svn commit: r344603 - in stable/12: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/bio crypto/openssl/crypto...
Jung-uk Kim
jkim at FreeBSD.org
Tue Feb 26 19:34:49 UTC 2019
Author: jkim
Date: Tue Feb 26 19:34:42 2019
New Revision: 344603
URL: https://svnweb.freebsd.org/changeset/base/344603
Log:
MFC: r344602
Merge OpenSSL 1.1.1b.
Modified:
stable/12/crypto/openssl/CHANGES
stable/12/crypto/openssl/CONTRIBUTING
stable/12/crypto/openssl/Configure
stable/12/crypto/openssl/INSTALL
stable/12/crypto/openssl/LICENSE
stable/12/crypto/openssl/NEWS
stable/12/crypto/openssl/README
stable/12/crypto/openssl/apps/apps.c
stable/12/crypto/openssl/apps/ct_log_list.cnf
stable/12/crypto/openssl/apps/dh1024.pem
stable/12/crypto/openssl/apps/dh2048.pem
stable/12/crypto/openssl/apps/dh4096.pem
stable/12/crypto/openssl/apps/ocsp.c
stable/12/crypto/openssl/apps/openssl.cnf
stable/12/crypto/openssl/apps/pkcs12.c
stable/12/crypto/openssl/apps/rehash.c
stable/12/crypto/openssl/apps/s_cb.c
stable/12/crypto/openssl/apps/s_client.c
stable/12/crypto/openssl/apps/s_server.c
stable/12/crypto/openssl/apps/speed.c
stable/12/crypto/openssl/apps/verify.c
stable/12/crypto/openssl/config
stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
stable/12/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
stable/12/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
stable/12/crypto/openssl/crypto/aes/asm/bsaes-x86_64.pl
stable/12/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
stable/12/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
stable/12/crypto/openssl/crypto/armcap.c
stable/12/crypto/openssl/crypto/asn1/a_digest.c
stable/12/crypto/openssl/crypto/asn1/a_sign.c
stable/12/crypto/openssl/crypto/asn1/a_verify.c
stable/12/crypto/openssl/crypto/asn1/ameth_lib.c
stable/12/crypto/openssl/crypto/asn1/charmap.h
stable/12/crypto/openssl/crypto/asn1/charmap.pl
stable/12/crypto/openssl/crypto/asn1/d2i_pu.c
stable/12/crypto/openssl/crypto/bio/b_addr.c
stable/12/crypto/openssl/crypto/bio/bss_file.c
stable/12/crypto/openssl/crypto/bio/bss_mem.c
stable/12/crypto/openssl/crypto/bn/asm/armv8-mont.pl
stable/12/crypto/openssl/crypto/bn/asm/ia64.S
stable/12/crypto/openssl/crypto/bn/asm/mips.pl
stable/12/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
stable/12/crypto/openssl/crypto/bn/asm/sparcv8plus.S
stable/12/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
stable/12/crypto/openssl/crypto/bn/bn_ctx.c
stable/12/crypto/openssl/crypto/bn/bn_depr.c
stable/12/crypto/openssl/crypto/bn/bn_div.c
stable/12/crypto/openssl/crypto/bn/bn_exp.c
stable/12/crypto/openssl/crypto/bn/bn_lib.c
stable/12/crypto/openssl/crypto/bn/bn_prime.h
stable/12/crypto/openssl/crypto/bn/bn_prime.pl
stable/12/crypto/openssl/crypto/bn/bn_shift.c
stable/12/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
stable/12/crypto/openssl/crypto/cms/cms_kari.c
stable/12/crypto/openssl/crypto/cms/cms_pwri.c
stable/12/crypto/openssl/crypto/conf/conf_def.c
stable/12/crypto/openssl/crypto/conf/conf_def.h
stable/12/crypto/openssl/crypto/conf/conf_lib.c
stable/12/crypto/openssl/crypto/conf/conf_mod.c
stable/12/crypto/openssl/crypto/conf/conf_sap.c
stable/12/crypto/openssl/crypto/conf/conf_ssl.c
stable/12/crypto/openssl/crypto/conf/keysets.pl
stable/12/crypto/openssl/crypto/cryptlib.c
stable/12/crypto/openssl/crypto/des/asm/des_enc.m4
stable/12/crypto/openssl/crypto/dso/dso_dlfcn.c
stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
stable/12/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
stable/12/crypto/openssl/crypto/ec/curve25519.c
stable/12/crypto/openssl/crypto/ec/curve448/eddsa.c
stable/12/crypto/openssl/crypto/ec/curve448/point_448.h
stable/12/crypto/openssl/crypto/ec/ec2_smpl.c
stable/12/crypto/openssl/crypto/ec/ec_ameth.c
stable/12/crypto/openssl/crypto/ec/ec_err.c
stable/12/crypto/openssl/crypto/ec/ec_lcl.h
stable/12/crypto/openssl/crypto/ec/ecp_mont.c
stable/12/crypto/openssl/crypto/ec/ecp_nist.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp224.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp256.c
stable/12/crypto/openssl/crypto/ec/ecp_nistp521.c
stable/12/crypto/openssl/crypto/ec/ecp_nistz256.c
stable/12/crypto/openssl/crypto/ec/ecp_smpl.c
stable/12/crypto/openssl/crypto/ec/ecx_meth.c
stable/12/crypto/openssl/crypto/engine/README
stable/12/crypto/openssl/crypto/engine/eng_devcrypto.c
stable/12/crypto/openssl/crypto/engine/eng_lib.c
stable/12/crypto/openssl/crypto/err/err.c
stable/12/crypto/openssl/crypto/err/openssl.txt
stable/12/crypto/openssl/crypto/evp/evp_enc.c
stable/12/crypto/openssl/crypto/evp/evp_err.c
stable/12/crypto/openssl/crypto/evp/p_lib.c
stable/12/crypto/openssl/crypto/include/internal/bn_int.h
stable/12/crypto/openssl/crypto/init.c
stable/12/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
stable/12/crypto/openssl/crypto/objects/obj_dat.h
stable/12/crypto/openssl/crypto/objects/obj_dat.pl
stable/12/crypto/openssl/crypto/objects/obj_xref.h
stable/12/crypto/openssl/crypto/objects/objects.pl
stable/12/crypto/openssl/crypto/objects/objxref.pl
stable/12/crypto/openssl/crypto/pem/pem_info.c
stable/12/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
stable/12/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
stable/12/crypto/openssl/crypto/ppc_arch.h
stable/12/crypto/openssl/crypto/ppccap.c
stable/12/crypto/openssl/crypto/ppccpuid.pl
stable/12/crypto/openssl/crypto/rand/rand_unix.c
stable/12/crypto/openssl/crypto/rsa/rsa_ameth.c
stable/12/crypto/openssl/crypto/rsa/rsa_oaep.c
stable/12/crypto/openssl/crypto/rsa/rsa_ossl.c
stable/12/crypto/openssl/crypto/rsa/rsa_pk1.c
stable/12/crypto/openssl/crypto/rsa/rsa_ssl.c
stable/12/crypto/openssl/crypto/rsa/rsa_x931g.c
stable/12/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
stable/12/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
stable/12/crypto/openssl/crypto/srp/srp_lib.c
stable/12/crypto/openssl/crypto/srp/srp_vfy.c
stable/12/crypto/openssl/crypto/ui/ui_openssl.c
stable/12/crypto/openssl/crypto/uid.c
stable/12/crypto/openssl/crypto/x509/x509_vfy.c
stable/12/crypto/openssl/crypto/x509/x_crl.c
stable/12/crypto/openssl/crypto/x509/x_pubkey.c
stable/12/crypto/openssl/crypto/x509/x_x509.c
stable/12/crypto/openssl/doc/HOWTO/certificates.txt
stable/12/crypto/openssl/doc/HOWTO/proxy_certificates.txt
stable/12/crypto/openssl/doc/fingerprints.txt
stable/12/crypto/openssl/doc/man1/ca.pod
stable/12/crypto/openssl/doc/man1/ciphers.pod
stable/12/crypto/openssl/doc/man1/cms.pod
stable/12/crypto/openssl/doc/man1/dgst.pod
stable/12/crypto/openssl/doc/man1/ec.pod
stable/12/crypto/openssl/doc/man1/enc.pod
stable/12/crypto/openssl/doc/man1/genpkey.pod
stable/12/crypto/openssl/doc/man1/ocsp.pod
stable/12/crypto/openssl/doc/man1/pkcs12.pod
stable/12/crypto/openssl/doc/man1/pkcs8.pod
stable/12/crypto/openssl/doc/man1/req.pod
stable/12/crypto/openssl/doc/man1/s_client.pod
stable/12/crypto/openssl/doc/man1/s_server.pod
stable/12/crypto/openssl/doc/man1/smime.pod
stable/12/crypto/openssl/doc/man1/storeutl.pod
stable/12/crypto/openssl/doc/man1/verify.pod
stable/12/crypto/openssl/doc/man1/x509.pod
stable/12/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
stable/12/crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
stable/12/crypto/openssl/doc/man3/ASYNC_start_job.pod
stable/12/crypto/openssl/doc/man3/BIO_new_CMS.pod
stable/12/crypto/openssl/doc/man3/BN_generate_prime.pod
stable/12/crypto/openssl/doc/man3/BN_rand.pod
stable/12/crypto/openssl/doc/man3/BN_security_bits.pod
stable/12/crypto/openssl/doc/man3/BUF_MEM_new.pod
stable/12/crypto/openssl/doc/man3/CMS_get0_type.pod
stable/12/crypto/openssl/doc/man3/CONF_modules_load_file.pod
stable/12/crypto/openssl/doc/man3/CRYPTO_get_ex_new_index.pod
stable/12/crypto/openssl/doc/man3/CTLOG_STORE_get0_log_by_id.pod
stable/12/crypto/openssl/doc/man3/DH_size.pod
stable/12/crypto/openssl/doc/man3/DTLS_get_data_mtu.pod
stable/12/crypto/openssl/doc/man3/DTLS_set_timer_cb.pod
stable/12/crypto/openssl/doc/man3/DTLSv1_listen.pod
stable/12/crypto/openssl/doc/man3/EC_GROUP_copy.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestInit.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
stable/12/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
stable/12/crypto/openssl/doc/man3/EVP_EncryptInit.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_CTX_new.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_decrypt.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_derive.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_encrypt.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_keygen.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_new.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_print_private.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_sign.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify.pod
stable/12/crypto/openssl/doc/man3/EVP_PKEY_verify_recover.pod
stable/12/crypto/openssl/doc/man3/EVP_SignInit.pod
stable/12/crypto/openssl/doc/man3/HMAC.pod
stable/12/crypto/openssl/doc/man3/OPENSSL_init_crypto.pod
stable/12/crypto/openssl/doc/man3/OPENSSL_malloc.pod
stable/12/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_INFO.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_LOADER.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_SEARCH.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_expect.pod
stable/12/crypto/openssl/doc/man3/OSSL_STORE_open.pod
stable/12/crypto/openssl/doc/man3/PEM_read_bio_ex.pod
stable/12/crypto/openssl/doc/man3/PEM_write_bio_CMS_stream.pod
stable/12/crypto/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod
stable/12/crypto/openssl/doc/man3/PKCS12_parse.pod
stable/12/crypto/openssl/doc/man3/PKCS7_sign.pod
stable/12/crypto/openssl/doc/man3/PKCS7_sign_add_signer.pod
stable/12/crypto/openssl/doc/man3/RAND_bytes.pod
stable/12/crypto/openssl/doc/man3/RIPEMD160_Init.pod
stable/12/crypto/openssl/doc/man3/RSA_get0_key.pod
stable/12/crypto/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod
stable/12/crypto/openssl/doc/man3/RSA_size.pod
stable/12/crypto/openssl/doc/man3/SSL_CIPHER_get_name.pod
stable/12/crypto/openssl/doc/man3/SSL_COMP_add_compression_method.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_new.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd.pod
stable/12/crypto/openssl/doc/man3/SSL_CONF_cmd_argv.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_config.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_dane_enable.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_get0_param.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set0_CA_list.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_mode.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_msg_callback.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_num_tickets.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_options.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_security_level.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_ssl_version.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod
stable/12/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_free.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_cipher.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_get0_id_context.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_has_ticket.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_is_resumable.pod
stable/12/crypto/openssl/doc/man3/SSL_SESSION_set1_id.pod
stable/12/crypto/openssl/doc/man3/SSL_export_keying_material.pod
stable/12/crypto/openssl/doc/man3/SSL_extension_supported.pod
stable/12/crypto/openssl/doc/man3/SSL_get_all_async_fds.pod
stable/12/crypto/openssl/doc/man3/SSL_get_error.pod
stable/12/crypto/openssl/doc/man3/SSL_get_version.pod
stable/12/crypto/openssl/doc/man3/SSL_key_update.pod
stable/12/crypto/openssl/doc/man3/SSL_read.pod
stable/12/crypto/openssl/doc/man3/SSL_read_early_data.pod
stable/12/crypto/openssl/doc/man3/SSL_set1_host.pod
stable/12/crypto/openssl/doc/man3/SSL_shutdown.pod
stable/12/crypto/openssl/doc/man3/SSL_want.pod
stable/12/crypto/openssl/doc/man3/SSL_write.pod
stable/12/crypto/openssl/doc/man3/UI_create_method.pod
stable/12/crypto/openssl/doc/man3/UI_new.pod
stable/12/crypto/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_new.pod
stable/12/crypto/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod
stable/12/crypto/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod
stable/12/crypto/openssl/doc/man3/X509_get0_signature.pod
stable/12/crypto/openssl/doc/man3/X509_get_serialNumber.pod
stable/12/crypto/openssl/doc/man3/X509_get_subject_name.pod
stable/12/crypto/openssl/doc/man3/X509_sign.pod
stable/12/crypto/openssl/doc/man3/d2i_PrivateKey.pod
stable/12/crypto/openssl/doc/man3/i2d_CMS_bio_stream.pod
stable/12/crypto/openssl/doc/man3/i2d_PKCS7_bio_stream.pod
stable/12/crypto/openssl/doc/man5/config.pod
stable/12/crypto/openssl/doc/man7/ct.pod
stable/12/crypto/openssl/e_os.h
stable/12/crypto/openssl/engines/e_dasync.c
stable/12/crypto/openssl/include/internal/conf.h
stable/12/crypto/openssl/include/internal/constant_time_locl.h
stable/12/crypto/openssl/include/internal/cryptlib.h
stable/12/crypto/openssl/include/internal/sockets.h
stable/12/crypto/openssl/include/internal/thread_once.h
stable/12/crypto/openssl/include/internal/tsan_assist.h
stable/12/crypto/openssl/include/openssl/crypto.h
stable/12/crypto/openssl/include/openssl/e_os2.h
stable/12/crypto/openssl/include/openssl/ecerr.h
stable/12/crypto/openssl/include/openssl/evp.h
stable/12/crypto/openssl/include/openssl/evperr.h
stable/12/crypto/openssl/include/openssl/lhash.h
stable/12/crypto/openssl/include/openssl/obj_mac.h
stable/12/crypto/openssl/include/openssl/opensslv.h
stable/12/crypto/openssl/include/openssl/safestack.h
stable/12/crypto/openssl/include/openssl/ssl.h
stable/12/crypto/openssl/include/openssl/sslerr.h
stable/12/crypto/openssl/include/openssl/x509_vfy.h
stable/12/crypto/openssl/ssl/record/rec_layer_d1.c
stable/12/crypto/openssl/ssl/record/rec_layer_s3.c
stable/12/crypto/openssl/ssl/s3_enc.c
stable/12/crypto/openssl/ssl/s3_lib.c
stable/12/crypto/openssl/ssl/ssl_ciph.c
stable/12/crypto/openssl/ssl/ssl_err.c
stable/12/crypto/openssl/ssl/ssl_init.c
stable/12/crypto/openssl/ssl/ssl_lib.c
stable/12/crypto/openssl/ssl/ssl_locl.h
stable/12/crypto/openssl/ssl/statem/extensions.c
stable/12/crypto/openssl/ssl/statem/statem.c
stable/12/crypto/openssl/ssl/statem/statem_clnt.c
stable/12/crypto/openssl/ssl/statem/statem_lib.c
stable/12/crypto/openssl/ssl/statem/statem_locl.h
stable/12/crypto/openssl/ssl/statem/statem_srvr.c
stable/12/crypto/openssl/ssl/t1_enc.c
stable/12/crypto/openssl/ssl/t1_lib.c
stable/12/crypto/openssl/ssl/tls13_enc.c
stable/12/secure/lib/libcrypto/Makefile.inc
stable/12/secure/lib/libcrypto/Makefile.man
stable/12/secure/lib/libcrypto/aarch64/aesv8-armx.S
stable/12/secure/lib/libcrypto/aarch64/armv8-mont.S
stable/12/secure/lib/libcrypto/aarch64/chacha-armv8.S
stable/12/secure/lib/libcrypto/aarch64/ecp_nistz256-armv8.S
stable/12/secure/lib/libcrypto/aarch64/keccak1600-armv8.S
stable/12/secure/lib/libcrypto/aarch64/poly1305-armv8.S
stable/12/secure/lib/libcrypto/aarch64/sha256-armv8.S
stable/12/secure/lib/libcrypto/aarch64/sha512-armv8.S
stable/12/secure/lib/libcrypto/aarch64/vpaes-armv8.S
stable/12/secure/lib/libcrypto/amd64/aes-x86_64.S
stable/12/secure/lib/libcrypto/amd64/aesni-x86_64.S
stable/12/secure/lib/libcrypto/amd64/bsaes-x86_64.S
stable/12/secure/lib/libcrypto/amd64/ecp_nistz256-x86_64.S
stable/12/secure/lib/libcrypto/amd64/ghash-x86_64.S
stable/12/secure/lib/libcrypto/amd64/rsaz-avx2.S
stable/12/secure/lib/libcrypto/amd64/vpaes-x86_64.S
stable/12/secure/lib/libcrypto/amd64/x86_64-mont5.S
stable/12/secure/lib/libcrypto/man/ADMISSIONS.3
stable/12/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3
stable/12/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3
stable/12/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_length.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_new.3
stable/12/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
stable/12/secure/lib/libcrypto/man/ASN1_TIME_set.3
stable/12/secure/lib/libcrypto/man/ASN1_TYPE_get.3
stable/12/secure/lib/libcrypto/man/ASN1_generate_nconf.3
stable/12/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3
stable/12/secure/lib/libcrypto/man/ASYNC_start_job.3
stable/12/secure/lib/libcrypto/man/BF_encrypt.3
stable/12/secure/lib/libcrypto/man/BIO_ADDR.3
stable/12/secure/lib/libcrypto/man/BIO_ADDRINFO.3
stable/12/secure/lib/libcrypto/man/BIO_connect.3
stable/12/secure/lib/libcrypto/man/BIO_ctrl.3
stable/12/secure/lib/libcrypto/man/BIO_f_base64.3
stable/12/secure/lib/libcrypto/man/BIO_f_buffer.3
stable/12/secure/lib/libcrypto/man/BIO_f_cipher.3
stable/12/secure/lib/libcrypto/man/BIO_f_md.3
stable/12/secure/lib/libcrypto/man/BIO_f_null.3
stable/12/secure/lib/libcrypto/man/BIO_f_ssl.3
stable/12/secure/lib/libcrypto/man/BIO_find_type.3
stable/12/secure/lib/libcrypto/man/BIO_get_data.3
stable/12/secure/lib/libcrypto/man/BIO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/BIO_meth_new.3
stable/12/secure/lib/libcrypto/man/BIO_new.3
stable/12/secure/lib/libcrypto/man/BIO_new_CMS.3
stable/12/secure/lib/libcrypto/man/BIO_parse_hostserv.3
stable/12/secure/lib/libcrypto/man/BIO_printf.3
stable/12/secure/lib/libcrypto/man/BIO_push.3
stable/12/secure/lib/libcrypto/man/BIO_read.3
stable/12/secure/lib/libcrypto/man/BIO_s_accept.3
stable/12/secure/lib/libcrypto/man/BIO_s_bio.3
stable/12/secure/lib/libcrypto/man/BIO_s_connect.3
stable/12/secure/lib/libcrypto/man/BIO_s_fd.3
stable/12/secure/lib/libcrypto/man/BIO_s_file.3
stable/12/secure/lib/libcrypto/man/BIO_s_mem.3
stable/12/secure/lib/libcrypto/man/BIO_s_null.3
stable/12/secure/lib/libcrypto/man/BIO_s_socket.3
stable/12/secure/lib/libcrypto/man/BIO_set_callback.3
stable/12/secure/lib/libcrypto/man/BIO_should_retry.3
stable/12/secure/lib/libcrypto/man/BN_BLINDING_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_new.3
stable/12/secure/lib/libcrypto/man/BN_CTX_start.3
stable/12/secure/lib/libcrypto/man/BN_add.3
stable/12/secure/lib/libcrypto/man/BN_add_word.3
stable/12/secure/lib/libcrypto/man/BN_bn2bin.3
stable/12/secure/lib/libcrypto/man/BN_cmp.3
stable/12/secure/lib/libcrypto/man/BN_copy.3
stable/12/secure/lib/libcrypto/man/BN_generate_prime.3
stable/12/secure/lib/libcrypto/man/BN_mod_inverse.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
stable/12/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
stable/12/secure/lib/libcrypto/man/BN_new.3
stable/12/secure/lib/libcrypto/man/BN_num_bytes.3
stable/12/secure/lib/libcrypto/man/BN_rand.3
stable/12/secure/lib/libcrypto/man/BN_security_bits.3
stable/12/secure/lib/libcrypto/man/BN_set_bit.3
stable/12/secure/lib/libcrypto/man/BN_swap.3
stable/12/secure/lib/libcrypto/man/BN_zero.3
stable/12/secure/lib/libcrypto/man/BUF_MEM_new.3
stable/12/secure/lib/libcrypto/man/CMS_add0_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
stable/12/secure/lib/libcrypto/man/CMS_add1_signer.3
stable/12/secure/lib/libcrypto/man/CMS_compress.3
stable/12/secure/lib/libcrypto/man/CMS_decrypt.3
stable/12/secure/lib/libcrypto/man/CMS_encrypt.3
stable/12/secure/lib/libcrypto/man/CMS_final.3
stable/12/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
stable/12/secure/lib/libcrypto/man/CMS_get0_type.3
stable/12/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
stable/12/secure/lib/libcrypto/man/CMS_sign.3
stable/12/secure/lib/libcrypto/man/CMS_sign_receipt.3
stable/12/secure/lib/libcrypto/man/CMS_uncompress.3
stable/12/secure/lib/libcrypto/man/CMS_verify.3
stable/12/secure/lib/libcrypto/man/CMS_verify_receipt.3
stable/12/secure/lib/libcrypto/man/CONF_modules_free.3
stable/12/secure/lib/libcrypto/man/CONF_modules_load_file.3
stable/12/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3
stable/12/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3
stable/12/secure/lib/libcrypto/man/CTLOG_STORE_new.3
stable/12/secure/lib/libcrypto/man/CTLOG_new.3
stable/12/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3
stable/12/secure/lib/libcrypto/man/DEFINE_STACK_OF.3
stable/12/secure/lib/libcrypto/man/DES_random_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_key.3
stable/12/secure/lib/libcrypto/man/DH_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DH_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DH_get_1024_160.3
stable/12/secure/lib/libcrypto/man/DH_meth_new.3
stable/12/secure/lib/libcrypto/man/DH_new.3
stable/12/secure/lib/libcrypto/man/DH_new_by_nid.3
stable/12/secure/lib/libcrypto/man/DH_set_method.3
stable/12/secure/lib/libcrypto/man/DH_size.3
stable/12/secure/lib/libcrypto/man/DSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/DSA_do_sign.3
stable/12/secure/lib/libcrypto/man/DSA_dup_DH.3
stable/12/secure/lib/libcrypto/man/DSA_generate_key.3
stable/12/secure/lib/libcrypto/man/DSA_generate_parameters.3
stable/12/secure/lib/libcrypto/man/DSA_get0_pqg.3
stable/12/secure/lib/libcrypto/man/DSA_meth_new.3
stable/12/secure/lib/libcrypto/man/DSA_new.3
stable/12/secure/lib/libcrypto/man/DSA_set_method.3
stable/12/secure/lib/libcrypto/man/DSA_sign.3
stable/12/secure/lib/libcrypto/man/DSA_size.3
stable/12/secure/lib/libcrypto/man/DTLS_get_data_mtu.3
stable/12/secure/lib/libcrypto/man/DTLS_set_timer_cb.3
stable/12/secure/lib/libcrypto/man/DTLSv1_listen.3
stable/12/secure/lib/libcrypto/man/ECDSA_SIG_new.3
stable/12/secure/lib/libcrypto/man/ECPKParameters_print.3
stable/12/secure/lib/libcrypto/man/EC_GFp_simple_method.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_copy.3
stable/12/secure/lib/libcrypto/man/EC_GROUP_new.3
stable/12/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3
stable/12/secure/lib/libcrypto/man/EC_KEY_new.3
stable/12/secure/lib/libcrypto/man/EC_POINT_add.3
stable/12/secure/lib/libcrypto/man/EC_POINT_new.3
stable/12/secure/lib/libcrypto/man/ENGINE_add.3
stable/12/secure/lib/libcrypto/man/ERR_GET_LIB.3
stable/12/secure/lib/libcrypto/man/ERR_clear_error.3
stable/12/secure/lib/libcrypto/man/ERR_error_string.3
stable/12/secure/lib/libcrypto/man/ERR_get_error.3
stable/12/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
stable/12/secure/lib/libcrypto/man/ERR_load_strings.3
stable/12/secure/lib/libcrypto/man/ERR_print_errors.3
stable/12/secure/lib/libcrypto/man/ERR_put_error.3
stable/12/secure/lib/libcrypto/man/ERR_remove_state.3
stable/12/secure/lib/libcrypto/man/ERR_set_mark.3
stable/12/secure/lib/libcrypto/man/EVP_BytesToKey.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3
stable/12/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_DigestInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestSignInit.3
stable/12/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncodeInit.3
stable/12/secure/lib/libcrypto/man/EVP_EncryptInit.3
stable/12/secure/lib/libcrypto/man/EVP_MD_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_OpenInit.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_derive.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_new.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_sign.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify.3
stable/12/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
stable/12/secure/lib/libcrypto/man/EVP_SealInit.3
stable/12/secure/lib/libcrypto/man/EVP_SignInit.3
stable/12/secure/lib/libcrypto/man/EVP_VerifyInit.3
stable/12/secure/lib/libcrypto/man/EVP_aes.3
stable/12/secure/lib/libcrypto/man/EVP_aria.3
stable/12/secure/lib/libcrypto/man/EVP_bf_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_blake2b512.3
stable/12/secure/lib/libcrypto/man/EVP_camellia.3
stable/12/secure/lib/libcrypto/man/EVP_cast5_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_chacha20.3
stable/12/secure/lib/libcrypto/man/EVP_des.3
stable/12/secure/lib/libcrypto/man/EVP_desx_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_idea_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_md2.3
stable/12/secure/lib/libcrypto/man/EVP_md4.3
stable/12/secure/lib/libcrypto/man/EVP_md5.3
stable/12/secure/lib/libcrypto/man/EVP_mdc2.3
stable/12/secure/lib/libcrypto/man/EVP_rc2_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_rc4.3
stable/12/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_ripemd160.3
stable/12/secure/lib/libcrypto/man/EVP_seed_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_sha1.3
stable/12/secure/lib/libcrypto/man/EVP_sha224.3
stable/12/secure/lib/libcrypto/man/EVP_sha3_224.3
stable/12/secure/lib/libcrypto/man/EVP_sm3.3
stable/12/secure/lib/libcrypto/man/EVP_sm4_cbc.3
stable/12/secure/lib/libcrypto/man/EVP_whirlpool.3
stable/12/secure/lib/libcrypto/man/HMAC.3
stable/12/secure/lib/libcrypto/man/MD5.3
stable/12/secure/lib/libcrypto/man/MDC2_Init.3
stable/12/secure/lib/libcrypto/man/OBJ_nid2obj.3
stable/12/secure/lib/libcrypto/man/OCSP_REQUEST_new.3
stable/12/secure/lib/libcrypto/man/OCSP_cert_to_id.3
stable/12/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3
stable/12/secure/lib/libcrypto/man/OCSP_resp_find_status.3
stable/12/secure/lib/libcrypto/man/OCSP_response_status.3
stable/12/secure/lib/libcrypto/man/OCSP_sendreq_new.3
stable/12/secure/lib/libcrypto/man/OPENSSL_Applink.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3
stable/12/secure/lib/libcrypto/man/OPENSSL_LH_stats.3
stable/12/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
stable/12/secure/lib/libcrypto/man/OPENSSL_config.3
stable/12/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3
stable/12/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_crypto.3
stable/12/secure/lib/libcrypto/man/OPENSSL_init_ssl.3
stable/12/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
stable/12/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
stable/12/secure/lib/libcrypto/man/OPENSSL_malloc.3
stable/12/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_INFO.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_expect.3
stable/12/secure/lib/libcrypto/man/OSSL_STORE_open.3
stable/12/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
stable/12/secure/lib/libcrypto/man/PEM_bytes_read_bio.3
stable/12/secure/lib/libcrypto/man/PEM_read.3
stable/12/secure/lib/libcrypto/man/PEM_read_CMS.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
stable/12/secure/lib/libcrypto/man/PEM_read_bio_ex.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
stable/12/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
stable/12/secure/lib/libcrypto/man/PKCS12_create.3
stable/12/secure/lib/libcrypto/man/PKCS12_newpass.3
stable/12/secure/lib/libcrypto/man/PKCS12_parse.3
stable/12/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3
stable/12/secure/lib/libcrypto/man/PKCS7_decrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_encrypt.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign.3
stable/12/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
stable/12/secure/lib/libcrypto/man/PKCS7_verify.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_generate.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_new.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_reseed.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3
stable/12/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3
stable/12/secure/lib/libcrypto/man/RAND_add.3
stable/12/secure/lib/libcrypto/man/RAND_bytes.3
stable/12/secure/lib/libcrypto/man/RAND_cleanup.3
stable/12/secure/lib/libcrypto/man/RAND_egd.3
stable/12/secure/lib/libcrypto/man/RAND_load_file.3
stable/12/secure/lib/libcrypto/man/RAND_set_rand_method.3
stable/12/secure/lib/libcrypto/man/RC4_set_key.3
stable/12/secure/lib/libcrypto/man/RIPEMD160_Init.3
stable/12/secure/lib/libcrypto/man/RSA_blinding_on.3
stable/12/secure/lib/libcrypto/man/RSA_check_key.3
stable/12/secure/lib/libcrypto/man/RSA_generate_key.3
stable/12/secure/lib/libcrypto/man/RSA_get0_key.3
stable/12/secure/lib/libcrypto/man/RSA_meth_new.3
stable/12/secure/lib/libcrypto/man/RSA_new.3
stable/12/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
stable/12/secure/lib/libcrypto/man/RSA_print.3
stable/12/secure/lib/libcrypto/man/RSA_private_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_public_encrypt.3
stable/12/secure/lib/libcrypto/man/RSA_set_method.3
stable/12/secure/lib/libcrypto/man/RSA_sign.3
stable/12/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
stable/12/secure/lib/libcrypto/man/RSA_size.3
stable/12/secure/lib/libcrypto/man/SCT_new.3
stable/12/secure/lib/libcrypto/man/SCT_print.3
stable/12/secure/lib/libcrypto/man/SCT_validate.3
stable/12/secure/lib/libcrypto/man/SHA256_Init.3
stable/12/secure/lib/libcrypto/man/SMIME_read_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
stable/12/secure/lib/libcrypto/man/SMIME_write_CMS.3
stable/12/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
stable/12/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
stable/12/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd.3
stable/12/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_add_session.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_config.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_free.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get0_param.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_new.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_sessions.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_options.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3
stable/12/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_free.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_print.3
stable/12/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3
stable/12/secure/lib/libcrypto/man/SSL_accept.3
stable/12/secure/lib/libcrypto/man/SSL_alert_type_string.3
stable/12/secure/lib/libcrypto/man/SSL_alloc_buffers.3
stable/12/secure/lib/libcrypto/man/SSL_check_chain.3
stable/12/secure/lib/libcrypto/man/SSL_clear.3
stable/12/secure/lib/libcrypto/man/SSL_connect.3
stable/12/secure/lib/libcrypto/man/SSL_do_handshake.3
stable/12/secure/lib/libcrypto/man/SSL_export_keying_material.3
stable/12/secure/lib/libcrypto/man/SSL_extension_supported.3
stable/12/secure/lib/libcrypto/man/SSL_free.3
stable/12/secure/lib/libcrypto/man/SSL_get0_peer_scts.3
stable/12/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
stable/12/secure/lib/libcrypto/man/SSL_get_all_async_fds.3
stable/12/secure/lib/libcrypto/man/SSL_get_ciphers.3
stable/12/secure/lib/libcrypto/man/SSL_get_client_random.3
stable/12/secure/lib/libcrypto/man/SSL_get_current_cipher.3
stable/12/secure/lib/libcrypto/man/SSL_get_default_timeout.3
stable/12/secure/lib/libcrypto/man/SSL_get_error.3
stable/12/secure/lib/libcrypto/man/SSL_get_extms_support.3
stable/12/secure/lib/libcrypto/man/SSL_get_fd.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3
stable/12/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3
stable/12/secure/lib/libcrypto/man/SSL_get_psk_identity.3
stable/12/secure/lib/libcrypto/man/SSL_get_rbio.3
stable/12/secure/lib/libcrypto/man/SSL_get_session.3
stable/12/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3
stable/12/secure/lib/libcrypto/man/SSL_get_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_get_version.3
stable/12/secure/lib/libcrypto/man/SSL_in_init.3
stable/12/secure/lib/libcrypto/man/SSL_key_update.3
stable/12/secure/lib/libcrypto/man/SSL_library_init.3
stable/12/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
stable/12/secure/lib/libcrypto/man/SSL_new.3
stable/12/secure/lib/libcrypto/man/SSL_pending.3
stable/12/secure/lib/libcrypto/man/SSL_read.3
stable/12/secure/lib/libcrypto/man/SSL_read_early_data.3
stable/12/secure/lib/libcrypto/man/SSL_rstate_string.3
stable/12/secure/lib/libcrypto/man/SSL_session_reused.3
stable/12/secure/lib/libcrypto/man/SSL_set1_host.3
stable/12/secure/lib/libcrypto/man/SSL_set_bio.3
stable/12/secure/lib/libcrypto/man/SSL_set_connect_state.3
stable/12/secure/lib/libcrypto/man/SSL_set_fd.3
stable/12/secure/lib/libcrypto/man/SSL_set_session.3
stable/12/secure/lib/libcrypto/man/SSL_set_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_set_verify_result.3
stable/12/secure/lib/libcrypto/man/SSL_shutdown.3
stable/12/secure/lib/libcrypto/man/SSL_state_string.3
stable/12/secure/lib/libcrypto/man/SSL_want.3
stable/12/secure/lib/libcrypto/man/SSL_write.3
stable/12/secure/lib/libcrypto/man/UI_STRING.3
stable/12/secure/lib/libcrypto/man/UI_UTIL_read_pw.3
stable/12/secure/lib/libcrypto/man/UI_create_method.3
stable/12/secure/lib/libcrypto/man/UI_new.3
stable/12/secure/lib/libcrypto/man/X509V3_get_d2i.3
stable/12/secure/lib/libcrypto/man/X509_ALGOR_dup.3
stable/12/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3
stable/12/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
stable/12/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3
stable/12/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
stable/12/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get0_der.3
stable/12/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
stable/12/secure/lib/libcrypto/man/X509_NAME_print_ex.3
stable/12/secure/lib/libcrypto/man/X509_PUBKEY_new.3
stable/12/secure/lib/libcrypto/man/X509_SIG_get0.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
stable/12/secure/lib/libcrypto/man/X509_STORE_add_cert.3
stable/12/secure/lib/libcrypto/man/X509_STORE_get0_param.3
stable/12/secure/lib/libcrypto/man/X509_STORE_new.3
stable/12/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
stable/12/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
stable/12/secure/lib/libcrypto/man/X509_check_ca.3
stable/12/secure/lib/libcrypto/man/X509_check_host.3
stable/12/secure/lib/libcrypto/man/X509_check_issued.3
stable/12/secure/lib/libcrypto/man/X509_check_private_key.3
stable/12/secure/lib/libcrypto/man/X509_cmp_time.3
stable/12/secure/lib/libcrypto/man/X509_digest.3
stable/12/secure/lib/libcrypto/man/X509_dup.3
stable/12/secure/lib/libcrypto/man/X509_get0_notBefore.3
stable/12/secure/lib/libcrypto/man/X509_get0_signature.3
stable/12/secure/lib/libcrypto/man/X509_get0_uids.3
stable/12/secure/lib/libcrypto/man/X509_get_extension_flags.3
stable/12/secure/lib/libcrypto/man/X509_get_pubkey.3
stable/12/secure/lib/libcrypto/man/X509_get_serialNumber.3
stable/12/secure/lib/libcrypto/man/X509_get_subject_name.3
stable/12/secure/lib/libcrypto/man/X509_get_version.3
stable/12/secure/lib/libcrypto/man/X509_new.3
stable/12/secure/lib/libcrypto/man/X509_sign.3
stable/12/secure/lib/libcrypto/man/X509_verify_cert.3
stable/12/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3
stable/12/secure/lib/libcrypto/man/d2i_DHparams.3
stable/12/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3
stable/12/secure/lib/libcrypto/man/d2i_PrivateKey.3
stable/12/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
stable/12/secure/lib/libcrypto/man/d2i_X509.3
stable/12/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
stable/12/secure/lib/libcrypto/man/i2d_re_X509_tbs.3
stable/12/secure/lib/libcrypto/man/o2i_SCT_LIST.3
stable/12/secure/usr.bin/openssl/man/CA.pl.1
stable/12/secure/usr.bin/openssl/man/asn1parse.1
stable/12/secure/usr.bin/openssl/man/ca.1
stable/12/secure/usr.bin/openssl/man/ciphers.1
stable/12/secure/usr.bin/openssl/man/cms.1
stable/12/secure/usr.bin/openssl/man/crl.1
stable/12/secure/usr.bin/openssl/man/crl2pkcs7.1
stable/12/secure/usr.bin/openssl/man/dgst.1
stable/12/secure/usr.bin/openssl/man/dhparam.1
stable/12/secure/usr.bin/openssl/man/dsa.1
stable/12/secure/usr.bin/openssl/man/dsaparam.1
stable/12/secure/usr.bin/openssl/man/ec.1
stable/12/secure/usr.bin/openssl/man/ecparam.1
stable/12/secure/usr.bin/openssl/man/enc.1
stable/12/secure/usr.bin/openssl/man/engine.1
stable/12/secure/usr.bin/openssl/man/errstr.1
stable/12/secure/usr.bin/openssl/man/gendsa.1
stable/12/secure/usr.bin/openssl/man/genpkey.1
stable/12/secure/usr.bin/openssl/man/genrsa.1
stable/12/secure/usr.bin/openssl/man/list.1
stable/12/secure/usr.bin/openssl/man/nseq.1
stable/12/secure/usr.bin/openssl/man/ocsp.1
stable/12/secure/usr.bin/openssl/man/openssl.1
stable/12/secure/usr.bin/openssl/man/passwd.1
stable/12/secure/usr.bin/openssl/man/pkcs12.1
stable/12/secure/usr.bin/openssl/man/pkcs7.1
stable/12/secure/usr.bin/openssl/man/pkcs8.1
stable/12/secure/usr.bin/openssl/man/pkey.1
stable/12/secure/usr.bin/openssl/man/pkeyparam.1
stable/12/secure/usr.bin/openssl/man/pkeyutl.1
stable/12/secure/usr.bin/openssl/man/prime.1
stable/12/secure/usr.bin/openssl/man/rand.1
stable/12/secure/usr.bin/openssl/man/req.1
stable/12/secure/usr.bin/openssl/man/rsa.1
stable/12/secure/usr.bin/openssl/man/rsautl.1
stable/12/secure/usr.bin/openssl/man/s_client.1
stable/12/secure/usr.bin/openssl/man/s_server.1
stable/12/secure/usr.bin/openssl/man/s_time.1
stable/12/secure/usr.bin/openssl/man/sess_id.1
stable/12/secure/usr.bin/openssl/man/smime.1
stable/12/secure/usr.bin/openssl/man/speed.1
stable/12/secure/usr.bin/openssl/man/spkac.1
stable/12/secure/usr.bin/openssl/man/srp.1
stable/12/secure/usr.bin/openssl/man/storeutl.1
stable/12/secure/usr.bin/openssl/man/ts.1
stable/12/secure/usr.bin/openssl/man/tsget.1
stable/12/secure/usr.bin/openssl/man/verify.1
stable/12/secure/usr.bin/openssl/man/version.1
stable/12/secure/usr.bin/openssl/man/x509.1
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/crypto/openssl/CHANGES
==============================================================================
--- stable/12/crypto/openssl/CHANGES Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/CHANGES Tue Feb 26 19:34:42 2019 (r344603)
@@ -7,6 +7,44 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
+
+ *) Added SCA hardening for modular field inversion in EC_GROUP through
+ a new dedicated field_inv() pointer in EC_METHOD.
+ This also addresses a leakage affecting conversions from projective
+ to affine coordinates.
+ [Billy Bob Brumley, Nicola Tuveri]
+
+ *) Change the info callback signals for the start and end of a post-handshake
+ message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+ and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+ confused by this and assume that a TLSv1.2 renegotiation has started. This
+ can break KeyUpdate handling. Instead we no longer signal the start and end
+ of a post handshake message exchange (although the messages themselves are
+ still signalled). This could break some applications that were expecting
+ the old signals. However without this KeyUpdate is not usable for many
+ applications.
+ [Matt Caswell]
+
+ *) Fix a bug in the computation of the endpoint-pair shared secret used
+ by DTLS over SCTP. This breaks interoperability with older versions
+ of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+ switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+ interoperability with such broken implementations. However, enabling
+ this switch breaks interoperability with correct implementations.
+
+ *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+ re-used X509_PUBKEY object if the second PUBKEY is malformed.
+ [Bernd Edlinger]
+
+ *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+ [Richard Levitte]
+
+ *) Remove the 'dist' target and add a tarball building script. The
+ 'dist' target has fallen out of use, and it shouldn't be
+ necessary to configure just to create a source distribution.
+ [Richard Levitte]
+
Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
*) Timing vulnerability in DSA signature generation
Modified: stable/12/crypto/openssl/CONTRIBUTING
==============================================================================
--- stable/12/crypto/openssl/CONTRIBUTING Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/CONTRIBUTING Tue Feb 26 19:34:42 2019 (r344603)
@@ -57,7 +57,7 @@ guidelines:
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
- Have a look through existing entries for inspiration.
+ Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
Modified: stable/12/crypto/openssl/Configure
==============================================================================
--- stable/12/crypto/openssl/Configure Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/Configure Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -Wlanguage-extension-token -- no, we use asm()
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
+# -Wunused-function -- no, it forces header use of safestack et al
+# DEFINE macros
my $clang_devteam_warn = ""
. " -Wswitch-default"
. " -Wno-parentheses-equality"
@@ -153,6 +155,7 @@ my $clang_devteam_warn = ""
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
. " -Wno-unknown-warning-option"
+ . " -Wno-unused-function"
;
# This adds backtrace information to the memory leak info. Is only used
@@ -374,6 +377,7 @@ my @disablables = (
"msan",
"multiblock",
"nextprotoneg",
+ "pinshared",
"ocb",
"ocsp",
"pic",
@@ -1110,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) {
$disabled{$feature} = 'config';
}
foreach my $feature (@{$target{enable}}) {
- if ("default" eq ($disabled{$_} // "")) {
+ if ("default" eq ($disabled{$feature} // "")) {
if (exists $deprecated_disablables{$feature}) {
warn "***** config $target enables deprecated feature $feature\n";
} elsif (!grep { $feature eq $_ } @disablables) {
die "***** config $target enables unknown feature $feature\n";
}
- delete $disabled{$_};
+ delete $disabled{$feature};
}
}
@@ -1370,6 +1374,7 @@ unless ($disabled{asm}) {
push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
+ push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
if ($target{sha1_asm_src}) {
push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
Modified: stable/12/crypto/openssl/INSTALL
==============================================================================
--- stable/12/crypto/openssl/INSTALL Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/INSTALL Tue Feb 26 19:34:42 2019 (r344603)
@@ -326,6 +326,11 @@
Don't build support for datagram based BIOs. Selecting this
option will also force the disabling of DTLS.
+ enable-devcryptoeng
+ Build the /dev/crypto engine. It is automatically selected
+ on BSD implementations, in which case it can be disabled with
+ no-devcryptoeng.
+
no-dso
Don't build support for loading Dynamic Shared Objects.
@@ -402,6 +407,24 @@
no-pic
Don't build with support for Position Independent Code.
+ no-pinshared By default OpenSSL will attempt to stay in memory until the
+ process exits. This is so that libcrypto and libssl can be
+ properly cleaned up automatically via an "atexit()" handler.
+ The handler is registered by libcrypto and cleans up both
+ libraries. On some platforms the atexit() handler will run on
+ unload of libcrypto (if it has been dynamically loaded)
+ rather than at process exit. This option can be used to stop
+ OpenSSL from attempting to stay in memory until the process
+ exits. This could lead to crashes if either libcrypto or
+ libssl have already been unloaded at the point
+ that the atexit handler is invoked, e.g. on a platform which
+ calls atexit() on unload of the library, and libssl is
+ unloaded before libcrypto then a crash is likely to happen.
+ Applications can suppress running of the atexit() handler at
+ run time by using the OPENSSL_INIT_NO_ATEXIT option to
+ OPENSSL_init_crypto(). See the man page for it for further
+ details.
+
no-posix-io
Don't use POSIX IO capabilities.
@@ -941,10 +964,10 @@
* COMPILING existing applications
- OpenSSL 1.1.0 hides a number of structures that were previously
- open. This includes all internal libssl structures and a number
- of EVP types. Accessor functions have been added to allow
- controlled access to the structures' data.
+ Starting with version 1.1.0, OpenSSL hides a number of structures
+ that were previously open. This includes all internal libssl
+ structures and a number of EVP types. Accessor functions have
+ been added to allow controlled access to the structures' data.
This means that some software needs to be rewritten to adapt to
the new ways of doing things. This often amounts to allocating
@@ -1047,7 +1070,7 @@
depend
Rebuild the dependencies in the Makefiles. This is a legacy
- option that no longer needs to be used in OpenSSL 1.1.0.
+ option that no longer needs to be used since OpenSSL 1.1.0.
install
Install all OpenSSL components.
Modified: stable/12/crypto/openssl/LICENSE
==============================================================================
--- stable/12/crypto/openssl/LICENSE Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/LICENSE Tue Feb 26 19:34:42 2019 (r344603)
@@ -10,14 +10,14 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -72,21 +72,21 @@
* This package is an SSL implementation written
* by Eric Young (eay at cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -101,10 +101,10 @@
* Eric Young (eay at cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -116,7 +116,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
Modified: stable/12/crypto/openssl/NEWS
==============================================================================
--- stable/12/crypto/openssl/NEWS Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/NEWS Tue Feb 26 19:34:42 2019 (r344603)
@@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
+
+ o Change the info callback signals for the start and end of a post-handshake
+ message exchange in TLSv1.3.
+ o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
+ of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
+
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
Modified: stable/12/crypto/openssl/README
==============================================================================
--- stable/12/crypto/openssl/README Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/README Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1a 20 Nov 2018
+ OpenSSL 1.1.1b 26 Feb 2019
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: stable/12/crypto/openssl/apps/apps.c
==============================================================================
--- stable/12/crypto/openssl/apps/apps.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/apps.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr
#else
BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
- dbattr_conf = app_load_config(buf);
+ dbattr_conf = app_load_config_quiet(buf);
retdb = app_malloc(sizeof(*retdb), "new DB");
retdb->db = tmpdb;
@@ -2196,7 +2196,7 @@ double app_tminterval(int stop, int usertime)
return ret;
}
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
# include <time.h>
double app_tminterval(int stop, int usertime)
Modified: stable/12/crypto/openssl/apps/ct_log_list.cnf
==============================================================================
--- stable/12/crypto/openssl/apps/ct_log_list.cnf Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/ct_log_list.cnf Tue Feb 26 19:34:42 2019 (r344603)
@@ -2,8 +2,8 @@
# that are to be trusted.
# Google's list of logs can be found here:
-# www.certificate-transparency.org/known-logs
+# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
-# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
+# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.
Modified: stable/12/crypto/openssl/apps/dh1024.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh1024.pem Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/dh1024.pem Tue Feb 26 19:34:42 2019 (r344603)
@@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9E
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
-These are the 1024-bit DH parameters from "Internet Key Exchange
+These are the 1024-bit DH parameters from "Internet Key Exchange
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.
Modified: stable/12/crypto/openssl/apps/dh2048.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh2048.pem Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/dh2048.pem Tue Feb 26 19:34:42 2019 (r344603)
@@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFx
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
-These are the 2048-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+These are the 2048-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
Modified: stable/12/crypto/openssl/apps/dh4096.pem
==============================================================================
--- stable/12/crypto/openssl/apps/dh4096.pem Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/dh4096.pem Tue Feb 26 19:34:42 2019 (r344603)
@@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTO
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
-These are the 4096-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
+These are the 4096-bit DH parameters from "More Modular Exponential
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.
Modified: stable/12/crypto/openssl/apps/ocsp.c
==============================================================================
--- stable/12/crypto/openssl/apps/ocsp.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/ocsp.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT
# include <openssl/x509v3.h>
# include <openssl/rand.h>
-# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# define HAVE_FORK 0
+# else
+# define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
&& !defined(OPENSSL_NO_POSIX_IO)
# define OCSP_DAEMON
# include <sys/types.h>
@@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT
# define LOG_ERR 2
# endif
+# if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+ errno = ENOSYS;
+ return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+ errno = ENOSYS;
+ return (pid_t) -1;
+}
+# endif
/* Maximum leeway in validity period: default 5 minutes */
# define MAX_VALIDITY_PERIOD (5 * 60)
@@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids)
for (i = 0; i < multi; ++i)
if (kidpids[i] != 0)
(void)kill(kidpids[i], SIGTERM);
+ OPENSSL_free(kidpids);
sleep(1);
exit(ret);
}
@@ -977,7 +1006,6 @@ static void spawn_loop(void)
}
/* The loop above can only break on termsig */
- OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}
Modified: stable/12/crypto/openssl/apps/openssl.cnf
==============================================================================
--- stable/12/crypto/openssl/apps/openssl.cnf Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/openssl.cnf Tue Feb 26 19:34:42 2019 (r344603)
@@ -19,7 +19,7 @@ oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
-# extensions =
+# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -116,7 +116,7 @@ x509_extensions = v3_ca # The extensions to add to the
# input_password = secret
# output_password = secret
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
Modified: stable/12/crypto/openssl/apps/pkcs12.c
==============================================================================
--- stable/12/crypto/openssl/apps/pkcs12.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/pkcs12.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
+ if (twopass) {
+ if (export_cert)
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+ else
+ BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+ goto end;
+ }
} else {
cpass = pass;
mpass = macpass;
Modified: stable/12/crypto/openssl/apps/rehash.c
==============================================================================
--- stable/12/crypto/openssl/apps/rehash.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/rehash.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2013-2014 Timo Teräs <timo.teras at gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -50,6 +50,26 @@
# define NAME_MAX 255
# endif
# define MAX_COLLISIONS 256
+
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+# define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+ errno = ENOSYS;
+ return -1;
+}
+# endif
typedef struct hentry_st {
struct hentry_st *next;
Modified: stable/12/crypto/openssl/apps/s_cb.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_cb.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/s_cb.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -24,7 +24,7 @@
#define COOKIE_SECRET_LENGTH 16
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
- if (verify_args.depth >= depth) {
+ if (verify_args.depth < 0 || verify_args.depth >= depth) {
if (!verify_args.return_error)
ok = 1;
verify_args.error = err;
Modified: stable/12/crypto/openssl/apps/s_client.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_client.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/s_client.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full)
static int ocsp_resp_cb(SSL *s, void *arg);
#endif
static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static int is_dNS_name(const char *host);
static int saved_errno;
@@ -596,6 +597,7 @@ typedef enum OPTION_choice {
#endif
OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
+ OPT_SCTP_LABEL_BUG,
OPT_R_ENUM
} OPTION_CHOICE;
@@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = {
#endif
#ifndef OPENSSL_NO_SCTP
{"sctp", OPT_SCTP, '-', "Use SCTP"},
+ {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
@@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv)
#endif
char *psksessf = NULL;
int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+ int sctp_label_bug = 0;
+#endif
FD_ZERO(&readfds);
FD_ZERO(&writefds);
@@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv)
goto opthelp;
break;
case OPT_VERIFY_RET_ERROR:
+ verify = SSL_VERIFY_PEER;
verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:
@@ -1323,6 +1330,11 @@ int s_client_main(int argc, char **argv)
protocol = IPPROTO_SCTP;
#endif
break;
+ case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+ sctp_label_bug = 1;
+#endif
+ break;
case OPT_TIMEOUT:
#ifndef OPENSSL_NO_DTLS
enable_timeouts = 1;
@@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv)
}
}
+#ifndef OPENSSL_NO_SCTP
+ if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+ SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
@@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv)
SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
- if (servername == NULL)
- servername = (host == NULL) ? "localhost" : host;
- if (!SSL_set_tlsext_host_name(con, servername)) {
+ if (servername == NULL) {
+ if(host == NULL || is_dNS_name(host))
+ servername = (host == NULL) ? "localhost" : host;
+ }
+ if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
ERR_print_errors(bio_err);
goto end;
@@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "RENEGOTIATING\n");
SSL_renegotiate(con);
cbuf_len = 0;
- }
-
- if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+ } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
&& cmdletters) {
BIO_printf(bio_err, "KEYUPDATE\n");
SSL_key_update(con,
@@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf
return ret;
}
+/*
+ * Host dNS Name verifier: used for checking that the hostname is in dNS format
+ * before setting it as SNI
+ */
+static int is_dNS_name(const char *host)
+{
+ const size_t MAX_LABEL_LENGTH = 63;
+ size_t i;
+ int isdnsname = 0;
+ size_t length = strlen(host);
+ size_t label_length = 0;
+ int all_numeric = 1;
+
+ /*
+ * Deviation from strict DNS name syntax, also check names with '_'
+ * Check DNS name syntax, any '-' or '.' must be internal,
+ * and on either side of each '.' we can't have a '-' or '.'.
+ *
+ * If the name has just one label, we don't consider it a DNS name.
+ */
+ for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
+ char c = host[i];
+
+ if ((c >= 'a' && c <= 'z')
+ || (c >= 'A' && c <= 'Z')
+ || c == '_') {
+ label_length += 1;
+ all_numeric = 0;
+ continue;
+ }
+
+ if (c >= '0' && c <= '9') {
+ label_length += 1;
+ continue;
+ }
+
+ /* Dot and hyphen cannot be first or last. */
+ if (i > 0 && i < length - 1) {
+ if (c == '-') {
+ label_length += 1;
+ continue;
+ }
+ /*
+ * Next to a dot the preceding and following characters must not be
+ * another dot or a hyphen. Otherwise, record that the name is
+ * plausible, since it has two or more labels.
+ */
+ if (c == '.'
+ && host[i + 1] != '.'
+ && host[i - 1] != '-'
+ && host[i + 1] != '-') {
+ label_length = 0;
+ isdnsname = 1;
+ continue;
+ }
+ }
+ isdnsname = 0;
+ break;
+ }
+
+ /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
+ isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
+
+ return isdnsname;
+}
#endif /* OPENSSL_NO_SOCK */
Modified: stable/12/crypto/openssl/apps/s_server.c
==============================================================================
--- stable/12/crypto/openssl/apps/s_server.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/s_server.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -751,7 +751,7 @@ typedef enum OPTION_choice {
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
- OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+ OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
@@ -938,6 +938,7 @@ const OPTIONS s_server_options[] = {
#endif
#ifndef OPENSSL_NO_SCTP
{"sctp", OPT_SCTP, '-', "Use SCTP"},
+ {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
@@ -1047,6 +1048,9 @@ int s_server_main(int argc, char *argv[])
const char *keylog_file = NULL;
int max_early_data = -1, recv_max_early_data = -1;
char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+ int sctp_label_bug = 0;
+#endif
/* Init of few remaining global variables */
local_argc = argc;
@@ -1407,7 +1411,7 @@ int s_server_main(int argc, char *argv[])
for (p = psk_key = opt_arg(); *p; p++) {
if (isxdigit(_UC(*p)))
continue;
- BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+ BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
break;
@@ -1490,6 +1494,11 @@ int s_server_main(int argc, char *argv[])
protocol = IPPROTO_SCTP;
#endif
break;
+ case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+ sctp_label_bug = 1;
+#endif
+ break;
case OPT_TIMEOUT:
#ifndef OPENSSL_NO_DTLS
enable_timeouts = 1;
@@ -1792,6 +1801,12 @@ int s_server_main(int argc, char *argv[])
goto end;
}
}
+
+#ifndef OPENSSL_NO_SCTP
+ if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+ SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
@@ -2754,6 +2769,8 @@ static int init_ssl_connection(SSL *con)
BIO_ADDR_free(client);
return 0;
}
+
+ (void)BIO_ctrl_set_connected(wbio, client);
BIO_ADDR_free(client);
dtlslisten = 0;
} else {
Modified: stable/12/crypto/openssl/apps/speed.c
==============================================================================
--- stable/12/crypto/openssl/apps/speed.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/speed.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -100,7 +100,7 @@
#include <openssl/modes.h>
#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
# define HAVE_FORK 0
# else
# define HAVE_FORK 1
@@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv)
{"nistp192", NID_X9_62_prime192v1, 192},
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
- {"nistp384", NID_secp384r1, 384},
+ {"nistp384", NID_secp384r1, 384},
{"nistp521", NID_secp521r1, 521},
/* Binary Curves */
{"nistk163", NID_sect163k1, 163},
- {"nistk233", NID_sect233k1, 233},
+ {"nistk233", NID_sect233k1, 233},
{"nistk283", NID_sect283k1, 283},
{"nistk409", NID_sect409k1, 409},
{"nistk571", NID_sect571k1, 571},
Modified: stable/12/crypto/openssl/apps/verify.c
==============================================================================
--- stable/12/crypto/openssl/apps/verify.c Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/apps/verify.c Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx)
cert_error,
X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(cert_error));
+
+ /*
+ * Pretend that some errors are ok, so they don't stop further
+ * processing of the certificate chain. Setting ok = 1 does this.
+ * After X509_verify_cert() is done, we verify that there were
+ * no actual errors, even if the returned value was positive.
+ */
switch (cert_error) {
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(ctx);
/* fall thru */
case X509_V_ERR_CERT_HAS_EXPIRED:
-
- /*
- * since we are just checking the certificates, it is ok if they
- * are self signed. But we should still warn the user.
- */
+ /* Continue even if the leaf is a self signed cert */
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/* Continue after extension errors too */
case X509_V_ERR_INVALID_CA:
Modified: stable/12/crypto/openssl/config
==============================================================================
--- stable/12/crypto/openssl/config Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/config Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
#!/bin/sh
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,7 @@ THERE=`dirname $0`
# pick up any command line args to config
for i
do
-case "$i" in
+case "$i" in
-d*) options=$options" --debug";;
-t*) DRYRUN="true" VERBOSE="true";;
-v*) VERBOSE="true";;
@@ -59,7 +59,7 @@ __CNF_LDLIBS=
# Now test for ISC and SCO, since it is has a braindamaged uname.
#
-# We need to work around FreeBSD 1.1.5.1
+# We need to work around FreeBSD 1.1.5.1
(
XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
if [ "x$XREL" != "x" ]; then
@@ -363,7 +363,7 @@ esac
# At this point we gone through all the one's
# we know of: Punt
-echo "${MACHINE}-whatever-${SYSTEM}"
+echo "${MACHINE}-whatever-${SYSTEM}"
exit 0
) 2>/dev/null | (
@@ -433,7 +433,7 @@ fi
CCVER=${CCVER:-0}
-# read the output of the embedded GuessOS
+# read the output of the embedded GuessOS
read GUESSOS
echo Operating system: $GUESSOS
@@ -732,7 +732,7 @@ case "$GUESSOS" in
*-*-[Uu]nix[Ww]are7)
if [ "$CC" = "gcc" ]; then
OUT="unixware-7-gcc" ; options="$options no-sse2"
- else
+ else
OUT="unixware-7" ; options="$options no-sse2"
__CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
fi
@@ -793,7 +793,7 @@ case "$GUESSOS" in
OUT="aix64-gcc"
fi
elif [ $OBJECT_MODE -eq 64 ]; then
- echo 'Your $OBJECT_MODE was found to be set to 64'
+ echo 'Your $OBJECT_MODE was found to be set to 64'
OUT="aix64-cc"
else
OUT="aix-cc"
@@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then
exit 1
fi
-# run Configure to check to see if we need to specify the
+# run Configure to check to see if we need to specify the
# compiler for the platform ... in which case we add it on
# the end ... otherwise we leave it off
@@ -920,7 +920,7 @@ if [ $? = "0" ]; then
__CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
__CNF_LDLIBS="'$__CNF_LDLIBS'" \
$PERL $THERE/Configure $OUT $options
- fi
+ fi
if [ "$DRYRUN" = "false" ]; then
# eval to make sure quoted options, possibly with spaces inside,
# are treated right
Modified: stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl
==============================================================================
--- stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Tue Feb 26 19:31:33 2019 (r344602)
+++ stable/12/crypto/openssl/crypto/aes/asm/aes-x86_64.pl Tue Feb 26 19:34:42 2019 (r344603)
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -554,6 +554,7 @@ $code.=<<___;
.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_encrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Te4
mov 32-128($inp),$acc2
@@ -587,6 +588,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
___
@@ -1161,6 +1163,7 @@ $code.=<<___;
.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
.align 16
_x86_64_AES_decrypt_compact:
+.cfi_startproc
lea 128($sbox),$inp # size optimization
mov 0-128($inp),$acc1 # prefetch Td4
mov 32-128($inp),$acc2
@@ -1203,6 +1206,7 @@ $code.=<<___;
xor 8($key),$s2
xor 12($key),$s3
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
___
@@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
.align 16
_x86_64_AES_set_encrypt_key:
+.cfi_startproc
mov %esi,%ecx # %ecx=bits
mov %rdi,%rsi # %rsi=userKey
mov %rdx,%rdi # %rdi=key
@@ -1546,6 +1551,7 @@ $code.=<<___;
mov \$-1,%rax
.Lexit:
.byte 0xf3,0xc3 # rep ret
+.cfi_endproc
.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
___
@@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
cmp \$0,%rdx # check length
je .Lcbc_epilogue
pushfq
-.cfi_push 49 # %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
+# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
+.cfi_adjust_cfa_offset 8
push %rbx
.cfi_push %rbx
push %rbp
@@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
cmp \$0,%r9
cmoveq %r10,$sbox
+.cfi_remember_state
mov OPENSSL_ia32cap_P(%rip),%r10d
cmp \$$speed_limit,%rdx
jb .Lcbc_slow_prologue
@@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
#--------------------------- SLOW ROUTINE ---------------------------#
.align 16
.Lcbc_slow_prologue:
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list