From owner-svn-src-stable-12@freebsd.org Tue Sep 10 21:13:44 2019 Return-Path: Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57A33E4ADC; Tue, 10 Sep 2019 21:13:44 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46Sd7D2MBzz42t4; Tue, 10 Sep 2019 21:13:44 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 194AE2C17F; Tue, 10 Sep 2019 21:13:44 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x8ALDijN088314; Tue, 10 Sep 2019 21:13:44 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x8ALDceq088282; Tue, 10 Sep 2019 21:13:38 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201909102113.x8ALDceq088282@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 10 Sep 2019 21:13:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r352192 - in stable/12: . crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/cryp... X-SVN-Group: stable-12 X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in stable/12: . crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/cryp... X-SVN-Commit-Revision: 352192 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Sep 2019 21:13:44 -0000 Author: jkim Date: Tue Sep 10 21:13:37 2019 New Revision: 352192 URL: https://svnweb.freebsd.org/changeset/base/352192 Log: MFC: r352191 Merge OpenSSL 1.1.1d. Added: stable/12/crypto/openssl/doc/man3/CRYPTO_memcmp.pod - copied unchanged from r352191, head/crypto/openssl/doc/man3/CRYPTO_memcmp.pod stable/12/crypto/openssl/doc/man3/X509_cmp.pod - copied unchanged from r352191, head/crypto/openssl/doc/man3/X509_cmp.pod stable/12/secure/lib/libcrypto/man/CRYPTO_memcmp.3 - copied unchanged from r352191, head/secure/lib/libcrypto/man/CRYPTO_memcmp.3 stable/12/secure/lib/libcrypto/man/X509_cmp.3 - copied unchanged from r352191, head/secure/lib/libcrypto/man/X509_cmp.3 Deleted: stable/12/crypto/openssl/crypto/aes/asm/aes-586.pl stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S stable/12/secure/lib/libcrypto/i386/aes-586.S Modified: stable/12/ObsoleteFiles.inc stable/12/crypto/openssl/CHANGES stable/12/crypto/openssl/Configure stable/12/crypto/openssl/INSTALL stable/12/crypto/openssl/NEWS stable/12/crypto/openssl/README stable/12/crypto/openssl/apps/apps.c stable/12/crypto/openssl/apps/apps.h stable/12/crypto/openssl/apps/ca.c stable/12/crypto/openssl/apps/dgst.c stable/12/crypto/openssl/apps/enc.c stable/12/crypto/openssl/apps/ocsp.c stable/12/crypto/openssl/apps/openssl.c stable/12/crypto/openssl/apps/pkcs12.c stable/12/crypto/openssl/apps/req.c stable/12/crypto/openssl/apps/s_apps.h stable/12/crypto/openssl/apps/s_cb.c stable/12/crypto/openssl/apps/s_client.c stable/12/crypto/openssl/apps/speed.c stable/12/crypto/openssl/apps/storeutl.c stable/12/crypto/openssl/config stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl stable/12/crypto/openssl/crypto/asn1/a_time.c stable/12/crypto/openssl/crypto/asn1/a_type.c stable/12/crypto/openssl/crypto/asn1/x_bignum.c stable/12/crypto/openssl/crypto/bio/b_addr.c stable/12/crypto/openssl/crypto/bio/bss_dgram.c stable/12/crypto/openssl/crypto/bio/bss_file.c stable/12/crypto/openssl/crypto/bio/bss_mem.c stable/12/crypto/openssl/crypto/bn/asm/mips.pl stable/12/crypto/openssl/crypto/bn/bn_div.c stable/12/crypto/openssl/crypto/bn/bn_lcl.h stable/12/crypto/openssl/crypto/bn/bn_lib.c stable/12/crypto/openssl/crypto/bn/bn_prime.c stable/12/crypto/openssl/crypto/bn/bn_rand.c stable/12/crypto/openssl/crypto/bn/bn_sqrt.c stable/12/crypto/openssl/crypto/cms/cms_att.c stable/12/crypto/openssl/crypto/cms/cms_env.c stable/12/crypto/openssl/crypto/cms/cms_err.c stable/12/crypto/openssl/crypto/cms/cms_lcl.h stable/12/crypto/openssl/crypto/cms/cms_sd.c stable/12/crypto/openssl/crypto/cms/cms_smime.c stable/12/crypto/openssl/crypto/conf/conf_sap.c stable/12/crypto/openssl/crypto/ctype.c stable/12/crypto/openssl/crypto/dh/dh_check.c stable/12/crypto/openssl/crypto/dh/dh_gen.c stable/12/crypto/openssl/crypto/dh/dh_key.c stable/12/crypto/openssl/crypto/dh/dh_lib.c stable/12/crypto/openssl/crypto/dsa/dsa_ameth.c stable/12/crypto/openssl/crypto/dsa/dsa_err.c stable/12/crypto/openssl/crypto/dsa/dsa_ossl.c stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl stable/12/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl stable/12/crypto/openssl/crypto/ec/ec_asn1.c stable/12/crypto/openssl/crypto/ec/ec_curve.c stable/12/crypto/openssl/crypto/ec/ec_lcl.h stable/12/crypto/openssl/crypto/ec/ec_lib.c stable/12/crypto/openssl/crypto/ec/ecdh_ossl.c stable/12/crypto/openssl/crypto/ec/ecdsa_ossl.c stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c stable/12/crypto/openssl/crypto/ec/ecp_nistputil.c stable/12/crypto/openssl/crypto/ec/ecx_meth.c stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c stable/12/crypto/openssl/crypto/engine/eng_openssl.c stable/12/crypto/openssl/crypto/err/err.c stable/12/crypto/openssl/crypto/err/openssl.txt stable/12/crypto/openssl/crypto/evp/bio_ok.c stable/12/crypto/openssl/crypto/evp/e_aes.c stable/12/crypto/openssl/crypto/evp/e_aria.c stable/12/crypto/openssl/crypto/evp/e_chacha20_poly1305.c stable/12/crypto/openssl/crypto/evp/e_rc5.c stable/12/crypto/openssl/crypto/evp/evp_err.c stable/12/crypto/openssl/crypto/evp/evp_lib.c stable/12/crypto/openssl/crypto/evp/m_sha3.c stable/12/crypto/openssl/crypto/include/internal/ctype.h stable/12/crypto/openssl/crypto/include/internal/rand_int.h stable/12/crypto/openssl/crypto/include/internal/sm2err.h stable/12/crypto/openssl/crypto/init.c stable/12/crypto/openssl/crypto/lhash/lhash.c stable/12/crypto/openssl/crypto/o_str.c stable/12/crypto/openssl/crypto/pem/pvkfmt.c stable/12/crypto/openssl/crypto/pkcs7/pk7_doit.c stable/12/crypto/openssl/crypto/rand/drbg_lib.c stable/12/crypto/openssl/crypto/rand/rand_err.c stable/12/crypto/openssl/crypto/rand/rand_lcl.h stable/12/crypto/openssl/crypto/rand/rand_lib.c stable/12/crypto/openssl/crypto/rand/rand_unix.c stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c stable/12/crypto/openssl/crypto/rsa/rsa_err.c stable/12/crypto/openssl/crypto/rsa/rsa_gen.c stable/12/crypto/openssl/crypto/rsa/rsa_lib.c stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c stable/12/crypto/openssl/crypto/s390xcap.c stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl stable/12/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl stable/12/crypto/openssl/crypto/sm2/sm2_sign.c stable/12/crypto/openssl/crypto/store/loader_file.c stable/12/crypto/openssl/crypto/store/store_lib.c stable/12/crypto/openssl/crypto/threads_none.c stable/12/crypto/openssl/crypto/threads_pthread.c stable/12/crypto/openssl/crypto/ui/ui_lib.c stable/12/crypto/openssl/crypto/ui/ui_openssl.c stable/12/crypto/openssl/crypto/uid.c stable/12/crypto/openssl/crypto/whrlpool/wp_block.c stable/12/crypto/openssl/crypto/x509/by_dir.c stable/12/crypto/openssl/crypto/x509/t_req.c stable/12/crypto/openssl/crypto/x509/x509_att.c stable/12/crypto/openssl/crypto/x509/x509_cmp.c stable/12/crypto/openssl/crypto/x509/x509_err.c stable/12/crypto/openssl/crypto/x509/x509_lu.c stable/12/crypto/openssl/crypto/x509/x509_vfy.c stable/12/crypto/openssl/crypto/x509v3/v3_alt.c stable/12/crypto/openssl/crypto/x509v3/v3_purp.c stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt stable/12/crypto/openssl/doc/man1/engine.pod stable/12/crypto/openssl/doc/man1/errstr.pod stable/12/crypto/openssl/doc/man1/pkcs12.pod stable/12/crypto/openssl/doc/man1/pkeyparam.pod stable/12/crypto/openssl/doc/man1/s_client.pod stable/12/crypto/openssl/doc/man1/s_server.pod stable/12/crypto/openssl/doc/man3/ADMISSIONS.pod stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod stable/12/crypto/openssl/doc/man3/BIO_connect.pod stable/12/crypto/openssl/doc/man3/BIO_f_ssl.pod stable/12/crypto/openssl/doc/man3/BIO_find_type.pod stable/12/crypto/openssl/doc/man3/BIO_new.pod stable/12/crypto/openssl/doc/man3/BIO_s_accept.pod stable/12/crypto/openssl/doc/man3/BIO_s_bio.pod stable/12/crypto/openssl/doc/man3/BIO_s_connect.pod stable/12/crypto/openssl/doc/man3/BIO_s_fd.pod stable/12/crypto/openssl/doc/man3/BIO_s_mem.pod stable/12/crypto/openssl/doc/man3/BIO_set_callback.pod stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod stable/12/crypto/openssl/doc/man3/BN_mod_mul_montgomery.pod stable/12/crypto/openssl/doc/man3/BN_new.pod stable/12/crypto/openssl/doc/man3/CMS_final.pod stable/12/crypto/openssl/doc/man3/CRYPTO_THREAD_run_once.pod stable/12/crypto/openssl/doc/man3/DES_random_key.pod stable/12/crypto/openssl/doc/man3/DSA_generate_key.pod stable/12/crypto/openssl/doc/man3/DSA_sign.pod stable/12/crypto/openssl/doc/man3/ECDSA_SIG_new.pod stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod stable/12/crypto/openssl/doc/man3/EVP_SealInit.pod stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod stable/12/crypto/openssl/doc/man3/EVP_VerifyInit.pod stable/12/crypto/openssl/doc/man3/EVP_aria.pod stable/12/crypto/openssl/doc/man3/EVP_md5.pod stable/12/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod stable/12/crypto/openssl/doc/man3/OCSP_REQUEST_new.pod stable/12/crypto/openssl/doc/man3/OPENSSL_fork_prepare.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod stable/12/crypto/openssl/doc/man3/PKCS12_newpass.pod stable/12/crypto/openssl/doc/man3/RAND_DRBG_set_callbacks.pod stable/12/crypto/openssl/doc/man3/RAND_set_rand_method.pod stable/12/crypto/openssl/doc/man3/RSA_blinding_on.pod stable/12/crypto/openssl/doc/man3/RSA_generate_key.pod stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod stable/12/crypto/openssl/doc/man3/RSA_public_encrypt.pod stable/12/crypto/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_new.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_cipher_list.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_id_context.pod stable/12/crypto/openssl/doc/man3/SSL_CTX_set_verify.pod stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod stable/12/crypto/openssl/doc/man3/SSL_get_error.pod stable/12/crypto/openssl/doc/man3/SSL_library_init.pod stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod stable/12/crypto/openssl/doc/man3/SSL_write.pod stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_get_error.pod stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod stable/12/crypto/openssl/doc/man3/X509_STORE_add_cert.pod stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod stable/12/crypto/openssl/doc/man3/X509_get_extension_flags.pod stable/12/crypto/openssl/doc/man3/d2i_X509.pod stable/12/crypto/openssl/doc/man5/x509v3_config.pod stable/12/crypto/openssl/doc/man7/Ed25519.pod stable/12/crypto/openssl/doc/man7/RAND.pod stable/12/crypto/openssl/doc/man7/SM2.pod stable/12/crypto/openssl/doc/man7/X25519.pod stable/12/crypto/openssl/doc/man7/bio.pod stable/12/crypto/openssl/doc/man7/scrypt.pod stable/12/crypto/openssl/e_os.h stable/12/crypto/openssl/engines/build.info stable/12/crypto/openssl/engines/e_afalg.c stable/12/crypto/openssl/include/internal/constant_time_locl.h stable/12/crypto/openssl/include/internal/cryptlib.h stable/12/crypto/openssl/include/internal/dsoerr.h stable/12/crypto/openssl/include/internal/refcount.h stable/12/crypto/openssl/include/internal/thread_once.h stable/12/crypto/openssl/include/internal/tsan_assist.h stable/12/crypto/openssl/include/openssl/asn1err.h stable/12/crypto/openssl/include/openssl/asyncerr.h stable/12/crypto/openssl/include/openssl/bio.h stable/12/crypto/openssl/include/openssl/bioerr.h stable/12/crypto/openssl/include/openssl/bnerr.h stable/12/crypto/openssl/include/openssl/buffererr.h stable/12/crypto/openssl/include/openssl/cms.h stable/12/crypto/openssl/include/openssl/cmserr.h stable/12/crypto/openssl/include/openssl/comperr.h stable/12/crypto/openssl/include/openssl/conferr.h stable/12/crypto/openssl/include/openssl/cryptoerr.h stable/12/crypto/openssl/include/openssl/cterr.h stable/12/crypto/openssl/include/openssl/dherr.h stable/12/crypto/openssl/include/openssl/dsaerr.h stable/12/crypto/openssl/include/openssl/ec.h stable/12/crypto/openssl/include/openssl/ecerr.h stable/12/crypto/openssl/include/openssl/engineerr.h stable/12/crypto/openssl/include/openssl/evp.h stable/12/crypto/openssl/include/openssl/evperr.h stable/12/crypto/openssl/include/openssl/kdferr.h stable/12/crypto/openssl/include/openssl/objectserr.h stable/12/crypto/openssl/include/openssl/ocsperr.h stable/12/crypto/openssl/include/openssl/opensslv.h stable/12/crypto/openssl/include/openssl/pemerr.h stable/12/crypto/openssl/include/openssl/pkcs12err.h stable/12/crypto/openssl/include/openssl/pkcs7err.h stable/12/crypto/openssl/include/openssl/randerr.h stable/12/crypto/openssl/include/openssl/rsaerr.h stable/12/crypto/openssl/include/openssl/ssl.h stable/12/crypto/openssl/include/openssl/sslerr.h stable/12/crypto/openssl/include/openssl/store.h stable/12/crypto/openssl/include/openssl/storeerr.h stable/12/crypto/openssl/include/openssl/tls1.h stable/12/crypto/openssl/include/openssl/tserr.h stable/12/crypto/openssl/include/openssl/uierr.h stable/12/crypto/openssl/include/openssl/x509err.h stable/12/crypto/openssl/include/openssl/x509v3.h stable/12/crypto/openssl/include/openssl/x509v3err.h stable/12/crypto/openssl/ssl/d1_msg.c stable/12/crypto/openssl/ssl/record/rec_layer_s3.c stable/12/crypto/openssl/ssl/s3_lib.c stable/12/crypto/openssl/ssl/ssl_cert.c stable/12/crypto/openssl/ssl/ssl_ciph.c stable/12/crypto/openssl/ssl/ssl_lib.c stable/12/crypto/openssl/ssl/ssl_locl.h stable/12/crypto/openssl/ssl/ssl_sess.c stable/12/crypto/openssl/ssl/statem/extensions.c stable/12/crypto/openssl/ssl/statem/extensions_clnt.c stable/12/crypto/openssl/ssl/statem/extensions_srvr.c stable/12/crypto/openssl/ssl/statem/statem_clnt.c stable/12/crypto/openssl/ssl/statem/statem_lib.c stable/12/crypto/openssl/ssl/statem/statem_srvr.c stable/12/crypto/openssl/ssl/t1_lib.c stable/12/crypto/openssl/ssl/tls13_enc.c stable/12/secure/lib/libcrypto/Makefile stable/12/secure/lib/libcrypto/Makefile.asm stable/12/secure/lib/libcrypto/Makefile.inc stable/12/secure/lib/libcrypto/Makefile.man stable/12/secure/lib/libcrypto/Version.map stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S stable/12/secure/lib/libcrypto/arm/keccak1600-armv4.S stable/12/secure/lib/libcrypto/man/ADMISSIONS.3 stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3 stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3 stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3 stable/12/secure/lib/libcrypto/man/BF_encrypt.3 stable/12/secure/lib/libcrypto/man/BIO_ADDR.3 stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3 stable/12/secure/lib/libcrypto/man/BIO_connect.3 stable/12/secure/lib/libcrypto/man/BIO_ctrl.3 stable/12/secure/lib/libcrypto/man/BIO_f_base64.3 stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/12/secure/lib/libcrypto/man/BIO_f_md.3 stable/12/secure/lib/libcrypto/man/BIO_f_null.3 stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/12/secure/lib/libcrypto/man/BIO_find_type.3 stable/12/secure/lib/libcrypto/man/BIO_get_data.3 stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/BIO_meth_new.3 stable/12/secure/lib/libcrypto/man/BIO_new.3 stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3 stable/12/secure/lib/libcrypto/man/BIO_printf.3 stable/12/secure/lib/libcrypto/man/BIO_push.3 stable/12/secure/lib/libcrypto/man/BIO_read.3 stable/12/secure/lib/libcrypto/man/BIO_s_accept.3 stable/12/secure/lib/libcrypto/man/BIO_s_bio.3 stable/12/secure/lib/libcrypto/man/BIO_s_connect.3 stable/12/secure/lib/libcrypto/man/BIO_s_fd.3 stable/12/secure/lib/libcrypto/man/BIO_s_file.3 stable/12/secure/lib/libcrypto/man/BIO_s_mem.3 stable/12/secure/lib/libcrypto/man/BIO_s_null.3 stable/12/secure/lib/libcrypto/man/BIO_s_socket.3 stable/12/secure/lib/libcrypto/man/BIO_set_callback.3 stable/12/secure/lib/libcrypto/man/BIO_should_retry.3 stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/12/secure/lib/libcrypto/man/BN_CTX_new.3 stable/12/secure/lib/libcrypto/man/BN_CTX_start.3 stable/12/secure/lib/libcrypto/man/BN_add.3 stable/12/secure/lib/libcrypto/man/BN_add_word.3 stable/12/secure/lib/libcrypto/man/BN_bn2bin.3 stable/12/secure/lib/libcrypto/man/BN_cmp.3 stable/12/secure/lib/libcrypto/man/BN_copy.3 stable/12/secure/lib/libcrypto/man/BN_generate_prime.3 stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/12/secure/lib/libcrypto/man/BN_new.3 stable/12/secure/lib/libcrypto/man/BN_num_bytes.3 stable/12/secure/lib/libcrypto/man/BN_rand.3 stable/12/secure/lib/libcrypto/man/BN_security_bits.3 stable/12/secure/lib/libcrypto/man/BN_set_bit.3 stable/12/secure/lib/libcrypto/man/BN_swap.3 stable/12/secure/lib/libcrypto/man/BN_zero.3 stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3 stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/12/secure/lib/libcrypto/man/CMS_compress.3 stable/12/secure/lib/libcrypto/man/CMS_decrypt.3 stable/12/secure/lib/libcrypto/man/CMS_encrypt.3 stable/12/secure/lib/libcrypto/man/CMS_final.3 stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/12/secure/lib/libcrypto/man/CMS_get0_type.3 stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/12/secure/lib/libcrypto/man/CMS_sign.3 stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/12/secure/lib/libcrypto/man/CMS_uncompress.3 stable/12/secure/lib/libcrypto/man/CMS_verify.3 stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/12/secure/lib/libcrypto/man/CONF_modules_free.3 stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3 stable/12/secure/lib/libcrypto/man/CTLOG_new.3 stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 stable/12/secure/lib/libcrypto/man/DES_random_key.3 stable/12/secure/lib/libcrypto/man/DH_generate_key.3 stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3 stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3 stable/12/secure/lib/libcrypto/man/DH_meth_new.3 stable/12/secure/lib/libcrypto/man/DH_new.3 stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3 stable/12/secure/lib/libcrypto/man/DH_set_method.3 stable/12/secure/lib/libcrypto/man/DH_size.3 stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/DSA_do_sign.3 stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/12/secure/lib/libcrypto/man/DSA_generate_key.3 stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3 stable/12/secure/lib/libcrypto/man/DSA_meth_new.3 stable/12/secure/lib/libcrypto/man/DSA_new.3 stable/12/secure/lib/libcrypto/man/DSA_set_method.3 stable/12/secure/lib/libcrypto/man/DSA_sign.3 stable/12/secure/lib/libcrypto/man/DSA_size.3 stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3 stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3 stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3 stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3 stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3 stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3 stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 stable/12/secure/lib/libcrypto/man/EC_KEY_new.3 stable/12/secure/lib/libcrypto/man/EC_POINT_add.3 stable/12/secure/lib/libcrypto/man/EC_POINT_new.3 stable/12/secure/lib/libcrypto/man/ENGINE_add.3 stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/12/secure/lib/libcrypto/man/ERR_clear_error.3 stable/12/secure/lib/libcrypto/man/ERR_error_string.3 stable/12/secure/lib/libcrypto/man/ERR_get_error.3 stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/12/secure/lib/libcrypto/man/ERR_load_strings.3 stable/12/secure/lib/libcrypto/man/ERR_print_errors.3 stable/12/secure/lib/libcrypto/man/ERR_put_error.3 stable/12/secure/lib/libcrypto/man/ERR_remove_state.3 stable/12/secure/lib/libcrypto/man/ERR_set_mark.3 stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3 stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/12/secure/lib/libcrypto/man/EVP_SealInit.3 stable/12/secure/lib/libcrypto/man/EVP_SignInit.3 stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/12/secure/lib/libcrypto/man/EVP_aes.3 stable/12/secure/lib/libcrypto/man/EVP_aria.3 stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3 stable/12/secure/lib/libcrypto/man/EVP_camellia.3 stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_chacha20.3 stable/12/secure/lib/libcrypto/man/EVP_des.3 stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_md2.3 stable/12/secure/lib/libcrypto/man/EVP_md4.3 stable/12/secure/lib/libcrypto/man/EVP_md5.3 stable/12/secure/lib/libcrypto/man/EVP_mdc2.3 stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_rc4.3 stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3 stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_sha1.3 stable/12/secure/lib/libcrypto/man/EVP_sha224.3 stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3 stable/12/secure/lib/libcrypto/man/EVP_sm3.3 stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3 stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3 stable/12/secure/lib/libcrypto/man/HMAC.3 stable/12/secure/lib/libcrypto/man/MD5.3 stable/12/secure/lib/libcrypto/man/MDC2_Init.3 stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3 stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3 stable/12/secure/lib/libcrypto/man/OCSP_response_status.3 stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3 stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/12/secure/lib/libcrypto/man/OPENSSL_config.3 stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3 stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3 stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3 stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 stable/12/secure/lib/libcrypto/man/PEM_read.3 stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3 stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3 stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/12/secure/lib/libcrypto/man/PKCS12_create.3 stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3 stable/12/secure/lib/libcrypto/man/PKCS12_parse.3 stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/12/secure/lib/libcrypto/man/PKCS7_sign.3 stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/12/secure/lib/libcrypto/man/PKCS7_verify.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 stable/12/secure/lib/libcrypto/man/RAND_add.3 stable/12/secure/lib/libcrypto/man/RAND_bytes.3 stable/12/secure/lib/libcrypto/man/RAND_cleanup.3 stable/12/secure/lib/libcrypto/man/RAND_egd.3 stable/12/secure/lib/libcrypto/man/RAND_load_file.3 stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/12/secure/lib/libcrypto/man/RC4_set_key.3 stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3 stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/12/secure/lib/libcrypto/man/RSA_check_key.3 stable/12/secure/lib/libcrypto/man/RSA_generate_key.3 stable/12/secure/lib/libcrypto/man/RSA_get0_key.3 stable/12/secure/lib/libcrypto/man/RSA_meth_new.3 stable/12/secure/lib/libcrypto/man/RSA_new.3 stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/12/secure/lib/libcrypto/man/RSA_print.3 stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/12/secure/lib/libcrypto/man/RSA_set_method.3 stable/12/secure/lib/libcrypto/man/RSA_sign.3 stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/12/secure/lib/libcrypto/man/RSA_size.3 stable/12/secure/lib/libcrypto/man/SCT_new.3 stable/12/secure/lib/libcrypto/man/SCT_print.3 stable/12/secure/lib/libcrypto/man/SCT_validate.3 stable/12/secure/lib/libcrypto/man/SHA256_Init.3 stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3 stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3 stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 stable/12/secure/lib/libcrypto/man/SSL_accept.3 stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3 stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3 stable/12/secure/lib/libcrypto/man/SSL_check_chain.3 stable/12/secure/lib/libcrypto/man/SSL_clear.3 stable/12/secure/lib/libcrypto/man/SSL_connect.3 stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3 stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3 stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3 stable/12/secure/lib/libcrypto/man/SSL_free.3 stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3 stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3 stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3 stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3 stable/12/secure/lib/libcrypto/man/SSL_get_error.3 stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3 stable/12/secure/lib/libcrypto/man/SSL_get_fd.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3 stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3 stable/12/secure/lib/libcrypto/man/SSL_get_session.3 stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3 stable/12/secure/lib/libcrypto/man/SSL_get_version.3 stable/12/secure/lib/libcrypto/man/SSL_in_init.3 stable/12/secure/lib/libcrypto/man/SSL_key_update.3 stable/12/secure/lib/libcrypto/man/SSL_library_init.3 stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 stable/12/secure/lib/libcrypto/man/SSL_new.3 stable/12/secure/lib/libcrypto/man/SSL_pending.3 stable/12/secure/lib/libcrypto/man/SSL_read.3 stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3 stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3 stable/12/secure/lib/libcrypto/man/SSL_session_reused.3 stable/12/secure/lib/libcrypto/man/SSL_set1_host.3 stable/12/secure/lib/libcrypto/man/SSL_set_bio.3 stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3 stable/12/secure/lib/libcrypto/man/SSL_set_fd.3 stable/12/secure/lib/libcrypto/man/SSL_set_session.3 stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3 stable/12/secure/lib/libcrypto/man/SSL_shutdown.3 stable/12/secure/lib/libcrypto/man/SSL_state_string.3 stable/12/secure/lib/libcrypto/man/SSL_want.3 stable/12/secure/lib/libcrypto/man/SSL_write.3 stable/12/secure/lib/libcrypto/man/UI_STRING.3 stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 stable/12/secure/lib/libcrypto/man/UI_create_method.3 stable/12/secure/lib/libcrypto/man/UI_new.3 stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3 stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3 stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3 stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3 stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3 stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3 stable/12/secure/lib/libcrypto/man/X509_STORE_new.3 stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/12/secure/lib/libcrypto/man/X509_check_ca.3 stable/12/secure/lib/libcrypto/man/X509_check_host.3 stable/12/secure/lib/libcrypto/man/X509_check_issued.3 stable/12/secure/lib/libcrypto/man/X509_check_private_key.3 stable/12/secure/lib/libcrypto/man/X509_cmp_time.3 stable/12/secure/lib/libcrypto/man/X509_digest.3 stable/12/secure/lib/libcrypto/man/X509_dup.3 stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3 stable/12/secure/lib/libcrypto/man/X509_get0_signature.3 stable/12/secure/lib/libcrypto/man/X509_get0_uids.3 stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3 stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3 stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3 stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3 stable/12/secure/lib/libcrypto/man/X509_get_version.3 stable/12/secure/lib/libcrypto/man/X509_new.3 stable/12/secure/lib/libcrypto/man/X509_sign.3 stable/12/secure/lib/libcrypto/man/X509_verify_cert.3 stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 stable/12/secure/lib/libcrypto/man/d2i_DHparams.3 stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3 stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 stable/12/secure/lib/libcrypto/man/d2i_X509.3 stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3 stable/12/secure/usr.bin/openssl/man/CA.pl.1 stable/12/secure/usr.bin/openssl/man/asn1parse.1 stable/12/secure/usr.bin/openssl/man/ca.1 stable/12/secure/usr.bin/openssl/man/ciphers.1 stable/12/secure/usr.bin/openssl/man/cms.1 stable/12/secure/usr.bin/openssl/man/crl.1 stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/12/secure/usr.bin/openssl/man/dgst.1 stable/12/secure/usr.bin/openssl/man/dhparam.1 stable/12/secure/usr.bin/openssl/man/dsa.1 stable/12/secure/usr.bin/openssl/man/dsaparam.1 stable/12/secure/usr.bin/openssl/man/ec.1 stable/12/secure/usr.bin/openssl/man/ecparam.1 stable/12/secure/usr.bin/openssl/man/enc.1 stable/12/secure/usr.bin/openssl/man/engine.1 stable/12/secure/usr.bin/openssl/man/errstr.1 stable/12/secure/usr.bin/openssl/man/gendsa.1 stable/12/secure/usr.bin/openssl/man/genpkey.1 stable/12/secure/usr.bin/openssl/man/genrsa.1 stable/12/secure/usr.bin/openssl/man/list.1 stable/12/secure/usr.bin/openssl/man/nseq.1 stable/12/secure/usr.bin/openssl/man/ocsp.1 stable/12/secure/usr.bin/openssl/man/openssl.1 stable/12/secure/usr.bin/openssl/man/passwd.1 stable/12/secure/usr.bin/openssl/man/pkcs12.1 stable/12/secure/usr.bin/openssl/man/pkcs7.1 stable/12/secure/usr.bin/openssl/man/pkcs8.1 stable/12/secure/usr.bin/openssl/man/pkey.1 stable/12/secure/usr.bin/openssl/man/pkeyparam.1 stable/12/secure/usr.bin/openssl/man/pkeyutl.1 stable/12/secure/usr.bin/openssl/man/prime.1 stable/12/secure/usr.bin/openssl/man/rand.1 stable/12/secure/usr.bin/openssl/man/req.1 stable/12/secure/usr.bin/openssl/man/rsa.1 stable/12/secure/usr.bin/openssl/man/rsautl.1 stable/12/secure/usr.bin/openssl/man/s_client.1 stable/12/secure/usr.bin/openssl/man/s_server.1 stable/12/secure/usr.bin/openssl/man/s_time.1 stable/12/secure/usr.bin/openssl/man/sess_id.1 stable/12/secure/usr.bin/openssl/man/smime.1 stable/12/secure/usr.bin/openssl/man/speed.1 stable/12/secure/usr.bin/openssl/man/spkac.1 stable/12/secure/usr.bin/openssl/man/srp.1 stable/12/secure/usr.bin/openssl/man/storeutl.1 stable/12/secure/usr.bin/openssl/man/ts.1 stable/12/secure/usr.bin/openssl/man/tsget.1 stable/12/secure/usr.bin/openssl/man/verify.1 stable/12/secure/usr.bin/openssl/man/version.1 stable/12/secure/usr.bin/openssl/man/x509.1 Directory Properties: stable/12/ (props changed) Modified: stable/12/ObsoleteFiles.inc ============================================================================== --- stable/12/ObsoleteFiles.inc Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/ObsoleteFiles.inc Tue Sep 10 21:13:37 2019 (r352192) @@ -38,6 +38,9 @@ # xargs -n1 | sort | uniq -d; # done +# 20190910: OpenSSL 1.1.1d +OLD_FILES+=usr/share/openssl/man/man3/d2i_ECDSA_SIG.3.gz +OLD_FILES+=usr/share/openssl/man/man3/i2d_ECDSA_SIG.3.gz # 20190811: sys/pwm.h renamed to dev/pwmc.h and pwm(9) removed OLD_FILES+=usr/include/sys/pwm.h usr/share/man/man9/pwm.9 # 20190723: new clang import which bumps version from 8.0.0 to 8.0.1. Modified: stable/12/crypto/openssl/CHANGES ============================================================================== --- stable/12/crypto/openssl/CHANGES Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/CHANGES Tue Sep 10 21:13:37 2019 (r352192) @@ -7,6 +7,101 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] + + *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random + number generator (RNG). This was intended to include protection in the + event of a fork() system call in order to ensure that the parent and child + processes did not share the same RNG state. However this protection was not + being used in the default case. + + A partial mitigation for this issue is that the output from a high + precision timer is mixed into the RNG state so the likelihood of a parent + and child process sharing state is significantly reduced. + + If an application already calls OPENSSL_init_crypto() explicitly using + OPENSSL_INIT_ATFORK then this problem does not occur at all. + (CVE-2019-1549) + [Matthias St. Pierre] + + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling `EC_GROUP_new_from_ecpkparameters()`/ + `EC_GROUP_new_from_ecparameters()`. + This prevents bypass of security hardening and performance gains, + especially for curves with specialized EC_METHODs. + By default, if a key encoded with explicit parameters is loaded and later + serialized, the output is still encoded with explicit parameters, even if + internally a "named" EC_GROUP is used for computation. + [Nicola Tuveri] + + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + (CVE-2019-1547) + [Billy Bob Brumley] + + *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + An attack is simple, if the first CMS_recipientInfo is valid but the + second CMS_recipientInfo is chosen ciphertext. If the second + recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct + encryption key will be replaced by garbage, and the message cannot be + decoded, but if the RSA decryption fails, the correct encryption key is + used and the recipient will not notice the attack. + As a work around for this potential attack the length of the decrypted + key must be equal to the cipher default key length, in case the + certifiate is not given and all recipientInfo are tried out. + The old behaviour can be re-enabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag. + (CVE-2019-1563) + [Bernd Edlinger] + + *) Early start up entropy quality from the DEVRANDOM seed source has been + improved for older Linux systems. The RAND subsystem will wait for + /dev/random to be producing output before seeding from /dev/urandom. + The seeded state is stored for future library initialisations using + a system global shared memory segment. The shared memory identifier + can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to + the desired value. The default identifier is 114. + [Paul Dale] + + *) Correct the extended master secret constant on EBCDIC systems. Without this + fix TLS connections between an EBCDIC system and a non-EBCDIC system that + negotiate EMS will fail. Unfortunately this also means that TLS connections + between EBCDIC systems with this fix, and EBCDIC systems without this + fix will fail if they negotiate EMS. + [Matt Caswell] + + *) Use Windows installation paths in the mingw builds + + Mingw isn't a POSIX environment per se, which means that Windows + paths should be used for installation. + (CVE-2019-1552) + [Richard Levitte] + + *) Changed DH_check to accept parameters with order q and 2q subgroups. + With order 2q subgroups the bit 0 of the private key is not secret + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + [Bernd Edlinger] + + *) Significantly reduce secure memory usage by the randomness pools. + [Paul Dale] + + *) Revert the DEVRANDOM_WAIT feature for Linux systems + + The DEVRANDOM_WAIT feature added a select() call to wait for the + /dev/random device to become readable before reading from the + /dev/urandom device. + + It turned out that this change had negative side effects on + performance which were not acceptable. After some discussion it + was decided to revert this feature and leave it up to the OS + resp. the platform maintainer to ensure a proper initialization + during early boot time. + [Matthias St. Pierre] + Changes between 1.1.1b and 1.1.1c [28 May 2019] *) Add build tests for C++. These are generated files that only do one @@ -75,6 +170,16 @@ (CVE-2019-1543) [Matt Caswell] + *) Add DEVRANDOM_WAIT feature for Linux systems + + On older Linux systems where the getrandom() system call is not available, + OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG. + Contrary to getrandom(), the /dev/urandom device will not block during + early boot when the kernel CSPRNG has not been seeded yet. + + To mitigate this known weakness, use select() to wait for /dev/random to + become readable before reading from /dev/urandom. + *) Ensure that SM2 only uses SM3 as digest algorithm [Paul Yang] @@ -322,7 +427,7 @@ SSL_set_ciphersuites() [Matt Caswell] - *) Memory allocation failures consistenly add an error to the error + *) Memory allocation failures consistently add an error to the error stack. [Rich Salz] @@ -6860,7 +6965,7 @@ reason texts, thereby removing some of the footprint that may not be interesting if those errors aren't displayed anyway. - NOTE: it's still possible for any application or module to have it's + NOTE: it's still possible for any application or module to have its own set of error texts inserted. The routines are there, just not used by default when no-err is given. [Richard Levitte] @@ -8826,7 +8931,7 @@ des-cbc 3624.96k 5258.21k 5530.91k Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of - memory from it's contents. This is done with a counter that will + memory from its contents. This is done with a counter that will place alternating values in each byte. This can be used to solve two issues: 1) the removal of calls to memset() by highly optimizing compilers, and 2) cleansing with other values than 0, since those can Modified: stable/12/crypto/openssl/Configure ============================================================================== --- stable/12/crypto/openssl/Configure Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/Configure Tue Sep 10 21:13:37 2019 (r352192) @@ -87,9 +87,6 @@ my $usage="Usage: Configure [no- ...] [enable- # linked openssl executable has rather debugging value than # production quality. # -# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items -# provided to stack calls. Generates unique stack functions for -# each possible stack type. # BN_LLONG use the type 'long long' in crypto/bn/bn.h # RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h # Following are set automatically by this script @@ -145,13 +142,13 @@ my @gcc_devteam_warn = qw( # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( + -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers - -Wno-unknown-warning-option -Wmissing-variable-declarations ); Modified: stable/12/crypto/openssl/INSTALL ============================================================================== --- stable/12/crypto/openssl/INSTALL Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/INSTALL Tue Sep 10 21:13:37 2019 (r352192) @@ -98,6 +98,9 @@ $ nmake test $ nmake install + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + If any of these steps fails, see section Installation in Detail below. This will build and install OpenSSL in the default location, which is: @@ -107,6 +110,12 @@ OpenSSL version number with underscores instead of periods. Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or install + engines. If you already have a pre-installed version of OpenSSL as part of + your Operating System it is recommended that you do not overwrite the system + version and instead install to somewhere else. + If you want to install it anywhere else, run config like this: On Unix: @@ -135,7 +144,10 @@ Don't build with support for deprecated APIs below the specified version number. For example "--api=1.1.0" will remove support for all APIS that were deprecated in OpenSSL - version 1.1.0 or below. + version 1.1.0 or below. This is a rather specialized option + for developers. If you just intend to remove all deprecated + APIs entirely (up to the current version), it is easier + to add the 'no-deprecated' option instead (see below). --cross-compile-prefix=PREFIX The PREFIX to include in front of commands for your @@ -229,7 +241,7 @@ source exists. getrandom: Use the L or equivalent system call. - devrandom: Use the the first device from the DEVRANDOM list + devrandom: Use the first device from the DEVRANDOM list which can be opened to read random bytes. The DEVRANDOM preprocessor constant expands to "/dev/urandom","/dev/random","/dev/srandom" on @@ -908,8 +920,11 @@ $ mms install ! OpenVMS $ nmake install # Windows - This will install all the software components in this directory - tree under PREFIX (the directory given with --prefix or its + Note that in order to perform the install step above you need to have + appropriate permissions to write to the installation directory. + + The above commands will install all the software components in this + directory tree under PREFIX (the directory given with --prefix or its default): Unix: @@ -964,6 +979,12 @@ private Initially empty, this is the default location for private key files. misc Various scripts. + + The installation directory should be appropriately protected to ensure + unprivileged users cannot make changes to OpenSSL binaries or files, or + install engines. If you already have a pre-installed version of OpenSSL as + part of your Operating System it is recommended that you do not overwrite + the system version and instead install to somewhere else. Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that Modified: stable/12/crypto/openssl/NEWS ============================================================================== --- stable/12/crypto/openssl/NEWS Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/NEWS Tue Sep 10 21:13:37 2019 (r352192) @@ -5,6 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] + + o Fixed a fork protection issue (CVE-2019-1549) + o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey + (CVE-2019-1563) + o For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters + o Compute ECC cofactors if not provided during EC_GROUP construction + (CVE-2019-1547) + o Early start up entropy quality from the DEVRANDOM seed source has been + improved for older Linux systems + o Correct the extended master secret constant on EBCDIC systems + o Use Windows installation paths in the mingw builds (CVE-2019-1552) + o Changed DH_check to accept parameters with order q and 2q subgroups + o Significantly reduce secure memory usage by the randomness pools + o Revert the DEVRANDOM_WAIT feature for Linux systems + Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) @@ -601,7 +618,7 @@ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: - o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. + o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: Modified: stable/12/crypto/openssl/README ============================================================================== --- stable/12/crypto/openssl/README Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/README Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1c 28 May 2019 + OpenSSL 1.1.1d 10 Sep 2019 Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/12/crypto/openssl/apps/apps.c ============================================================================== --- stable/12/crypto/openssl/apps/apps.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/apps.c Tue Sep 10 21:13:37 2019 (r352192) @@ -40,12 +40,19 @@ #endif #include #include -#include "s_apps.h" #include "apps.h" #ifdef _WIN32 static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) +#endif + +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# include +#endif + +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# define _kbhit kbhit #endif typedef struct { Modified: stable/12/crypto/openssl/apps/apps.h ============================================================================== --- stable/12/crypto/openssl/apps/apps.h Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/apps.h Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -444,11 +444,9 @@ void destroy_ui_method(void); const UI_METHOD *get_ui_method(void); int chopup_args(ARGS *arg, char *buf); -# ifdef HEADER_X509_H int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags); -# endif void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); Modified: stable/12/crypto/openssl/apps/ca.c ============================================================================== --- stable/12/crypto/openssl/apps/ca.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/ca.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -722,7 +722,7 @@ end_of_options: /*****************************************************************/ if (req || gencrl) { - if (spkac_file != NULL) { + if (spkac_file != NULL && outfile != NULL) { output_der = 1; batch = 1; } Modified: stable/12/crypto/openssl/apps/dgst.c ============================================================================== --- stable/12/crypto/openssl/apps/dgst.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/dgst.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -421,7 +421,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int s size_t len; int i; - for (;;) { + while (BIO_pending(bp) || !BIO_eof(bp)) { i = BIO_read(bp, (char *)buf, BUFSIZE); if (i < 0) { BIO_printf(bio_err, "Read Error in %s\n", file); Modified: stable/12/crypto/openssl/apps/enc.c ============================================================================== --- stable/12/crypto/openssl/apps/enc.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/enc.c Tue Sep 10 21:13:37 2019 (r352192) @@ -586,7 +586,7 @@ int enc_main(int argc, char **argv) if (benc != NULL) wbio = BIO_push(benc, wbio); - for (;;) { + while (BIO_pending(rbio) || !BIO_eof(rbio)) { inl = BIO_read(rbio, (char *)buff, bsize); if (inl <= 0) break; Modified: stable/12/crypto/openssl/apps/ocsp.c ============================================================================== --- stable/12/crypto/openssl/apps/ocsp.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/ocsp.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1416,9 +1416,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcb *q = '\0'; /* - * Skip "GET / HTTP..." requests often used by load-balancers + * Skip "GET / HTTP..." requests often used by load-balancers. Note: + * 'p' was incremented above to point to the first byte *after* the + * leading slash, so with 'GET / ' it is now an empty string. */ - if (p[1] == '\0') + if (p[0] == '\0') goto out; len = urldecode(p); Modified: stable/12/crypto/openssl/apps/openssl.c ============================================================================== --- stable/12/crypto/openssl/apps/openssl.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/openssl.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,6 @@ # include #endif #include -#include "s_apps.h" /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS # include Modified: stable/12/crypto/openssl/apps/pkcs12.c ============================================================================== --- stable/12/crypto/openssl/apps/pkcs12.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/pkcs12.c Tue Sep 10 21:13:37 2019 (r352192) @@ -838,7 +838,7 @@ static int alg_print(const X509_ALGOR *alg) goto done; } BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Paralelizm(p): %ld", + "Block size(r): %ld, Parallelism(p): %ld", ASN1_STRING_length(kdf->salt), ASN1_INTEGER_get(kdf->costParameter), ASN1_INTEGER_get(kdf->blockSize), Modified: stable/12/crypto/openssl/apps/req.c ============================================================================== --- stable/12/crypto/openssl/apps/req.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/req.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -881,9 +881,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, get_nameopt(), reqflag); + ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { Modified: stable/12/crypto/openssl/apps/s_apps.h ============================================================================== --- stable/12/crypto/openssl/apps/s_apps.h Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/s_apps.h Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,14 +9,8 @@ #include -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include -#endif +#include -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -# define _kbhit kbhit -#endif - #define PORT "4433" #define PROTOCOL "tcp" @@ -24,17 +18,15 @@ typedef int (*do_server_cb)(int s, int stype, int prot int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); -#ifdef HEADER_X509_H + int verify_callback(int ok, X509_STORE_CTX *ctx); -#endif -#ifdef HEADER_SSL_H + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_groups(BIO *out, SSL *s, int noshared); -#endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, @@ -44,13 +36,11 @@ int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -#ifdef HEADER_SSL_H void apps_ssl_info_callback(const SSL *s, int where, int ret); void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg); -#endif int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); @@ -75,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc); void print_verify_detail(SSL *s, BIO *bio); void print_ssl_summary(SSL *s); -#ifdef HEADER_SSL_H int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); @@ -86,4 +75,3 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApat void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); void print_ca_names(BIO *bio, SSL *s); -#endif Modified: stable/12/crypto/openssl/apps/s_cb.c ============================================================================== --- stable/12/crypto/openssl/apps/s_cb.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/s_cb.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1525,7 +1525,8 @@ void print_ca_names(BIO *bio, SSL *s) int i; if (sk == NULL || sk_X509_NAME_num(sk) == 0) { - BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); + if (!SSL_is_server(s)) + BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); return; } Modified: stable/12/crypto/openssl/apps/s_client.c ============================================================================== --- stable/12/crypto/openssl/apps/s_client.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/s_client.c Tue Sep 10 21:13:37 2019 (r352192) @@ -2345,7 +2345,7 @@ int s_client_main(int argc, char **argv) (void)BIO_flush(fbio); /* * The first line is the HTTP response. According to RFC 7230, - * it's formated exactly like this: + * it's formatted exactly like this: * * HTTP/d.d ddd Reason text\r\n */ Modified: stable/12/crypto/openssl/apps/speed.c ============================================================================== --- stable/12/crypto/openssl/apps/speed.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/speed.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1790,7 +1790,7 @@ int speed_main(int argc, char **argv) } buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA bencmark */ + if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); Modified: stable/12/crypto/openssl/apps/storeutl.c ============================================================================== --- stable/12/crypto/openssl/apps/storeutl.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/apps/storeutl.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,7 +125,7 @@ int storeutl_main(int argc, char *argv[]) } /* * If expected wasn't set at this point, it means the map - * isn't syncronised with the possible options leading here. + * isn't synchronised with the possible options leading here. */ OPENSSL_assert(expected != 0); } Modified: stable/12/crypto/openssl/config ============================================================================== --- stable/12/crypto/openssl/config Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/config Tue Sep 10 21:13:37 2019 (r352192) @@ -498,12 +498,12 @@ case "$GUESSOS" in OUT="darwin64-x86_64-cc" fi ;; armv6+7-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7" + __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" OUT="iphoneos-cross" ;; *-*-iphoneos) - __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}" + __CNF_CFLAGS="$__CNF_CFLAGS -arch ${MACHINE}" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch ${MACHINE}" OUT="iphoneos-cross" ;; arm64-*-iphoneos|*-*-ios64) OUT="ios64-cross" ;; Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl ============================================================================== --- stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/aes/asm/aes-s390x.pl Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,14 +38,14 @@ # Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided # for 128-bit keys, if hardware support is detected. -# Januray 2009. +# January 2009. # # Add support for hardware AES192/256 and reschedule instructions to # minimize/avoid Address Generation Interlock hazard and to favour # dual-issue z10 pipeline. This gave ~25% improvement on z10 and # almost 50% on z9. The gain is smaller on z10, because being dual- # issue z10 makes it impossible to eliminate the interlock condition: -# critial path is not long enough. Yet it spends ~24 cycles per byte +# critical path is not long enough. Yet it spends ~24 cycles per byte # processed with 128-bit key. # # Unlike previous version hardware support detection takes place only Modified: stable/12/crypto/openssl/crypto/asn1/a_time.c ============================================================================== --- stable/12/crypto/openssl/crypto/asn1/a_time.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/asn1/a_time.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ static void determine_days(struct tm *tm) } c = y / 100; y %= 100; - /* Zeller's congruance */ + /* Zeller's congruence */ tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; } @@ -79,7 +79,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) char *a; int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md; struct tm tmp; - +#if defined(CHARSET_EBCDIC) + const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B; +#else + const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+'; +#endif /* * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280 * time string format, in which: @@ -120,20 +124,20 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (l < min_l) goto err; for (i = 0; i < end; i++) { - if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) { i++; break; } - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = a[o] - '0'; + n = a[o] - num_zero; /* incomplete 2-digital number */ if (++o == l) goto err; - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = (n * 10) + a[o] - '0'; + n = (n * 10) + a[o] - num_zero; /* no more bytes to read, but we haven't seen time-zone yet */ if (++o == l) goto err; @@ -185,14 +189,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) * Optional fractional seconds: decimal point followed by one or more * digits. */ - if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') { + if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) { if (strict) /* RFC 5280 forbids fractional seconds */ goto err; if (++o == l) goto err; i = o; - while ((o < l) && ossl_isdigit(a[o])) + while ((o < l) && ascii_isdigit(a[o])) o++; /* Must have at least one digit after decimal point */ if (i == o) @@ -207,10 +211,10 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) * 'o' can point to '\0' is either the subsequent if or the first * else if is true. */ - if (a[o] == 'Z') { + if (a[o] == upper_z) { o++; - } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) { - int offsign = a[o] == '-' ? 1 : -1; + } else if (!strict && ((a[o] == plus) || (a[o] == minus))) { + int offsign = a[o] == minus ? 1 : -1; int offset = 0; o++; @@ -223,13 +227,13 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (o + 4 != l) goto err; for (i = end; i < end + 2; i++) { - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = a[o] - '0'; + n = a[o] - num_zero; o++; - if (!ossl_isdigit(a[o])) + if (!ascii_isdigit(a[o])) goto err; - n = (n * 10) + a[o] - '0'; + n = (n * 10) + a[o] - num_zero; i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; if ((n < min[i2]) || (n > max[i2])) goto err; @@ -300,7 +304,7 @@ ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm * ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); -#ifdef CHARSET_EBCDIC_not +#ifdef CHARSET_EBCDIC ebcdic2ascii(tmps->data, tmps->data, tmps->length); #endif return tmps; @@ -467,6 +471,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) char *v; int gmt = 0, l; struct tm stm; + const char upper_z = 0x5A, period = 0x2E; if (!asn1_time_to_tm(&stm, tm)) { /* asn1_time_to_tm will check the time type */ @@ -475,7 +480,7 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) l = tm->length; v = (char *)tm->data; - if (v[l - 1] == 'Z') + if (v[l - 1] == upper_z) gmt = 1; if (tm->type == V_ASN1_GENERALIZEDTIME) { @@ -486,10 +491,10 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) * Try to parse fractional seconds. '14' is the place of * 'fraction point' in a GeneralizedTime string. */ - if (tm->length > 15 && v[14] == '.') { + if (tm->length > 15 && v[14] == period) { f = &v[14]; f_len = 1; - while (14 + f_len < l && ossl_isdigit(f[f_len])) + while (14 + f_len < l && ascii_isdigit(f[f_len])) ++f_len; } Modified: stable/12/crypto/openssl/crypto/asn1/a_type.c ============================================================================== --- stable/12/crypto/openssl/crypto/asn1/a_type.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/asn1/a_type.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) { - if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + if (a->type == V_ASN1_BOOLEAN + || a->type == V_ASN1_NULL + || a->value.ptr != NULL) return a->type; else return 0; @@ -23,7 +25,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { - if (a->value.ptr != NULL) { + if (a->type != V_ASN1_BOOLEAN + && a->type != V_ASN1_NULL + && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } Modified: stable/12/crypto/openssl/crypto/asn1/x_bignum.c ============================================================================== --- stable/12/crypto/openssl/crypto/asn1/x_bignum.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/asn1/x_bignum.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned ch static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - if (!*pval) - bn_secure_new(pval, it); - return bn_c2i(pval, cont, len, utype, free_cont, it); + int ret; + BIGNUM *bn; + + if (!*pval && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); + if (!ret) + return 0; + + /* Set constant-time flag for all secure BIGNUMS */ + bn = (BIGNUM *)*pval; + BN_set_flags(bn, BN_FLG_CONSTTIME); + return ret; } static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, Modified: stable/12/crypto/openssl/crypto/bio/b_addr.c ============================================================================== --- stable/12/crypto/openssl/crypto/bio/b_addr.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/bio/b_addr.c Tue Sep 10 21:13:37 2019 (r352192) @@ -675,7 +675,7 @@ int BIO_lookup_ex(const char *host, const char *servic if (1) { #ifdef AI_PASSIVE - int gai_ret = 0; + int gai_ret = 0, old_ret = 0; struct addrinfo hints; memset(&hints, 0, sizeof(hints)); @@ -683,12 +683,12 @@ int BIO_lookup_ex(const char *host, const char *servic hints.ai_family = family; hints.ai_socktype = socktype; hints.ai_protocol = protocol; -#ifdef AI_ADDRCONFIG -#ifdef AF_UNSPEC +# ifdef AI_ADDRCONFIG +# ifdef AF_UNSPEC if (family == AF_UNSPEC) -#endif +# endif hints.ai_flags |= AI_ADDRCONFIG; -#endif +# endif if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; @@ -696,6 +696,7 @@ int BIO_lookup_ex(const char *host, const char *servic /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to * macro magic in bio_lcl.h */ + retry: switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { # ifdef EAI_SYSTEM case EAI_SYSTEM: @@ -703,12 +704,25 @@ int BIO_lookup_ex(const char *host, const char *servic BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); break; # endif +# ifdef EAI_MEMORY + case EAI_MEMORY: + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE); + break; +# endif case 0: ret = 1; /* Success */ break; default: +# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) + if (hints.ai_flags & AI_ADDRCONFIG) { + hints.ai_flags &= ~AI_ADDRCONFIG; + hints.ai_flags |= AI_NUMERICHOST; + old_ret = gai_ret; + goto retry; + } +# endif BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); - ERR_add_error_data(1, gai_strerror(gai_ret)); + ERR_add_error_data(1, gai_strerror(old_ret ? old_ret : gai_ret)); break; } } else { Modified: stable/12/crypto/openssl/crypto/bio/bss_dgram.c ============================================================================== --- stable/12/crypto/openssl/crypto/bio/bss_dgram.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/bio/bss_dgram.c Tue Sep 10 21:13:37 2019 (r352192) @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -784,7 +784,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The * value has been updated to a non-clashing value. However to preserve - * binary compatiblity we now respond to both the old value and the new one + * binary compatibility we now respond to both the old value and the new one */ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: case BIO_CTRL_DGRAM_SET_PEEK_MODE: Modified: stable/12/crypto/openssl/crypto/bio/bss_file.c ============================================================================== --- stable/12/crypto/openssl/crypto/bio/bss_file.c Tue Sep 10 21:08:17 2019 (r352191) +++ stable/12/crypto/openssl/crypto/bio/bss_file.c Tue Sep 10 21:13:37 2019 (r352192) @@ -7,10 +7,7 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BSS_FILE_C -# define HEADER_BSS_FILE_C - -# if defined(__linux) || defined(__sun) || defined(__hpux) +#if defined(__linux) || defined(__sun) || defined(__hpux) /* * Following definition aliases fopen to fopen64 on above mentioned * platforms. This makes it possible to open and sequentially access files @@ -23,17 +20,17 @@ * of 32-bit platforms which allow for sequential access of large files * without extra "magic" comprise *BSD, Darwin, IRIX... */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 # endif +#endif -# include -# include -# include "bio_lcl.h" -# include +#include +#include +#include "bio_lcl.h" +#include -# if !defined(OPENSSL_NO_STDIO) +#if !defined(OPENSSL_NO_STDIO) static int file_write(BIO *h, const char *buf, int num); static int file_read(BIO *h, char *buf, int size); @@ -72,9 +69,9 @@ BIO *BIO_new_file(const char *filename, const char *mo SYSerr(SYS_F_FOPEN, get_last_sys_error()); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT -# ifdef ENXIO +#ifdef ENXIO || errno == ENXIO -# endif +#endif ) BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); else @@ -212,33 +209,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void b->shutdown = (int)num & BIO_CLOSE; b->ptr = ptr; b->init = 1; -# if BIO_FLAGS_UPLINK!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif +# if BIO_FLAGS_UPLINK!=0 +# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +# define _IOB_ENTRIES 20 +# endif /* Safety net to catch purely internal BIO_set_fp calls */ -# if defined(_MSC_VER) && _MSC_VER>=1900 +# if defined(_MSC_VER) && _MSC_VER>=1900 if (ptr == stdin || ptr == stdout || ptr == stderr) BIO_clear_flags(b, BIO_FLAGS_UPLINK); -# elif defined(_IOB_ENTRIES) +# elif defined(_IOB_ENTRIES) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***