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3
head/secure/lib/libcrypto/man/man3/SSL_set_fd.3
head/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3
head/secure/lib/libcrypto/man/man3/SSL_state_string.3
head/secure/lib/libcrypto/man/man3/SSL_want.3
head/secure/lib/libcrypto/man/man3/SSL_write.3
head/secure/lib/libcrypto/man/man3/UI_STRING.3
head/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3
head/secure/lib/libcrypto/man/man3/UI_create_method.3
head/secure/lib/libcrypto/man/man3/UI_new.3
head/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3
head/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3
head/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3
head/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3
head/secure/lib/libcrypto/man/man3/X509_LOOKUP.3
head/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3
head/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3
head/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3
head/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3
head/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3
head/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3
head/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3
head/secure/lib/libcrypto/man/man3/X509_SIG_get0.3
head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3
head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3
head/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3
head/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3
head/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3
head/secure/lib/libcrypto/man/man3/X509_STORE_new.3
head/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3
head/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3
head/secure/lib/libcrypto/man/man3/X509_check_host.3
head/secure/lib/libcrypto/man/man3/X509_check_private_key.3
head/secure/lib/libcrypto/man/man3/X509_cmp.3
head/secure/lib/libcrypto/man/man3/X509_cmp_time.3
head/secure/lib/libcrypto/man/man3/X509_digest.3
head/secure/lib/libcrypto/man/man3/X509_dup.3
head/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3
head/secure/lib/libcrypto/man/man3/X509_get0_signature.3
head/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3
head/secure/lib/libcrypto/man/man3/X509_get_pubkey.3
head/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3
head/secure/lib/libcrypto/man/man3/X509_get_subject_name.3
head/secure/lib/libcrypto/man/man3/X509_get_version.3
head/secure/lib/libcrypto/man/man3/X509_new.3
head/secure/lib/libcrypto/man/man3/X509_sign.3
head/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3
head/secure/lib/libcrypto/man/man3/d2i_DHparams.3
head/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3
head/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3
head/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3
head/secure/lib/libcrypto/man/man3/d2i_X509.3
head/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3
head/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3
head/secure/lib/libcrypto/man/man5/x509v3_config.5
head/secure/lib/libcrypto/man/man7/Ed25519.7
head/secure/lib/libcrypto/man/man7/X25519.7
head/secure/lib/libcrypto/opensslconf.h.in
head/secure/usr.bin/openssl/man/asn1parse.1
head/secure/usr.bin/openssl/man/ca.1
head/secure/usr.bin/openssl/man/ciphers.1
head/secure/usr.bin/openssl/man/cms.1
head/secure/usr.bin/openssl/man/crl.1
head/secure/usr.bin/openssl/man/crl2pkcs7.1
head/secure/usr.bin/openssl/man/dgst.1
head/secure/usr.bin/openssl/man/dhparam.1
head/secure/usr.bin/openssl/man/dsa.1
head/secure/usr.bin/openssl/man/dsaparam.1
head/secure/usr.bin/openssl/man/ec.1
head/secure/usr.bin/openssl/man/ecparam.1
head/secure/usr.bin/openssl/man/enc.1
head/secure/usr.bin/openssl/man/engine.1
head/secure/usr.bin/openssl/man/errstr.1
head/secure/usr.bin/openssl/man/gendsa.1
head/secure/usr.bin/openssl/man/genpkey.1
head/secure/usr.bin/openssl/man/genrsa.1
head/secure/usr.bin/openssl/man/list.1
head/secure/usr.bin/openssl/man/nseq.1
head/secure/usr.bin/openssl/man/ocsp.1
head/secure/usr.bin/openssl/man/passwd.1
head/secure/usr.bin/openssl/man/pkcs12.1
head/secure/usr.bin/openssl/man/pkcs7.1
head/secure/usr.bin/openssl/man/pkcs8.1
head/secure/usr.bin/openssl/man/pkey.1
head/secure/usr.bin/openssl/man/pkeyparam.1
head/secure/usr.bin/openssl/man/pkeyutl.1
head/secure/usr.bin/openssl/man/prime.1
head/secure/usr.bin/openssl/man/rand.1
head/secure/usr.bin/openssl/man/req.1
head/secure/usr.bin/openssl/man/rsa.1
head/secure/usr.bin/openssl/man/rsautl.1
head/secure/usr.bin/openssl/man/s_client.1
head/secure/usr.bin/openssl/man/s_server.1
head/secure/usr.bin/openssl/man/s_time.1
head/secure/usr.bin/openssl/man/sess_id.1
head/secure/usr.bin/openssl/man/smime.1
head/secure/usr.bin/openssl/man/speed.1
head/secure/usr.bin/openssl/man/spkac.1
head/secure/usr.bin/openssl/man/srp.1
head/secure/usr.bin/openssl/man/storeutl.1
head/secure/usr.bin/openssl/man/ts.1
head/secure/usr.bin/openssl/man/tsget.1
head/secure/usr.bin/openssl/man/verify.1
head/secure/usr.bin/openssl/man/version.1
head/secure/usr.bin/openssl/man/x509.1
head/sys/crypto/openssl/aarch64/aesv8-armx.S
head/sys/crypto/openssl/aarch64/chacha-armv8.S
head/sys/crypto/openssl/aarch64/poly1305-armv8.S
head/sys/crypto/openssl/aarch64/sha1-armv8.S
head/sys/crypto/openssl/aarch64/sha256-armv8.S
head/sys/crypto/openssl/aarch64/sha512-armv8.S
head/sys/crypto/openssl/arm/aesv8-armx.S
Directory Properties:
head/crypto/openssl/ (props changed)
Modified: head/crypto/openssl/CHANGES
==============================================================================
--- head/crypto/openssl/CHANGES Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/CHANGES Wed Dec 9 02:05:14 2020 (r368472)
@@ -7,6 +7,38 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
+
+ *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+ This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+ If an attacker can control both items being compared then this could lead
+ to a possible denial of service attack. OpenSSL itself uses the
+ GENERAL_NAME_cmp function for two purposes:
+ 1) Comparing CRL distribution point names between an available CRL and a
+ CRL distribution point embedded in an X509 certificate
+ 2) When verifying that a timestamp response token signer matches the
+ timestamp authority name (exposed via the API functions
+ TS_RESP_verify_response and TS_RESP_verify_token)
+ (CVE-2020-1971)
+ [Matt Caswell]
+
+ *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
+ [Stuart Carnie]
+
+ *) The security callback, which can be customised by application code, supports
+ the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+ in the "other" parameter. In most places this is what is passed. All these
+ places occur server side. However there was one client side call of this
+ security operation and it passed a DH object instead. This is incorrect
+ according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+ of the other locations. Therefore this client side call has been changed to
+ pass an EVP_PKEY instead.
+ [Matt Caswell]
+
+ *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
+ when validating a certificate path. This check is restored in 1.1.1i.
+ [David von Oheimb]
+
Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
*) Certificates with explicit curve parameters are now disallowed in
@@ -31,6 +63,10 @@
*) Handshake now fails if Extended Master Secret extension is dropped
on renegotiation.
[Tomas Mraz]
+
+ *) Accidentally, an expired trusted (root) certificate is not anymore rejected
+ when validating a certificate path.
+ [David von Oheimb]
*) The Oracle Developer Studio compiler will start reporting deprecated APIs
Modified: head/crypto/openssl/NEWS
==============================================================================
--- head/crypto/openssl/NEWS Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/NEWS Wed Dec 9 02:05:14 2020 (r368472)
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+ o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
Modified: head/crypto/openssl/README
==============================================================================
--- head/crypto/openssl/README Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/README Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1h 22 Sep 2020
+ OpenSSL 1.1.1i 8 Dec 2020
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: head/crypto/openssl/apps/ca.c
==============================================================================
--- head/crypto/openssl/apps/ca.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/apps/ca.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1862,8 +1862,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
- if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+ if ((row[DB_type] == NULL) || (row[DB_file] == NULL)
+ || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
Modified: head/crypto/openssl/apps/cms.c
==============================================================================
--- head/crypto/openssl/apps/cms.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/apps/cms.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -545,9 +545,11 @@ int cms_main(int argc, char **argv)
if (key_param == NULL || key_param->idx != keyidx) {
cms_key_param *nparam;
nparam = app_malloc(sizeof(*nparam), "key param buffer");
- nparam->idx = keyidx;
- if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
+ if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) {
+ OPENSSL_free(nparam);
goto end;
+ }
+ nparam->idx = keyidx;
nparam->next = NULL;
if (key_first == NULL)
key_first = nparam;
Modified: head/crypto/openssl/config
==============================================================================
--- head/crypto/openssl/config Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/config Wed Dec 9 02:05:14 2020 (r368472)
@@ -253,11 +253,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
Power*)
echo "ppc-apple-darwin${VERSION}"
;;
- x86_64)
- echo "x86_64-apple-darwin${VERSION}"
- ;;
*)
- echo "i686-apple-darwin${VERSION}"
+ echo "${MACHINE}-apple-darwin${VERSION}"
;;
esac
exit 0
@@ -497,6 +494,9 @@ case "$GUESSOS" in
else
OUT="darwin64-x86_64-cc"
fi ;;
+ $MACHINE-apple-darwin*)
+ OUT="darwin64-$MACHINE-cc"
+ ;;
armv6+7-*-iphoneos)
__CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7"
__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7"
Modified: head/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
==============================================================================
--- head/crypto/openssl/crypto/aes/asm/aesv8-armx.pl Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/aes/asm/aesv8-armx.pl Wed Dec 9 02:05:14 2020 (r368472)
@@ -183,7 +183,12 @@ $code.=<<___;
.Loop192:
vtbl.8 $key,{$in1},$mask
vext.8 $tmp,$zero,$in0,#12
+#ifdef __ARMEB__
+ vst1.32 {$in1},[$out],#16
+ sub $out,$out,#8
+#else
vst1.32 {$in1},[$out],#8
+#endif
aese $key,$zero
subs $bits,$bits,#1
@@ -715,8 +720,11 @@ $code.=<<___;
ldr $rounds,[$key,#240]
ldr $ctr, [$ivp, #12]
+#ifdef __ARMEB__
+ vld1.8 {$dat0},[$ivp]
+#else
vld1.32 {$dat0},[$ivp]
-
+#endif
vld1.32 {q8-q9},[$key] // load key schedule...
sub $rounds,$rounds,#4
mov $step,#16
@@ -732,17 +740,17 @@ $code.=<<___;
#ifndef __ARMEB__
rev $ctr, $ctr
#endif
- vorr $dat1,$dat0,$dat0
add $tctr1, $ctr, #1
- vorr $dat2,$dat0,$dat0
- add $ctr, $ctr, #2
vorr $ivec,$dat0,$dat0
rev $tctr1, $tctr1
- vmov.32 ${dat1}[3],$tctr1
+ vmov.32 ${ivec}[3],$tctr1
+ add $ctr, $ctr, #2
+ vorr $dat1,$ivec,$ivec
b.ls .Lctr32_tail
rev $tctr2, $ctr
+ vmov.32 ${ivec}[3],$tctr2
sub $len,$len,#3 // bias
- vmov.32 ${dat2}[3],$tctr2
+ vorr $dat2,$ivec,$ivec
b .Loop3x_ctr32
.align 4
@@ -769,11 +777,11 @@ $code.=<<___;
aese $dat1,q8
aesmc $tmp1,$dat1
vld1.8 {$in0},[$inp],#16
- vorr $dat0,$ivec,$ivec
+ add $tctr0,$ctr,#1
aese $dat2,q8
aesmc $dat2,$dat2
vld1.8 {$in1},[$inp],#16
- vorr $dat1,$ivec,$ivec
+ rev $tctr0,$tctr0
aese $tmp0,q9
aesmc $tmp0,$tmp0
aese $tmp1,q9
@@ -782,8 +790,6 @@ $code.=<<___;
mov $key_,$key
aese $dat2,q9
aesmc $tmp2,$dat2
- vorr $dat2,$ivec,$ivec
- add $tctr0,$ctr,#1
aese $tmp0,q12
aesmc $tmp0,$tmp0
aese $tmp1,q12
@@ -799,20 +805,22 @@ $code.=<<___;
aese $tmp1,q13
aesmc $tmp1,$tmp1
veor $in2,$in2,$rndlast
- rev $tctr0,$tctr0
+ vmov.32 ${ivec}[3], $tctr0
aese $tmp2,q13
aesmc $tmp2,$tmp2
- vmov.32 ${dat0}[3], $tctr0
+ vorr $dat0,$ivec,$ivec
rev $tctr1,$tctr1
aese $tmp0,q14
aesmc $tmp0,$tmp0
+ vmov.32 ${ivec}[3], $tctr1
+ rev $tctr2,$ctr
aese $tmp1,q14
aesmc $tmp1,$tmp1
- vmov.32 ${dat1}[3], $tctr1
- rev $tctr2,$ctr
+ vorr $dat1,$ivec,$ivec
+ vmov.32 ${ivec}[3], $tctr2
aese $tmp2,q14
aesmc $tmp2,$tmp2
- vmov.32 ${dat2}[3], $tctr2
+ vorr $dat2,$ivec,$ivec
subs $len,$len,#3
aese $tmp0,q15
aese $tmp1,q15
Modified: head/crypto/openssl/crypto/armcap.c
==============================================================================
--- head/crypto/openssl/crypto/armcap.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/armcap.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -17,7 +17,6 @@
#include "arm_arch.h"
-__attribute__ ((visibility("hidden")))
unsigned int OPENSSL_armcap_P = 0;
#if __ARM_MAX_ARCH__<7
Modified: head/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_dec.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/asn1/tasn_dec.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Modified: head/crypto/openssl/crypto/asn1/tasn_enc.c
==============================================================================
--- head/crypto/openssl/crypto/asn1/tasn_enc.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/asn1/tasn_enc.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Modified: head/crypto/openssl/crypto/bio/b_addr.c
==============================================================================
--- head/crypto/openssl/crypto/bio/b_addr.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/bio/b_addr.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,11 +1,15 @@
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
#include <assert.h>
#include <string.h>
Modified: head/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
==============================================================================
--- head/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl Wed Dec 9 02:05:14 2020 (r368472)
@@ -125,6 +125,7 @@ $code.=<<___;
.text
.extern OPENSSL_armcap_P
+.hidden OPENSSL_armcap_P
.align 5
.Lsigma:
Modified: head/crypto/openssl/crypto/cms/cms_smime.c
==============================================================================
--- head/crypto/openssl/crypto/cms/cms_smime.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/cms/cms_smime.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *c
char *ptr;
long len;
len = BIO_get_mem_data(dcont, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
+ tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
goto err2;
Modified: head/crypto/openssl/crypto/evp/bio_ok.c
==============================================================================
--- head/crypto/openssl/crypto/evp/bio_ok.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/evp/bio_ok.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl)
/*
* copy start of the next block into proper place
*/
- if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+ if (ctx->buf_len_save > ctx->buf_off_save) {
ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
ctx->buf_len);
Modified: head/crypto/openssl/crypto/modes/modes_local.h
==============================================================================
--- head/crypto/openssl/crypto/modes/modes_local.h Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/modes/modes_local.h Wed Dec 9 02:05:14 2020 (r368472)
@@ -63,12 +63,15 @@ typedef u32 u32_a1;
asm ("bswapl %0" \
: "+r"(ret_)); ret_; })
# elif defined(__aarch64__)
-# define BSWAP8(x) ({ u64 ret_; \
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+# define BSWAP8(x) ({ u64 ret_; \
asm ("rev %0,%1" \
: "=r"(ret_) : "r"(x)); ret_; })
-# define BSWAP4(x) ({ u32 ret_; \
+# define BSWAP4(x) ({ u32 ret_; \
asm ("rev %w0,%w1" \
: "=r"(ret_) : "r"(x)); ret_; })
+# endif
# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
asm ("rev %0,%0; rev %1,%1" \
Modified: head/crypto/openssl/crypto/pkcs7/pk7_smime.c
==============================================================================
--- head/crypto/openssl/crypto/pkcs7/pk7_smime.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/pkcs7/pk7_smime.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -301,7 +301,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X50
char *ptr;
long len;
len = BIO_get_mem_data(indata, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
+ tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
Modified: head/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
==============================================================================
--- head/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl Wed Dec 9 02:05:14 2020 (r368472)
@@ -57,10 +57,14 @@ $code.=<<___;
// forward "declarations" are required for Apple
.extern OPENSSL_armcap_P
+.hidden OPENSSL_armcap_P
+.globl poly1305_init
+.hidden poly1305_init
.globl poly1305_blocks
+.hidden poly1305_blocks
.globl poly1305_emit
+.hidden poly1305_emit
-.globl poly1305_init
.type poly1305_init,%function
.align 5
poly1305_init:
@@ -860,8 +864,8 @@ poly1305_blocks_neon:
st1 {$ACC4}[0],[$ctx]
.Lno_data_neon:
- .inst 0xd50323bf // autiasp
ldr x29,[sp],#80
+ .inst 0xd50323bf // autiasp
ret
.size poly1305_blocks_neon,.-poly1305_blocks_neon
Modified: head/crypto/openssl/crypto/rand/rand_unix.c
==============================================================================
--- head/crypto/openssl/crypto/rand/rand_unix.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/rand/rand_unix.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -365,12 +365,19 @@ static ssize_t syscall_random(void *buf, size_t buflen
* - OpenBSD since 5.6
* - Linux since 3.17 with glibc 2.25
* - FreeBSD since 12.0 (1200061)
+ *
+ * Note: Sometimes getentropy() can be provided but not implemented
+ * internally. So we need to check errno for ENOSYS
*/
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
- if (getentropy != NULL)
- return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+ if (getentropy != NULL) {
+ if (getentropy(buf, buflen) == 0)
+ return (ssize_t)buflen;
+ if (errno != ENOSYS)
+ return -1;
+ }
# else
union {
void *p;
Modified: head/crypto/openssl/crypto/sha/asm/sha1-armv8.pl
==============================================================================
--- head/crypto/openssl/crypto/sha/asm/sha1-armv8.pl Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/sha/asm/sha1-armv8.pl Wed Dec 9 02:05:14 2020 (r368472)
@@ -176,6 +176,7 @@ $code.=<<___;
.text
.extern OPENSSL_armcap_P
+.hidden OPENSSL_armcap_P
.globl sha1_block_data_order
.type sha1_block_data_order,%function
.align 6
@@ -329,7 +330,6 @@ $code.=<<___;
#endif
.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
-.comm OPENSSL_armcap_P,4,4
___
}}}
Modified: head/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
==============================================================================
--- head/crypto/openssl/crypto/sha/asm/sha512-armv8.pl Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/sha/asm/sha512-armv8.pl Wed Dec 9 02:05:14 2020 (r368472)
@@ -193,6 +193,7 @@ $code.=<<___;
.text
.extern OPENSSL_armcap_P
+.hidden OPENSSL_armcap_P
.globl $func
.type $func,%function
.align 6
@@ -839,12 +840,6 @@ $code.=<<___;
#endif
___
}
-
-$code.=<<___;
-#ifndef __KERNEL__
-.comm OPENSSL_armcap_P,4,4
-#endif
-___
{ my %opcode = (
"sha256h" => 0x5e004000, "sha256h2" => 0x5e005000,
Modified: head/crypto/openssl/crypto/x509/x509_att.c
==============================================================================
--- head/crypto/openssl/crypto/x509/x509_att.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/x509/x509_att.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -149,7 +149,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STAC
return ret;
}
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
const ASN1_OBJECT *obj, int lastpos, int type)
{
int i;
Modified: head/crypto/openssl/crypto/x509/x509_cmp.c
==============================================================================
--- head/crypto/openssl/crypto/x509/x509_cmp.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/x509/x509_cmp.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -135,6 +135,8 @@ int X509_cmp(const X509 *a, const X509 *b)
{
int rv;
+ if (a == b) /* for efficiency */
+ return 0;
/* ensure hash is valid */
if (X509_check_purpose((X509 *)a, -1, 0) != 1)
return -2;
Modified: head/crypto/openssl/crypto/x509/x509_vfy.c
==============================================================================
--- head/crypto/openssl/crypto/x509/x509_vfy.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/x509/x509_vfy.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -312,8 +312,20 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
return ret;
}
+static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
+{
+ int i, n = sk_X509_num(sk);
+
+ for (i = 0; i < n; i++)
+ if (X509_cmp(sk_X509_value(sk, i), cert) == 0)
+ return 1;
+ return 0;
+}
+
/*
- * Given a STACK_OF(X509) find the issuer of cert (if any)
+ * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x.
+ * The issuer must not be the same as x and must not yet be in ctx->chain, where the
+ * exceptional case x is self-issued and ctx->chain has just one element is allowed.
*/
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
@@ -322,7 +334,13 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF
for (i = 0; i < sk_X509_num(sk); i++) {
issuer = sk_X509_value(sk, i);
- if (ctx->check_issued(ctx, x, issuer)) {
+ /*
+ * Below check 'issuer != x' is an optimization and safety precaution:
+ * Candidate issuer cert cannot be the same as the subject cert 'x'.
+ */
+ if (issuer != x && ctx->check_issued(ctx, x, issuer)
+ && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
+ || !sk_X509_contains(ctx->chain, issuer))) {
rv = issuer;
if (x509_check_cert_time(ctx, rv, -1))
break;
@@ -331,30 +349,13 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF
return rv;
}
-/*
- * Check that the given certificate 'x' is issued by the certificate 'issuer'
- * and the issuer is not yet in ctx->chain, where the exceptional case
- * that 'x' is self-issued and ctx->chain has just one element is allowed.
- */
+/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
- if (x509_likely_issued(issuer, x) != X509_V_OK)
- return 0;
- if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) {
- int i;
- X509 *ch;
-
- for (i = 0; i < sk_X509_num(ctx->chain); i++) {
- ch = sk_X509_value(ctx->chain, i);
- if (ch == issuer || X509_cmp(ch, issuer) == 0)
- return 0;
- }
- }
- return 1;
+ return x509_likely_issued(issuer, x) == X509_V_OK;
}
/* Alternative lookup method: look from a STACK stored in other_ctx */
-
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
*issuer = find_issuer(ctx, ctx->other_ctx, x);
@@ -1740,7 +1741,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
if (ctx->bare_ta_signed) {
xs = xi;
xi = NULL;
- goto check_cert;
+ goto check_cert_time;
}
if (ctx->check_issued(ctx, xi, xi))
@@ -1748,11 +1749,17 @@ static int internal_verify(X509_STORE_CTX *ctx)
else {
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
xs = xi;
- goto check_cert;
+ goto check_cert_time;
}
- if (n <= 0)
- return verify_cb_cert(ctx, xi, 0,
- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
+ if (n <= 0) {
+ if (!verify_cb_cert(ctx, xi, 0,
+ X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+ return 0;
+
+ xs = xi;
+ goto check_cert_time;
+ }
+
n--;
ctx->error_depth = n;
xs = sk_X509_value(ctx->chain, n);
@@ -1811,7 +1818,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
}
}
- check_cert:
+ check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */
/* Calls verify callback as needed */
if (!x509_check_cert_time(ctx, xs, n))
return 0;
Modified: head/crypto/openssl/crypto/x509v3/v3_genn.c
==============================================================================
--- head/crypto/openssl/crypto/x509v3/v3_genn.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/crypto/x509v3/v3_genn.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Modified: head/crypto/openssl/doc/man1/verify.pod
==============================================================================
--- head/crypto/openssl/doc/man1/verify.pod Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/doc/man1/verify.pod Wed Dec 9 02:05:14 2020 (r368472)
@@ -382,10 +382,14 @@ should be trusted for the supplied purpose.
For compatibility with previous versions of OpenSSL, a certificate with no
trust settings is considered to be valid for all purposes.
-The final operation is to check the validity of the certificate chain. The validity
-period is checked against the current system time and the notBefore and notAfter
-dates in the certificate. The certificate signatures are also checked at this
-point.
+The final operation is to check the validity of the certificate chain.
+For each element in the chain, including the root CA certificate,
+the validity period as specified by the C<notBefore> and C<notAfter> fields
+is checked against the current system time.
+The B<-attime> flag may be used to use a reference time other than "now."
+The certificate signature is checked as well
+(except for the signature of the typically self-signed root CA certificate,
+which is verified only if the B<-check_ss_sig> option is given).
If all operations complete successfully then certificate is considered valid. If
any operation fails then the certificate is not valid.
Modified: head/crypto/openssl/doc/man3/BN_set_bit.pod
==============================================================================
--- head/crypto/openssl/doc/man3/BN_set_bit.pod Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/doc/man3/BN_set_bit.pod Wed Dec 9 02:05:14 2020 (r368472)
@@ -33,7 +33,7 @@ error occurs if B<a> is shorter than B<n> bits.
BN_is_bit_set() tests if bit B<n> in B<a> is set.
BN_mask_bits() truncates B<a> to an B<n> bit number
-(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is
+(C<a&=~((~0)E<lt>E<lt>n)>). An error occurs if B<a> already is
shorter than B<n> bits.
BN_lshift() shifts B<a> left by B<n> bits and places the result in
Modified: head/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
==============================================================================
--- head/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod Wed Dec 9 02:05:14 2020 (r368472)
@@ -137,9 +137,7 @@ I<If no function to get the issuer is provided, the in
function will be used instead.>
X509_STORE_set_check_issued() sets the function to check that a given
-certificate B<x> is issued by the issuer certificate B<issuer> and
-the issuer is not yet in the chain contained in <ctx>, where the exceptional
-case that B<x> is self-issued and ctx->chain has just one element is allowed.
+certificate B<x> is issued by the issuer certificate B<issuer>.
This function must return 0 on failure (among others if B<x> hasn't
been issued with B<issuer>) and 1 on success.
I<If no function to get the issuer is provided, the internal default
Modified: head/crypto/openssl/include/openssl/opensslv.h
==============================================================================
--- head/crypto/openssl/include/openssl/opensslv.h Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/include/openssl/opensslv.h Wed Dec 9 02:05:14 2020 (r368472)
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010108fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h-freebsd 22 Sep 2020"
+# define OPENSSL_VERSION_NUMBER 0x1010109fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i-freebsd 8 Dec 2020"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
Modified: head/crypto/openssl/include/openssl/x509.h
==============================================================================
--- head/crypto/openssl/include/openssl/x509.h Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/include/openssl/x509.h Wed Dec 9 02:05:14 2020 (r368472)
@@ -933,7 +933,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STAC
int type,
const unsigned char *bytes,
int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
const ASN1_OBJECT *obj, int lastpos, int type);
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
int atrtype, const void *data,
Modified: head/crypto/openssl/ssl/record/rec_layer_d1.c
==============================================================================
--- head/crypto/openssl/ssl/record/rec_layer_d1.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/record/rec_layer_d1.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -808,8 +808,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned ch
wb = &s->rlayer.wbuf[0];
/*
- * first check if there is a SSL3_BUFFER still being written out. This
- * will happen with non blocking IO
+ * DTLS writes whole datagrams, so there can't be anything left in
+ * the buffer.
*/
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
Modified: head/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- head/crypto/openssl/ssl/s3_lib.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/s3_lib.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
- SSL_CIPHER *c = NULL, *tbl;
- SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
- size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+ SSL_CIPHER *tbl;
+ SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
+ size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
+ SSL3_NUM_SCSVS};
/* this is not efficient, necessary to optimize this? */
for (j = 0; j < OSSL_NELEM(alltabs); j++) {
@@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const ch
if (tbl->stdname == NULL)
continue;
if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
+ return tbl;
}
}
}
- if (c == NULL) {
- tbl = ssl3_scsvs;
- for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
- if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
- }
- }
- }
- return c;
+ return NULL;
}
/*
Modified: head/crypto/openssl/ssl/ssl_lib.c
==============================================================================
--- head/crypto/openssl/ssl/ssl_lib.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/ssl_lib.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -2678,7 +2678,7 @@ const char *SSL_get_servername(const SSL *s, const int
* - Otherwise it returns NULL
*
* During/after the handshake (TLSv1.2 or below resumption occurred):
- * - If the session from the orignal handshake had a servername accepted
+ * - If the session from the original handshake had a servername accepted
* by the server then it will return that servername.
* - Otherwise it returns the servername set via
* SSL_set_tlsext_host_name() (or NULL if it was not called).
Modified: head/crypto/openssl/ssl/ssl_sess.c
==============================================================================
--- head/crypto/openssl/ssl/ssl_sess.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/ssl_sess.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -107,7 +107,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int tic
{
SSL_SESSION *dest;
- dest = OPENSSL_malloc(sizeof(*src));
+ dest = OPENSSL_malloc(sizeof(*dest));
if (dest == NULL) {
goto err;
}
Modified: head/crypto/openssl/ssl/statem/statem_clnt.c
==============================================================================
--- head/crypto/openssl/ssl/statem/statem_clnt.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/statem/statem_clnt.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -2145,15 +2145,17 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EV
}
bnpub_key = NULL;
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
- SSL_R_DH_KEY_TOO_SMALL);
- goto err;
- }
-
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
+ goto err;
+ }
+ dh = NULL;
+
+ if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+ 0, peer_tmp)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+ SSL_R_DH_KEY_TOO_SMALL);
goto err;
}
Modified: head/crypto/openssl/ssl/statem/statem_srvr.c
==============================================================================
--- head/crypto/openssl/ssl/statem/statem_srvr.c Wed Dec 9 00:56:38 2020 (r368471)
+++ head/crypto/openssl/ssl/statem/statem_srvr.c Wed Dec 9 02:05:14 2020 (r368472)
@@ -2577,7 +2577,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
if (s->s3->tmp.pkey == NULL) {
- /* SSLfatal() already called */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR);
goto err;
}
Modified: head/secure/lib/libcrypto/Makefile.inc
==============================================================================
--- head/secure/lib/libcrypto/Makefile.inc Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/Makefile.inc Wed Dec 9 02:05:14 2020 (r368472)
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.1.1h
-OPENSSL_DATE= 2020-09-22
+OPENSSL_VER= 1.1.1i
+OPENSSL_DATE= 2020-12-08
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
Modified: head/secure/lib/libcrypto/man/man3/ADMISSIONS.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ADMISSIONS.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ADMISSIONS.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ADMISSIONS 3"
-.TH ADMISSIONS 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ADMISSIONS 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_INTEGER_GET_INT64 3"
-.TH ASN1_INTEGER_GET_INT64 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_INTEGER_GET_INT64 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_ITEM_LOOKUP 3"
-.TH ASN1_ITEM_LOOKUP 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_ITEM_LOOKUP 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_NEW 3"
-.TH ASN1_OBJECT_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_OBJECT_NEW 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_TABLE_ADD 3"
-.TH ASN1_STRING_TABLE_ADD 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_STRING_TABLE_ADD 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_LENGTH 3"
-.TH ASN1_STRING_LENGTH 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_STRING_LENGTH 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_NEW 3"
-.TH ASN1_STRING_NEW 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_STRING_NEW 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_PRINT_EX 3"
-.TH ASN1_STRING_PRINT_EX 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_STRING_PRINT_EX 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TIME_SET 3"
-.TH ASN1_TIME_SET 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_TIME_SET 3 "2020-12-08" "1.1.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Modified: head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3
==============================================================================
--- head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 Wed Dec 9 00:56:38 2020 (r368471)
+++ head/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 Wed Dec 9 02:05:14 2020 (r368472)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TYPE_GET 3"
-.TH ASN1_TYPE_GET 3 "2020-09-22" "1.1.1h" "OpenSSL"
+.TH ASN1_TYPE_GET 3 "2020-12-08" "1.1.1i" "OpenSSL"
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list