svn commit: r340705 - in stable/12: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/async/arch crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypt...
Jung-uk Kim
jkim at FreeBSD.org
Tue Nov 20 21:35:30 UTC 2018
Author: jkim
Date: Tue Nov 20 21:35:20 2018
New Revision: 340705
URL: https://svnweb.freebsd.org/changeset/base/340705
Log:
MFC: r340703
Merge OpenSSL 1.1.1a.
Added:
stable/12/crypto/openssl/crypto/getenv.c
- copied unchanged from r340703, head/crypto/openssl/crypto/getenv.c
stable/12/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod
- copied unchanged from r340703, head/crypto/openssl/doc/man3/SSL_get_peer_tmp_key.pod
stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
- copied unchanged from r340703, head/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
Deleted:
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_client_CA_list.pod
stable/12/crypto/openssl/doc/man3/SSL_get_client_CA_list.pod
stable/12/crypto/openssl/doc/man3/SSL_get_server_tmp_key.pod
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3
stable/12/secure/lib/libcrypto/man/SSL_get_client_CA_list.3
stable/12/secure/lib/libcrypto/man/SSL_get_server_tmp_key.3
Modified:
stable/12/crypto/openssl/CHANGES
stable/12/crypto/openssl/Configure
stable/12/crypto/openssl/INSTALL
stable/12/crypto/openssl/NEWS
stable/12/crypto/openssl/README
stable/12/crypto/openssl/apps/app_rand.c
stable/12/crypto/openssl/apps/apps.c
stable/12/crypto/openssl/apps/apps.h
stable/12/crypto/openssl/apps/ca.c
stable/12/crypto/openssl/apps/ocsp.c
stable/12/crypto/openssl/apps/openssl.cnf
stable/12/crypto/openssl/apps/opt.c
stable/12/crypto/openssl/apps/rehash.c
stable/12/crypto/openssl/apps/rsa.c
stable/12/crypto/openssl/apps/s_cb.c
stable/12/crypto/openssl/apps/s_server.c
stable/12/crypto/openssl/apps/speed.c
stable/12/crypto/openssl/apps/x509.c
stable/12/crypto/openssl/crypto/LPdir_unix.c
stable/12/crypto/openssl/crypto/async/arch/async_posix.h
stable/12/crypto/openssl/crypto/bio/b_sock2.c
stable/12/crypto/openssl/crypto/bio/bio_lib.c
stable/12/crypto/openssl/crypto/bio/bss_log.c
stable/12/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
stable/12/crypto/openssl/crypto/bn/bn_exp.c
stable/12/crypto/openssl/crypto/bn/bn_lib.c
stable/12/crypto/openssl/crypto/build.info
stable/12/crypto/openssl/crypto/conf/conf_api.c
stable/12/crypto/openssl/crypto/conf/conf_mod.c
stable/12/crypto/openssl/crypto/cryptlib.c
stable/12/crypto/openssl/crypto/ct/ct_log.c
stable/12/crypto/openssl/crypto/dsa/dsa_gen.c
stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c
stable/12/crypto/openssl/crypto/ec/ec_ameth.c
stable/12/crypto/openssl/crypto/ec/ec_mult.c
stable/12/crypto/openssl/crypto/ec/ec_pmeth.c
stable/12/crypto/openssl/crypto/ec/ecdh_kdf.c
stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
stable/12/crypto/openssl/crypto/engine/eng_list.c
stable/12/crypto/openssl/crypto/err/openssl.txt
stable/12/crypto/openssl/crypto/evp/e_aes.c
stable/12/crypto/openssl/crypto/evp/e_rc2.c
stable/12/crypto/openssl/crypto/evp/pmeth_lib.c
stable/12/crypto/openssl/crypto/include/internal/ec_int.h
stable/12/crypto/openssl/crypto/include/internal/rand_int.h
stable/12/crypto/openssl/crypto/kdf/hkdf.c
stable/12/crypto/openssl/crypto/mem_sec.c
stable/12/crypto/openssl/crypto/o_fopen.c
stable/12/crypto/openssl/crypto/pkcs12/p12_mutl.c
stable/12/crypto/openssl/crypto/poly1305/poly1305_ieee754.c
stable/12/crypto/openssl/crypto/rand/drbg_ctr.c
stable/12/crypto/openssl/crypto/rand/drbg_lib.c
stable/12/crypto/openssl/crypto/rand/rand_err.c
stable/12/crypto/openssl/crypto/rand/rand_lcl.h
stable/12/crypto/openssl/crypto/rand/rand_lib.c
stable/12/crypto/openssl/crypto/rand/rand_unix.c
stable/12/crypto/openssl/crypto/rand/randfile.c
stable/12/crypto/openssl/crypto/rsa/rsa_lib.c
stable/12/crypto/openssl/crypto/rsa/rsa_meth.c
stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c
stable/12/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
stable/12/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
stable/12/crypto/openssl/crypto/siphash/siphash.c
stable/12/crypto/openssl/crypto/sm2/sm2_crypt.c
stable/12/crypto/openssl/crypto/sm2/sm2_sign.c
stable/12/crypto/openssl/crypto/ui/ui_openssl.c
stable/12/crypto/openssl/crypto/x509/by_dir.c
stable/12/crypto/openssl/crypto/x509/by_file.c
stable/12/crypto/openssl/crypto/x509/x509_vfy.c
stable/12/crypto/openssl/doc/man1/ca.pod
stable/12/crypto/openssl/doc/man1/enc.pod
stable/12/crypto/openssl/doc/man1/openssl.pod
stable/12/crypto/openssl/doc/man1/req.pod
stable/12/crypto/openssl/doc/man1/rsa.pod
stable/12/crypto/openssl/doc/man1/s_server.pod
stable/12/crypto/openssl/doc/man1/storeutl.pod
stable/12/crypto/openssl/doc/man1/x509.pod
stable/12/crypto/openssl/doc/man3/DES_random_key.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_set1_RSA.pod
stable/12/crypto/openssl/doc/man3/EVP_aes.pod
stable/12/crypto/openssl/doc/man3/EVP_aria.pod
stable/12/crypto/openssl/doc/man3/EVP_bf_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_camellia.pod
stable/12/crypto/openssl/doc/man3/EVP_cast5_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_des.pod
stable/12/crypto/openssl/doc/man3/EVP_idea_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_md5.pod
stable/12/crypto/openssl/doc/man3/EVP_rc2_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_seed_cbc.pod
stable/12/crypto/openssl/doc/man3/EVP_sm4_cbc.pod
stable/12/crypto/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod
stable/12/crypto/openssl/doc/man3/RSA_meth_new.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod
stable/12/crypto/openssl/doc/man3/SSL_get_error.pod
stable/12/crypto/openssl/doc/man3/SSL_get_peer_signature_nid.pod
stable/12/crypto/openssl/doc/man3/SSL_set_bio.pod
stable/12/crypto/openssl/doc/man3/SSL_set_shutdown.pod
stable/12/crypto/openssl/doc/man3/SSL_shutdown.pod
stable/12/crypto/openssl/doc/man7/RAND_DRBG.pod
stable/12/crypto/openssl/e_os.h
stable/12/crypto/openssl/include/internal/cryptlib.h
stable/12/crypto/openssl/include/internal/tsan_assist.h
stable/12/crypto/openssl/include/openssl/cryptoerr.h
stable/12/crypto/openssl/include/openssl/ec.h
stable/12/crypto/openssl/include/openssl/ocsp.h
stable/12/crypto/openssl/include/openssl/opensslv.h
stable/12/crypto/openssl/include/openssl/rand_drbg.h
stable/12/crypto/openssl/include/openssl/randerr.h
stable/12/crypto/openssl/include/openssl/rsa.h
stable/12/crypto/openssl/include/openssl/ssl.h
stable/12/crypto/openssl/include/openssl/symhacks.h
stable/12/crypto/openssl/include/openssl/tls1.h
stable/12/crypto/openssl/ssl/d1_lib.c
stable/12/crypto/openssl/ssl/record/rec_layer_d1.c
stable/12/crypto/openssl/ssl/record/record.h
stable/12/crypto/openssl/ssl/record/record_locl.h
stable/12/crypto/openssl/ssl/record/ssl3_record.c
stable/12/crypto/openssl/ssl/s3_cbc.c
stable/12/crypto/openssl/ssl/s3_enc.c
stable/12/crypto/openssl/ssl/s3_lib.c
stable/12/crypto/openssl/ssl/ssl_cert.c
stable/12/crypto/openssl/ssl/ssl_ciph.c
stable/12/crypto/openssl/ssl/ssl_lib.c
stable/12/crypto/openssl/ssl/ssl_locl.h
stable/12/crypto/openssl/ssl/statem/extensions.c
stable/12/crypto/openssl/ssl/statem/extensions_clnt.c
stable/12/crypto/openssl/ssl/statem/statem.c
stable/12/crypto/openssl/ssl/statem/statem_clnt.c
stable/12/crypto/openssl/ssl/statem/statem_lib.c
stable/12/crypto/openssl/ssl/statem/statem_locl.h
stable/12/crypto/openssl/ssl/statem/statem_srvr.c
stable/12/crypto/openssl/ssl/t1_lib.c
stable/12/crypto/openssl/ssl/tls13_enc.c
stable/12/secure/lib/libcrypto/Makefile
stable/12/secure/lib/libcrypto/Makefile.inc
stable/12/secure/lib/libcrypto/Makefile.man
stable/12/secure/lib/libcrypto/man/ADMISSIONS.3
stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3
stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3
stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3
stable/12/secure/lib/libcrypto/man/BF_encrypt.3
stable/12/secure/lib/libcrypto/man/BIO_ADDR.3
stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3
stable/12/secure/lib/libcrypto/man/BIO_connect.3
stable/12/secure/lib/libcrypto/man/BIO_ctrl.3
stable/12/secure/lib/libcrypto/man/BIO_f_base64.3
stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/12/secure/lib/libcrypto/man/BIO_f_md.3
stable/12/secure/lib/libcrypto/man/BIO_f_null.3
stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/12/secure/lib/libcrypto/man/BIO_find_type.3
stable/12/secure/lib/libcrypto/man/BIO_get_data.3
stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/BIO_meth_new.3
stable/12/secure/lib/libcrypto/man/BIO_new.3
stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3
stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3
stable/12/secure/lib/libcrypto/man/BIO_printf.3
stable/12/secure/lib/libcrypto/man/BIO_push.3
stable/12/secure/lib/libcrypto/man/BIO_read.3
stable/12/secure/lib/libcrypto/man/BIO_s_accept.3
stable/12/secure/lib/libcrypto/man/BIO_s_bio.3
stable/12/secure/lib/libcrypto/man/BIO_s_connect.3
stable/12/secure/lib/libcrypto/man/BIO_s_fd.3
stable/12/secure/lib/libcrypto/man/BIO_s_file.3
stable/12/secure/lib/libcrypto/man/BIO_s_mem.3
stable/12/secure/lib/libcrypto/man/BIO_s_null.3
stable/12/secure/lib/libcrypto/man/BIO_s_socket.3
stable/12/secure/lib/libcrypto/man/BIO_set_callback.3
stable/12/secure/lib/libcrypto/man/BIO_should_retry.3
stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_start.3
stable/12/secure/lib/libcrypto/man/BN_add.3
stable/12/secure/lib/libcrypto/man/BN_add_word.3
stable/12/secure/lib/libcrypto/man/BN_bn2bin.3
stable/12/secure/lib/libcrypto/man/BN_cmp.3
stable/12/secure/lib/libcrypto/man/BN_copy.3
stable/12/secure/lib/libcrypto/man/BN_generate_prime.3
stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/12/secure/lib/libcrypto/man/BN_new.3
stable/12/secure/lib/libcrypto/man/BN_num_bytes.3
stable/12/secure/lib/libcrypto/man/BN_rand.3
stable/12/secure/lib/libcrypto/man/BN_security_bits.3
stable/12/secure/lib/libcrypto/man/BN_set_bit.3
stable/12/secure/lib/libcrypto/man/BN_swap.3
stable/12/secure/lib/libcrypto/man/BN_zero.3
stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3
stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3
stable/12/secure/lib/libcrypto/man/CMS_compress.3
stable/12/secure/lib/libcrypto/man/CMS_decrypt.3
stable/12/secure/lib/libcrypto/man/CMS_encrypt.3
stable/12/secure/lib/libcrypto/man/CMS_final.3
stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_type.3
stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
stable/12/secure/lib/libcrypto/man/CMS_sign.3
stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3
stable/12/secure/lib/libcrypto/man/CMS_uncompress.3
stable/12/secure/lib/libcrypto/man/CMS_verify.3
stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3
stable/12/secure/lib/libcrypto/man/CONF_modules_free.3
stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3
stable/12/secure/lib/libcrypto/man/CTLOG_new.3
stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
stable/12/secure/lib/libcrypto/man/DES_random_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3
stable/12/secure/lib/libcrypto/man/DH_meth_new.3
stable/12/secure/lib/libcrypto/man/DH_new.3
stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3
stable/12/secure/lib/libcrypto/man/DH_set_method.3
stable/12/secure/lib/libcrypto/man/DH_size.3
stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/DSA_do_sign.3
stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/12/secure/lib/libcrypto/man/DSA_generate_key.3
stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DSA_meth_new.3
stable/12/secure/lib/libcrypto/man/DSA_new.3
stable/12/secure/lib/libcrypto/man/DSA_set_method.3
stable/12/secure/lib/libcrypto/man/DSA_sign.3
stable/12/secure/lib/libcrypto/man/DSA_size.3
stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3
stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3
stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3
stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
stable/12/secure/lib/libcrypto/man/EC_KEY_new.3
stable/12/secure/lib/libcrypto/man/EC_POINT_add.3
stable/12/secure/lib/libcrypto/man/EC_POINT_new.3
stable/12/secure/lib/libcrypto/man/ENGINE_add.3
stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/12/secure/lib/libcrypto/man/ERR_clear_error.3
stable/12/secure/lib/libcrypto/man/ERR_error_string.3
stable/12/secure/lib/libcrypto/man/ERR_get_error.3
stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/12/secure/lib/libcrypto/man/ERR_load_strings.3
stable/12/secure/lib/libcrypto/man/ERR_print_errors.3
stable/12/secure/lib/libcrypto/man/ERR_put_error.3
stable/12/secure/lib/libcrypto/man/ERR_remove_state.3
stable/12/secure/lib/libcrypto/man/ERR_set_mark.3
stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
stable/12/secure/lib/libcrypto/man/EVP_SealInit.3
stable/12/secure/lib/libcrypto/man/EVP_SignInit.3
stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_aes.3
stable/12/secure/lib/libcrypto/man/EVP_aria.3
stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3
stable/12/secure/lib/libcrypto/man/EVP_camellia.3
stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_chacha20.3
stable/12/secure/lib/libcrypto/man/EVP_des.3
stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_md2.3
stable/12/secure/lib/libcrypto/man/EVP_md4.3
stable/12/secure/lib/libcrypto/man/EVP_md5.3
stable/12/secure/lib/libcrypto/man/EVP_mdc2.3
stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_rc4.3
stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3
stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_sha1.3
stable/12/secure/lib/libcrypto/man/EVP_sha224.3
stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3
stable/12/secure/lib/libcrypto/man/EVP_sm3.3
stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3
stable/12/secure/lib/libcrypto/man/HMAC.3
stable/12/secure/lib/libcrypto/man/MD5.3
stable/12/secure/lib/libcrypto/man/MDC2_Init.3
stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3
stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3
stable/12/secure/lib/libcrypto/man/OCSP_response_status.3
stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3
stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/12/secure/lib/libcrypto/man/OPENSSL_config.3
stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3
stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3
stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
stable/12/secure/lib/libcrypto/man/PEM_read.3
stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
stable/12/secure/lib/libcrypto/man/PKCS12_create.3
stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3
stable/12/secure/lib/libcrypto/man/PKCS12_parse.3
stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
stable/12/secure/lib/libcrypto/man/PKCS7_verify.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
stable/12/secure/lib/libcrypto/man/RAND_add.3
stable/12/secure/lib/libcrypto/man/RAND_bytes.3
stable/12/secure/lib/libcrypto/man/RAND_cleanup.3
stable/12/secure/lib/libcrypto/man/RAND_egd.3
stable/12/secure/lib/libcrypto/man/RAND_load_file.3
stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/12/secure/lib/libcrypto/man/RC4_set_key.3
stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3
stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/12/secure/lib/libcrypto/man/RSA_check_key.3
stable/12/secure/lib/libcrypto/man/RSA_generate_key.3
stable/12/secure/lib/libcrypto/man/RSA_get0_key.3
stable/12/secure/lib/libcrypto/man/RSA_meth_new.3
stable/12/secure/lib/libcrypto/man/RSA_new.3
stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/12/secure/lib/libcrypto/man/RSA_print.3
stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_set_method.3
stable/12/secure/lib/libcrypto/man/RSA_sign.3
stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/12/secure/lib/libcrypto/man/RSA_size.3
stable/12/secure/lib/libcrypto/man/SCT_new.3
stable/12/secure/lib/libcrypto/man/SCT_print.3
stable/12/secure/lib/libcrypto/man/SCT_validate.3
stable/12/secure/lib/libcrypto/man/SHA256_Init.3
stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
stable/12/secure/lib/libcrypto/man/SSL_accept.3
stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3
stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3
stable/12/secure/lib/libcrypto/man/SSL_check_chain.3
stable/12/secure/lib/libcrypto/man/SSL_clear.3
stable/12/secure/lib/libcrypto/man/SSL_connect.3
stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3
stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3
stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3
stable/12/secure/lib/libcrypto/man/SSL_free.3
stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3
stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3
stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_get_error.3
stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3
stable/12/secure/lib/libcrypto/man/SSL_get_fd.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3
stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3
stable/12/secure/lib/libcrypto/man/SSL_get_session.3
stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_get_version.3
stable/12/secure/lib/libcrypto/man/SSL_in_init.3
stable/12/secure/lib/libcrypto/man/SSL_key_update.3
stable/12/secure/lib/libcrypto/man/SSL_library_init.3
stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
stable/12/secure/lib/libcrypto/man/SSL_new.3
stable/12/secure/lib/libcrypto/man/SSL_pending.3
stable/12/secure/lib/libcrypto/man/SSL_read.3
stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3
stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3
stable/12/secure/lib/libcrypto/man/SSL_session_reused.3
stable/12/secure/lib/libcrypto/man/SSL_set1_host.3
stable/12/secure/lib/libcrypto/man/SSL_set_bio.3
stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3
stable/12/secure/lib/libcrypto/man/SSL_set_fd.3
stable/12/secure/lib/libcrypto/man/SSL_set_session.3
stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_state_string.3
stable/12/secure/lib/libcrypto/man/SSL_want.3
stable/12/secure/lib/libcrypto/man/SSL_write.3
stable/12/secure/lib/libcrypto/man/UI_STRING.3
stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
stable/12/secure/lib/libcrypto/man/UI_create_method.3
stable/12/secure/lib/libcrypto/man/UI_new.3
stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3
stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3
stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3
stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3
stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3
stable/12/secure/lib/libcrypto/man/X509_STORE_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
stable/12/secure/lib/libcrypto/man/X509_check_ca.3
stable/12/secure/lib/libcrypto/man/X509_check_host.3
stable/12/secure/lib/libcrypto/man/X509_check_issued.3
stable/12/secure/lib/libcrypto/man/X509_check_private_key.3
stable/12/secure/lib/libcrypto/man/X509_cmp_time.3
stable/12/secure/lib/libcrypto/man/X509_digest.3
stable/12/secure/lib/libcrypto/man/X509_dup.3
stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3
stable/12/secure/lib/libcrypto/man/X509_get0_signature.3
stable/12/secure/lib/libcrypto/man/X509_get0_uids.3
stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3
stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3
stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3
stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3
stable/12/secure/lib/libcrypto/man/X509_get_version.3
stable/12/secure/lib/libcrypto/man/X509_new.3
stable/12/secure/lib/libcrypto/man/X509_sign.3
stable/12/secure/lib/libcrypto/man/X509_verify_cert.3
stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
stable/12/secure/lib/libcrypto/man/d2i_DHparams.3
stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3
stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
stable/12/secure/lib/libcrypto/man/d2i_X509.3
stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3
stable/12/secure/lib/libssl/Version.map (contents, props changed)
stable/12/secure/usr.bin/openssl/man/CA.pl.1
stable/12/secure/usr.bin/openssl/man/asn1parse.1
stable/12/secure/usr.bin/openssl/man/ca.1
stable/12/secure/usr.bin/openssl/man/ciphers.1
stable/12/secure/usr.bin/openssl/man/cms.1
stable/12/secure/usr.bin/openssl/man/crl.1
stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/12/secure/usr.bin/openssl/man/dgst.1
stable/12/secure/usr.bin/openssl/man/dhparam.1
stable/12/secure/usr.bin/openssl/man/dsa.1
stable/12/secure/usr.bin/openssl/man/dsaparam.1
stable/12/secure/usr.bin/openssl/man/ec.1
stable/12/secure/usr.bin/openssl/man/ecparam.1
stable/12/secure/usr.bin/openssl/man/enc.1
stable/12/secure/usr.bin/openssl/man/engine.1
stable/12/secure/usr.bin/openssl/man/errstr.1
stable/12/secure/usr.bin/openssl/man/gendsa.1
stable/12/secure/usr.bin/openssl/man/genpkey.1
stable/12/secure/usr.bin/openssl/man/genrsa.1
stable/12/secure/usr.bin/openssl/man/list.1
stable/12/secure/usr.bin/openssl/man/nseq.1
stable/12/secure/usr.bin/openssl/man/ocsp.1
stable/12/secure/usr.bin/openssl/man/openssl.1
stable/12/secure/usr.bin/openssl/man/passwd.1
stable/12/secure/usr.bin/openssl/man/pkcs12.1
stable/12/secure/usr.bin/openssl/man/pkcs7.1
stable/12/secure/usr.bin/openssl/man/pkcs8.1
stable/12/secure/usr.bin/openssl/man/pkey.1
stable/12/secure/usr.bin/openssl/man/pkeyparam.1
stable/12/secure/usr.bin/openssl/man/pkeyutl.1
stable/12/secure/usr.bin/openssl/man/prime.1
stable/12/secure/usr.bin/openssl/man/rand.1
stable/12/secure/usr.bin/openssl/man/req.1
stable/12/secure/usr.bin/openssl/man/rsa.1
stable/12/secure/usr.bin/openssl/man/rsautl.1
stable/12/secure/usr.bin/openssl/man/s_client.1
stable/12/secure/usr.bin/openssl/man/s_server.1
stable/12/secure/usr.bin/openssl/man/s_time.1
stable/12/secure/usr.bin/openssl/man/sess_id.1
stable/12/secure/usr.bin/openssl/man/smime.1
stable/12/secure/usr.bin/openssl/man/speed.1
stable/12/secure/usr.bin/openssl/man/spkac.1
stable/12/secure/usr.bin/openssl/man/srp.1
stable/12/secure/usr.bin/openssl/man/storeutl.1
stable/12/secure/usr.bin/openssl/man/ts.1
stable/12/secure/usr.bin/openssl/man/tsget.1
stable/12/secure/usr.bin/openssl/man/verify.1
stable/12/secure/usr.bin/openssl/man/version.1
stable/12/secure/usr.bin/openssl/man/x509.1
Directory Properties:
stable/12/ (props changed)
stable/12/secure/lib/libcrypto/Version.map (props changed)
Modified: stable/12/crypto/openssl/CHANGES
==============================================================================
--- stable/12/crypto/openssl/CHANGES Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/CHANGES Tue Nov 20 21:35:20 2018 (r340705)
@@ -7,6 +7,42 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+ *) Timing vulnerability in DSA signature generation
+
+ The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+ (CVE-2018-0734)
+ [Paul Dale]
+
+ *) Timing vulnerability in ECDSA signature generation
+
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+ (CVE-2018-0735)
+ [Paul Dale]
+
+ *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+ the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+ are retained for backwards compatibility.
+ [Antoine Salon]
+
+ *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+ if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+ of two gigabytes and the error handling improved.
+
+ This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+ categorized as a normal bug, not a security issue, because the DRBG reseeds
+ automatically and is fully functional even without additional randomness
+ provided by the application.
+
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
*) Add a new ClientHello callback. Provides a callback interface that gives
@@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop at spyglass.com>]
-
Modified: stable/12/crypto/openssl/Configure
==============================================================================
--- stable/12/crypto/openssl/Configure Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/Configure Tue Nov 20 21:35:20 2018 (r340705)
@@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) {
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
-You have selected the --with-rand-seed=none option, which effectively disables
-automatic reseeding of the OpenSSL random generator. All operations depending
-on the random generator such as creating keys will not work unless the random
-generator is seeded manually by the application.
-Please read the 'Note on random number generation' section in the INSTALL
-instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+You have selected the --with-rand-seed=none option, which effectively
+disables automatic reseeding of the OpenSSL random generator.
+All operations depending on the random generator such as creating keys
+will not work unless the random generator is seeded manually by the
+application.
+
+Please read the 'Note on random number generation' section in the
+INSTALL instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+
_____
}
push @{$config{openssl_other_defines}},
@@ -2174,6 +2179,16 @@ EOF
# Massage the result
+ # If the user configured no-shared, we allow no shared sources
+ if ($disabled{shared}) {
+ foreach (keys %{$unified_info{shared_sources}}) {
+ foreach (keys %{$unified_info{shared_sources}->{$_}}) {
+ delete $unified_info{sources}->{$_};
+ }
+ }
+ $unified_info{shared_sources} = {};
+ }
+
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
@@ -2198,8 +2213,8 @@ EOF
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
- (keys %{$unified_info{sources}->{$dest}},
- keys %{$unified_info{shared_sources}->{$dest}})) {
+ (keys %{$unified_info{sources}->{$dest} // {}},
+ keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@@ -2238,6 +2253,42 @@ EOF
[ @{$unified_info{includes}->{$dest}->{source}} ];
}
}
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable. Then, add build rules for those
+ # directories
+ my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
+ "dso" => [ @{$unified_info{engines}} ],
+ "bin" => [ @{$unified_info{programs}} ],
+ "script" => [ @{$unified_info{scripts}} ] );
+ foreach my $type (keys %loopinfo) {
+ foreach my $product (@{$loopinfo{$type}}) {
+ my %dirs = ();
+ my $pd = dirname($product);
+
+ foreach (@{$unified_info{sources}->{$product} // []},
+ @{$unified_info{shared_sources}->{$product} // []}) {
+ my $d = dirname($_);
+
+ # We don't want to create targets for source directories
+ # when building out of source
+ next if ($config{sourcedir} ne $config{builddir}
+ && $d =~ m|^\Q$config{sourcedir}\E|);
+ # We already have a "test" target, and the current directory
+ # is just silly to make a target for
+ next if $d eq "test" || $d eq ".";
+
+ $dirs{$d} = 1;
+ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+ if $d ne $pd;
+ }
+ foreach (keys %dirs) {
+ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+ $product;
+ }
+ }
+ }
}
# For the schemes that need it, we provide the old *_obj configs
@@ -2712,10 +2763,16 @@ print <<"EOF";
**********************************************************************
*** ***
-*** If you want to report a building issue, please include the ***
-*** output from this command: ***
+*** OpenSSL has been successfully configured ***
*** ***
-*** perl configdata.pm --dump ***
+*** If you encounter a problem while building, please open an ***
+*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
+*** and include the output from the following command: ***
+*** ***
+*** perl configdata.pm --dump ***
+*** ***
+*** (If you are new to OpenSSL, you might want to consult the ***
+*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
EOF
Modified: stable/12/crypto/openssl/INSTALL
==============================================================================
--- stable/12/crypto/openssl/INSTALL Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/INSTALL Tue Nov 20 21:35:20 2018 (r340705)
@@ -614,8 +614,8 @@
Windows, and as a comma separated list of
libraries on VMS.
RANLIB The library archive indexer.
- RC The Windows resources manipulator.
- RCFLAGS Flags for the Windows reources manipulator.
+ RC The Windows resource compiler.
+ RCFLAGS Flags for the Windows resource compiler.
RM The command to remove files and directories.
These cannot be mixed with compiling / linking flags given
@@ -969,7 +969,7 @@
BUILDFILE
Use a different build file name than the platform default
- ("Makefile" on Unixly platforms, "makefile" on native Windows,
+ ("Makefile" on Unix-like platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template. See Configurations/README
for further information.
@@ -1171,7 +1171,7 @@
part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
the name.
- On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ On most POSIX platforms, shared libraries are named libcrypto.so.1.1
and libssl.so.1.1.
on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
@@ -1202,7 +1202,7 @@
The seeding method can be configured using the --with-rand-seed option,
which can be used to specify a comma separated list of seed methods.
However in most cases OpenSSL will choose a suitable default method,
- so it is not necessary to explicitely provide this option. Note also
+ so it is not necessary to explicitly provide this option. Note also
that not all methods are available on all platforms.
I) On operating systems which provide a suitable randomness source (in
Modified: stable/12/crypto/openssl/NEWS
==============================================================================
--- stable/12/crypto/openssl/NEWS Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/NEWS Tue Nov 20 21:35:20 2018 (r340705)
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
Modified: stable/12/crypto/openssl/README
==============================================================================
--- stable/12/crypto/openssl/README Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/README Tue Nov 20 21:35:20 2018 (r340705)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1 11 Sep 2018
+ OpenSSL 1.1.1a 20 Nov 2018
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: stable/12/crypto/openssl/apps/app_rand.c
==============================================================================
--- stable/12/crypto/openssl/apps/app_rand.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/app_rand.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section)
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
- return;
}
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
Modified: stable/12/crypto/openssl/apps/apps.c
==============================================================================
--- stable/12/crypto/openssl/apps/apps.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/apps.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int
opt_getprog(), typestr);
continue;
}
+ if (*valstr == '\0') {
+ BIO_printf(bio_err,
+ "%s: No value provided for Subject Attribute %s, skipped\n",
+ opt_getprog(), typestr);
+ continue;
+ }
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0))
Modified: stable/12/crypto/openssl/apps/apps.h
==============================================================================
--- stable/12/crypto/openssl/apps/apps.h Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/apps.h Tue Nov 20 21:35:20 2018 (r340705)
@@ -369,7 +369,7 @@ typedef struct string_int_pair_st {
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
-# define OPT_FMT_NETSCAPE (1L << 6)
+/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
@@ -378,8 +378,8 @@ typedef struct string_int_pair_st {
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
- OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
Modified: stable/12/crypto/openssl/apps/ca.c
==============================================================================
--- stable/12/crypto/openssl/apps/ca.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/ca.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -605,7 +605,7 @@ end_of_options:
/*
* outdir is a directory spec, but access() for VMS demands a
* filename. We could use the DEC C routine to convert the
- * directory syntax to Unixly, and give that to app_isdir,
+ * directory syntax to Unix, and give that to app_isdir,
* but for now the fopen will catch the error if it's not a
* directory
*/
@@ -976,7 +976,7 @@ end_of_options:
BIO_printf(bio_err, "Write out database with %d new entries\n",
sk_X509_num(cert_sk));
- if (!rand_ser
+ if (serialfile != NULL
&& !save_serial(serialfile, "new", serial, NULL))
goto end;
@@ -1044,7 +1044,8 @@ end_of_options:
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
- if (!rotate_serial(serialfile, "new", "old"))
+ if (serialfile != NULL
+ && !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
@@ -1177,10 +1178,9 @@ end_of_options:
}
/* we have a CRL number that need updating */
- if (crlnumberfile != NULL)
- if (!rand_ser
- && !save_serial(crlnumberfile, "new", crlnumber, NULL))
- goto end;
+ if (crlnumberfile != NULL
+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto end;
BN_free(crlnumber);
crlnumber = NULL;
@@ -1195,9 +1195,10 @@ end_of_options:
PEM_write_bio_X509_CRL(Sout, crl);
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile, "new", "old"))
- goto end;
+ /* Rename the crlnumber file */
+ if (crlnumberfile != NULL
+ && !rotate_serial(crlnumberfile, "new", "old"))
+ goto end;
}
/*****************************************************************/
Modified: stable/12/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/12/crypto/openssl/apps/ocsp.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/ocsp.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -950,6 +950,7 @@ static void spawn_loop(void)
sleep(30);
break;
case 0: /* child */
+ OPENSSL_free(kidpids);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
if (termsig)
@@ -976,6 +977,7 @@ static void spawn_loop(void)
}
/* The loop above can only break on termsig */
+ OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}
Modified: stable/12/crypto/openssl/apps/openssl.cnf
==============================================================================
--- stable/12/crypto/openssl/apps/openssl.cnf Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/openssl.cnf Tue Nov 20 21:35:20 2018 (r340705)
@@ -11,7 +11,6 @@
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@@ -58,7 +57,6 @@ crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
Modified: stable/12/crypto/openssl/apps/opt.c
==============================================================================
--- stable/12/crypto/openssl/apps/opt.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/opt.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -168,7 +168,6 @@ static OPT_PAIR formats[] = {
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
- {"netscape", OPT_FMT_NETSCAPE},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
Modified: stable/12/crypto/openssl/apps/rehash.c
==============================================================================
--- stable/12/crypto/openssl/apps/rehash.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/rehash.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1,6 +1,6 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Teräs <timo.teras at gmail.com>
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras at gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Modified: stable/12/crypto/openssl/apps/rsa.c
==============================================================================
--- stable/12/crypto/openssl/apps/rsa.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/rsa.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -38,8 +38,8 @@ typedef enum OPTION_choice {
const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
- {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+ {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+ {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
{"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
@@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
+ if (pk == NULL)
+ goto end;
+
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
Modified: stable/12/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_cb.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/s_cb.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
- if (!SSL_get_server_tmp_key(s, &key))
+
+ if (!SSL_get_peer_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key)) {
Modified: stable/12/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_server.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/s_server.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigne
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
@@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[])
goto end;
}
#endif
+ if (early_data && (www > 0 || rev)) {
+ BIO_printf(bio_err,
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
Modified: stable/12/crypto/openssl/apps/speed.c
==============================================================================
--- stable/12/crypto/openssl/apps/speed.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/speed.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (testnum++; testnum < EC_NUM; testnum++)
+ for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}
Modified: stable/12/crypto/openssl/apps/x509.c
==============================================================================
--- stable/12/crypto/openssl/apps/x509.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/apps/x509.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -67,10 +67,10 @@ typedef enum OPTION_choice {
const OPTIONS x509_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f',
- "Input format - default PEM (one of DER, NET or PEM)"},
+ "Input format - default PEM (one of DER or PEM)"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'f',
- "Output format - default PEM (one of DER, NET or PEM)"},
+ "Output format - default PEM (one of DER or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
Modified: stable/12/crypto/openssl/crypto/LPdir_unix.c
==============================================================================
--- stable/12/crypto/openssl/crypto/LPdir_unix.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/LPdir_unix.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -51,7 +51,7 @@
#endif
/*
- * The POSIXly macro for the maximum number of characters in a file path is
+ * The POSIX macro for the maximum number of characters in a file path is
* NAME_MAX. However, some operating systems use PATH_MAX instead.
* Therefore, it seems natural to first check for PATH_MAX and use that, and
* if it doesn't exist, use NAME_MAX.
Modified: stable/12/crypto/openssl/crypto/async/arch/async_posix.h
==============================================================================
--- stable/12/crypto/openssl/crypto/async/arch/async_posix.h Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/async/arch/async_posix.h Tue Nov 20 21:35:20 2018 (r340705)
@@ -17,7 +17,8 @@
# include <unistd.h>
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include <pthread.h>
Modified: stable/12/crypto/openssl/crypto/bio/b_sock2.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/b_sock2.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bio/b_sock2.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int op
*/
int BIO_bind(int sock, const BIO_ADDR *addr, int options)
{
+# ifndef OPENSSL_SYS_WINDOWS
int on = 1;
+# endif
if (sock == -1) {
BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
Modified: stable/12/crypto/openssl/crypto/bio/bio_lib.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bio_lib.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bio/bio_lib.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const
argi = (int)len;
}
- if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (*processed > INT_MAX)
return -1;
inret = *processed;
@@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const
ret = b->callback(b, oper, argp, argi, argl, inret);
- if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
*processed = (size_t)ret;
ret = 1;
}
Modified: stable/12/crypto/openssl/crypto/bio/bss_log.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bss_log.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bio/bss_log.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
# endif /* Unix */
+#else /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+ return NULL;
+}
#endif /* NO_SYSLOG */
Modified: stable/12/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -63,12 +63,6 @@
* very much like 64-bit code compiled with no-asm on the same
* machine.
*/
-
-# if defined(_WIN64) || !defined(__LP64__)
-# define BN_ULONG unsigned long long
-# else
-# define BN_ULONG unsigned long
-# endif
# undef mul
# undef mul_add
Modified: stable/12/crypto/openssl/crypto/bn/bn_exp.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bn/bn_exp.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bn/bn_exp.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM
* is not only slower but also makes each bit vulnerable to
* EM (and likely other) side-channel attacks like One&Done
* (for details see "One&Done: A Single-Decryption EM-Based
- * Attack on OpenSSLâs Constant-Time Blinded RSA" by M. Alam,
+ * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
* M. Prvulovic, in USENIX Security'18)
*/
Modified: stable/12/crypto/openssl/crypto/bn/bn_lib.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a,
b->neg ^= t;
/*-
- * Idea behind BN_FLG_STATIC_DATA is actually to
- * indicate that data may not be written to.
- * Intention is actually to treat it as it's
- * read-only data, and some (if not most) of it does
- * reside in read-only segment. In other words
- * observation of BN_FLG_STATIC_DATA in
- * BN_consttime_swap should be treated as fatal
- * condition. It would either cause SEGV or
- * effectively cause data corruption.
- * BN_FLG_MALLOCED refers to BN structure itself,
- * and hence must be preserved. Remaining flags are
- * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
- * preserved, because it determines how x->d was
- * allocated and hence how to free it. This leaves
- * BN_FLG_CONSTTIME that one can do something about.
- * To summarize it's sufficient to mask and swap
- * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
- * be treated as fatal.
+ * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+ * is actually to treat it as it's read-only data, and some (if not most)
+ * of it does reside in read-only segment. In other words observation of
+ * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+ * condition. It would either cause SEGV or effectively cause data
+ * corruption.
+ *
+ * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+ * preserved.
+ *
+ * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+ * allocated and hence how to free it.
+ *
+ * BN_FLG_CONSTTIME: sufficient to mask and swap
+ *
+ * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+ * the data, so the d array may be padded with additional 0 values (i.e.
+ * top could be greater than the minimal value that it could be). We should
+ * be swapping it
*/
- t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+ t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;
Modified: stable/12/crypto/openssl/crypto/build.info
==============================================================================
--- stable/12/crypto/openssl/crypto/build.info Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/build.info Tue Nov 20 21:35:20 2018 (r340705)
@@ -2,7 +2,7 @@ LIBS=../libcrypto
SOURCE[../libcrypto]=\
cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
- threads_pthread.c threads_win.c threads_none.c \
+ threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
Modified: stable/12/crypto/openssl/crypto/conf/conf_api.c
==============================================================================
--- stable/12/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -10,6 +10,7 @@
/* Part of the code in here was originally in conf.c, which is now removed */
#include "e_os.h"
+#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *s
if (v != NULL)
return v->value;
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return p;
}
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *s
else
return NULL;
} else
- return getenv(name);
+ return ossl_safe_getenv(name);
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
Modified: stable/12/crypto/openssl/crypto/conf/conf_mod.c
==============================================================================
--- stable/12/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void)
char *file, *sep = "";
int len;
- if (!OPENSSL_issetugid()) {
- file = getenv("OPENSSL_CONF");
- if (file)
- return OPENSSL_strdup(file);
- }
+ if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+ return OPENSSL_strdup(file);
len = strlen(X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
Modified: stable/12/crypto/openssl/crypto/cryptlib.c
==============================================================================
--- stable/12/crypto/openssl/crypto/cryptlib.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/cryptlib.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
if (_OPENSSL_isservice.p == NULL) {
HANDLE mod = GetModuleHandle(NULL);
- FARPROC f;
+ FARPROC f = NULL;
if (mod != NULL)
f = GetProcAddress(mod, "_OPENSSL_isservice");
Modified: stable/12/crypto/openssl/crypto/ct/ct_log.c
==============================================================================
--- stable/12/crypto/openssl/crypto/ct/ct_log.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/ct/ct_log.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const C
int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
- const char *fpath = getenv(CTLOG_FILE_EVP);
+ const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
if (fpath == NULL)
fpath = CTLOG_FILE;
Modified: stable/12/crypto/openssl/crypto/dsa/dsa_gen.c
==============================================================================
--- stable/12/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N
if (mctx == NULL)
goto err;
+ /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+ if (L <= N) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
+
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
Modified: stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c
==============================================================================
--- stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -9,6 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, in
DSA_SIG *sig, DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx);
static DSA_METHOD openssl_dsa_meth = {
"OpenSSL DSA method",
@@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
{
BN_CTX *ctx = NULL;
BIGNUM *k, *kinv = NULL, *r = *rp;
- BIGNUM *l, *m;
+ BIGNUM *l;
int ret = 0;
- int q_bits;
+ int q_bits, q_words;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
k = BN_new();
l = BN_new();
- m = BN_new();
- if (k == NULL || l == NULL || m == NULL)
+ if (k == NULL || l == NULL)
goto err;
if (ctx_in == NULL) {
@@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
- if (!BN_set_bit(k, q_bits)
- || !BN_set_bit(l, q_bits)
- || !BN_set_bit(m, q_bits))
+ q_words = bn_get_top(dsa->q);
+ if (!bn_wexpand(k, q_words + 2)
+ || !bn_wexpand(l, q_words + 2))
goto err;
/* Get random k */
@@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} while (BN_is_zero(k));
BN_set_flags(k, BN_FLG_CONSTTIME);
+ BN_set_flags(l, BN_FLG_CONSTTIME);
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
@@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
- * TODO: revisit the BN_copy aiming for a memory access agnostic
- * conditional copy.
+ * There are some concerns about the efficacy of doing this. More
+ * specificly refer to the discussion starting with:
+ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+ * The fix is to rework BN so these gymnastics aren't required.
*/
if (!BN_add(l, k, dsa->q)
- || !BN_add(m, l, dsa->q)
- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+ || !BN_add(k, l, dsa->q))
goto err;
+ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
if ((dsa)->meth->bn_mod_exp != NULL) {
if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
dsa->method_mont_p))
@@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
goto err;
BN_clear_free(*kinvp);
@@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
BN_CTX_free(ctx);
BN_clear_free(k);
BN_clear_free(l);
- BN_clear_free(m);
return ret;
}
@@ -392,4 +397,32 @@ static int dsa_finish(DSA *dsa)
{
BN_MONT_CTX_free(dsa->method_mont_p);
return 1;
+}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation. Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient. A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx)
+{
+ BIGNUM *res = NULL;
+ BIGNUM *r, *e;
+
+ if ((r = BN_new()) == NULL)
+ return NULL;
+
+ BN_CTX_start(ctx);
+ if ((e = BN_CTX_get(ctx)) != NULL
+ && BN_set_word(r, 2)
+ && BN_sub(e, q, r)
+ && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+ res = r;
+ else
+ BN_free(r);
+ BN_CTX_end(ctx);
+ return res;
}
Modified: stable/12/crypto/openssl/crypto/ec/ec_ameth.c
==============================================================================
--- stable/12/crypto/openssl/crypto/ec/ec_ameth.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/ec/ec_ameth.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx,
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
- if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+ if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
- kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+ kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
Modified: stable/12/crypto/openssl/crypto/ec/ec_mult.c
==============================================================================
--- stable/12/crypto/openssl/crypto/ec/ec_mult.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/ec/ec_mult.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI
*/
cardinality_bits = BN_num_bits(cardinality);
group_top = bn_get_top(cardinality);
- if ((bn_wexpand(k, group_top + 1) == NULL)
- || (bn_wexpand(lambda, group_top + 1) == NULL)) {
+ if ((bn_wexpand(k, group_top + 2) == NULL)
+ || (bn_wexpand(lambda, group_top + 2) == NULL)) {
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
goto err;
}
@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI
* k := scalar + 2*cardinality
*/
kbit = BN_is_bit_set(lambda, cardinality_bits);
- BN_consttime_swap(kbit, k, lambda, group_top + 1);
+ BN_consttime_swap(kbit, k, lambda, group_top + 2);
group_top = bn_get_top(group->field);
if ((bn_wexpand(s->X, group_top) == NULL)
Modified: stable/12/crypto/openssl/crypto/ec/ec_pmeth.c
==============================================================================
--- stable/12/crypto/openssl/crypto/ec/ec_pmeth.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/ec/ec_pmeth.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
goto err;
/* Do KDF stuff */
- if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+ if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
goto err;
rv = 1;
@@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, i
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
- if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+ if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
return -2;
dctx->kdf_type = p1;
return 1;
Modified: stable/12/crypto/openssl/crypto/ec/ecdh_kdf.c
==============================================================================
--- stable/12/crypto/openssl/crypto/ec/ecdh_kdf.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/ec/ecdh_kdf.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,12 +10,13 @@
#include <string.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
+#include "ec_lcl.h"
-/* Key derivation function from X9.62/SECG */
+/* Key derivation function from X9.63/SECG */
/* Way more than we will ever need */
#define ECDH_KDF_MAX (1 << 30)
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
@@ -65,4 +66,16 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
err:
EVP_MD_CTX_free(mctx);
return rv;
+}
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md)
+{
+ return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
}
Modified: stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
==============================================================================
--- stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c Tue Nov 20 21:26:25 2018 (r340704)
+++ stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c Tue Nov 20 21:35:20 2018 (r340705)
@@ -28,6 +28,13 @@
# define CHECK_BSD_STYLE_MACROS
#endif
+/*
+ * ONE global file descriptor for all sessions. This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner... why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
/******************************************************************************
*
* Ciphers
@@ -39,7 +46,6 @@
*****/
struct cipher_ctx {
- int cfd;
struct session_op sess;
/* to pass from init to do_cipher */
@@ -69,7 +75,7 @@ static const struct cipher_data_st {
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
#ifndef OPENSSL_NO_RC4
- { NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
+ { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list