git: ad991e4c142e - main - OpenSSL: update to 3.0.12
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 18:57:29 UTC
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=ad991e4c142ebabad7aef488ad97b189ecabb270
commit ad991e4c142ebabad7aef488ad97b189ecabb270
Merge: 6869f90bf5bb 825caf7e1244
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-10-24 18:55:56 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-10-24 18:55:56 +0000
OpenSSL: update to 3.0.12
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
crypto/openssl/CHANGES.md | 9 +++
crypto/openssl/INSTALL.md | 4 +-
crypto/openssl/NEWS.md | 6 ++
crypto/openssl/VERSION.dat | 4 +-
crypto/openssl/apps/dgst.c | 2 +
crypto/openssl/apps/dhparam.c | 4 +-
crypto/openssl/apps/dsaparam.c | 4 +-
crypto/openssl/apps/enc.c | 5 +-
crypto/openssl/apps/gendsa.c | 4 +-
crypto/openssl/apps/genpkey.c | 4 +-
crypto/openssl/apps/genrsa.c | 4 +-
crypto/openssl/apps/lib/apps.c | 16 ++++--
crypto/openssl/apps/req.c | 2 +
crypto/openssl/apps/speed.c | 3 +-
crypto/openssl/crypto/aes/asm/aesv8-armx.pl | 3 +
crypto/openssl/crypto/arm_arch.h | 7 +--
crypto/openssl/crypto/bn/bn_gcd.c | 8 +--
crypto/openssl/crypto/build.info | 2 -
crypto/openssl/crypto/cms/cms_enc.c | 5 +-
crypto/openssl/crypto/cms/cms_err.c | 4 +-
crypto/openssl/crypto/cms/cms_sd.c | 14 ++++-
crypto/openssl/crypto/dh/dh_check.c | 3 +-
crypto/openssl/crypto/dh/dh_key.c | 3 +-
crypto/openssl/crypto/dh/dh_lib.c | 4 +-
crypto/openssl/crypto/dsa/dsa_check.c | 8 ++-
crypto/openssl/crypto/dsa/dsa_lib.c | 4 +-
crypto/openssl/crypto/dsa/dsa_ossl.c | 1 -
crypto/openssl/crypto/engine/eng_pkey.c | 44 ++++++++++++++-
crypto/openssl/crypto/engine/eng_table.c | 1 +
crypto/openssl/crypto/err/openssl.txt | 1 +
crypto/openssl/crypto/evp/evp_enc.c | 45 ++++++++++++++-
crypto/openssl/crypto/evp/legacy_sha.c | 8 ++-
crypto/openssl/crypto/evp/p_lib.c | 2 +-
crypto/openssl/crypto/evp/pmeth_lib.c | 5 +-
crypto/openssl/crypto/ex_data.c | 4 +-
crypto/openssl/crypto/ffc/ffc_key_validate.c | 16 ++----
crypto/openssl/crypto/lhash/lhash.c | 6 +-
crypto/openssl/crypto/mem.c | 12 +++-
crypto/openssl/crypto/modes/asm/ghashv8-armx.pl | 5 +-
crypto/openssl/crypto/objects/obj_dat.c | 7 ++-
crypto/openssl/crypto/param_build_set.c | 13 +++--
.../openssl/crypto/poly1305/asm/poly1305-armv8.pl | 26 ++++-----
crypto/openssl/crypto/property/property_parse.c | 34 +++++++++--
crypto/openssl/crypto/rsa/rsa_backend.c | 14 +----
crypto/openssl/crypto/rsa/rsa_lib.c | 32 ++++++++---
crypto/openssl/doc/man3/CMS_add1_signer.pod | 8 ++-
crypto/openssl/doc/man3/DH_generate_parameters.pod | 6 +-
.../openssl/doc/man3/DSA_generate_parameters.pod | 4 +-
crypto/openssl/doc/man3/EVP_aes_128_gcm.pod | 8 +--
crypto/openssl/doc/man3/EVP_aria_128_gcm.pod | 2 +-
crypto/openssl/doc/man3/EVP_bf_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_blake2b512.pod | 2 +-
crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod | 2 +-
crypto/openssl/doc/man3/EVP_cast5_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_chacha20.pod | 2 +-
crypto/openssl/doc/man3/EVP_des_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_desx_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_idea_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_md2.pod | 2 +-
crypto/openssl/doc/man3/EVP_md4.pod | 2 +-
crypto/openssl/doc/man3/EVP_md5.pod | 2 +-
crypto/openssl/doc/man3/EVP_mdc2.pod | 2 +-
crypto/openssl/doc/man3/EVP_rc2_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_rc4.pod | 2 +-
crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_ripemd160.pod | 2 +-
crypto/openssl/doc/man3/EVP_seed_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_sha1.pod | 2 +-
crypto/openssl/doc/man3/EVP_sha224.pod | 2 +-
crypto/openssl/doc/man3/EVP_sha3_224.pod | 2 +-
crypto/openssl/doc/man3/EVP_sm3.pod | 2 +-
crypto/openssl/doc/man3/EVP_sm4_cbc.pod | 2 +-
crypto/openssl/doc/man3/EVP_whirlpool.pod | 2 +-
crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod | 5 +-
.../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod | 10 +++-
.../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++--
.../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod | 4 +-
crypto/openssl/doc/man3/d2i_X509.pod | 26 +++++++--
crypto/openssl/include/openssl/cmserr.h | 3 +-
crypto/openssl/include/openssl/evp.h | 4 +-
crypto/openssl/include/openssl/opensslv.h | 10 ++--
crypto/openssl/include/openssl/pkcs7.h.in | 6 +-
crypto/openssl/providers/fips-sources.checksums | 40 ++++++-------
crypto/openssl/providers/fips.checksum | 2 +-
.../encode_decode/encode_key2text.c | 65 +++++++++-------------
.../providers/implementations/keymgmt/dh_kmgmt.c | 2 +-
.../providers/implementations/macs/kmac_prov.c | 6 +-
secure/lib/libcrypto/Makefile.inc | 4 +-
88 files changed, 442 insertions(+), 247 deletions(-)
diff --cc crypto/openssl/include/openssl/opensslv.h
index 0bf61ce6a9d7,000000000000..73590b76ca70
mode 100644,000000..100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@@ -1,114 -1,0 +1,114 @@@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/opensslv.h.in
+ *
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_OPENSSLV_H
+# define OPENSSL_OPENSSLV_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/*
+ * SECTION 1: VERSION DATA. These will change for each release
+ */
+
+/*
+ * Base version macros
+ *
+ * These macros express version number MAJOR.MINOR.PATCH exactly
+ */
+# define OPENSSL_VERSION_MAJOR 3
+# define OPENSSL_VERSION_MINOR 0
- # define OPENSSL_VERSION_PATCH 11
++# define OPENSSL_VERSION_PATCH 12
+
+/*
+ * Additional version information
+ *
+ * These are also part of the new version scheme, but aren't part
+ * of the version number itself.
+ */
+
+/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */
+# define OPENSSL_VERSION_PRE_RELEASE ""
+/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */
+/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */
+# define OPENSSL_VERSION_BUILD_METADATA ""
+
+/*
+ * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA
+ * to be anything but the empty string. Its use is entirely reserved for
+ * others
+ */
+
+/*
+ * Shared library version
+ *
+ * This is strictly to express ABI version, which may or may not
+ * be related to the API version expressed with the macros above.
+ * This is defined in free form.
+ */
+# define OPENSSL_SHLIB_VERSION 3
+
+/*
+ * SECTION 2: USEFUL MACROS
+ */
+
+/* For checking general API compatibility when preprocessing */
+# define OPENSSL_VERSION_PREREQ(maj,min) \
+ ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min))
+
+/*
+ * Macros to get the version in easily digested string form, both the short
+ * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced
+ * with the values from the corresponding OPENSSL_VERSION_ macros) and the
+ * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
+ * OPENSSL_VERSION_BUILD_METADATA_STR appended.
+ */
- # define OPENSSL_VERSION_STR "3.0.11"
- # define OPENSSL_FULL_VERSION_STR "3.0.11"
++# define OPENSSL_VERSION_STR "3.0.12"
++# define OPENSSL_FULL_VERSION_STR "3.0.12"
+
+/*
+ * SECTION 3: ADDITIONAL METADATA
+ *
+ * These strings are defined separately to allow them to be parsable.
+ */
- # define OPENSSL_RELEASE_DATE "19 Sep 2023"
++# define OPENSSL_RELEASE_DATE "24 Oct 2023"
+
+/*
+ * SECTION 4: BACKWARD COMPATIBILITY
+ */
+
- # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023"
++# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023"
+
+/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
+# ifdef OPENSSL_VERSION_PRE_RELEASE
+# define _OPENSSL_VERSION_PRE_RELEASE 0x0L
+# else
+# define _OPENSSL_VERSION_PRE_RELEASE 0xfL
+# endif
+# define OPENSSL_VERSION_NUMBER \
+ ( (OPENSSL_VERSION_MAJOR<<28) \
+ |(OPENSSL_VERSION_MINOR<<20) \
+ |(OPENSSL_VERSION_PATCH<<4) \
+ |_OPENSSL_VERSION_PRE_RELEASE )
+
+# ifdef __cplusplus
+}
+# endif
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define HEADER_OPENSSLV_H
+# endif
+
+#endif /* OPENSSL_OPENSSLV_H */
diff --cc secure/lib/libcrypto/Makefile.inc
index 7b016d988a34,000000000000..65925f972ba7
mode 100644,000000..100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@@ -1,22 -1,0 +1,22 @@@
+
+.include <bsd.own.mk>
+
+# OpenSSL version used for manual page generation
- OPENSSL_VER= 3.0.11
- OPENSSL_DATE= 2023-09-19
++OPENSSL_VER= 3.0.12
++OPENSSL_DATE= 2023-10-24
+
+LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
+LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
+
+CFLAGS+= -I${LCRYPTO_SRC}
+CFLAGS+= -I${LCRYPTO_SRC}/include
+CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include
+CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include
+
+.include "Makefile.common"
+
+.for pcfile in ${PCFILES}
+${pcfile}: ${pcfile}.in
+ sed -e 's,@openssl_ver@,${OPENSSL_VER},g' ${.ALLSRC} > ${.TARGET}
+.endfor
+CLEANFILES+= ${PCFILES}