svn commit: r352192 - in stable/12: . crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/cryp...
Jung-uk Kim
jkim at FreeBSD.org
Tue Sep 10 21:13:44 UTC 2019
Author: jkim
Date: Tue Sep 10 21:13:37 2019
New Revision: 352192
URL: https://svnweb.freebsd.org/changeset/base/352192
Log:
MFC: r352191
Merge OpenSSL 1.1.1d.
Added:
stable/12/crypto/openssl/doc/man3/CRYPTO_memcmp.pod
- copied unchanged from r352191, head/crypto/openssl/doc/man3/CRYPTO_memcmp.pod
stable/12/crypto/openssl/doc/man3/X509_cmp.pod
- copied unchanged from r352191, head/crypto/openssl/doc/man3/X509_cmp.pod
stable/12/secure/lib/libcrypto/man/CRYPTO_memcmp.3
- copied unchanged from r352191, head/secure/lib/libcrypto/man/CRYPTO_memcmp.3
stable/12/secure/lib/libcrypto/man/X509_cmp.3
- copied unchanged from r352191, head/secure/lib/libcrypto/man/X509_cmp.3
Deleted:
stable/12/crypto/openssl/crypto/aes/asm/aes-586.pl
stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S
stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S
stable/12/secure/lib/libcrypto/i386/aes-586.S
Modified:
stable/12/ObsoleteFiles.inc
stable/12/crypto/openssl/CHANGES
stable/12/crypto/openssl/Configure
stable/12/crypto/openssl/INSTALL
stable/12/crypto/openssl/NEWS
stable/12/crypto/openssl/README
stable/12/crypto/openssl/apps/apps.c
stable/12/crypto/openssl/apps/apps.h
stable/12/crypto/openssl/apps/ca.c
stable/12/crypto/openssl/apps/dgst.c
stable/12/crypto/openssl/apps/enc.c
stable/12/crypto/openssl/apps/ocsp.c
stable/12/crypto/openssl/apps/openssl.c
stable/12/crypto/openssl/apps/pkcs12.c
stable/12/crypto/openssl/apps/req.c
stable/12/crypto/openssl/apps/s_apps.h
stable/12/crypto/openssl/apps/s_cb.c
stable/12/crypto/openssl/apps/s_client.c
stable/12/crypto/openssl/apps/speed.c
stable/12/crypto/openssl/apps/storeutl.c
stable/12/crypto/openssl/config
stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl
stable/12/crypto/openssl/crypto/asn1/a_time.c
stable/12/crypto/openssl/crypto/asn1/a_type.c
stable/12/crypto/openssl/crypto/asn1/x_bignum.c
stable/12/crypto/openssl/crypto/bio/b_addr.c
stable/12/crypto/openssl/crypto/bio/bss_dgram.c
stable/12/crypto/openssl/crypto/bio/bss_file.c
stable/12/crypto/openssl/crypto/bio/bss_mem.c
stable/12/crypto/openssl/crypto/bn/asm/mips.pl
stable/12/crypto/openssl/crypto/bn/bn_div.c
stable/12/crypto/openssl/crypto/bn/bn_lcl.h
stable/12/crypto/openssl/crypto/bn/bn_lib.c
stable/12/crypto/openssl/crypto/bn/bn_prime.c
stable/12/crypto/openssl/crypto/bn/bn_rand.c
stable/12/crypto/openssl/crypto/bn/bn_sqrt.c
stable/12/crypto/openssl/crypto/cms/cms_att.c
stable/12/crypto/openssl/crypto/cms/cms_env.c
stable/12/crypto/openssl/crypto/cms/cms_err.c
stable/12/crypto/openssl/crypto/cms/cms_lcl.h
stable/12/crypto/openssl/crypto/cms/cms_sd.c
stable/12/crypto/openssl/crypto/cms/cms_smime.c
stable/12/crypto/openssl/crypto/conf/conf_sap.c
stable/12/crypto/openssl/crypto/ctype.c
stable/12/crypto/openssl/crypto/dh/dh_check.c
stable/12/crypto/openssl/crypto/dh/dh_gen.c
stable/12/crypto/openssl/crypto/dh/dh_key.c
stable/12/crypto/openssl/crypto/dh/dh_lib.c
stable/12/crypto/openssl/crypto/dsa/dsa_ameth.c
stable/12/crypto/openssl/crypto/dsa/dsa_err.c
stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c
stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c
stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
stable/12/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl
stable/12/crypto/openssl/crypto/ec/ec_asn1.c
stable/12/crypto/openssl/crypto/ec/ec_curve.c
stable/12/crypto/openssl/crypto/ec/ec_lcl.h
stable/12/crypto/openssl/crypto/ec/ec_lib.c
stable/12/crypto/openssl/crypto/ec/ecdh_ossl.c
stable/12/crypto/openssl/crypto/ec/ecdsa_ossl.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c
stable/12/crypto/openssl/crypto/ec/ecp_nistputil.c
stable/12/crypto/openssl/crypto/ec/ecx_meth.c
stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
stable/12/crypto/openssl/crypto/engine/eng_openssl.c
stable/12/crypto/openssl/crypto/err/err.c
stable/12/crypto/openssl/crypto/err/openssl.txt
stable/12/crypto/openssl/crypto/evp/bio_ok.c
stable/12/crypto/openssl/crypto/evp/e_aes.c
stable/12/crypto/openssl/crypto/evp/e_aria.c
stable/12/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
stable/12/crypto/openssl/crypto/evp/e_rc5.c
stable/12/crypto/openssl/crypto/evp/evp_err.c
stable/12/crypto/openssl/crypto/evp/evp_lib.c
stable/12/crypto/openssl/crypto/evp/m_sha3.c
stable/12/crypto/openssl/crypto/include/internal/ctype.h
stable/12/crypto/openssl/crypto/include/internal/rand_int.h
stable/12/crypto/openssl/crypto/include/internal/sm2err.h
stable/12/crypto/openssl/crypto/init.c
stable/12/crypto/openssl/crypto/lhash/lhash.c
stable/12/crypto/openssl/crypto/o_str.c
stable/12/crypto/openssl/crypto/pem/pvkfmt.c
stable/12/crypto/openssl/crypto/pkcs7/pk7_doit.c
stable/12/crypto/openssl/crypto/rand/drbg_lib.c
stable/12/crypto/openssl/crypto/rand/rand_err.c
stable/12/crypto/openssl/crypto/rand/rand_lcl.h
stable/12/crypto/openssl/crypto/rand/rand_lib.c
stable/12/crypto/openssl/crypto/rand/rand_unix.c
stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c
stable/12/crypto/openssl/crypto/rsa/rsa_err.c
stable/12/crypto/openssl/crypto/rsa/rsa_gen.c
stable/12/crypto/openssl/crypto/rsa/rsa_lib.c
stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c
stable/12/crypto/openssl/crypto/s390xcap.c
stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl
stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
stable/12/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl
stable/12/crypto/openssl/crypto/sm2/sm2_sign.c
stable/12/crypto/openssl/crypto/store/loader_file.c
stable/12/crypto/openssl/crypto/store/store_lib.c
stable/12/crypto/openssl/crypto/threads_none.c
stable/12/crypto/openssl/crypto/threads_pthread.c
stable/12/crypto/openssl/crypto/ui/ui_lib.c
stable/12/crypto/openssl/crypto/ui/ui_openssl.c
stable/12/crypto/openssl/crypto/uid.c
stable/12/crypto/openssl/crypto/whrlpool/wp_block.c
stable/12/crypto/openssl/crypto/x509/by_dir.c
stable/12/crypto/openssl/crypto/x509/t_req.c
stable/12/crypto/openssl/crypto/x509/x509_att.c
stable/12/crypto/openssl/crypto/x509/x509_cmp.c
stable/12/crypto/openssl/crypto/x509/x509_err.c
stable/12/crypto/openssl/crypto/x509/x509_lu.c
stable/12/crypto/openssl/crypto/x509/x509_vfy.c
stable/12/crypto/openssl/crypto/x509v3/v3_alt.c
stable/12/crypto/openssl/crypto/x509v3/v3_purp.c
stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt
stable/12/crypto/openssl/doc/man1/engine.pod
stable/12/crypto/openssl/doc/man1/errstr.pod
stable/12/crypto/openssl/doc/man1/pkcs12.pod
stable/12/crypto/openssl/doc/man1/pkeyparam.pod
stable/12/crypto/openssl/doc/man1/s_client.pod
stable/12/crypto/openssl/doc/man1/s_server.pod
stable/12/crypto/openssl/doc/man3/ADMISSIONS.pod
stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod
stable/12/crypto/openssl/doc/man3/BIO_connect.pod
stable/12/crypto/openssl/doc/man3/BIO_f_ssl.pod
stable/12/crypto/openssl/doc/man3/BIO_find_type.pod
stable/12/crypto/openssl/doc/man3/BIO_new.pod
stable/12/crypto/openssl/doc/man3/BIO_s_accept.pod
stable/12/crypto/openssl/doc/man3/BIO_s_bio.pod
stable/12/crypto/openssl/doc/man3/BIO_s_connect.pod
stable/12/crypto/openssl/doc/man3/BIO_s_fd.pod
stable/12/crypto/openssl/doc/man3/BIO_s_mem.pod
stable/12/crypto/openssl/doc/man3/BIO_set_callback.pod
stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod
stable/12/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod
stable/12/crypto/openssl/doc/man3/BN_new.pod
stable/12/crypto/openssl/doc/man3/CMS_final.pod
stable/12/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod
stable/12/crypto/openssl/doc/man3/DES_random_key.pod
stable/12/crypto/openssl/doc/man3/DSA_generate_key.pod
stable/12/crypto/openssl/doc/man3/DSA_sign.pod
stable/12/crypto/openssl/doc/man3/ECDSA_SIG_new.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod
stable/12/crypto/openssl/doc/man3/EVP_SealInit.pod
stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod
stable/12/crypto/openssl/doc/man3/EVP_VerifyInit.pod
stable/12/crypto/openssl/doc/man3/EVP_aria.pod
stable/12/crypto/openssl/doc/man3/EVP_md5.pod
stable/12/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
stable/12/crypto/openssl/doc/man3/OCSP_REQUEST_new.pod
stable/12/crypto/openssl/doc/man3/OPENSSL_fork_prepare.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod
stable/12/crypto/openssl/doc/man3/PKCS12_newpass.pod
stable/12/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod
stable/12/crypto/openssl/doc/man3/RAND_set_rand_method.pod
stable/12/crypto/openssl/doc/man3/RSA_blinding_on.pod
stable/12/crypto/openssl/doc/man3/RSA_generate_key.pod
stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
stable/12/crypto/openssl/doc/man3/RSA_public_encrypt.pod
stable/12/crypto/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_new.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_cipher_list.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_verify.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
stable/12/crypto/openssl/doc/man3/SSL_get_error.pod
stable/12/crypto/openssl/doc/man3/SSL_library_init.pod
stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod
stable/12/crypto/openssl/doc/man3/SSL_write.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_add_cert.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod
stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
stable/12/crypto/openssl/doc/man3/X509_get_extension_flags.pod
stable/12/crypto/openssl/doc/man3/d2i_X509.pod
stable/12/crypto/openssl/doc/man5/x509v3_config.pod
stable/12/crypto/openssl/doc/man7/Ed25519.pod
stable/12/crypto/openssl/doc/man7/RAND.pod
stable/12/crypto/openssl/doc/man7/SM2.pod
stable/12/crypto/openssl/doc/man7/X25519.pod
stable/12/crypto/openssl/doc/man7/bio.pod
stable/12/crypto/openssl/doc/man7/scrypt.pod
stable/12/crypto/openssl/e_os.h
stable/12/crypto/openssl/engines/build.info
stable/12/crypto/openssl/engines/e_afalg.c
stable/12/crypto/openssl/include/internal/constant_time_locl.h
stable/12/crypto/openssl/include/internal/cryptlib.h
stable/12/crypto/openssl/include/internal/dsoerr.h
stable/12/crypto/openssl/include/internal/refcount.h
stable/12/crypto/openssl/include/internal/thread_once.h
stable/12/crypto/openssl/include/internal/tsan_assist.h
stable/12/crypto/openssl/include/openssl/asn1err.h
stable/12/crypto/openssl/include/openssl/asyncerr.h
stable/12/crypto/openssl/include/openssl/bio.h
stable/12/crypto/openssl/include/openssl/bioerr.h
stable/12/crypto/openssl/include/openssl/bnerr.h
stable/12/crypto/openssl/include/openssl/buffererr.h
stable/12/crypto/openssl/include/openssl/cms.h
stable/12/crypto/openssl/include/openssl/cmserr.h
stable/12/crypto/openssl/include/openssl/comperr.h
stable/12/crypto/openssl/include/openssl/conferr.h
stable/12/crypto/openssl/include/openssl/cryptoerr.h
stable/12/crypto/openssl/include/openssl/cterr.h
stable/12/crypto/openssl/include/openssl/dherr.h
stable/12/crypto/openssl/include/openssl/dsaerr.h
stable/12/crypto/openssl/include/openssl/ec.h
stable/12/crypto/openssl/include/openssl/ecerr.h
stable/12/crypto/openssl/include/openssl/engineerr.h
stable/12/crypto/openssl/include/openssl/evp.h
stable/12/crypto/openssl/include/openssl/evperr.h
stable/12/crypto/openssl/include/openssl/kdferr.h
stable/12/crypto/openssl/include/openssl/objectserr.h
stable/12/crypto/openssl/include/openssl/ocsperr.h
stable/12/crypto/openssl/include/openssl/opensslv.h
stable/12/crypto/openssl/include/openssl/pemerr.h
stable/12/crypto/openssl/include/openssl/pkcs12err.h
stable/12/crypto/openssl/include/openssl/pkcs7err.h
stable/12/crypto/openssl/include/openssl/randerr.h
stable/12/crypto/openssl/include/openssl/rsaerr.h
stable/12/crypto/openssl/include/openssl/ssl.h
stable/12/crypto/openssl/include/openssl/sslerr.h
stable/12/crypto/openssl/include/openssl/store.h
stable/12/crypto/openssl/include/openssl/storeerr.h
stable/12/crypto/openssl/include/openssl/tls1.h
stable/12/crypto/openssl/include/openssl/tserr.h
stable/12/crypto/openssl/include/openssl/uierr.h
stable/12/crypto/openssl/include/openssl/x509err.h
stable/12/crypto/openssl/include/openssl/x509v3.h
stable/12/crypto/openssl/include/openssl/x509v3err.h
stable/12/crypto/openssl/ssl/d1_msg.c
stable/12/crypto/openssl/ssl/record/rec_layer_s3.c
stable/12/crypto/openssl/ssl/s3_lib.c
stable/12/crypto/openssl/ssl/ssl_cert.c
stable/12/crypto/openssl/ssl/ssl_ciph.c
stable/12/crypto/openssl/ssl/ssl_lib.c
stable/12/crypto/openssl/ssl/ssl_locl.h
stable/12/crypto/openssl/ssl/ssl_sess.c
stable/12/crypto/openssl/ssl/statem/extensions.c
stable/12/crypto/openssl/ssl/statem/extensions_clnt.c
stable/12/crypto/openssl/ssl/statem/extensions_srvr.c
stable/12/crypto/openssl/ssl/statem/statem_clnt.c
stable/12/crypto/openssl/ssl/statem/statem_lib.c
stable/12/crypto/openssl/ssl/statem/statem_srvr.c
stable/12/crypto/openssl/ssl/t1_lib.c
stable/12/crypto/openssl/ssl/tls13_enc.c
stable/12/secure/lib/libcrypto/Makefile
stable/12/secure/lib/libcrypto/Makefile.asm
stable/12/secure/lib/libcrypto/Makefile.inc
stable/12/secure/lib/libcrypto/Makefile.man
stable/12/secure/lib/libcrypto/Version.map
stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
stable/12/secure/lib/libcrypto/arm/keccak1600-armv4.S
stable/12/secure/lib/libcrypto/man/ADMISSIONS.3
stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3
stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3
stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3
stable/12/secure/lib/libcrypto/man/BF_encrypt.3
stable/12/secure/lib/libcrypto/man/BIO_ADDR.3
stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3
stable/12/secure/lib/libcrypto/man/BIO_connect.3
stable/12/secure/lib/libcrypto/man/BIO_ctrl.3
stable/12/secure/lib/libcrypto/man/BIO_f_base64.3
stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/12/secure/lib/libcrypto/man/BIO_f_md.3
stable/12/secure/lib/libcrypto/man/BIO_f_null.3
stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/12/secure/lib/libcrypto/man/BIO_find_type.3
stable/12/secure/lib/libcrypto/man/BIO_get_data.3
stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/BIO_meth_new.3
stable/12/secure/lib/libcrypto/man/BIO_new.3
stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3
stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3
stable/12/secure/lib/libcrypto/man/BIO_printf.3
stable/12/secure/lib/libcrypto/man/BIO_push.3
stable/12/secure/lib/libcrypto/man/BIO_read.3
stable/12/secure/lib/libcrypto/man/BIO_s_accept.3
stable/12/secure/lib/libcrypto/man/BIO_s_bio.3
stable/12/secure/lib/libcrypto/man/BIO_s_connect.3
stable/12/secure/lib/libcrypto/man/BIO_s_fd.3
stable/12/secure/lib/libcrypto/man/BIO_s_file.3
stable/12/secure/lib/libcrypto/man/BIO_s_mem.3
stable/12/secure/lib/libcrypto/man/BIO_s_null.3
stable/12/secure/lib/libcrypto/man/BIO_s_socket.3
stable/12/secure/lib/libcrypto/man/BIO_set_callback.3
stable/12/secure/lib/libcrypto/man/BIO_should_retry.3
stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_start.3
stable/12/secure/lib/libcrypto/man/BN_add.3
stable/12/secure/lib/libcrypto/man/BN_add_word.3
stable/12/secure/lib/libcrypto/man/BN_bn2bin.3
stable/12/secure/lib/libcrypto/man/BN_cmp.3
stable/12/secure/lib/libcrypto/man/BN_copy.3
stable/12/secure/lib/libcrypto/man/BN_generate_prime.3
stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/12/secure/lib/libcrypto/man/BN_new.3
stable/12/secure/lib/libcrypto/man/BN_num_bytes.3
stable/12/secure/lib/libcrypto/man/BN_rand.3
stable/12/secure/lib/libcrypto/man/BN_security_bits.3
stable/12/secure/lib/libcrypto/man/BN_set_bit.3
stable/12/secure/lib/libcrypto/man/BN_swap.3
stable/12/secure/lib/libcrypto/man/BN_zero.3
stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3
stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3
stable/12/secure/lib/libcrypto/man/CMS_compress.3
stable/12/secure/lib/libcrypto/man/CMS_decrypt.3
stable/12/secure/lib/libcrypto/man/CMS_encrypt.3
stable/12/secure/lib/libcrypto/man/CMS_final.3
stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_type.3
stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
stable/12/secure/lib/libcrypto/man/CMS_sign.3
stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3
stable/12/secure/lib/libcrypto/man/CMS_uncompress.3
stable/12/secure/lib/libcrypto/man/CMS_verify.3
stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3
stable/12/secure/lib/libcrypto/man/CONF_modules_free.3
stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3
stable/12/secure/lib/libcrypto/man/CTLOG_new.3
stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
stable/12/secure/lib/libcrypto/man/DES_random_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3
stable/12/secure/lib/libcrypto/man/DH_meth_new.3
stable/12/secure/lib/libcrypto/man/DH_new.3
stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3
stable/12/secure/lib/libcrypto/man/DH_set_method.3
stable/12/secure/lib/libcrypto/man/DH_size.3
stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/DSA_do_sign.3
stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/12/secure/lib/libcrypto/man/DSA_generate_key.3
stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DSA_meth_new.3
stable/12/secure/lib/libcrypto/man/DSA_new.3
stable/12/secure/lib/libcrypto/man/DSA_set_method.3
stable/12/secure/lib/libcrypto/man/DSA_sign.3
stable/12/secure/lib/libcrypto/man/DSA_size.3
stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3
stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3
stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3
stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
stable/12/secure/lib/libcrypto/man/EC_KEY_new.3
stable/12/secure/lib/libcrypto/man/EC_POINT_add.3
stable/12/secure/lib/libcrypto/man/EC_POINT_new.3
stable/12/secure/lib/libcrypto/man/ENGINE_add.3
stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/12/secure/lib/libcrypto/man/ERR_clear_error.3
stable/12/secure/lib/libcrypto/man/ERR_error_string.3
stable/12/secure/lib/libcrypto/man/ERR_get_error.3
stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/12/secure/lib/libcrypto/man/ERR_load_strings.3
stable/12/secure/lib/libcrypto/man/ERR_print_errors.3
stable/12/secure/lib/libcrypto/man/ERR_put_error.3
stable/12/secure/lib/libcrypto/man/ERR_remove_state.3
stable/12/secure/lib/libcrypto/man/ERR_set_mark.3
stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
stable/12/secure/lib/libcrypto/man/EVP_SealInit.3
stable/12/secure/lib/libcrypto/man/EVP_SignInit.3
stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_aes.3
stable/12/secure/lib/libcrypto/man/EVP_aria.3
stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3
stable/12/secure/lib/libcrypto/man/EVP_camellia.3
stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_chacha20.3
stable/12/secure/lib/libcrypto/man/EVP_des.3
stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_md2.3
stable/12/secure/lib/libcrypto/man/EVP_md4.3
stable/12/secure/lib/libcrypto/man/EVP_md5.3
stable/12/secure/lib/libcrypto/man/EVP_mdc2.3
stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_rc4.3
stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3
stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_sha1.3
stable/12/secure/lib/libcrypto/man/EVP_sha224.3
stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3
stable/12/secure/lib/libcrypto/man/EVP_sm3.3
stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3
stable/12/secure/lib/libcrypto/man/HMAC.3
stable/12/secure/lib/libcrypto/man/MD5.3
stable/12/secure/lib/libcrypto/man/MDC2_Init.3
stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3
stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3
stable/12/secure/lib/libcrypto/man/OCSP_response_status.3
stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3
stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/12/secure/lib/libcrypto/man/OPENSSL_config.3
stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3
stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3
stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
stable/12/secure/lib/libcrypto/man/PEM_read.3
stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
stable/12/secure/lib/libcrypto/man/PKCS12_create.3
stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3
stable/12/secure/lib/libcrypto/man/PKCS12_parse.3
stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
stable/12/secure/lib/libcrypto/man/PKCS7_verify.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
stable/12/secure/lib/libcrypto/man/RAND_add.3
stable/12/secure/lib/libcrypto/man/RAND_bytes.3
stable/12/secure/lib/libcrypto/man/RAND_cleanup.3
stable/12/secure/lib/libcrypto/man/RAND_egd.3
stable/12/secure/lib/libcrypto/man/RAND_load_file.3
stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/12/secure/lib/libcrypto/man/RC4_set_key.3
stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3
stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/12/secure/lib/libcrypto/man/RSA_check_key.3
stable/12/secure/lib/libcrypto/man/RSA_generate_key.3
stable/12/secure/lib/libcrypto/man/RSA_get0_key.3
stable/12/secure/lib/libcrypto/man/RSA_meth_new.3
stable/12/secure/lib/libcrypto/man/RSA_new.3
stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/12/secure/lib/libcrypto/man/RSA_print.3
stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_set_method.3
stable/12/secure/lib/libcrypto/man/RSA_sign.3
stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/12/secure/lib/libcrypto/man/RSA_size.3
stable/12/secure/lib/libcrypto/man/SCT_new.3
stable/12/secure/lib/libcrypto/man/SCT_print.3
stable/12/secure/lib/libcrypto/man/SCT_validate.3
stable/12/secure/lib/libcrypto/man/SHA256_Init.3
stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
stable/12/secure/lib/libcrypto/man/SSL_accept.3
stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3
stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3
stable/12/secure/lib/libcrypto/man/SSL_check_chain.3
stable/12/secure/lib/libcrypto/man/SSL_clear.3
stable/12/secure/lib/libcrypto/man/SSL_connect.3
stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3
stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3
stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3
stable/12/secure/lib/libcrypto/man/SSL_free.3
stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3
stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3
stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_get_error.3
stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3
stable/12/secure/lib/libcrypto/man/SSL_get_fd.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3
stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3
stable/12/secure/lib/libcrypto/man/SSL_get_session.3
stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_get_version.3
stable/12/secure/lib/libcrypto/man/SSL_in_init.3
stable/12/secure/lib/libcrypto/man/SSL_key_update.3
stable/12/secure/lib/libcrypto/man/SSL_library_init.3
stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
stable/12/secure/lib/libcrypto/man/SSL_new.3
stable/12/secure/lib/libcrypto/man/SSL_pending.3
stable/12/secure/lib/libcrypto/man/SSL_read.3
stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3
stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3
stable/12/secure/lib/libcrypto/man/SSL_session_reused.3
stable/12/secure/lib/libcrypto/man/SSL_set1_host.3
stable/12/secure/lib/libcrypto/man/SSL_set_bio.3
stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3
stable/12/secure/lib/libcrypto/man/SSL_set_fd.3
stable/12/secure/lib/libcrypto/man/SSL_set_session.3
stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_state_string.3
stable/12/secure/lib/libcrypto/man/SSL_want.3
stable/12/secure/lib/libcrypto/man/SSL_write.3
stable/12/secure/lib/libcrypto/man/UI_STRING.3
stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
stable/12/secure/lib/libcrypto/man/UI_create_method.3
stable/12/secure/lib/libcrypto/man/UI_new.3
stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3
stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3
stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3
stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3
stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3
stable/12/secure/lib/libcrypto/man/X509_STORE_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
stable/12/secure/lib/libcrypto/man/X509_check_ca.3
stable/12/secure/lib/libcrypto/man/X509_check_host.3
stable/12/secure/lib/libcrypto/man/X509_check_issued.3
stable/12/secure/lib/libcrypto/man/X509_check_private_key.3
stable/12/secure/lib/libcrypto/man/X509_cmp_time.3
stable/12/secure/lib/libcrypto/man/X509_digest.3
stable/12/secure/lib/libcrypto/man/X509_dup.3
stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3
stable/12/secure/lib/libcrypto/man/X509_get0_signature.3
stable/12/secure/lib/libcrypto/man/X509_get0_uids.3
stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3
stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3
stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3
stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3
stable/12/secure/lib/libcrypto/man/X509_get_version.3
stable/12/secure/lib/libcrypto/man/X509_new.3
stable/12/secure/lib/libcrypto/man/X509_sign.3
stable/12/secure/lib/libcrypto/man/X509_verify_cert.3
stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
stable/12/secure/lib/libcrypto/man/d2i_DHparams.3
stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3
stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
stable/12/secure/lib/libcrypto/man/d2i_X509.3
stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3
stable/12/secure/usr.bin/openssl/man/CA.pl.1
stable/12/secure/usr.bin/openssl/man/asn1parse.1
stable/12/secure/usr.bin/openssl/man/ca.1
stable/12/secure/usr.bin/openssl/man/ciphers.1
stable/12/secure/usr.bin/openssl/man/cms.1
stable/12/secure/usr.bin/openssl/man/crl.1
stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/12/secure/usr.bin/openssl/man/dgst.1
stable/12/secure/usr.bin/openssl/man/dhparam.1
stable/12/secure/usr.bin/openssl/man/dsa.1
stable/12/secure/usr.bin/openssl/man/dsaparam.1
stable/12/secure/usr.bin/openssl/man/ec.1
stable/12/secure/usr.bin/openssl/man/ecparam.1
stable/12/secure/usr.bin/openssl/man/enc.1
stable/12/secure/usr.bin/openssl/man/engine.1
stable/12/secure/usr.bin/openssl/man/errstr.1
stable/12/secure/usr.bin/openssl/man/gendsa.1
stable/12/secure/usr.bin/openssl/man/genpkey.1
stable/12/secure/usr.bin/openssl/man/genrsa.1
stable/12/secure/usr.bin/openssl/man/list.1
stable/12/secure/usr.bin/openssl/man/nseq.1
stable/12/secure/usr.bin/openssl/man/ocsp.1
stable/12/secure/usr.bin/openssl/man/openssl.1
stable/12/secure/usr.bin/openssl/man/passwd.1
stable/12/secure/usr.bin/openssl/man/pkcs12.1
stable/12/secure/usr.bin/openssl/man/pkcs7.1
stable/12/secure/usr.bin/openssl/man/pkcs8.1
stable/12/secure/usr.bin/openssl/man/pkey.1
stable/12/secure/usr.bin/openssl/man/pkeyparam.1
stable/12/secure/usr.bin/openssl/man/pkeyutl.1
stable/12/secure/usr.bin/openssl/man/prime.1
stable/12/secure/usr.bin/openssl/man/rand.1
stable/12/secure/usr.bin/openssl/man/req.1
stable/12/secure/usr.bin/openssl/man/rsa.1
stable/12/secure/usr.bin/openssl/man/rsautl.1
stable/12/secure/usr.bin/openssl/man/s_client.1
stable/12/secure/usr.bin/openssl/man/s_server.1
stable/12/secure/usr.bin/openssl/man/s_time.1
stable/12/secure/usr.bin/openssl/man/sess_id.1
stable/12/secure/usr.bin/openssl/man/smime.1
stable/12/secure/usr.bin/openssl/man/speed.1
stable/12/secure/usr.bin/openssl/man/spkac.1
stable/12/secure/usr.bin/openssl/man/srp.1
stable/12/secure/usr.bin/openssl/man/storeutl.1
stable/12/secure/usr.bin/openssl/man/ts.1
stable/12/secure/usr.bin/openssl/man/tsget.1
stable/12/secure/usr.bin/openssl/man/verify.1
stable/12/secure/usr.bin/openssl/man/version.1
stable/12/secure/usr.bin/openssl/man/x509.1
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/ObsoleteFiles.inc
==============================================================================
--- stable/12/ObsoleteFiles.inc Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/ObsoleteFiles.inc Tue Sep 10 21:13:37 2019 (r352192)
@@ -38,6 +38,9 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20190910: OpenSSL 1.1.1d
+OLD_FILES+=usr/share/openssl/man/man3/d2i_ECDSA_SIG.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_ECDSA_SIG.3.gz
# 20190811: sys/pwm.h renamed to dev/pwmc.h and pwm(9) removed
OLD_FILES+=usr/include/sys/pwm.h usr/share/man/man9/pwm.9
# 20190723: new clang import which bumps version from 8.0.0 to 8.0.1.
Modified: stable/12/crypto/openssl/CHANGES
==============================================================================
--- stable/12/crypto/openssl/CHANGES Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/CHANGES Tue Sep 10 21:13:37 2019 (r352192)
@@ -7,6 +7,101 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
+
+ *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+ number generator (RNG). This was intended to include protection in the
+ event of a fork() system call in order to ensure that the parent and child
+ processes did not share the same RNG state. However this protection was not
+ being used in the default case.
+
+ A partial mitigation for this issue is that the output from a high
+ precision timer is mixed into the RNG state so the likelihood of a parent
+ and child process sharing state is significantly reduced.
+
+ If an application already calls OPENSSL_init_crypto() explicitly using
+ OPENSSL_INIT_ATFORK then this problem does not occur at all.
+ (CVE-2019-1549)
+ [Matthias St. Pierre]
+
+ *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters, when loading a serialized key
+ or calling `EC_GROUP_new_from_ecpkparameters()`/
+ `EC_GROUP_new_from_ecparameters()`.
+ This prevents bypass of security hardening and performance gains,
+ especially for curves with specialized EC_METHODs.
+ By default, if a key encoded with explicit parameters is loaded and later
+ serialized, the output is still encoded with explicit parameters, even if
+ internally a "named" EC_GROUP is used for computation.
+ [Nicola Tuveri]
+
+ *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+ this change, EC_GROUP_set_generator would accept order and/or cofactor as
+ NULL. After this change, only the cofactor parameter can be NULL. It also
+ does some minimal sanity checks on the passed order.
+ (CVE-2019-1547)
+ [Billy Bob Brumley]
+
+ *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+ An attack is simple, if the first CMS_recipientInfo is valid but the
+ second CMS_recipientInfo is chosen ciphertext. If the second
+ recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+ encryption key will be replaced by garbage, and the message cannot be
+ decoded, but if the RSA decryption fails, the correct encryption key is
+ used and the recipient will not notice the attack.
+ As a work around for this potential attack the length of the decrypted
+ key must be equal to the cipher default key length, in case the
+ certifiate is not given and all recipientInfo are tried out.
+ The old behaviour can be re-enabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag.
+ (CVE-2019-1563)
+ [Bernd Edlinger]
+
+ *) Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems. The RAND subsystem will wait for
+ /dev/random to be producing output before seeding from /dev/urandom.
+ The seeded state is stored for future library initialisations using
+ a system global shared memory segment. The shared memory identifier
+ can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+ the desired value. The default identifier is 114.
+ [Paul Dale]
+
+ *) Correct the extended master secret constant on EBCDIC systems. Without this
+ fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+ negotiate EMS will fail. Unfortunately this also means that TLS connections
+ between EBCDIC systems with this fix, and EBCDIC systems without this
+ fix will fail if they negotiate EMS.
+ [Matt Caswell]
+
+ *) Use Windows installation paths in the mingw builds
+
+ Mingw isn't a POSIX environment per se, which means that Windows
+ paths should be used for installation.
+ (CVE-2019-1552)
+ [Richard Levitte]
+
+ *) Changed DH_check to accept parameters with order q and 2q subgroups.
+ With order 2q subgroups the bit 0 of the private key is not secret
+ but DH_generate_key works around that by clearing bit 0 of the
+ private key for those. This avoids leaking bit 0 of the private key.
+ [Bernd Edlinger]
+
+ *) Significantly reduce secure memory usage by the randomness pools.
+ [Paul Dale]
+
+ *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+ The DEVRANDOM_WAIT feature added a select() call to wait for the
+ /dev/random device to become readable before reading from the
+ /dev/urandom device.
+
+ It turned out that this change had negative side effects on
+ performance which were not acceptable. After some discussion it
+ was decided to revert this feature and leave it up to the OS
+ resp. the platform maintainer to ensure a proper initialization
+ during early boot time.
+ [Matthias St. Pierre]
+
Changes between 1.1.1b and 1.1.1c [28 May 2019]
*) Add build tests for C++. These are generated files that only do one
@@ -75,6 +170,16 @@
(CVE-2019-1543)
[Matt Caswell]
+ *) Add DEVRANDOM_WAIT feature for Linux systems
+
+ On older Linux systems where the getrandom() system call is not available,
+ OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+ Contrary to getrandom(), the /dev/urandom device will not block during
+ early boot when the kernel CSPRNG has not been seeded yet.
+
+ To mitigate this known weakness, use select() to wait for /dev/random to
+ become readable before reading from /dev/urandom.
+
*) Ensure that SM2 only uses SM3 as digest algorithm
[Paul Yang]
@@ -322,7 +427,7 @@
SSL_set_ciphersuites()
[Matt Caswell]
- *) Memory allocation failures consistenly add an error to the error
+ *) Memory allocation failures consistently add an error to the error
stack.
[Rich Salz]
@@ -6860,7 +6965,7 @@
reason texts, thereby removing some of the footprint that may not
be interesting if those errors aren't displayed anyway.
- NOTE: it's still possible for any application or module to have it's
+ NOTE: it's still possible for any application or module to have its
own set of error texts inserted. The routines are there, just not
used by default when no-err is given.
[Richard Levitte]
@@ -8826,7 +8931,7 @@ des-cbc 3624.96k 5258.21k 5530.91k
Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
- memory from it's contents. This is done with a counter that will
+ memory from its contents. This is done with a counter that will
place alternating values in each byte. This can be used to solve
two issues: 1) the removal of calls to memset() by highly optimizing
compilers, and 2) cleansing with other values than 0, since those can
Modified: stable/12/crypto/openssl/Configure
==============================================================================
--- stable/12/crypto/openssl/Configure Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/Configure Tue Sep 10 21:13:37 2019 (r352192)
@@ -87,9 +87,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
# linked openssl executable has rather debugging value than
# production quality.
#
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-# provided to stack calls. Generates unique stack functions for
-# each possible stack type.
# BN_LLONG use the type 'long long' in crypto/bn/bn.h
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# Following are set automatically by this script
@@ -145,13 +142,13 @@ my @gcc_devteam_warn = qw(
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my @clang_devteam_warn = qw(
+ -Wno-unknown-warning-option
-Wswitch-default
-Wno-parentheses-equality
-Wno-language-extension-token
-Wno-extended-offsetof
-Wconditional-uninitialized
-Wincompatible-pointer-types-discards-qualifiers
- -Wno-unknown-warning-option
-Wmissing-variable-declarations
);
Modified: stable/12/crypto/openssl/INSTALL
==============================================================================
--- stable/12/crypto/openssl/INSTALL Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/INSTALL Tue Sep 10 21:13:37 2019 (r352192)
@@ -98,6 +98,9 @@
$ nmake test
$ nmake install
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
If any of these steps fails, see section Installation in Detail below.
This will build and install OpenSSL in the default location, which is:
@@ -107,6 +110,12 @@
OpenSSL version number with underscores instead of periods.
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or install
+ engines. If you already have a pre-installed version of OpenSSL as part of
+ your Operating System it is recommended that you do not overwrite the system
+ version and instead install to somewhere else.
+
If you want to install it anywhere else, run config like this:
On Unix:
@@ -135,7 +144,10 @@
Don't build with support for deprecated APIs below the
specified version number. For example "--api=1.1.0" will
remove support for all APIS that were deprecated in OpenSSL
- version 1.1.0 or below.
+ version 1.1.0 or below. This is a rather specialized option
+ for developers. If you just intend to remove all deprecated
+ APIs entirely (up to the current version), it is easier
+ to add the 'no-deprecated' option instead (see below).
--cross-compile-prefix=PREFIX
The PREFIX to include in front of commands for your
@@ -229,7 +241,7 @@
source exists.
getrandom: Use the L<getrandom(2)> or equivalent system
call.
- devrandom: Use the the first device from the DEVRANDOM list
+ devrandom: Use the first device from the DEVRANDOM list
which can be opened to read random bytes. The
DEVRANDOM preprocessor constant expands to
"/dev/urandom","/dev/random","/dev/srandom" on
@@ -908,8 +920,11 @@
$ mms install ! OpenVMS
$ nmake install # Windows
- This will install all the software components in this directory
- tree under PREFIX (the directory given with --prefix or its
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
+ The above commands will install all the software components in this
+ directory tree under PREFIX (the directory given with --prefix or its
default):
Unix:
@@ -964,6 +979,12 @@
private Initially empty, this is the default location
for private key files.
misc Various scripts.
+
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or
+ install engines. If you already have a pre-installed version of OpenSSL as
+ part of your Operating System it is recommended that you do not overwrite
+ the system version and instead install to somewhere else.
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
Modified: stable/12/crypto/openssl/NEWS
==============================================================================
--- stable/12/crypto/openssl/NEWS Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/NEWS Tue Sep 10 21:13:37 2019 (r352192)
@@ -5,6 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
+
+ o Fixed a fork protection issue (CVE-2019-1549)
+ o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
+ (CVE-2019-1563)
+ o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters
+ o Compute ECC cofactors if not provided during EC_GROUP construction
+ (CVE-2019-1547)
+ o Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems
+ o Correct the extended master secret constant on EBCDIC systems
+ o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+ o Changed DH_check to accept parameters with order q and 2q subgroups
+ o Significantly reduce secure memory usage by the randomness pools
+ o Revert the DEVRANDOM_WAIT feature for Linux systems
+
Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
@@ -601,7 +618,7 @@
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
- o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+ o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
Modified: stable/12/crypto/openssl/README
==============================================================================
--- stable/12/crypto/openssl/README Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/README Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1c 28 May 2019
+ OpenSSL 1.1.1d 10 Sep 2019
Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: stable/12/crypto/openssl/apps/apps.c
==============================================================================
--- stable/12/crypto/openssl/apps/apps.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/apps.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -40,12 +40,19 @@
#endif
#include <openssl/bn.h>
#include <openssl/ssl.h>
-#include "s_apps.h"
#include "apps.h"
#ifdef _WIN32
static int WIN32_rename(const char *from, const char *to);
# define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# define _kbhit kbhit
#endif
typedef struct {
Modified: stable/12/crypto/openssl/apps/apps.h
==============================================================================
--- stable/12/crypto/openssl/apps/apps.h Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/apps.h Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -444,11 +444,9 @@ void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
-# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
-# endif
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
Modified: stable/12/crypto/openssl/apps/ca.c
==============================================================================
--- stable/12/crypto/openssl/apps/ca.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/ca.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -722,7 +722,7 @@ end_of_options:
/*****************************************************************/
if (req || gencrl) {
- if (spkac_file != NULL) {
+ if (spkac_file != NULL && outfile != NULL) {
output_der = 1;
batch = 1;
}
Modified: stable/12/crypto/openssl/apps/dgst.c
==============================================================================
--- stable/12/crypto/openssl/apps/dgst.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/dgst.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -421,7 +421,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int s
size_t len;
int i;
- for (;;) {
+ while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
Modified: stable/12/crypto/openssl/apps/enc.c
==============================================================================
--- stable/12/crypto/openssl/apps/enc.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/enc.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -586,7 +586,7 @@ int enc_main(int argc, char **argv)
if (benc != NULL)
wbio = BIO_push(benc, wbio);
- for (;;) {
+ while (BIO_pending(rbio) || !BIO_eof(rbio)) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
Modified: stable/12/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/12/crypto/openssl/apps/ocsp.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/ocsp.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb
*q = '\0';
/*
- * Skip "GET / HTTP..." requests often used by load-balancers
+ * Skip "GET / HTTP..." requests often used by load-balancers. Note:
+ * 'p' was incremented above to point to the first byte *after* the
+ * leading slash, so with 'GET / ' it is now an empty string.
*/
- if (p[1] == '\0')
+ if (p[0] == '\0')
goto out;
len = urldecode(p);
Modified: stable/12/crypto/openssl/apps/openssl.c
==============================================================================
--- stable/12/crypto/openssl/apps/openssl.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/openssl.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,7 +22,6 @@
# include <openssl/engine.h>
#endif
#include <openssl/err.h>
-#include "s_apps.h"
/* Needed to get the other O_xxx flags. */
#ifdef OPENSSL_SYS_VMS
# include <unixio.h>
Modified: stable/12/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/12/crypto/openssl/apps/pkcs12.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/pkcs12.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -838,7 +838,7 @@ static int alg_print(const X509_ALGOR *alg)
goto done;
}
BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
- "Block size(r): %ld, Paralelizm(p): %ld",
+ "Block size(r): %ld, Parallelism(p): %ld",
ASN1_STRING_length(kdf->salt),
ASN1_INTEGER_get(kdf->costParameter),
ASN1_INTEGER_get(kdf->blockSize),
Modified: stable/12/crypto/openssl/apps/req.c
==============================================================================
--- stable/12/crypto/openssl/apps/req.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/req.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -881,9 +881,19 @@ int req_main(int argc, char **argv)
if (text) {
if (x509)
- X509_print_ex(out, x509ss, get_nameopt(), reqflag);
+ ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag);
else
- X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+ ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+
+ if (ret == 0) {
+ if (x509)
+ BIO_printf(bio_err, "Error printing certificate\n");
+ else
+ BIO_printf(bio_err, "Error printing certificate request\n");
+
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
if (subject) {
Modified: stable/12/crypto/openssl/apps/s_apps.h
==============================================================================
--- stable/12/crypto/openssl/apps/s_apps.h Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/s_apps.h Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,14 +9,8 @@
#include <openssl/opensslconf.h>
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-# include <conio.h>
-#endif
+#include <openssl/ssl.h>
-#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
-# define _kbhit kbhit
-#endif
-
#define PORT "4433"
#define PROTOCOL "tcp"
@@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int protocol, do_server_cb cb,
unsigned char *context, int naccept, BIO *bio_s_out);
-#ifdef HEADER_X509_H
+
int verify_callback(int ok, X509_STORE_CTX *ctx);
-#endif
-#ifdef HEADER_SSL_H
+
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_groups(BIO *out, SSL *s, int noshared);
-#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, const char *host, const char *port,
const char *bindhost, const char *bindport,
@@ -44,13 +36,11 @@ int should_retry(int i);
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
-#ifdef HEADER_SSL_H
void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf,
size_t len, SSL *ssl, void *arg);
void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
int len, void *arg);
-#endif
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
@@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc);
void print_verify_detail(SSL *s, BIO *bio);
void print_ssl_summary(SSL *s);
-#ifdef HEADER_SSL_H
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
@@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApat
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
void print_ca_names(BIO *bio, SSL *s);
-#endif
Modified: stable/12/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_cb.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/s_cb.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1525,7 +1525,8 @@ void print_ca_names(BIO *bio, SSL *s)
int i;
if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
- BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+ if (!SSL_is_server(s))
+ BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
return;
}
Modified: stable/12/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_client.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/s_client.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -2345,7 +2345,7 @@ int s_client_main(int argc, char **argv)
(void)BIO_flush(fbio);
/*
* The first line is the HTTP response. According to RFC 7230,
- * it's formated exactly like this:
+ * it's formatted exactly like this:
*
* HTTP/d.d ddd Reason text\r\n
*/
Modified: stable/12/crypto/openssl/apps/speed.c
==============================================================================
--- stable/12/crypto/openssl/apps/speed.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/speed.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1790,7 +1790,7 @@ int speed_main(int argc, char **argv)
}
buflen = lengths[size_num - 1];
- if (buflen < 36) /* size of random vector in RSA bencmark */
+ if (buflen < 36) /* size of random vector in RSA benchmark */
buflen = 36;
buflen += MAX_MISALIGNMENT + 1;
loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
Modified: stable/12/crypto/openssl/apps/storeutl.c
==============================================================================
--- stable/12/crypto/openssl/apps/storeutl.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/apps/storeutl.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[])
}
/*
* If expected wasn't set at this point, it means the map
- * isn't syncronised with the possible options leading here.
+ * isn't synchronised with the possible options leading here.
*/
OPENSSL_assert(expected != 0);
}
Modified: stable/12/crypto/openssl/config
==============================================================================
--- stable/12/crypto/openssl/config Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/config Tue Sep 10 21:13:37 2019 (r352192)
@@ -498,12 +498,12 @@ case "$GUESSOS" in
OUT="darwin64-x86_64-cc"
fi ;;
armv6+7-*-iphoneos)
- __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7"
- __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7"
+ __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7"
+ __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7"
OUT="iphoneos-cross" ;;
*-*-iphoneos)
- __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}"
- __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}"
+ __CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}"
+ __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}"
OUT="iphoneos-cross" ;;
arm64-*-iphoneos|*-*-ios64)
OUT="ios64-cross" ;;
Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl
==============================================================================
--- stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -38,14 +38,14 @@
# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
# for 128-bit keys, if hardware support is detected.
-# Januray 2009.
+# January 2009.
#
# Add support for hardware AES192/256 and reschedule instructions to
# minimize/avoid Address Generation Interlock hazard and to favour
# dual-issue z10 pipeline. This gave ~25% improvement on z10 and
# almost 50% on z9. The gain is smaller on z10, because being dual-
# issue z10 makes it impossible to eliminate the interlock condition:
-# critial path is not long enough. Yet it spends ~24 cycles per byte
+# critical path is not long enough. Yet it spends ~24 cycles per byte
# processed with 128-bit key.
#
# Unlike previous version hardware support detection takes place only
Modified: stable/12/crypto/openssl/crypto/asn1/a_time.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/a_time.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/asn1/a_time.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -67,7 +67,7 @@ static void determine_days(struct tm *tm)
}
c = y / 100;
y %= 100;
- /* Zeller's congruance */
+ /* Zeller's congruence */
tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
}
@@ -79,7 +79,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
char *a;
int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
struct tm tmp;
-
+#if defined(CHARSET_EBCDIC)
+ const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
+#else
+ const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
+#endif
/*
* ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
* time string format, in which:
@@ -120,20 +124,20 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
if (l < min_l)
goto err;
for (i = 0; i < end; i++) {
- if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+ if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
i++;
break;
}
- if (!ossl_isdigit(a[o]))
+ if (!ascii_isdigit(a[o]))
goto err;
- n = a[o] - '0';
+ n = a[o] - num_zero;
/* incomplete 2-digital number */
if (++o == l)
goto err;
- if (!ossl_isdigit(a[o]))
+ if (!ascii_isdigit(a[o]))
goto err;
- n = (n * 10) + a[o] - '0';
+ n = (n * 10) + a[o] - num_zero;
/* no more bytes to read, but we haven't seen time-zone yet */
if (++o == l)
goto err;
@@ -185,14 +189,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
* Optional fractional seconds: decimal point followed by one or more
* digits.
*/
- if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
+ if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
if (strict)
/* RFC 5280 forbids fractional seconds */
goto err;
if (++o == l)
goto err;
i = o;
- while ((o < l) && ossl_isdigit(a[o]))
+ while ((o < l) && ascii_isdigit(a[o]))
o++;
/* Must have at least one digit after decimal point */
if (i == o)
@@ -207,10 +211,10 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
* 'o' can point to '\0' is either the subsequent if or the first
* else if is true.
*/
- if (a[o] == 'Z') {
+ if (a[o] == upper_z) {
o++;
- } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
- int offsign = a[o] == '-' ? 1 : -1;
+ } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
+ int offsign = a[o] == minus ? 1 : -1;
int offset = 0;
o++;
@@ -223,13 +227,13 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
if (o + 4 != l)
goto err;
for (i = end; i < end + 2; i++) {
- if (!ossl_isdigit(a[o]))
+ if (!ascii_isdigit(a[o]))
goto err;
- n = a[o] - '0';
+ n = a[o] - num_zero;
o++;
- if (!ossl_isdigit(a[o]))
+ if (!ascii_isdigit(a[o]))
goto err;
- n = (n * 10) + a[o] - '0';
+ n = (n * 10) + a[o] - num_zero;
i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
if ((n < min[i2]) || (n > max[i2]))
goto err;
@@ -300,7 +304,7 @@ ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *
ts->tm_mday, ts->tm_hour, ts->tm_min,
ts->tm_sec);
-#ifdef CHARSET_EBCDIC_not
+#ifdef CHARSET_EBCDIC
ebcdic2ascii(tmps->data, tmps->data, tmps->length);
#endif
return tmps;
@@ -467,6 +471,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
char *v;
int gmt = 0, l;
struct tm stm;
+ const char upper_z = 0x5A, period = 0x2E;
if (!asn1_time_to_tm(&stm, tm)) {
/* asn1_time_to_tm will check the time type */
@@ -475,7 +480,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
l = tm->length;
v = (char *)tm->data;
- if (v[l - 1] == 'Z')
+ if (v[l - 1] == upper_z)
gmt = 1;
if (tm->type == V_ASN1_GENERALIZEDTIME) {
@@ -486,10 +491,10 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
* Try to parse fractional seconds. '14' is the place of
* 'fraction point' in a GeneralizedTime string.
*/
- if (tm->length > 15 && v[14] == '.') {
+ if (tm->length > 15 && v[14] == period) {
f = &v[14];
f_len = 1;
- while (14 + f_len < l && ossl_isdigit(f[f_len]))
+ while (14 + f_len < l && ascii_isdigit(f[f_len]))
++f_len;
}
Modified: stable/12/crypto/openssl/crypto/asn1/a_type.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/a_type.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/asn1/a_type.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,7 +15,9 @@
int ASN1_TYPE_get(const ASN1_TYPE *a)
{
- if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+ if (a->type == V_ASN1_BOOLEAN
+ || a->type == V_ASN1_NULL
+ || a->value.ptr != NULL)
return a->type;
else
return 0;
@@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a)
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
{
- if (a->value.ptr != NULL) {
+ if (a->type != V_ASN1_BOOLEAN
+ && a->type != V_ASN1_NULL
+ && a->value.ptr != NULL) {
ASN1_TYPE **tmp_a = &a;
asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
}
Modified: stable/12/crypto/openssl/crypto/asn1/x_bignum.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/x_bignum.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/asn1/x_bignum.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned ch
static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it)
{
- if (!*pval)
- bn_secure_new(pval, it);
- return bn_c2i(pval, cont, len, utype, free_cont, it);
+ int ret;
+ BIGNUM *bn;
+
+ if (!*pval && !bn_secure_new(pval, it))
+ return 0;
+
+ ret = bn_c2i(pval, cont, len, utype, free_cont, it);
+ if (!ret)
+ return 0;
+
+ /* Set constant-time flag for all secure BIGNUMS */
+ bn = (BIGNUM *)*pval;
+ BN_set_flags(bn, BN_FLG_CONSTTIME);
+ return ret;
}
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
Modified: stable/12/crypto/openssl/crypto/bio/b_addr.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/b_addr.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/bio/b_addr.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -675,7 +675,7 @@ int BIO_lookup_ex(const char *host, const char *servic
if (1) {
#ifdef AI_PASSIVE
- int gai_ret = 0;
+ int gai_ret = 0, old_ret = 0;
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
@@ -683,12 +683,12 @@ int BIO_lookup_ex(const char *host, const char *servic
hints.ai_family = family;
hints.ai_socktype = socktype;
hints.ai_protocol = protocol;
-#ifdef AI_ADDRCONFIG
-#ifdef AF_UNSPEC
+# ifdef AI_ADDRCONFIG
+# ifdef AF_UNSPEC
if (family == AF_UNSPEC)
-#endif
+# endif
hints.ai_flags |= AI_ADDRCONFIG;
-#endif
+# endif
if (lookup_type == BIO_LOOKUP_SERVER)
hints.ai_flags |= AI_PASSIVE;
@@ -696,6 +696,7 @@ int BIO_lookup_ex(const char *host, const char *servic
/* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
* macro magic in bio_lcl.h
*/
+ retry:
switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
# ifdef EAI_SYSTEM
case EAI_SYSTEM:
@@ -703,12 +704,25 @@ int BIO_lookup_ex(const char *host, const char *servic
BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
break;
# endif
+# ifdef EAI_MEMORY
+ case EAI_MEMORY:
+ BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+ break;
+# endif
case 0:
ret = 1; /* Success */
break;
default:
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
+ if (hints.ai_flags & AI_ADDRCONFIG) {
+ hints.ai_flags &= ~AI_ADDRCONFIG;
+ hints.ai_flags |= AI_NUMERICHOST;
+ old_ret = gai_ret;
+ goto retry;
+ }
+# endif
BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
- ERR_add_error_data(1, gai_strerror(gai_ret));
+ ERR_add_error_data(1, gai_strerror(old_ret ? old_ret : gai_ret));
break;
}
} else {
Modified: stable/12/crypto/openssl/crypto/bio/bss_dgram.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bss_dgram.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/bio/bss_dgram.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void
* reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
* was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
* value has been updated to a non-clashing value. However to preserve
- * binary compatiblity we now respond to both the old value and the new one
+ * binary compatibility we now respond to both the old value and the new one
*/
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
case BIO_CTRL_DGRAM_SET_PEEK_MODE:
Modified: stable/12/crypto/openssl/crypto/bio/bss_file.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bss_file.c Tue Sep 10 21:08:17 2019 (r352191)
+++ stable/12/crypto/openssl/crypto/bio/bss_file.c Tue Sep 10 21:13:37 2019 (r352192)
@@ -7,10 +7,7 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef HEADER_BSS_FILE_C
-# define HEADER_BSS_FILE_C
-
-# if defined(__linux) || defined(__sun) || defined(__hpux)
+#if defined(__linux) || defined(__sun) || defined(__hpux)
/*
* Following definition aliases fopen to fopen64 on above mentioned
* platforms. This makes it possible to open and sequentially access files
@@ -23,17 +20,17 @@
* of 32-bit platforms which allow for sequential access of large files
* without extra "magic" comprise *BSD, Darwin, IRIX...
*/
-# ifndef _FILE_OFFSET_BITS
-# define _FILE_OFFSET_BITS 64
-# endif
+# ifndef _FILE_OFFSET_BITS
+# define _FILE_OFFSET_BITS 64
# endif
+#endif
-# include <stdio.h>
-# include <errno.h>
-# include "bio_lcl.h"
-# include <openssl/err.h>
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include <openssl/err.h>
-# if !defined(OPENSSL_NO_STDIO)
+#if !defined(OPENSSL_NO_STDIO)
static int file_write(BIO *h, const char *buf, int num);
static int file_read(BIO *h, char *buf, int size);
@@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mo
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
if (errno == ENOENT
-# ifdef ENXIO
+#ifdef ENXIO
|| errno == ENXIO
-# endif
+#endif
)
BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
else
@@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void
b->shutdown = (int)num & BIO_CLOSE;
b->ptr = ptr;
b->init = 1;
-# if BIO_FLAGS_UPLINK!=0
-# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-# define _IOB_ENTRIES 20
-# endif
+# if BIO_FLAGS_UPLINK!=0
+# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+# define _IOB_ENTRIES 20
+# endif
/* Safety net to catch purely internal BIO_set_fp calls */
-# if defined(_MSC_VER) && _MSC_VER>=1900
+# if defined(_MSC_VER) && _MSC_VER>=1900
if (ptr == stdin || ptr == stdout || ptr == stderr)
BIO_clear_flags(b, BIO_FLAGS_UPLINK);
-# elif defined(_IOB_ENTRIES)
+# elif defined(_IOB_ENTRIES)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list