git: ad991e4c142e - main - OpenSSL: update to 3.0.12
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 18:57:29 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ad991e4c142ebabad7aef488ad97b189ecabb270 commit ad991e4c142ebabad7aef488ad97b189ecabb270 Merge: 6869f90bf5bb 825caf7e1244 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-10-24 18:55:56 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-10-24 18:55:56 +0000 OpenSSL: update to 3.0.12 OpenSSL 3.0.12 addresses: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Relnotes: Yes Sponsored by: The FreeBSD Foundation crypto/openssl/CHANGES.md | 9 +++ crypto/openssl/INSTALL.md | 4 +- crypto/openssl/NEWS.md | 6 ++ crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/dgst.c | 2 + crypto/openssl/apps/dhparam.c | 4 +- crypto/openssl/apps/dsaparam.c | 4 +- crypto/openssl/apps/enc.c | 5 +- crypto/openssl/apps/gendsa.c | 4 +- crypto/openssl/apps/genpkey.c | 4 +- crypto/openssl/apps/genrsa.c | 4 +- crypto/openssl/apps/lib/apps.c | 16 ++++-- crypto/openssl/apps/req.c | 2 + crypto/openssl/apps/speed.c | 3 +- crypto/openssl/crypto/aes/asm/aesv8-armx.pl | 3 + crypto/openssl/crypto/arm_arch.h | 7 +-- crypto/openssl/crypto/bn/bn_gcd.c | 8 +-- crypto/openssl/crypto/build.info | 2 - crypto/openssl/crypto/cms/cms_enc.c | 5 +- crypto/openssl/crypto/cms/cms_err.c | 4 +- crypto/openssl/crypto/cms/cms_sd.c | 14 ++++- crypto/openssl/crypto/dh/dh_check.c | 3 +- crypto/openssl/crypto/dh/dh_key.c | 3 +- crypto/openssl/crypto/dh/dh_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_check.c | 8 ++- crypto/openssl/crypto/dsa/dsa_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_ossl.c | 1 - crypto/openssl/crypto/engine/eng_pkey.c | 44 ++++++++++++++- crypto/openssl/crypto/engine/eng_table.c | 1 + crypto/openssl/crypto/err/openssl.txt | 1 + crypto/openssl/crypto/evp/evp_enc.c | 45 ++++++++++++++- crypto/openssl/crypto/evp/legacy_sha.c | 8 ++- crypto/openssl/crypto/evp/p_lib.c | 2 +- crypto/openssl/crypto/evp/pmeth_lib.c | 5 +- crypto/openssl/crypto/ex_data.c | 4 +- crypto/openssl/crypto/ffc/ffc_key_validate.c | 16 ++---- crypto/openssl/crypto/lhash/lhash.c | 6 +- crypto/openssl/crypto/mem.c | 12 +++- crypto/openssl/crypto/modes/asm/ghashv8-armx.pl | 5 +- crypto/openssl/crypto/objects/obj_dat.c | 7 ++- crypto/openssl/crypto/param_build_set.c | 13 +++-- .../openssl/crypto/poly1305/asm/poly1305-armv8.pl | 26 ++++----- crypto/openssl/crypto/property/property_parse.c | 34 +++++++++-- crypto/openssl/crypto/rsa/rsa_backend.c | 14 +---- crypto/openssl/crypto/rsa/rsa_lib.c | 32 ++++++++--- crypto/openssl/doc/man3/CMS_add1_signer.pod | 8 ++- crypto/openssl/doc/man3/DH_generate_parameters.pod | 6 +- .../openssl/doc/man3/DSA_generate_parameters.pod | 4 +- crypto/openssl/doc/man3/EVP_aes_128_gcm.pod | 8 +-- crypto/openssl/doc/man3/EVP_aria_128_gcm.pod | 2 +- crypto/openssl/doc/man3/EVP_bf_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_blake2b512.pod | 2 +- crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod | 2 +- crypto/openssl/doc/man3/EVP_cast5_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_chacha20.pod | 2 +- crypto/openssl/doc/man3/EVP_des_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_desx_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_idea_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_md2.pod | 2 +- crypto/openssl/doc/man3/EVP_md4.pod | 2 +- crypto/openssl/doc/man3/EVP_md5.pod | 2 +- crypto/openssl/doc/man3/EVP_mdc2.pod | 2 +- crypto/openssl/doc/man3/EVP_rc2_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_rc4.pod | 2 +- crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_ripemd160.pod | 2 +- crypto/openssl/doc/man3/EVP_seed_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_sha1.pod | 2 +- crypto/openssl/doc/man3/EVP_sha224.pod | 2 +- crypto/openssl/doc/man3/EVP_sha3_224.pod | 2 +- crypto/openssl/doc/man3/EVP_sm3.pod | 2 +- crypto/openssl/doc/man3/EVP_sm4_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_whirlpool.pod | 2 +- crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod | 5 +- .../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod | 10 +++- .../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++-- .../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod | 4 +- crypto/openssl/doc/man3/d2i_X509.pod | 26 +++++++-- crypto/openssl/include/openssl/cmserr.h | 3 +- crypto/openssl/include/openssl/evp.h | 4 +- crypto/openssl/include/openssl/opensslv.h | 10 ++-- crypto/openssl/include/openssl/pkcs7.h.in | 6 +- crypto/openssl/providers/fips-sources.checksums | 40 ++++++------- crypto/openssl/providers/fips.checksum | 2 +- .../encode_decode/encode_key2text.c | 65 +++++++++------------- .../providers/implementations/keymgmt/dh_kmgmt.c | 2 +- .../providers/implementations/macs/kmac_prov.c | 6 +- secure/lib/libcrypto/Makefile.inc | 4 +- 88 files changed, 442 insertions(+), 247 deletions(-) diff --cc crypto/openssl/include/openssl/opensslv.h index 0bf61ce6a9d7,000000000000..73590b76ca70 mode 100644,000000..100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@@ -1,114 -1,0 +1,114 @@@ +/* + * WARNING: do not edit! + * Generated by Makefile from include/openssl/opensslv.h.in + * + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_OPENSSLV_H +# define OPENSSL_OPENSSLV_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * SECTION 1: VERSION DATA. These will change for each release + */ + +/* + * Base version macros + * + * These macros express version number MAJOR.MINOR.PATCH exactly + */ +# define OPENSSL_VERSION_MAJOR 3 +# define OPENSSL_VERSION_MINOR 0 - # define OPENSSL_VERSION_PATCH 11 ++# define OPENSSL_VERSION_PATCH 12 + +/* + * Additional version information + * + * These are also part of the new version scheme, but aren't part + * of the version number itself. + */ + +/* Could be: #define OPENSSL_VERSION_PRE_RELEASE "-alpha.1" */ +# define OPENSSL_VERSION_PRE_RELEASE "" +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+fips" */ +/* Could be: #define OPENSSL_VERSION_BUILD_METADATA "+vendor.1" */ +# define OPENSSL_VERSION_BUILD_METADATA "" + +/* + * Note: The OpenSSL Project will never define OPENSSL_VERSION_BUILD_METADATA + * to be anything but the empty string. Its use is entirely reserved for + * others + */ + +/* + * Shared library version + * + * This is strictly to express ABI version, which may or may not + * be related to the API version expressed with the macros above. + * This is defined in free form. + */ +# define OPENSSL_SHLIB_VERSION 3 + +/* + * SECTION 2: USEFUL MACROS + */ + +/* For checking general API compatibility when preprocessing */ +# define OPENSSL_VERSION_PREREQ(maj,min) \ + ((OPENSSL_VERSION_MAJOR << 16) + OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min)) + +/* + * Macros to get the version in easily digested string form, both the short + * "MAJOR.MINOR.PATCH" variant (where MAJOR, MINOR and PATCH are replaced + * with the values from the corresponding OPENSSL_VERSION_ macros) and the + * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and + * OPENSSL_VERSION_BUILD_METADATA_STR appended. + */ - # define OPENSSL_VERSION_STR "3.0.11" - # define OPENSSL_FULL_VERSION_STR "3.0.11" ++# define OPENSSL_VERSION_STR "3.0.12" ++# define OPENSSL_FULL_VERSION_STR "3.0.12" + +/* + * SECTION 3: ADDITIONAL METADATA + * + * These strings are defined separately to allow them to be parsable. + */ - # define OPENSSL_RELEASE_DATE "19 Sep 2023" ++# define OPENSSL_RELEASE_DATE "24 Oct 2023" + +/* + * SECTION 4: BACKWARD COMPATIBILITY + */ + - # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023" ++# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023" + +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0L +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xfL +# endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) + +# ifdef __cplusplus +} +# endif + +# include <openssl/macros.h> +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_OPENSSLV_H +# endif + +#endif /* OPENSSL_OPENSSLV_H */ diff --cc secure/lib/libcrypto/Makefile.inc index 7b016d988a34,000000000000..65925f972ba7 mode 100644,000000..100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@@ -1,22 -1,0 +1,22 @@@ + +.include <bsd.own.mk> + +# OpenSSL version used for manual page generation - OPENSSL_VER= 3.0.11 - OPENSSL_DATE= 2023-09-19 ++OPENSSL_VER= 3.0.12 ++OPENSSL_DATE= 2023-10-24 + +LCRYPTO_SRC= ${SRCTOP}/crypto/openssl +LCRYPTO_DOC= ${LCRYPTO_SRC}/doc + +CFLAGS+= -I${LCRYPTO_SRC} +CFLAGS+= -I${LCRYPTO_SRC}/include +CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include +CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include + +.include "Makefile.common" + +.for pcfile in ${PCFILES} +${pcfile}: ${pcfile}.in + sed -e 's,@openssl_ver@,${OPENSSL_VER},g' ${.ALLSRC} > ${.TARGET} +.endfor +CLEANFILES+= ${PCFILES}