git: vendor/libressl: upgrade from 3.1.4 to 3.2.2

Daniel Fojt deef at crater.dragonflybsd.org
Thu Nov 5 04:17:44 PST 2020


commit 8edacedfc4a3bc9ac4f463b53f61cb4a6eb8d031
Author: Daniel Fojt <df at neosystem.org>
Date:   Tue Nov 3 19:37:17 2020 +0100

    vendor/libressl: upgrade from 3.1.4 to 3.2.2
    
    Summary of notable changes:
    
      * new TLSv1.3 implementation enabled by default for both client
        and server
    
      * new X509 certificate chain validator that correctly handles
        multiple paths through intermediate certificates
    
      * new name constraints verification implementation which passes
        the bettertls.com certificate validation check suite
    
      * numerous leaks and out-of-bounds write fixed
    
      * many improvements, refactoring, optimizations and code cleanups
    
    See ChangeLog for details.

Summary of changes:
 crypto/libressl/ChangeLog                          |  251 +++
 crypto/libressl/VERSION                            |    2 +-
 crypto/libressl/apps/openssl/apps.c                |    6 +-
 crypto/libressl/apps/openssl/apps.h                |    5 +-
 crypto/libressl/apps/openssl/cert.pem              |   54 +-
 crypto/libressl/apps/openssl/ocsp.c                | 1363 ++++++++------
 crypto/libressl/apps/openssl/openssl.1             |   75 +-
 crypto/libressl/apps/openssl/req.c                 |  950 ++++++----
 crypto/libressl/apps/openssl/s_client.c            | 1359 ++++++++-----
 crypto/libressl/apps/openssl/s_server.c            | 1988 ++++++++++++--------
 crypto/libressl/apps/openssl/verify.c              |  308 ++-
 crypto/libressl/apps/openssl/x509.c                |   21 +-
 crypto/libressl/crypto/asn1/a_bitstr.c             |    4 +-
 crypto/libressl/crypto/asn1/x_attrib.c             |    7 +-
 crypto/libressl/crypto/asn1/x_info.c               |   31 +-
 crypto/libressl/crypto/bn/bn_rand.c                |   23 +-
 crypto/libressl/crypto/cms/cms_err.c               |  142 +-
 crypto/libressl/crypto/ec/ec_curve.c               |  168 +-
 crypto/libressl/crypto/evp/e_aes.c                 |   36 +-
 crypto/libressl/crypto/evp/evp_pbe.c               |    4 +-
 crypto/libressl/crypto/gost/gost2814789.c          |    4 +-
 crypto/libressl/crypto/gost/gost_err.c             |   64 +-
 crypto/libressl/crypto/gost/gostr341001_ameth.c    |   22 +-
 crypto/libressl/crypto/gost/gostr341001_params.c   |    6 +-
 crypto/libressl/crypto/objects/obj_dat.h           |   92 +-
 crypto/libressl/crypto/pem/pem_info.c              |   51 +-
 crypto/libressl/crypto/pkcs12/pk12err.c            |   32 +-
 crypto/libressl/crypto/pkcs7/pkcs7err.c            |   43 +-
 crypto/libressl/crypto/ui/ui_lib.c                 |  366 ++--
 crypto/libressl/crypto/{x509v3 => x509}/ext_dat.h  |    2 +-
 .../libressl/crypto/{x509v3 => x509}/pcy_cache.c   |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_data.c |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_int.h  |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_lib.c  |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_map.c  |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_node.c |    2 +-
 crypto/libressl/crypto/{x509v3 => x509}/pcy_tree.c |    2 +-
 .../crypto/{x509v3/v3_akey.c => x509/x509_akey.c}  |    2 +-
 .../{x509v3/v3_akeya.c => x509/x509_akeya.c}       |    2 +-
 .../crypto/{x509v3/v3_alt.c => x509/x509_alt.c}    |    2 +-
 .../{x509v3/v3_bcons.c => x509/x509_bcons.c}       |    2 +-
 .../{x509v3/v3_bitst.c => x509/x509_bitst.c}       |    2 +-
 .../crypto/{x509v3/v3_conf.c => x509/x509_conf.c}  |    2 +-
 crypto/libressl/crypto/x509/x509_constraints.c     | 1178 ++++++++++++
 .../{x509v3/v3_cpols.c => x509/x509_cpols.c}       |    2 +-
 .../crypto/{x509v3/v3_crld.c => x509/x509_crld.c}  |    2 +-
 .../crypto/{x509v3/v3_enum.c => x509/x509_enum.c}  |    2 +-
 crypto/libressl/crypto/x509/x509_err.c             |   92 +-
 .../{x509v3/v3_extku.c => x509/x509_extku.c}       |    2 +-
 .../crypto/{x509v3/v3_genn.c => x509/x509_genn.c}  |    2 +-
 .../crypto/{x509v3/v3_ia5.c => x509/x509_ia5.c}    |    2 +-
 .../crypto/{x509v3/v3_info.c => x509/x509_info.c}  |    2 +-
 .../crypto/{x509v3/v3_int.c => x509/x509_int.c}    |    2 +-
 crypto/libressl/crypto/x509/x509_internal.h        |  128 ++
 crypto/libressl/crypto/x509/x509_issuer_cache.c    |  167 ++
 crypto/libressl/crypto/x509/x509_issuer_cache.h    |   47 +
 .../crypto/{x509v3/v3_lib.c => x509/x509_lib.c}    |    8 +-
 .../{x509v3/v3_ncons.c => x509/x509_ncons.c}       |    4 +-
 .../crypto/{x509v3/v3_ocsp.c => x509/x509_ocsp.c}  |    2 +-
 .../crypto/{x509v3/v3_pci.c => x509/x509_pci.c}    |    2 +-
 .../crypto/{x509v3/v3_pcia.c => x509/x509_pcia.c}  |    2 +-
 .../{x509v3/v3_pcons.c => x509/x509_pcons.c}       |    2 +-
 .../crypto/{x509v3/v3_pku.c => x509/x509_pku.c}    |    2 +-
 .../{x509v3/v3_pmaps.c => x509/x509_pmaps.c}       |    2 +-
 .../crypto/{x509v3/v3_prn.c => x509/x509_prn.c}    |    2 +-
 .../crypto/{x509v3/v3_purp.c => x509/x509_purp.c}  |    6 +-
 .../crypto/{x509v3/v3_skey.c => x509/x509_skey.c}  |    2 +-
 .../{x509v3/v3_sxnet.c => x509/x509_sxnet.c}       |    2 +-
 .../crypto/{x509v3/v3_utl.c => x509/x509_utl.c}    |    5 +-
 crypto/libressl/crypto/x509/x509_verify.c          |  928 +++++++++
 crypto/libressl/crypto/x509/x509_vfy.c             |  310 +--
 crypto/libressl/crypto/x509/x509_vpm.c             |    2 +-
 crypto/libressl/crypto/x509v3/v3err.c              |  226 ---
 crypto/libressl/include/openssl/obj_mac.h          |   56 +-
 crypto/libressl/include/openssl/opensslfeatures.h  |   10 +-
 crypto/libressl/include/openssl/opensslv.h         |    6 +-
 crypto/libressl/include/openssl/ssl.h              |   45 +-
 crypto/libressl/include/openssl/ssl3.h             |    4 +-
 crypto/libressl/include/openssl/tls1.h             |   14 +-
 crypto/libressl/include/openssl/ui.h               |  351 ++--
 crypto/libressl/include/openssl/x509_verify.h      |   42 +
 crypto/libressl/include/openssl/x509_vfy.h         |    5 +-
 crypto/libressl/include/openssl/x509v3.h           |    4 +-
 crypto/libressl/ssl/bs_cbb.c                       |    4 +-
 crypto/libressl/ssl/d1_both.c                      |   51 +-
 crypto/libressl/ssl/d1_lib.c                       |  122 +-
 crypto/libressl/ssl/d1_pkt.c                       |  149 +-
 crypto/libressl/ssl/s3_cbc.c                       |    8 +-
 crypto/libressl/ssl/s3_lib.c                       |   47 +-
 crypto/libressl/ssl/ssl_both.c                     |   38 +-
 crypto/libressl/ssl/ssl_cert.c                     |   17 +-
 crypto/libressl/ssl/ssl_ciph.c                     |   32 +-
 crypto/libressl/ssl/ssl_ciphers.c                  |  152 +-
 crypto/libressl/ssl/ssl_clnt.c                     |   45 +-
 crypto/libressl/ssl/ssl_lib.c                      |  434 +++--
 crypto/libressl/ssl/ssl_locl.h                     |  119 +-
 crypto/libressl/ssl/ssl_methods.c                  |  204 +-
 crypto/libressl/ssl/ssl_pkt.c                      |  235 +--
 crypto/libressl/ssl/ssl_sess.c                     |  323 ++--
 crypto/libressl/ssl/ssl_sigalgs.c                  |    4 +-
 crypto/libressl/ssl/ssl_srvr.c                     |   64 +-
 crypto/libressl/ssl/ssl_tlsext.c                   |  431 +++--
 crypto/libressl/ssl/ssl_tlsext.h                   |  185 +-
 crypto/libressl/ssl/ssl_versions.c                 |   32 +-
 crypto/libressl/ssl/t1_enc.c                       |   32 +-
 crypto/libressl/ssl/t1_lib.c                       |  171 +-
 crypto/libressl/ssl/tls12_record_layer.c           |  542 ++++++
 crypto/libressl/ssl/tls13_client.c                 |   86 +-
 crypto/libressl/ssl/tls13_handshake.c              |  114 +-
 crypto/libressl/ssl/tls13_internal.h               |   96 +-
 crypto/libressl/ssl/tls13_legacy.c                 |  129 +-
 crypto/libressl/ssl/tls13_lib.c                    |  250 ++-
 crypto/libressl/ssl/tls13_record.c                 |    7 +-
 crypto/libressl/ssl/tls13_record_layer.c           |  280 +--
 crypto/libressl/ssl/tls13_server.c                 |  426 ++++-
 crypto/libressl/tls/tls.c                          |    4 +-
 116 files changed, 10823 insertions(+), 5187 deletions(-)
 rename crypto/libressl/crypto/{x509v3 => x509}/ext_dat.h (98%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_cache.c (99%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_data.c (98%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_int.h (99%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_lib.c (98%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_map.c (98%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_node.c (98%)
 rename crypto/libressl/crypto/{x509v3 => x509}/pcy_tree.c (99%)
 rename crypto/libressl/crypto/{x509v3/v3_akey.c => x509/x509_akey.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_akeya.c => x509/x509_akeya.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_alt.c => x509/x509_alt.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_bcons.c => x509/x509_bcons.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_bitst.c => x509/x509_bitst.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_conf.c => x509/x509_conf.c} (99%)
 create mode 100644 crypto/libressl/crypto/x509/x509_constraints.c
 rename crypto/libressl/crypto/{x509v3/v3_cpols.c => x509/x509_cpols.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_crld.c => x509/x509_crld.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_enum.c => x509/x509_enum.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_extku.c => x509/x509_extku.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_genn.c => x509/x509_genn.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_ia5.c => x509/x509_ia5.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_info.c => x509/x509_info.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_int.c => x509/x509_int.c} (98%)
 create mode 100644 crypto/libressl/crypto/x509/x509_internal.h
 create mode 100644 crypto/libressl/crypto/x509/x509_issuer_cache.c
 create mode 100644 crypto/libressl/crypto/x509/x509_issuer_cache.h
 rename crypto/libressl/crypto/{x509v3/v3_lib.c => x509/x509_lib.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_ncons.c => x509/x509_ncons.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_ocsp.c => x509/x509_ocsp.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_pci.c => x509/x509_pci.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_pcia.c => x509/x509_pcia.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_pcons.c => x509/x509_pcons.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_pku.c => x509/x509_pku.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_pmaps.c => x509/x509_pmaps.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_prn.c => x509/x509_prn.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_purp.c => x509/x509_purp.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_skey.c => x509/x509_skey.c} (98%)
 rename crypto/libressl/crypto/{x509v3/v3_sxnet.c => x509/x509_sxnet.c} (99%)
 rename crypto/libressl/crypto/{x509v3/v3_utl.c => x509/x509_utl.c} (99%)
 create mode 100644 crypto/libressl/crypto/x509/x509_verify.c
 delete mode 100644 crypto/libressl/crypto/x509v3/v3err.c
 create mode 100644 crypto/libressl/include/openssl/x509_verify.h
 create mode 100644 crypto/libressl/ssl/tls12_record_layer.c

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/8edacedfc4a3bc9ac4f463b53f61cb4a6eb8d031


-- 
DragonFly BSD source repository


More information about the Commits mailing list