Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Sep 2019 21:13:38 +0000 (UTC)
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r352192 - in stable/12: . crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/cryp...
Message-ID:  <201909102113.x8ALDceq088282@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jkim
Date: Tue Sep 10 21:13:37 2019
New Revision: 352192
URL: https://svnweb.freebsd.org/changeset/base/352192

Log:
  MFC:	r352191
  
  Merge OpenSSL 1.1.1d.

Added:
  stable/12/crypto/openssl/doc/man3/CRYPTO_memcmp.pod
     - copied unchanged from r352191, head/crypto/openssl/doc/man3/CRYPTO_memcmp.pod
  stable/12/crypto/openssl/doc/man3/X509_cmp.pod
     - copied unchanged from r352191, head/crypto/openssl/doc/man3/X509_cmp.pod
  stable/12/secure/lib/libcrypto/man/CRYPTO_memcmp.3
     - copied unchanged from r352191, head/secure/lib/libcrypto/man/CRYPTO_memcmp.3
  stable/12/secure/lib/libcrypto/man/X509_cmp.3
     - copied unchanged from r352191, head/secure/lib/libcrypto/man/X509_cmp.3
Deleted:
  stable/12/crypto/openssl/crypto/aes/asm/aes-586.pl
  stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
  stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
  stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S
  stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S
  stable/12/secure/lib/libcrypto/i386/aes-586.S
Modified:
  stable/12/ObsoleteFiles.inc
  stable/12/crypto/openssl/CHANGES
  stable/12/crypto/openssl/Configure
  stable/12/crypto/openssl/INSTALL
  stable/12/crypto/openssl/NEWS
  stable/12/crypto/openssl/README
  stable/12/crypto/openssl/apps/apps.c
  stable/12/crypto/openssl/apps/apps.h
  stable/12/crypto/openssl/apps/ca.c
  stable/12/crypto/openssl/apps/dgst.c
  stable/12/crypto/openssl/apps/enc.c
  stable/12/crypto/openssl/apps/ocsp.c
  stable/12/crypto/openssl/apps/openssl.c
  stable/12/crypto/openssl/apps/pkcs12.c
  stable/12/crypto/openssl/apps/req.c
  stable/12/crypto/openssl/apps/s_apps.h
  stable/12/crypto/openssl/apps/s_cb.c
  stable/12/crypto/openssl/apps/s_client.c
  stable/12/crypto/openssl/apps/speed.c
  stable/12/crypto/openssl/apps/storeutl.c
  stable/12/crypto/openssl/config
  stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl
  stable/12/crypto/openssl/crypto/asn1/a_time.c
  stable/12/crypto/openssl/crypto/asn1/a_type.c
  stable/12/crypto/openssl/crypto/asn1/x_bignum.c
  stable/12/crypto/openssl/crypto/bio/b_addr.c
  stable/12/crypto/openssl/crypto/bio/bss_dgram.c
  stable/12/crypto/openssl/crypto/bio/bss_file.c
  stable/12/crypto/openssl/crypto/bio/bss_mem.c
  stable/12/crypto/openssl/crypto/bn/asm/mips.pl
  stable/12/crypto/openssl/crypto/bn/bn_div.c
  stable/12/crypto/openssl/crypto/bn/bn_lcl.h
  stable/12/crypto/openssl/crypto/bn/bn_lib.c
  stable/12/crypto/openssl/crypto/bn/bn_prime.c
  stable/12/crypto/openssl/crypto/bn/bn_rand.c
  stable/12/crypto/openssl/crypto/bn/bn_sqrt.c
  stable/12/crypto/openssl/crypto/cms/cms_att.c
  stable/12/crypto/openssl/crypto/cms/cms_env.c
  stable/12/crypto/openssl/crypto/cms/cms_err.c
  stable/12/crypto/openssl/crypto/cms/cms_lcl.h
  stable/12/crypto/openssl/crypto/cms/cms_sd.c
  stable/12/crypto/openssl/crypto/cms/cms_smime.c
  stable/12/crypto/openssl/crypto/conf/conf_sap.c
  stable/12/crypto/openssl/crypto/ctype.c
  stable/12/crypto/openssl/crypto/dh/dh_check.c
  stable/12/crypto/openssl/crypto/dh/dh_gen.c
  stable/12/crypto/openssl/crypto/dh/dh_key.c
  stable/12/crypto/openssl/crypto/dh/dh_lib.c
  stable/12/crypto/openssl/crypto/dsa/dsa_ameth.c
  stable/12/crypto/openssl/crypto/dsa/dsa_err.c
  stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c
  stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c
  stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
  stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
  stable/12/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl
  stable/12/crypto/openssl/crypto/ec/ec_asn1.c
  stable/12/crypto/openssl/crypto/ec/ec_curve.c
  stable/12/crypto/openssl/crypto/ec/ec_lcl.h
  stable/12/crypto/openssl/crypto/ec/ec_lib.c
  stable/12/crypto/openssl/crypto/ec/ecdh_ossl.c
  stable/12/crypto/openssl/crypto/ec/ecdsa_ossl.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c
  stable/12/crypto/openssl/crypto/ec/ecp_nistputil.c
  stable/12/crypto/openssl/crypto/ec/ecx_meth.c
  stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
  stable/12/crypto/openssl/crypto/engine/eng_openssl.c
  stable/12/crypto/openssl/crypto/err/err.c
  stable/12/crypto/openssl/crypto/err/openssl.txt
  stable/12/crypto/openssl/crypto/evp/bio_ok.c
  stable/12/crypto/openssl/crypto/evp/e_aes.c
  stable/12/crypto/openssl/crypto/evp/e_aria.c
  stable/12/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
  stable/12/crypto/openssl/crypto/evp/e_rc5.c
  stable/12/crypto/openssl/crypto/evp/evp_err.c
  stable/12/crypto/openssl/crypto/evp/evp_lib.c
  stable/12/crypto/openssl/crypto/evp/m_sha3.c
  stable/12/crypto/openssl/crypto/include/internal/ctype.h
  stable/12/crypto/openssl/crypto/include/internal/rand_int.h
  stable/12/crypto/openssl/crypto/include/internal/sm2err.h
  stable/12/crypto/openssl/crypto/init.c
  stable/12/crypto/openssl/crypto/lhash/lhash.c
  stable/12/crypto/openssl/crypto/o_str.c
  stable/12/crypto/openssl/crypto/pem/pvkfmt.c
  stable/12/crypto/openssl/crypto/pkcs7/pk7_doit.c
  stable/12/crypto/openssl/crypto/rand/drbg_lib.c
  stable/12/crypto/openssl/crypto/rand/rand_err.c
  stable/12/crypto/openssl/crypto/rand/rand_lcl.h
  stable/12/crypto/openssl/crypto/rand/rand_lib.c
  stable/12/crypto/openssl/crypto/rand/rand_unix.c
  stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c
  stable/12/crypto/openssl/crypto/rsa/rsa_err.c
  stable/12/crypto/openssl/crypto/rsa/rsa_gen.c
  stable/12/crypto/openssl/crypto/rsa/rsa_lib.c
  stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c
  stable/12/crypto/openssl/crypto/s390xcap.c
  stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl
  stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
  stable/12/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl
  stable/12/crypto/openssl/crypto/sm2/sm2_sign.c
  stable/12/crypto/openssl/crypto/store/loader_file.c
  stable/12/crypto/openssl/crypto/store/store_lib.c
  stable/12/crypto/openssl/crypto/threads_none.c
  stable/12/crypto/openssl/crypto/threads_pthread.c
  stable/12/crypto/openssl/crypto/ui/ui_lib.c
  stable/12/crypto/openssl/crypto/ui/ui_openssl.c
  stable/12/crypto/openssl/crypto/uid.c
  stable/12/crypto/openssl/crypto/whrlpool/wp_block.c
  stable/12/crypto/openssl/crypto/x509/by_dir.c
  stable/12/crypto/openssl/crypto/x509/t_req.c
  stable/12/crypto/openssl/crypto/x509/x509_att.c
  stable/12/crypto/openssl/crypto/x509/x509_cmp.c
  stable/12/crypto/openssl/crypto/x509/x509_err.c
  stable/12/crypto/openssl/crypto/x509/x509_lu.c
  stable/12/crypto/openssl/crypto/x509/x509_vfy.c
  stable/12/crypto/openssl/crypto/x509v3/v3_alt.c
  stable/12/crypto/openssl/crypto/x509v3/v3_purp.c
  stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt
  stable/12/crypto/openssl/doc/man1/engine.pod
  stable/12/crypto/openssl/doc/man1/errstr.pod
  stable/12/crypto/openssl/doc/man1/pkcs12.pod
  stable/12/crypto/openssl/doc/man1/pkeyparam.pod
  stable/12/crypto/openssl/doc/man1/s_client.pod
  stable/12/crypto/openssl/doc/man1/s_server.pod
  stable/12/crypto/openssl/doc/man3/ADMISSIONS.pod
  stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod
  stable/12/crypto/openssl/doc/man3/BIO_connect.pod
  stable/12/crypto/openssl/doc/man3/BIO_f_ssl.pod
  stable/12/crypto/openssl/doc/man3/BIO_find_type.pod
  stable/12/crypto/openssl/doc/man3/BIO_new.pod
  stable/12/crypto/openssl/doc/man3/BIO_s_accept.pod
  stable/12/crypto/openssl/doc/man3/BIO_s_bio.pod
  stable/12/crypto/openssl/doc/man3/BIO_s_connect.pod
  stable/12/crypto/openssl/doc/man3/BIO_s_fd.pod
  stable/12/crypto/openssl/doc/man3/BIO_s_mem.pod
  stable/12/crypto/openssl/doc/man3/BIO_set_callback.pod
  stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod
  stable/12/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod
  stable/12/crypto/openssl/doc/man3/BN_new.pod
  stable/12/crypto/openssl/doc/man3/CMS_final.pod
  stable/12/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod
  stable/12/crypto/openssl/doc/man3/DES_random_key.pod
  stable/12/crypto/openssl/doc/man3/DSA_generate_key.pod
  stable/12/crypto/openssl/doc/man3/DSA_sign.pod
  stable/12/crypto/openssl/doc/man3/ECDSA_SIG_new.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod
  stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod
  stable/12/crypto/openssl/doc/man3/EVP_SealInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_VerifyInit.pod
  stable/12/crypto/openssl/doc/man3/EVP_aria.pod
  stable/12/crypto/openssl/doc/man3/EVP_md5.pod
  stable/12/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
  stable/12/crypto/openssl/doc/man3/OCSP_REQUEST_new.pod
  stable/12/crypto/openssl/doc/man3/OPENSSL_fork_prepare.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod
  stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod
  stable/12/crypto/openssl/doc/man3/PKCS12_newpass.pod
  stable/12/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod
  stable/12/crypto/openssl/doc/man3/RAND_set_rand_method.pod
  stable/12/crypto/openssl/doc/man3/RSA_blinding_on.pod
  stable/12/crypto/openssl/doc/man3/RSA_generate_key.pod
  stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
  stable/12/crypto/openssl/doc/man3/RSA_public_encrypt.pod
  stable/12/crypto/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_new.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_cipher_list.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod
  stable/12/crypto/openssl/doc/man3/SSL_CTX_set_verify.pod
  stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
  stable/12/crypto/openssl/doc/man3/SSL_get_error.pod
  stable/12/crypto/openssl/doc/man3/SSL_library_init.pod
  stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod
  stable/12/crypto/openssl/doc/man3/SSL_write.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_add_cert.pod
  stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod
  stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
  stable/12/crypto/openssl/doc/man3/X509_get_extension_flags.pod
  stable/12/crypto/openssl/doc/man3/d2i_X509.pod
  stable/12/crypto/openssl/doc/man5/x509v3_config.pod
  stable/12/crypto/openssl/doc/man7/Ed25519.pod
  stable/12/crypto/openssl/doc/man7/RAND.pod
  stable/12/crypto/openssl/doc/man7/SM2.pod
  stable/12/crypto/openssl/doc/man7/X25519.pod
  stable/12/crypto/openssl/doc/man7/bio.pod
  stable/12/crypto/openssl/doc/man7/scrypt.pod
  stable/12/crypto/openssl/e_os.h
  stable/12/crypto/openssl/engines/build.info
  stable/12/crypto/openssl/engines/e_afalg.c
  stable/12/crypto/openssl/include/internal/constant_time_locl.h
  stable/12/crypto/openssl/include/internal/cryptlib.h
  stable/12/crypto/openssl/include/internal/dsoerr.h
  stable/12/crypto/openssl/include/internal/refcount.h
  stable/12/crypto/openssl/include/internal/thread_once.h
  stable/12/crypto/openssl/include/internal/tsan_assist.h
  stable/12/crypto/openssl/include/openssl/asn1err.h
  stable/12/crypto/openssl/include/openssl/asyncerr.h
  stable/12/crypto/openssl/include/openssl/bio.h
  stable/12/crypto/openssl/include/openssl/bioerr.h
  stable/12/crypto/openssl/include/openssl/bnerr.h
  stable/12/crypto/openssl/include/openssl/buffererr.h
  stable/12/crypto/openssl/include/openssl/cms.h
  stable/12/crypto/openssl/include/openssl/cmserr.h
  stable/12/crypto/openssl/include/openssl/comperr.h
  stable/12/crypto/openssl/include/openssl/conferr.h
  stable/12/crypto/openssl/include/openssl/cryptoerr.h
  stable/12/crypto/openssl/include/openssl/cterr.h
  stable/12/crypto/openssl/include/openssl/dherr.h
  stable/12/crypto/openssl/include/openssl/dsaerr.h
  stable/12/crypto/openssl/include/openssl/ec.h
  stable/12/crypto/openssl/include/openssl/ecerr.h
  stable/12/crypto/openssl/include/openssl/engineerr.h
  stable/12/crypto/openssl/include/openssl/evp.h
  stable/12/crypto/openssl/include/openssl/evperr.h
  stable/12/crypto/openssl/include/openssl/kdferr.h
  stable/12/crypto/openssl/include/openssl/objectserr.h
  stable/12/crypto/openssl/include/openssl/ocsperr.h
  stable/12/crypto/openssl/include/openssl/opensslv.h
  stable/12/crypto/openssl/include/openssl/pemerr.h
  stable/12/crypto/openssl/include/openssl/pkcs12err.h
  stable/12/crypto/openssl/include/openssl/pkcs7err.h
  stable/12/crypto/openssl/include/openssl/randerr.h
  stable/12/crypto/openssl/include/openssl/rsaerr.h
  stable/12/crypto/openssl/include/openssl/ssl.h
  stable/12/crypto/openssl/include/openssl/sslerr.h
  stable/12/crypto/openssl/include/openssl/store.h
  stable/12/crypto/openssl/include/openssl/storeerr.h
  stable/12/crypto/openssl/include/openssl/tls1.h
  stable/12/crypto/openssl/include/openssl/tserr.h
  stable/12/crypto/openssl/include/openssl/uierr.h
  stable/12/crypto/openssl/include/openssl/x509err.h
  stable/12/crypto/openssl/include/openssl/x509v3.h
  stable/12/crypto/openssl/include/openssl/x509v3err.h
  stable/12/crypto/openssl/ssl/d1_msg.c
  stable/12/crypto/openssl/ssl/record/rec_layer_s3.c
  stable/12/crypto/openssl/ssl/s3_lib.c
  stable/12/crypto/openssl/ssl/ssl_cert.c
  stable/12/crypto/openssl/ssl/ssl_ciph.c
  stable/12/crypto/openssl/ssl/ssl_lib.c
  stable/12/crypto/openssl/ssl/ssl_locl.h
  stable/12/crypto/openssl/ssl/ssl_sess.c
  stable/12/crypto/openssl/ssl/statem/extensions.c
  stable/12/crypto/openssl/ssl/statem/extensions_clnt.c
  stable/12/crypto/openssl/ssl/statem/extensions_srvr.c
  stable/12/crypto/openssl/ssl/statem/statem_clnt.c
  stable/12/crypto/openssl/ssl/statem/statem_lib.c
  stable/12/crypto/openssl/ssl/statem/statem_srvr.c
  stable/12/crypto/openssl/ssl/t1_lib.c
  stable/12/crypto/openssl/ssl/tls13_enc.c
  stable/12/secure/lib/libcrypto/Makefile
  stable/12/secure/lib/libcrypto/Makefile.asm
  stable/12/secure/lib/libcrypto/Makefile.inc
  stable/12/secure/lib/libcrypto/Makefile.man
  stable/12/secure/lib/libcrypto/Version.map
  stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
  stable/12/secure/lib/libcrypto/arm/keccak1600-armv4.S
  stable/12/secure/lib/libcrypto/man/ADMISSIONS.3
  stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
  stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
  stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3
  stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
  stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3
  stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3
  stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3
  stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
  stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3
  stable/12/secure/lib/libcrypto/man/BF_encrypt.3
  stable/12/secure/lib/libcrypto/man/BIO_ADDR.3
  stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3
  stable/12/secure/lib/libcrypto/man/BIO_connect.3
  stable/12/secure/lib/libcrypto/man/BIO_ctrl.3
  stable/12/secure/lib/libcrypto/man/BIO_f_base64.3
  stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3
  stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3
  stable/12/secure/lib/libcrypto/man/BIO_f_md.3
  stable/12/secure/lib/libcrypto/man/BIO_f_null.3
  stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3
  stable/12/secure/lib/libcrypto/man/BIO_find_type.3
  stable/12/secure/lib/libcrypto/man/BIO_get_data.3
  stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
  stable/12/secure/lib/libcrypto/man/BIO_meth_new.3
  stable/12/secure/lib/libcrypto/man/BIO_new.3
  stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3
  stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3
  stable/12/secure/lib/libcrypto/man/BIO_printf.3
  stable/12/secure/lib/libcrypto/man/BIO_push.3
  stable/12/secure/lib/libcrypto/man/BIO_read.3
  stable/12/secure/lib/libcrypto/man/BIO_s_accept.3
  stable/12/secure/lib/libcrypto/man/BIO_s_bio.3
  stable/12/secure/lib/libcrypto/man/BIO_s_connect.3
  stable/12/secure/lib/libcrypto/man/BIO_s_fd.3
  stable/12/secure/lib/libcrypto/man/BIO_s_file.3
  stable/12/secure/lib/libcrypto/man/BIO_s_mem.3
  stable/12/secure/lib/libcrypto/man/BIO_s_null.3
  stable/12/secure/lib/libcrypto/man/BIO_s_socket.3
  stable/12/secure/lib/libcrypto/man/BIO_set_callback.3
  stable/12/secure/lib/libcrypto/man/BIO_should_retry.3
  stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3
  stable/12/secure/lib/libcrypto/man/BN_CTX_new.3
  stable/12/secure/lib/libcrypto/man/BN_CTX_start.3
  stable/12/secure/lib/libcrypto/man/BN_add.3
  stable/12/secure/lib/libcrypto/man/BN_add_word.3
  stable/12/secure/lib/libcrypto/man/BN_bn2bin.3
  stable/12/secure/lib/libcrypto/man/BN_cmp.3
  stable/12/secure/lib/libcrypto/man/BN_copy.3
  stable/12/secure/lib/libcrypto/man/BN_generate_prime.3
  stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3
  stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
  stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
  stable/12/secure/lib/libcrypto/man/BN_new.3
  stable/12/secure/lib/libcrypto/man/BN_num_bytes.3
  stable/12/secure/lib/libcrypto/man/BN_rand.3
  stable/12/secure/lib/libcrypto/man/BN_security_bits.3
  stable/12/secure/lib/libcrypto/man/BN_set_bit.3
  stable/12/secure/lib/libcrypto/man/BN_swap.3
  stable/12/secure/lib/libcrypto/man/BN_zero.3
  stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3
  stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3
  stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
  stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3
  stable/12/secure/lib/libcrypto/man/CMS_compress.3
  stable/12/secure/lib/libcrypto/man/CMS_decrypt.3
  stable/12/secure/lib/libcrypto/man/CMS_encrypt.3
  stable/12/secure/lib/libcrypto/man/CMS_final.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
  stable/12/secure/lib/libcrypto/man/CMS_get0_type.3
  stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
  stable/12/secure/lib/libcrypto/man/CMS_sign.3
  stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3
  stable/12/secure/lib/libcrypto/man/CMS_uncompress.3
  stable/12/secure/lib/libcrypto/man/CMS_verify.3
  stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3
  stable/12/secure/lib/libcrypto/man/CONF_modules_free.3
  stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3
  stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
  stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
  stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
  stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3
  stable/12/secure/lib/libcrypto/man/CTLOG_new.3
  stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
  stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
  stable/12/secure/lib/libcrypto/man/DES_random_key.3
  stable/12/secure/lib/libcrypto/man/DH_generate_key.3
  stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3
  stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3
  stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3
  stable/12/secure/lib/libcrypto/man/DH_meth_new.3
  stable/12/secure/lib/libcrypto/man/DH_new.3
  stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3
  stable/12/secure/lib/libcrypto/man/DH_set_method.3
  stable/12/secure/lib/libcrypto/man/DH_size.3
  stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3
  stable/12/secure/lib/libcrypto/man/DSA_do_sign.3
  stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3
  stable/12/secure/lib/libcrypto/man/DSA_generate_key.3
  stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3
  stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3
  stable/12/secure/lib/libcrypto/man/DSA_meth_new.3
  stable/12/secure/lib/libcrypto/man/DSA_new.3
  stable/12/secure/lib/libcrypto/man/DSA_set_method.3
  stable/12/secure/lib/libcrypto/man/DSA_sign.3
  stable/12/secure/lib/libcrypto/man/DSA_size.3
  stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
  stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
  stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3
  stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3
  stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3
  stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3
  stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3
  stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3
  stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
  stable/12/secure/lib/libcrypto/man/EC_KEY_new.3
  stable/12/secure/lib/libcrypto/man/EC_POINT_add.3
  stable/12/secure/lib/libcrypto/man/EC_POINT_new.3
  stable/12/secure/lib/libcrypto/man/ENGINE_add.3
  stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3
  stable/12/secure/lib/libcrypto/man/ERR_clear_error.3
  stable/12/secure/lib/libcrypto/man/ERR_error_string.3
  stable/12/secure/lib/libcrypto/man/ERR_get_error.3
  stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
  stable/12/secure/lib/libcrypto/man/ERR_load_strings.3
  stable/12/secure/lib/libcrypto/man/ERR_print_errors.3
  stable/12/secure/lib/libcrypto/man/ERR_put_error.3
  stable/12/secure/lib/libcrypto/man/ERR_remove_state.3
  stable/12/secure/lib/libcrypto/man/ERR_set_mark.3
  stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3
  stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
  stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3
  stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
  stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3
  stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3
  stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3
  stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
  stable/12/secure/lib/libcrypto/man/EVP_SealInit.3
  stable/12/secure/lib/libcrypto/man/EVP_SignInit.3
  stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3
  stable/12/secure/lib/libcrypto/man/EVP_aes.3
  stable/12/secure/lib/libcrypto/man/EVP_aria.3
  stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3
  stable/12/secure/lib/libcrypto/man/EVP_camellia.3
  stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_chacha20.3
  stable/12/secure/lib/libcrypto/man/EVP_des.3
  stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_md2.3
  stable/12/secure/lib/libcrypto/man/EVP_md4.3
  stable/12/secure/lib/libcrypto/man/EVP_md5.3
  stable/12/secure/lib/libcrypto/man/EVP_mdc2.3
  stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_rc4.3
  stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3
  stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_sha1.3
  stable/12/secure/lib/libcrypto/man/EVP_sha224.3
  stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3
  stable/12/secure/lib/libcrypto/man/EVP_sm3.3
  stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3
  stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3
  stable/12/secure/lib/libcrypto/man/HMAC.3
  stable/12/secure/lib/libcrypto/man/MD5.3
  stable/12/secure/lib/libcrypto/man/MDC2_Init.3
  stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3
  stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
  stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3
  stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
  stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3
  stable/12/secure/lib/libcrypto/man/OCSP_response_status.3
  stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_config.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3
  stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3
  stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3
  stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
  stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
  stable/12/secure/lib/libcrypto/man/PEM_read.3
  stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3
  stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
  stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3
  stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
  stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
  stable/12/secure/lib/libcrypto/man/PKCS12_create.3
  stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3
  stable/12/secure/lib/libcrypto/man/PKCS12_parse.3
  stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
  stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3
  stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3
  stable/12/secure/lib/libcrypto/man/PKCS7_sign.3
  stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
  stable/12/secure/lib/libcrypto/man/PKCS7_verify.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
  stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
  stable/12/secure/lib/libcrypto/man/RAND_add.3
  stable/12/secure/lib/libcrypto/man/RAND_bytes.3
  stable/12/secure/lib/libcrypto/man/RAND_cleanup.3
  stable/12/secure/lib/libcrypto/man/RAND_egd.3
  stable/12/secure/lib/libcrypto/man/RAND_load_file.3
  stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3
  stable/12/secure/lib/libcrypto/man/RC4_set_key.3
  stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3
  stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3
  stable/12/secure/lib/libcrypto/man/RSA_check_key.3
  stable/12/secure/lib/libcrypto/man/RSA_generate_key.3
  stable/12/secure/lib/libcrypto/man/RSA_get0_key.3
  stable/12/secure/lib/libcrypto/man/RSA_meth_new.3
  stable/12/secure/lib/libcrypto/man/RSA_new.3
  stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
  stable/12/secure/lib/libcrypto/man/RSA_print.3
  stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3
  stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3
  stable/12/secure/lib/libcrypto/man/RSA_set_method.3
  stable/12/secure/lib/libcrypto/man/RSA_sign.3
  stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
  stable/12/secure/lib/libcrypto/man/RSA_size.3
  stable/12/secure/lib/libcrypto/man/SCT_new.3
  stable/12/secure/lib/libcrypto/man/SCT_print.3
  stable/12/secure/lib/libcrypto/man/SCT_validate.3
  stable/12/secure/lib/libcrypto/man/SHA256_Init.3
  stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3
  stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
  stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3
  stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
  stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
  stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3
  stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
  stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3
  stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
  stable/12/secure/lib/libcrypto/man/SSL_accept.3
  stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3
  stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3
  stable/12/secure/lib/libcrypto/man/SSL_check_chain.3
  stable/12/secure/lib/libcrypto/man/SSL_clear.3
  stable/12/secure/lib/libcrypto/man/SSL_connect.3
  stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3
  stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3
  stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3
  stable/12/secure/lib/libcrypto/man/SSL_free.3
  stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
  stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
  stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
  stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3
  stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3
  stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3
  stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3
  stable/12/secure/lib/libcrypto/man/SSL_get_error.3
  stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3
  stable/12/secure/lib/libcrypto/man/SSL_get_fd.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
  stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
  stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3
  stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3
  stable/12/secure/lib/libcrypto/man/SSL_get_session.3
  stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
  stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3
  stable/12/secure/lib/libcrypto/man/SSL_get_version.3
  stable/12/secure/lib/libcrypto/man/SSL_in_init.3
  stable/12/secure/lib/libcrypto/man/SSL_key_update.3
  stable/12/secure/lib/libcrypto/man/SSL_library_init.3
  stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
  stable/12/secure/lib/libcrypto/man/SSL_new.3
  stable/12/secure/lib/libcrypto/man/SSL_pending.3
  stable/12/secure/lib/libcrypto/man/SSL_read.3
  stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3
  stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3
  stable/12/secure/lib/libcrypto/man/SSL_session_reused.3
  stable/12/secure/lib/libcrypto/man/SSL_set1_host.3
  stable/12/secure/lib/libcrypto/man/SSL_set_bio.3
  stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3
  stable/12/secure/lib/libcrypto/man/SSL_set_fd.3
  stable/12/secure/lib/libcrypto/man/SSL_set_session.3
  stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3
  stable/12/secure/lib/libcrypto/man/SSL_shutdown.3
  stable/12/secure/lib/libcrypto/man/SSL_state_string.3
  stable/12/secure/lib/libcrypto/man/SSL_want.3
  stable/12/secure/lib/libcrypto/man/SSL_write.3
  stable/12/secure/lib/libcrypto/man/UI_STRING.3
  stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
  stable/12/secure/lib/libcrypto/man/UI_create_method.3
  stable/12/secure/lib/libcrypto/man/UI_new.3
  stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3
  stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3
  stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
  stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
  stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
  stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
  stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3
  stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3
  stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_new.3
  stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
  stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
  stable/12/secure/lib/libcrypto/man/X509_check_ca.3
  stable/12/secure/lib/libcrypto/man/X509_check_host.3
  stable/12/secure/lib/libcrypto/man/X509_check_issued.3
  stable/12/secure/lib/libcrypto/man/X509_check_private_key.3
  stable/12/secure/lib/libcrypto/man/X509_cmp_time.3
  stable/12/secure/lib/libcrypto/man/X509_digest.3
  stable/12/secure/lib/libcrypto/man/X509_dup.3
  stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3
  stable/12/secure/lib/libcrypto/man/X509_get0_signature.3
  stable/12/secure/lib/libcrypto/man/X509_get0_uids.3
  stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3
  stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3
  stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3
  stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3
  stable/12/secure/lib/libcrypto/man/X509_get_version.3
  stable/12/secure/lib/libcrypto/man/X509_new.3
  stable/12/secure/lib/libcrypto/man/X509_sign.3
  stable/12/secure/lib/libcrypto/man/X509_verify_cert.3
  stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
  stable/12/secure/lib/libcrypto/man/d2i_DHparams.3
  stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
  stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3
  stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
  stable/12/secure/lib/libcrypto/man/d2i_X509.3
  stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
  stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
  stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
  stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3
  stable/12/secure/usr.bin/openssl/man/CA.pl.1
  stable/12/secure/usr.bin/openssl/man/asn1parse.1
  stable/12/secure/usr.bin/openssl/man/ca.1
  stable/12/secure/usr.bin/openssl/man/ciphers.1
  stable/12/secure/usr.bin/openssl/man/cms.1
  stable/12/secure/usr.bin/openssl/man/crl.1
  stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1
  stable/12/secure/usr.bin/openssl/man/dgst.1
  stable/12/secure/usr.bin/openssl/man/dhparam.1
  stable/12/secure/usr.bin/openssl/man/dsa.1
  stable/12/secure/usr.bin/openssl/man/dsaparam.1
  stable/12/secure/usr.bin/openssl/man/ec.1
  stable/12/secure/usr.bin/openssl/man/ecparam.1
  stable/12/secure/usr.bin/openssl/man/enc.1
  stable/12/secure/usr.bin/openssl/man/engine.1
  stable/12/secure/usr.bin/openssl/man/errstr.1
  stable/12/secure/usr.bin/openssl/man/gendsa.1
  stable/12/secure/usr.bin/openssl/man/genpkey.1
  stable/12/secure/usr.bin/openssl/man/genrsa.1
  stable/12/secure/usr.bin/openssl/man/list.1
  stable/12/secure/usr.bin/openssl/man/nseq.1
  stable/12/secure/usr.bin/openssl/man/ocsp.1
  stable/12/secure/usr.bin/openssl/man/openssl.1
  stable/12/secure/usr.bin/openssl/man/passwd.1
  stable/12/secure/usr.bin/openssl/man/pkcs12.1
  stable/12/secure/usr.bin/openssl/man/pkcs7.1
  stable/12/secure/usr.bin/openssl/man/pkcs8.1
  stable/12/secure/usr.bin/openssl/man/pkey.1
  stable/12/secure/usr.bin/openssl/man/pkeyparam.1
  stable/12/secure/usr.bin/openssl/man/pkeyutl.1
  stable/12/secure/usr.bin/openssl/man/prime.1
  stable/12/secure/usr.bin/openssl/man/rand.1
  stable/12/secure/usr.bin/openssl/man/req.1
  stable/12/secure/usr.bin/openssl/man/rsa.1
  stable/12/secure/usr.bin/openssl/man/rsautl.1
  stable/12/secure/usr.bin/openssl/man/s_client.1
  stable/12/secure/usr.bin/openssl/man/s_server.1
  stable/12/secure/usr.bin/openssl/man/s_time.1
  stable/12/secure/usr.bin/openssl/man/sess_id.1
  stable/12/secure/usr.bin/openssl/man/smime.1
  stable/12/secure/usr.bin/openssl/man/speed.1
  stable/12/secure/usr.bin/openssl/man/spkac.1
  stable/12/secure/usr.bin/openssl/man/srp.1
  stable/12/secure/usr.bin/openssl/man/storeutl.1
  stable/12/secure/usr.bin/openssl/man/ts.1
  stable/12/secure/usr.bin/openssl/man/tsget.1
  stable/12/secure/usr.bin/openssl/man/verify.1
  stable/12/secure/usr.bin/openssl/man/version.1
  stable/12/secure/usr.bin/openssl/man/x509.1
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/ObsoleteFiles.inc
==============================================================================
--- stable/12/ObsoleteFiles.inc	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/ObsoleteFiles.inc	Tue Sep 10 21:13:37 2019	(r352192)
@@ -38,6 +38,9 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20190910: OpenSSL 1.1.1d
+OLD_FILES+=usr/share/openssl/man/man3/d2i_ECDSA_SIG.3.gz
+OLD_FILES+=usr/share/openssl/man/man3/i2d_ECDSA_SIG.3.gz
 # 20190811: sys/pwm.h renamed to dev/pwmc.h and pwm(9) removed
 OLD_FILES+=usr/include/sys/pwm.h usr/share/man/man9/pwm.9
 # 20190723: new clang import which bumps version from 8.0.0 to 8.0.1.

Modified: stable/12/crypto/openssl/CHANGES
==============================================================================
--- stable/12/crypto/openssl/CHANGES	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/CHANGES	Tue Sep 10 21:13:37 2019	(r352192)
@@ -7,6 +7,101 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
+
+  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+     number generator (RNG). This was intended to include protection in the
+     event of a fork() system call in order to ensure that the parent and child
+     processes did not share the same RNG state. However this protection was not
+     being used in the default case.
+
+     A partial mitigation for this issue is that the output from a high
+     precision timer is mixed into the RNG state so the likelihood of a parent
+     and child process sharing state is significantly reduced.
+
+     If an application already calls OPENSSL_init_crypto() explicitly using
+     OPENSSL_INIT_ATFORK then this problem does not occur at all.
+     (CVE-2019-1549)
+     [Matthias St. Pierre]
+
+  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
+     used even when parsing explicit parameters, when loading a serialized key
+     or calling `EC_GROUP_new_from_ecpkparameters()`/
+     `EC_GROUP_new_from_ecparameters()`.
+     This prevents bypass of security hardening and performance gains,
+     especially for curves with specialized EC_METHODs.
+     By default, if a key encoded with explicit parameters is loaded and later
+     serialized, the output is still encoded with explicit parameters, even if
+     internally a "named" EC_GROUP is used for computation.
+     [Nicola Tuveri]
+
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+     this change, EC_GROUP_set_generator would accept order and/or cofactor as
+     NULL. After this change, only the cofactor parameter can be NULL. It also
+     does some minimal sanity checks on the passed order.
+     (CVE-2019-1547)
+     [Billy Bob Brumley]
+
+  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+     An attack is simple, if the first CMS_recipientInfo is valid but the
+     second CMS_recipientInfo is chosen ciphertext. If the second
+     recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+     encryption key will be replaced by garbage, and the message cannot be
+     decoded, but if the RSA decryption fails, the correct encryption key is
+     used and the recipient will not notice the attack.
+     As a work around for this potential attack the length of the decrypted
+     key must be equal to the cipher default key length, in case the
+     certifiate is not given and all recipientInfo are tried out.
+     The old behaviour can be re-enabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag.
+     (CVE-2019-1563)
+     [Bernd Edlinger]
+
+  *) Early start up entropy quality from the DEVRANDOM seed source has been
+     improved for older Linux systems.  The RAND subsystem will wait for
+     /dev/random to be producing output before seeding from /dev/urandom.
+     The seeded state is stored for future library initialisations using
+     a system global shared memory segment.  The shared memory identifier
+     can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+     the desired value.  The default identifier is 114.
+     [Paul Dale]
+
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
+  *) Use Windows installation paths in the mingw builds
+
+     Mingw isn't a POSIX environment per se, which means that Windows
+     paths should be used for installation.
+     (CVE-2019-1552)
+     [Richard Levitte]
+
+  *) Changed DH_check to accept parameters with order q and 2q subgroups.
+     With order 2q subgroups the bit 0 of the private key is not secret
+     but DH_generate_key works around that by clearing bit 0 of the
+     private key for those. This avoids leaking bit 0 of the private key.
+     [Bernd Edlinger]
+
+  *) Significantly reduce secure memory usage by the randomness pools.
+     [Paul Dale]
+
+  *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+     The DEVRANDOM_WAIT feature added a select() call to wait for the
+     /dev/random device to become readable before reading from the
+     /dev/urandom device.
+
+     It turned out that this change had negative side effects on
+     performance which were not acceptable. After some discussion it
+     was decided to revert this feature and leave it up to the OS
+     resp. the platform maintainer to ensure a proper initialization
+     during early boot time.
+     [Matthias St. Pierre]
+
  Changes between 1.1.1b and 1.1.1c [28 May 2019]
 
   *) Add build tests for C++.  These are generated files that only do one
@@ -75,6 +170,16 @@
      (CVE-2019-1543)
      [Matt Caswell]
 
+  *) Add DEVRANDOM_WAIT feature for Linux systems
+
+     On older Linux systems where the getrandom() system call is not available,
+     OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+     Contrary to getrandom(), the /dev/urandom device will not block during
+     early boot when the kernel CSPRNG has not been seeded yet.
+
+     To mitigate this known weakness, use select() to wait for /dev/random to
+     become readable before reading from /dev/urandom.
+
   *) Ensure that SM2 only uses SM3 as digest algorithm
      [Paul Yang]
 
@@ -322,7 +427,7 @@
         SSL_set_ciphersuites()
      [Matt Caswell]
 
-  *) Memory allocation failures consistenly add an error to the error
+  *) Memory allocation failures consistently add an error to the error
      stack.
      [Rich Salz]
 
@@ -6860,7 +6965,7 @@
      reason texts, thereby removing some of the footprint that may not
      be interesting if those errors aren't displayed anyway.
 
-     NOTE: it's still possible for any application or module to have it's
+     NOTE: it's still possible for any application or module to have its
      own set of error texts inserted.  The routines are there, just not
      used by default when no-err is given.
      [Richard Levitte]
@@ -8826,7 +8931,7 @@ des-cbc           3624.96k     5258.21k     5530.91k  
  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
 
   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
-     memory from it's contents.  This is done with a counter that will
+     memory from its contents.  This is done with a counter that will
      place alternating values in each byte.  This can be used to solve
      two issues: 1) the removal of calls to memset() by highly optimizing
      compilers, and 2) cleansing with other values than 0, since those can

Modified: stable/12/crypto/openssl/Configure
==============================================================================
--- stable/12/crypto/openssl/Configure	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/Configure	Tue Sep 10 21:13:37 2019	(r352192)
@@ -87,9 +87,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-
 #               linked openssl executable has rather debugging value than
 #               production quality.
 #
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-#               provided to stack calls. Generates unique stack functions for
-#               each possible stack type.
 # BN_LLONG      use the type 'long long' in crypto/bn/bn.h
 # RC4_CHAR      use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # Following are set automatically by this script
@@ -145,13 +142,13 @@ my @gcc_devteam_warn = qw(
 #       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
 my @clang_devteam_warn = qw(
+    -Wno-unknown-warning-option
     -Wswitch-default
     -Wno-parentheses-equality
     -Wno-language-extension-token
     -Wno-extended-offsetof
     -Wconditional-uninitialized
     -Wincompatible-pointer-types-discards-qualifiers
-    -Wno-unknown-warning-option
     -Wmissing-variable-declarations
 );
 

Modified: stable/12/crypto/openssl/INSTALL
==============================================================================
--- stable/12/crypto/openssl/INSTALL	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/INSTALL	Tue Sep 10 21:13:37 2019	(r352192)
@@ -98,6 +98,9 @@
     $ nmake test
     $ nmake install
 
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
  If any of these steps fails, see section Installation in Detail below.
 
  This will build and install OpenSSL in the default location, which is:
@@ -107,6 +110,12 @@
            OpenSSL version number with underscores instead of periods.
   Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
 
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or install
+ engines. If you already have a pre-installed version of OpenSSL as part of
+ your Operating System it is recommended that you do not overwrite the system
+ version and instead install to somewhere else.
+
  If you want to install it anywhere else, run config like this:
 
   On Unix:
@@ -135,7 +144,10 @@
                    Don't build with support for deprecated APIs below the
                    specified version number. For example "--api=1.1.0" will
                    remove support for all APIS that were deprecated in OpenSSL
-                   version 1.1.0 or below.
+                   version 1.1.0 or below. This is a rather specialized option
+                   for developers. If you just intend to remove all deprecated
+                   APIs entirely (up to the current version), it is easier
+                   to add the 'no-deprecated' option instead (see below).
 
   --cross-compile-prefix=PREFIX
                    The PREFIX to include in front of commands for your
@@ -229,7 +241,7 @@
                                source exists.
                    getrandom:  Use the L<getrandom(2)> or equivalent system
                                call.
-                   devrandom:  Use the the first device from the DEVRANDOM list
+                   devrandom:  Use the first device from the DEVRANDOM list
                                which can be opened to read random bytes. The
                                DEVRANDOM preprocessor constant expands to
                                "/dev/urandom","/dev/random","/dev/srandom" on
@@ -908,8 +920,11 @@
        $ mms install                                    ! OpenVMS
        $ nmake install                                  # Windows
 
-     This will install all the software components in this directory
-     tree under PREFIX (the directory given with --prefix or its
+     Note that in order to perform the install step above you need to have
+     appropriate permissions to write to the installation directory.
+
+     The above commands will install all the software components in this
+     directory tree under PREFIX (the directory given with --prefix or its
      default):
 
        Unix:
@@ -964,6 +979,12 @@
          private        Initially empty, this is the default location
                         for private key files.
          misc           Various scripts.
+
+     The installation directory should be appropriately protected to ensure
+     unprivileged users cannot make changes to OpenSSL binaries or files, or
+     install engines. If you already have a pre-installed version of OpenSSL as
+     part of your Operating System it is recommended that you do not overwrite
+     the system version and instead install to somewhere else.
 
      Package builders who want to configure the library for standard
      locations, but have the package installed somewhere else so that

Modified: stable/12/crypto/openssl/NEWS
==============================================================================
--- stable/12/crypto/openssl/NEWS	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/NEWS	Tue Sep 10 21:13:37 2019	(r352192)
@@ -5,6 +5,23 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
+
+      o Fixed a fork protection issue (CVE-2019-1549)
+      o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Early start up entropy quality from the DEVRANDOM seed source has been
+        improved for older Linux systems
+      o Correct the extended master secret constant on EBCDIC systems
+      o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+      o Changed DH_check to accept parameters with order q and 2q subgroups
+      o Significantly reduce secure memory usage by the randomness pools
+      o Revert the DEVRANDOM_WAIT feature for Linux systems
+
   Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
 
       o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
@@ -601,7 +618,7 @@
 
   Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
 
-      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+      o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
 
   Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
 

Modified: stable/12/crypto/openssl/README
==============================================================================
--- stable/12/crypto/openssl/README	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/README	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1c 28 May 2019
+ OpenSSL 1.1.1d 10 Sep 2019
 
  Copyright (c) 1998-2019 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

Modified: stable/12/crypto/openssl/apps/apps.c
==============================================================================
--- stable/12/crypto/openssl/apps/apps.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/apps.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -40,12 +40,19 @@
 #endif
 #include <openssl/bn.h>
 #include <openssl/ssl.h>
-#include "s_apps.h"
 #include "apps.h"
 
 #ifdef _WIN32
 static int WIN32_rename(const char *from, const char *to);
 # define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# define _kbhit kbhit
 #endif
 
 typedef struct {

Modified: stable/12/crypto/openssl/apps/apps.h
==============================================================================
--- stable/12/crypto/openssl/apps/apps.h	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/apps.h	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -444,11 +444,9 @@ void destroy_ui_method(void);
 const UI_METHOD *get_ui_method(void);
 
 int chopup_args(ARGS *arg, char *buf);
-# ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, const char *title, X509_NAME *nm,
                 unsigned long lflags);
-# endif
 void print_bignum_var(BIO *, const BIGNUM *, const char*,
                       int, unsigned char *);
 void print_array(BIO *, const char *, int, const unsigned char *);

Modified: stable/12/crypto/openssl/apps/ca.c
==============================================================================
--- stable/12/crypto/openssl/apps/ca.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/ca.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -722,7 +722,7 @@ end_of_options:
 
     /*****************************************************************/
     if (req || gencrl) {
-        if (spkac_file != NULL) {
+        if (spkac_file != NULL && outfile != NULL) {
             output_der = 1;
             batch = 1;
         }

Modified: stable/12/crypto/openssl/apps/dgst.c
==============================================================================
--- stable/12/crypto/openssl/apps/dgst.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/dgst.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -421,7 +421,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int s
     size_t len;
     int i;
 
-    for (;;) {
+    while (BIO_pending(bp) || !BIO_eof(bp)) {
         i = BIO_read(bp, (char *)buf, BUFSIZE);
         if (i < 0) {
             BIO_printf(bio_err, "Read Error in %s\n", file);

Modified: stable/12/crypto/openssl/apps/enc.c
==============================================================================
--- stable/12/crypto/openssl/apps/enc.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/enc.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -586,7 +586,7 @@ int enc_main(int argc, char **argv)
     if (benc != NULL)
         wbio = BIO_push(benc, wbio);
 
-    for (;;) {
+    while (BIO_pending(rbio) || !BIO_eof(rbio)) {
         inl = BIO_read(rbio, (char *)buff, bsize);
         if (inl <= 0)
             break;

Modified: stable/12/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/12/crypto/openssl/apps/ocsp.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/ocsp.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb
         *q = '\0';
 
         /*
-         * Skip "GET / HTTP..." requests often used by load-balancers
+         * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+         * 'p' was incremented above to point to the first byte *after* the
+         * leading slash, so with 'GET / ' it is now an empty string.
          */
-        if (p[1] == '\0')
+        if (p[0] == '\0')
             goto out;
 
         len = urldecode(p);

Modified: stable/12/crypto/openssl/apps/openssl.c
==============================================================================
--- stable/12/crypto/openssl/apps/openssl.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/openssl.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,7 +22,6 @@
 # include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#include "s_apps.h"
 /* Needed to get the other O_xxx flags. */
 #ifdef OPENSSL_SYS_VMS
 # include <unixio.h>

Modified: stable/12/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/12/crypto/openssl/apps/pkcs12.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/pkcs12.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -838,7 +838,7 @@ static int alg_print(const X509_ALGOR *alg)
                 goto done;
             }
             BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
-                       "Block size(r): %ld, Paralelizm(p): %ld",
+                       "Block size(r): %ld, Parallelism(p): %ld",
                        ASN1_STRING_length(kdf->salt),
                        ASN1_INTEGER_get(kdf->costParameter),
                        ASN1_INTEGER_get(kdf->blockSize),

Modified: stable/12/crypto/openssl/apps/req.c
==============================================================================
--- stable/12/crypto/openssl/apps/req.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/req.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -881,9 +881,19 @@ int req_main(int argc, char **argv)
 
     if (text) {
         if (x509)
-            X509_print_ex(out, x509ss, get_nameopt(), reqflag);
+            ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag);
         else
-            X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+            ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+
+        if (ret == 0) {
+            if (x509)
+              BIO_printf(bio_err, "Error printing certificate\n");
+            else
+              BIO_printf(bio_err, "Error printing certificate request\n");
+
+            ERR_print_errors(bio_err);
+            goto end;
+        }
     }
 
     if (subject) {

Modified: stable/12/crypto/openssl/apps/s_apps.h
==============================================================================
--- stable/12/crypto/openssl/apps/s_apps.h	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/s_apps.h	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,14 +9,8 @@
 
 #include <openssl/opensslconf.h>
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-# include <conio.h>
-#endif
+#include <openssl/ssl.h>
 
-#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
-# define _kbhit kbhit
-#endif
-
 #define PORT            "4433"
 #define PROTOCOL        "tcp"
 
@@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot
 int do_server(int *accept_sock, const char *host, const char *port,
               int family, int type, int protocol, do_server_cb cb,
               unsigned char *context, int naccept, BIO *bio_s_out);
-#ifdef HEADER_X509_H
+
 int verify_callback(int ok, X509_STORE_CTX *ctx);
-#endif
-#ifdef HEADER_SSL_H
+
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
                        STACK_OF(X509) *chain, int build_chain);
 int ssl_print_sigalgs(BIO *out, SSL *s);
 int ssl_print_point_formats(BIO *out, SSL *s);
 int ssl_print_groups(BIO *out, SSL *s, int noshared);
-#endif
 int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, const char *host, const char *port,
                 const char *bindhost, const char *bindport,
@@ -44,13 +36,11 @@ int should_retry(int i);
 long bio_dump_callback(BIO *bio, int cmd, const char *argp,
                        int argi, long argl, long ret);
 
-#ifdef HEADER_SSL_H
 void apps_ssl_info_callback(const SSL *s, int where, int ret);
 void msg_cb(int write_p, int version, int content_type, const void *buf,
             size_t len, SSL *ssl, void *arg);
 void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
                int len, void *arg);
-#endif
 
 int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
                              unsigned int *cookie_len);
@@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc);
 int load_excert(SSL_EXCERT **pexc);
 void print_verify_detail(SSL *s, BIO *bio);
 void print_ssl_summary(SSL *s);
-#ifdef HEADER_SSL_H
 int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
                      int crl_download);
@@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApat
 void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
 int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
 void print_ca_names(BIO *bio, SSL *s);
-#endif

Modified: stable/12/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_cb.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/s_cb.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1525,7 +1525,8 @@ void print_ca_names(BIO *bio, SSL *s)
     int i;
 
     if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
-        BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+        if (!SSL_is_server(s))
+            BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
         return;
     }
 

Modified: stable/12/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_client.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/s_client.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -2345,7 +2345,7 @@ int s_client_main(int argc, char **argv)
             (void)BIO_flush(fbio);
             /*
              * The first line is the HTTP response.  According to RFC 7230,
-             * it's formated exactly like this:
+             * it's formatted exactly like this:
              *
              * HTTP/d.d ddd Reason text\r\n
              */

Modified: stable/12/crypto/openssl/apps/speed.c
==============================================================================
--- stable/12/crypto/openssl/apps/speed.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/speed.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1790,7 +1790,7 @@ int speed_main(int argc, char **argv)
         }
 
         buflen = lengths[size_num - 1];
-        if (buflen < 36)    /* size of random vector in RSA bencmark */
+        if (buflen < 36)    /* size of random vector in RSA benchmark */
             buflen = 36;
         buflen += MAX_MISALIGNMENT + 1;
         loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");

Modified: stable/12/crypto/openssl/apps/storeutl.c
==============================================================================
--- stable/12/crypto/openssl/apps/storeutl.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/apps/storeutl.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[])
                 }
                 /*
                  * If expected wasn't set at this point, it means the map
-                 * isn't syncronised with the possible options leading here.
+                 * isn't synchronised with the possible options leading here.
                  */
                 OPENSSL_assert(expected != 0);
             }

Modified: stable/12/crypto/openssl/config
==============================================================================
--- stable/12/crypto/openssl/config	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/config	Tue Sep 10 21:13:37 2019	(r352192)
@@ -498,12 +498,12 @@ case "$GUESSOS" in
 	    OUT="darwin64-x86_64-cc"
 	fi ;;
   armv6+7-*-iphoneos)
-	__CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7"
-	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7"
+	__CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7"
+	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7"
 	OUT="iphoneos-cross" ;;
   *-*-iphoneos)
-	__CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}"
-	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}"
+	__CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}"
+	__CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}"
 	OUT="iphoneos-cross" ;;
   arm64-*-iphoneos|*-*-ios64)
 	OUT="ios64-cross" ;;

Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl
==============================================================================
--- stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -38,14 +38,14 @@
 # Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
 # for 128-bit keys, if hardware support is detected.
 
-# Januray 2009.
+# January 2009.
 #
 # Add support for hardware AES192/256 and reschedule instructions to
 # minimize/avoid Address Generation Interlock hazard and to favour
 # dual-issue z10 pipeline. This gave ~25% improvement on z10 and
 # almost 50% on z9. The gain is smaller on z10, because being dual-
 # issue z10 makes it impossible to eliminate the interlock condition:
-# critial path is not long enough. Yet it spends ~24 cycles per byte
+# critical path is not long enough. Yet it spends ~24 cycles per byte
 # processed with 128-bit key.
 #
 # Unlike previous version hardware support detection takes place only

Modified: stable/12/crypto/openssl/crypto/asn1/a_time.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/a_time.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/asn1/a_time.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -67,7 +67,7 @@ static void determine_days(struct tm *tm)
     }
     c = y / 100;
     y %= 100;
-    /* Zeller's congruance */
+    /* Zeller's congruence */
     tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
 }
 
@@ -79,7 +79,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
     char *a;
     int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
     struct tm tmp;
-
+#if defined(CHARSET_EBCDIC)
+    const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
+#else
+    const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
+#endif
     /*
      * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
      * time string format, in which:
@@ -120,20 +124,20 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
     if (l < min_l)
         goto err;
     for (i = 0; i < end; i++) {
-        if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+        if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
             i++;
             break;
         }
-        if (!ossl_isdigit(a[o]))
+        if (!ascii_isdigit(a[o]))
             goto err;
-        n = a[o] - '0';
+        n = a[o] - num_zero;
         /* incomplete 2-digital number */
         if (++o == l)
             goto err;
 
-        if (!ossl_isdigit(a[o]))
+        if (!ascii_isdigit(a[o]))
             goto err;
-        n = (n * 10) + a[o] - '0';
+        n = (n * 10) + a[o] - num_zero;
         /* no more bytes to read, but we haven't seen time-zone yet */
         if (++o == l)
             goto err;
@@ -185,14 +189,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
      * Optional fractional seconds: decimal point followed by one or more
      * digits.
      */
-    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') {
+    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
         if (strict)
             /* RFC 5280 forbids fractional seconds */
             goto err;
         if (++o == l)
             goto err;
         i = o;
-        while ((o < l) && ossl_isdigit(a[o]))
+        while ((o < l) && ascii_isdigit(a[o]))
             o++;
         /* Must have at least one digit after decimal point */
         if (i == o)
@@ -207,10 +211,10 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
      * 'o' can point to '\0' is either the subsequent if or the first
      * else if is true.
      */
-    if (a[o] == 'Z') {
+    if (a[o] == upper_z) {
         o++;
-    } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) {
-        int offsign = a[o] == '-' ? 1 : -1;
+    } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
+        int offsign = a[o] == minus ? 1 : -1;
         int offset = 0;
 
         o++;
@@ -223,13 +227,13 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
         if (o + 4 != l)
             goto err;
         for (i = end; i < end + 2; i++) {
-            if (!ossl_isdigit(a[o]))
+            if (!ascii_isdigit(a[o]))
                 goto err;
-            n = a[o] - '0';
+            n = a[o] - num_zero;
             o++;
-            if (!ossl_isdigit(a[o]))
+            if (!ascii_isdigit(a[o]))
                 goto err;
-            n = (n * 10) + a[o] - '0';
+            n = (n * 10) + a[o] - num_zero;
             i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
             if ((n < min[i2]) || (n > max[i2]))
                 goto err;
@@ -300,7 +304,7 @@ ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *
                                     ts->tm_mday, ts->tm_hour, ts->tm_min,
                                     ts->tm_sec);
 
-#ifdef CHARSET_EBCDIC_not
+#ifdef CHARSET_EBCDIC
     ebcdic2ascii(tmps->data, tmps->data, tmps->length);
 #endif
     return tmps;
@@ -467,6 +471,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
     char *v;
     int gmt = 0, l;
     struct tm stm;
+    const char upper_z = 0x5A, period = 0x2E;
 
     if (!asn1_time_to_tm(&stm, tm)) {
         /* asn1_time_to_tm will check the time type */
@@ -475,7 +480,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 
     l = tm->length;
     v = (char *)tm->data;
-    if (v[l - 1] == 'Z')
+    if (v[l - 1] == upper_z)
         gmt = 1;
 
     if (tm->type == V_ASN1_GENERALIZEDTIME) {
@@ -486,10 +491,10 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
          * Try to parse fractional seconds. '14' is the place of
          * 'fraction point' in a GeneralizedTime string.
          */
-        if (tm->length > 15 && v[14] == '.') {
+        if (tm->length > 15 && v[14] == period) {
             f = &v[14];
             f_len = 1;
-            while (14 + f_len < l && ossl_isdigit(f[f_len]))
+            while (14 + f_len < l && ascii_isdigit(f[f_len]))
                 ++f_len;
         }
 

Modified: stable/12/crypto/openssl/crypto/asn1/a_type.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/a_type.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/asn1/a_type.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,7 +15,9 @@
 
 int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
-    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+    if (a->type == V_ASN1_BOOLEAN
+            || a->type == V_ASN1_NULL
+            || a->value.ptr != NULL)
         return a->type;
     else
         return 0;
@@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a)
 
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 {
-    if (a->value.ptr != NULL) {
+    if (a->type != V_ASN1_BOOLEAN
+            && a->type != V_ASN1_NULL
+            && a->value.ptr != NULL) {
         ASN1_TYPE **tmp_a = &a;
         asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
     }

Modified: stable/12/crypto/openssl/crypto/asn1/x_bignum.c
==============================================================================
--- stable/12/crypto/openssl/crypto/asn1/x_bignum.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/asn1/x_bignum.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned ch
 static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                          int utype, char *free_cont, const ASN1_ITEM *it)
 {
-    if (!*pval)
-        bn_secure_new(pval, it);
-    return bn_c2i(pval, cont, len, utype, free_cont, it);
+    int ret;
+    BIGNUM *bn;
+
+    if (!*pval && !bn_secure_new(pval, it))
+        return 0;
+
+    ret = bn_c2i(pval, cont, len, utype, free_cont, it);
+    if (!ret)
+        return 0;
+
+    /* Set constant-time flag for all secure BIGNUMS */
+    bn = (BIGNUM *)*pval;
+    BN_set_flags(bn, BN_FLG_CONSTTIME);
+    return ret;
 }
 
 static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,

Modified: stable/12/crypto/openssl/crypto/bio/b_addr.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/b_addr.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/bio/b_addr.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -675,7 +675,7 @@ int BIO_lookup_ex(const char *host, const char *servic
 
     if (1) {
 #ifdef AI_PASSIVE
-        int gai_ret = 0;
+        int gai_ret = 0, old_ret = 0;
         struct addrinfo hints;
 
         memset(&hints, 0, sizeof(hints));
@@ -683,12 +683,12 @@ int BIO_lookup_ex(const char *host, const char *servic
         hints.ai_family = family;
         hints.ai_socktype = socktype;
         hints.ai_protocol = protocol;
-#ifdef AI_ADDRCONFIG
-#ifdef AF_UNSPEC
+# ifdef AI_ADDRCONFIG
+#  ifdef AF_UNSPEC
         if (family == AF_UNSPEC)
-#endif
+#  endif
             hints.ai_flags |= AI_ADDRCONFIG;
-#endif
+# endif
 
         if (lookup_type == BIO_LOOKUP_SERVER)
             hints.ai_flags |= AI_PASSIVE;
@@ -696,6 +696,7 @@ int BIO_lookup_ex(const char *host, const char *servic
         /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
          * macro magic in bio_lcl.h
          */
+      retry:
         switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
 # ifdef EAI_SYSTEM
         case EAI_SYSTEM:
@@ -703,12 +704,25 @@ int BIO_lookup_ex(const char *host, const char *servic
             BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
             break;
 # endif
+# ifdef EAI_MEMORY
+        case EAI_MEMORY:
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+            break;
+# endif
         case 0:
             ret = 1;             /* Success */
             break;
         default:
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
+            if (hints.ai_flags & AI_ADDRCONFIG) {
+                hints.ai_flags &= ~AI_ADDRCONFIG;
+                hints.ai_flags |= AI_NUMERICHOST;
+                old_ret = gai_ret;
+                goto retry;
+            }
+# endif
             BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
-            ERR_add_error_data(1, gai_strerror(gai_ret));
+            ERR_add_error_data(1, gai_strerror(old_ret ? old_ret : gai_ret));
             break;
         }
     } else {

Modified: stable/12/crypto/openssl/crypto/bio/bss_dgram.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bss_dgram.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/bio/bss_dgram.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void
      * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
      * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
      * value has been updated to a non-clashing value. However to preserve
-     * binary compatiblity we now respond to both the old value and the new one
+     * binary compatibility we now respond to both the old value and the new one
      */
     case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
     case BIO_CTRL_DGRAM_SET_PEEK_MODE:

Modified: stable/12/crypto/openssl/crypto/bio/bss_file.c
==============================================================================
--- stable/12/crypto/openssl/crypto/bio/bss_file.c	Tue Sep 10 21:08:17 2019	(r352191)
+++ stable/12/crypto/openssl/crypto/bio/bss_file.c	Tue Sep 10 21:13:37 2019	(r352192)
@@ -7,10 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_BSS_FILE_C
-# define HEADER_BSS_FILE_C
-
-# if defined(__linux) || defined(__sun) || defined(__hpux)
+#if defined(__linux) || defined(__sun) || defined(__hpux)
 /*
  * Following definition aliases fopen to fopen64 on above mentioned
  * platforms. This makes it possible to open and sequentially access files
@@ -23,17 +20,17 @@
  * of 32-bit platforms which allow for sequential access of large files
  * without extra "magic" comprise *BSD, Darwin, IRIX...
  */
-#  ifndef _FILE_OFFSET_BITS
-#   define _FILE_OFFSET_BITS 64
-#  endif
+# ifndef _FILE_OFFSET_BITS
+#  define _FILE_OFFSET_BITS 64
 # endif
+#endif
 
-# include <stdio.h>
-# include <errno.h>
-# include "bio_lcl.h"
-# include <openssl/err.h>
+#include <stdio.h>
+#include <errno.h>
+#include "bio_lcl.h"
+#include <openssl/err.h>
 
-# if !defined(OPENSSL_NO_STDIO)
+#if !defined(OPENSSL_NO_STDIO)
 
 static int file_write(BIO *h, const char *buf, int num);
 static int file_read(BIO *h, char *buf, int size);
@@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mo
         SYSerr(SYS_F_FOPEN, get_last_sys_error());
         ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
         if (errno == ENOENT
-# ifdef ENXIO
+#ifdef ENXIO
             || errno == ENXIO
-# endif
+#endif
             )
             BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
         else
@@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void 
         b->shutdown = (int)num & BIO_CLOSE;
         b->ptr = ptr;
         b->init = 1;
-#  if BIO_FLAGS_UPLINK!=0
-#   if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-#    define _IOB_ENTRIES 20
-#   endif
+# if BIO_FLAGS_UPLINK!=0
+#  if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#   define _IOB_ENTRIES 20
+#  endif
         /* Safety net to catch purely internal BIO_set_fp calls */
-#   if defined(_MSC_VER) && _MSC_VER>=1900
+#  if defined(_MSC_VER) && _MSC_VER>=1900
         if (ptr == stdin || ptr == stdout || ptr == stderr)
             BIO_clear_flags(b, BIO_FLAGS_UPLINK);
-#   elif defined(_IOB_ENTRIES)
+#  elif defined(_IOB_ENTRIES)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909102113.x8ALDceq088282>