git: vendor/LIBRESSL vendor/libressl: upgrade from 2.9.1 to 3.1.3
Daniel Fojt
deef at crater.dragonflybsd.org
Wed Jul 22 04:49:17 PDT 2020
commit cca6fc5243d2098262ea81f83ad5b28d3b800f4a
Author: Daniel Fojt <df at neosystem.org>
Date: Sat Jul 18 09:42:07 2020 +0200
vendor/libressl: upgrade from 2.9.1 to 3.1.3
Summary of notable changes:
- fixed CVE-2019-1547 and CVE-2019-1563
- various side channels in DSA and ECDSA were addressed
- fixed PVK format output issue with openssl(1) dsa and rsa subcommand
- added cms subcommand to openssl(1)
- added -addext option to openssl(1) req subcommand
- added -groups option to openssl(1) s_server subcommand
- improved compatibility by backporting functionality and documentation
from OpenSSL 1.1.1
- added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1
- completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API
- ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default
- completed initial TLS 1.3 implementation, TLS 1.3 is now enabled
by default for the client side, with the server side to be enabled
in a future release
- provided TLSv1.3 cipher suite aliases to match the names used
in RFC 8446
For details see ChangeLog.
Summary of changes:
crypto/libressl/ChangeLog | 129 ++
crypto/libressl/VERSION | 2 +-
crypto/libressl/apps/nc/nc.1 | 17 +-
crypto/libressl/apps/nc/netcat.c | 163 +-
crypto/libressl/apps/nc/socks.c | 13 +-
crypto/libressl/apps/openssl/apps.c | 36 +-
crypto/libressl/apps/openssl/apps.h | 8 +-
crypto/libressl/apps/openssl/asn1pars.c | 4 +-
crypto/libressl/apps/openssl/ca.c | 4 +-
crypto/libressl/apps/openssl/cert.pem | 619 ++++----
crypto/libressl/apps/openssl/certhash.c | 2 +-
crypto/libressl/apps/openssl/ciphers.c | 4 +-
crypto/libressl/apps/openssl/cms.c | 1282 +++++++++++++++
crypto/libressl/apps/openssl/crl.c | 4 +-
crypto/libressl/apps/openssl/crl2p7.c | 4 +-
crypto/libressl/apps/openssl/dgst.c | 481 +++---
crypto/libressl/apps/openssl/dh.c | 4 +-
crypto/libressl/apps/openssl/dhparam.c | 4 +-
crypto/libressl/apps/openssl/dsa.c | 12 +-
crypto/libressl/apps/openssl/dsaparam.c | 4 +-
crypto/libressl/apps/openssl/ec.c | 4 +-
crypto/libressl/apps/openssl/ecparam.c | 4 +-
crypto/libressl/apps/openssl/enc.c | 7 +-
crypto/libressl/apps/openssl/errstr.c | 4 +-
crypto/libressl/apps/openssl/gendh.c | 4 +-
crypto/libressl/apps/openssl/gendsa.c | 238 ++-
crypto/libressl/apps/openssl/genpkey.c | 4 +-
crypto/libressl/apps/openssl/genrsa.c | 288 +++-
crypto/libressl/apps/openssl/nseq.c | 4 +-
crypto/libressl/apps/openssl/openssl.1 | 1326 +++++++++++++---
crypto/libressl/apps/openssl/openssl.c | 5 +-
crypto/libressl/apps/openssl/passwd.c | 4 +-
crypto/libressl/apps/openssl/pkcs12.c | 916 ++++++-----
crypto/libressl/apps/openssl/pkcs7.c | 4 +-
crypto/libressl/apps/openssl/pkcs8.c | 4 +-
crypto/libressl/apps/openssl/pkey.c | 4 +-
crypto/libressl/apps/openssl/pkeyparam.c | 4 +-
crypto/libressl/apps/openssl/pkeyutl.c | 4 +-
crypto/libressl/apps/openssl/prime.c | 4 +-
crypto/libressl/apps/openssl/progs.h | 3 +-
crypto/libressl/apps/openssl/rand.c | 4 +-
crypto/libressl/apps/openssl/req.c | 158 +-
crypto/libressl/apps/openssl/rsa.c | 4 +-
crypto/libressl/apps/openssl/rsautl.c | 4 +-
crypto/libressl/apps/openssl/s_cb.c | 76 +-
crypto/libressl/apps/openssl/s_client.c | 100 +-
crypto/libressl/apps/openssl/s_server.c | 68 +-
crypto/libressl/apps/openssl/s_socket.c | 8 +-
crypto/libressl/apps/openssl/s_time.c | 6 +-
crypto/libressl/apps/openssl/sess_id.c | 4 +-
crypto/libressl/apps/openssl/speed.c | 24 +
crypto/libressl/apps/openssl/spkac.c | 4 +-
crypto/libressl/apps/openssl/version.c | 4 +-
crypto/libressl/crypto/VERSION | 2 +-
crypto/libressl/crypto/asn1/a_enum.c | 13 +-
crypto/libressl/crypto/asn1/a_int.c | 12 +-
crypto/libressl/crypto/asn1/a_type.c | 33 +-
crypto/libressl/crypto/asn1/ameth_lib.c | 6 +-
crypto/libressl/crypto/asn1/asn1_locl.h | 5 +-
crypto/libressl/crypto/asn1/asn1_par.c | 38 +-
crypto/libressl/crypto/asn1/t_crl.c | 5 +-
crypto/libressl/crypto/asn1/t_x509.c | 6 +-
crypto/libressl/crypto/asn1/tasn_prn.c | 19 +-
crypto/libressl/crypto/asn1/x_long.c | 6 +-
crypto/libressl/crypto/bio/b_print.c | 9 +-
crypto/libressl/crypto/bio/bio_lib.c | 18 +-
crypto/libressl/crypto/bn/bn_ctx.c | 5 +-
crypto/libressl/crypto/bn/bn_lib.c | 66 +-
crypto/libressl/crypto/cast/cast_lcl.h | 4 +-
crypto/libressl/crypto/cms/cms_asn1.c | 1627 ++++++++++++++++++++
crypto/libressl/crypto/cms/cms_att.c | 211 +++
.../crypto/{aes/aes_wrap.c => cms/cms_cd.c} | 139 +-
.../crypto/{aes/aes_wrap.c => cms/cms_dd.c} | 159 +-
crypto/libressl/crypto/cms/cms_enc.c | 262 ++++
crypto/libressl/crypto/cms/cms_env.c | 978 ++++++++++++
crypto/libressl/crypto/cms/cms_err.c | 296 ++++
crypto/libressl/crypto/cms/cms_ess.c | 404 +++++
crypto/libressl/crypto/cms/cms_io.c | 166 ++
crypto/libressl/crypto/cms/cms_kari.c | 483 ++++++
crypto/libressl/crypto/cms/cms_lcl.h | 484 ++++++
crypto/libressl/crypto/cms/cms_lib.c | 720 +++++++++
crypto/libressl/crypto/cms/cms_pwri.c | 431 ++++++
crypto/libressl/crypto/cms/cms_sd.c | 1014 ++++++++++++
crypto/libressl/crypto/cms/cms_smime.c | 934 +++++++++++
crypto/libressl/crypto/conf/conf_def.c | 13 +-
crypto/libressl/crypto/conf/conf_err.c | 3 +-
crypto/libressl/crypto/constant_time_locl.h | 2 +
.../crypto/curve25519/curve25519-generic.c | 1 +
crypto/libressl/crypto/curve25519/curve25519.c | 1 +
.../crypto/curve25519/curve25519_internal.h | 1 +
crypto/libressl/crypto/dh/dh_ameth.c | 3 +-
crypto/libressl/crypto/dsa/dsa_ameth.c | 26 +-
crypto/libressl/crypto/dsa/dsa_ossl.c | 14 +-
crypto/libressl/crypto/dsa/dsa_pmeth.c | 6 +-
crypto/libressl/crypto/ec/ec_ameth.c | 379 ++++-
crypto/libressl/crypto/ec/ec_err.c | 7 +-
crypto/libressl/crypto/ec/ec_kmeth.c | 4 +-
crypto/libressl/crypto/ec/ec_lib.c | 118 +-
crypto/libressl/crypto/ec/ec_pmeth.c | 239 ++-
crypto/libressl/crypto/ecdh/ecdh_kdf.c | 119 ++
crypto/libressl/crypto/ecdh/ech_locl.h | 8 +-
crypto/libressl/crypto/ecdsa/ecs_ossl.c | 8 +-
crypto/libressl/crypto/err/err.c | 23 +-
crypto/libressl/crypto/err/err_all.c | 6 +-
crypto/libressl/crypto/evp/digest.c | 12 +-
crypto/libressl/crypto/evp/e_aes.c | 27 +-
crypto/libressl/crypto/evp/e_chacha.c | 30 +-
crypto/libressl/crypto/evp/e_des3.c | 4 +-
crypto/libressl/crypto/evp/encode.c | 175 +--
crypto/libressl/crypto/evp/evp_enc.c | 30 +-
crypto/libressl/crypto/evp/evp_err.c | 3 +-
crypto/libressl/crypto/evp/evp_locl.h | 4 +-
crypto/libressl/crypto/evp/p5_crpt.c | 3 +-
crypto/libressl/crypto/evp/pmeth_lib.c | 28 +-
crypto/libressl/crypto/gost/streebog.c | 14 +-
crypto/libressl/crypto/hkdf/hkdf.c | 13 +-
crypto/libressl/crypto/lhash/lhash.c | 39 +-
crypto/libressl/crypto/malloc-wrapper.c | 189 +++
crypto/libressl/crypto/modes/ccm128.c | 4 +-
crypto/libressl/crypto/objects/obj_dat.c | 6 +-
crypto/libressl/crypto/objects/obj_dat.h | 91 +-
crypto/libressl/crypto/pem/pem_lib.c | 12 +-
crypto/libressl/crypto/pem/pvkfmt.c | 143 +-
crypto/libressl/crypto/pkcs7/pk7_doit.c | 15 +-
crypto/libressl/crypto/pkcs7/pk7_lib.c | 3 +-
crypto/libressl/crypto/rsa/rsa_ameth.c | 1025 ++++++++----
crypto/libressl/crypto/rsa/rsa_asn1.c | 106 +-
crypto/libressl/crypto/rsa/rsa_eay.c | 8 +-
crypto/libressl/crypto/rsa/rsa_err.c | 12 +-
crypto/libressl/crypto/rsa/rsa_lib.c | 80 +-
crypto/libressl/crypto/rsa/rsa_locl.h | 13 +-
crypto/libressl/crypto/rsa/rsa_meth.c | 173 ++-
crypto/libressl/crypto/rsa/rsa_oaep.c | 355 +++--
crypto/libressl/crypto/rsa/rsa_pmeth.c | 442 +++++-
crypto/libressl/crypto/ts/ts_rsp_sign.c | 4 +-
crypto/libressl/crypto/x509/x509_vfy.c | 37 +-
crypto/libressl/crypto/x509/x509spki.c | 3 +-
crypto/libressl/crypto/x509v3/pcy_node.c | 5 +-
crypto/libressl/crypto/x509v3/v3_akey.c | 69 +-
crypto/libressl/crypto/x509v3/v3_alt.c | 74 +-
crypto/libressl/crypto/x509v3/v3_bcons.c | 21 +-
crypto/libressl/crypto/x509v3/v3_bitst.c | 22 +-
crypto/libressl/crypto/x509v3/v3_cpols.c | 7 +-
crypto/libressl/crypto/x509v3/v3_crld.c | 6 +-
crypto/libressl/crypto/x509v3/v3_extku.c | 31 +-
crypto/libressl/crypto/x509v3/v3_info.c | 46 +-
crypto/libressl/crypto/x509v3/v3_lib.c | 11 +-
crypto/libressl/crypto/x509v3/v3_pcons.c | 24 +-
crypto/libressl/crypto/x509v3/v3_pku.c | 16 +-
crypto/libressl/crypto/x509v3/v3_pmaps.c | 35 +-
crypto/libressl/crypto/x509v3/v3_utl.c | 169 +-
crypto/libressl/include/openssl/asn1t.h | 73 +-
crypto/libressl/include/openssl/bn.h | 91 +-
crypto/libressl/include/openssl/cms.h | 532 +++++++
crypto/libressl/include/openssl/conf.h | 3 +-
crypto/libressl/include/openssl/curve25519.h | 1 +
crypto/libressl/include/openssl/dtls1.h | 6 +-
crypto/libressl/include/openssl/ec.h | 101 +-
crypto/libressl/include/openssl/evp.h | 17 +-
crypto/libressl/include/openssl/obj_mac.h | 55 +
crypto/libressl/include/openssl/opensslfeatures.h | 2 +-
crypto/libressl/include/openssl/opensslv.h | 6 +-
crypto/libressl/include/openssl/rsa.h | 195 ++-
crypto/libressl/include/openssl/safestack.h | 112 +-
crypto/libressl/include/openssl/ssl.h | 19 +-
crypto/libressl/include/openssl/ssl3.h | 4 +-
crypto/libressl/include/openssl/tls1.h | 11 +-
crypto/libressl/include/tls.h | 12 +-
crypto/libressl/man/openssl.cnf.5 | 7 +-
crypto/libressl/ssl/VERSION | 2 +-
crypto/libressl/ssl/bs_cbb.c | 8 +-
crypto/libressl/ssl/d1_clnt.c | 5 +-
crypto/libressl/ssl/d1_enc.c | 212 ---
crypto/libressl/ssl/d1_lib.c | 31 +-
crypto/libressl/ssl/d1_pkt.c | 115 +-
crypto/libressl/ssl/d1_srtp.c | 7 +-
crypto/libressl/ssl/s3_cbc.c | 70 +-
crypto/libressl/ssl/s3_lib.c | 92 +-
crypto/libressl/ssl/ssl_both.c | 11 +-
crypto/libressl/ssl/ssl_cert.c | 25 +-
crypto/libressl/ssl/ssl_ciph.c | 75 +-
crypto/libressl/ssl/ssl_ciphers.c | 12 +-
crypto/libressl/ssl/ssl_clnt.c | 157 +-
crypto/libressl/ssl/ssl_err.c | 5 +-
crypto/libressl/ssl/ssl_kex.c | 182 +++
crypto/libressl/ssl/ssl_lib.c | 79 +-
crypto/libressl/ssl/ssl_locl.h | 131 +-
crypto/libressl/ssl/ssl_methods.c | 110 +-
crypto/libressl/ssl/ssl_pkt.c | 258 ++--
crypto/libressl/ssl/ssl_sess.c | 19 +-
crypto/libressl/ssl/ssl_srvr.c | 146 +-
crypto/libressl/ssl/ssl_tlsext.c | 291 ++--
crypto/libressl/ssl/ssl_tlsext.h | 4 +-
crypto/libressl/ssl/ssl_transcript.c | 10 +-
crypto/libressl/ssl/t1_enc.c | 21 +-
crypto/libressl/ssl/t1_lib.c | 351 +++--
crypto/libressl/ssl/tls13_buffer.c | 137 ++
crypto/libressl/ssl/tls13_client.c | 1010 ++++++++++++
crypto/libressl/ssl/tls13_error.c | 99 ++
crypto/libressl/ssl/tls13_handshake.c | 437 ++++++
crypto/libressl/ssl/tls13_handshake.h | 54 +
crypto/libressl/ssl/tls13_handshake_msg.c | 194 +++
crypto/libressl/ssl/tls13_internal.h | 181 ++-
crypto/libressl/ssl/tls13_key_schedule.c | 10 +-
crypto/libressl/ssl/tls13_key_share.c | 324 ++++
crypto/libressl/ssl/tls13_legacy.c | 518 +++++++
crypto/libressl/ssl/tls13_lib.c | 414 +++++
crypto/libressl/ssl/tls13_record.c | 186 +++
crypto/libressl/ssl/tls13_record.h | 67 +
crypto/libressl/ssl/tls13_record_layer.c | 1129 ++++++++++++++
crypto/libressl/ssl/tls13_server.c | 819 ++++++++++
crypto/libressl/tls/tls.c | 5 +-
crypto/libressl/tls/tls_config.c | 10 +-
crypto/libressl/tls/tls_conninfo.c | 11 +-
crypto/libressl/tls/tls_internal.h | 9 +-
crypto/libressl/tls/tls_ocsp.c | 1 +
crypto/libressl/tls/tls_server.c | 4 +-
crypto/libressl/tls/tls_util.c | 14 +-
218 files changed, 24592 insertions(+), 3987 deletions(-)
create mode 100644 crypto/libressl/apps/openssl/cms.c
create mode 100644 crypto/libressl/crypto/cms/cms_asn1.c
create mode 100644 crypto/libressl/crypto/cms/cms_att.c
copy crypto/libressl/crypto/{aes/aes_wrap.c => cms/cms_cd.c} (58%)
copy crypto/libressl/crypto/{aes/aes_wrap.c => cms/cms_dd.c} (57%)
create mode 100644 crypto/libressl/crypto/cms/cms_enc.c
create mode 100644 crypto/libressl/crypto/cms/cms_env.c
create mode 100644 crypto/libressl/crypto/cms/cms_err.c
create mode 100644 crypto/libressl/crypto/cms/cms_ess.c
create mode 100644 crypto/libressl/crypto/cms/cms_io.c
create mode 100644 crypto/libressl/crypto/cms/cms_kari.c
create mode 100644 crypto/libressl/crypto/cms/cms_lcl.h
create mode 100644 crypto/libressl/crypto/cms/cms_lib.c
create mode 100644 crypto/libressl/crypto/cms/cms_pwri.c
create mode 100644 crypto/libressl/crypto/cms/cms_sd.c
create mode 100644 crypto/libressl/crypto/cms/cms_smime.c
create mode 100644 crypto/libressl/crypto/ecdh/ecdh_kdf.c
create mode 100644 crypto/libressl/crypto/malloc-wrapper.c
create mode 100644 crypto/libressl/include/openssl/cms.h
delete mode 100644 crypto/libressl/ssl/d1_enc.c
create mode 100644 crypto/libressl/ssl/ssl_kex.c
create mode 100644 crypto/libressl/ssl/tls13_buffer.c
create mode 100644 crypto/libressl/ssl/tls13_client.c
create mode 100644 crypto/libressl/ssl/tls13_error.c
create mode 100644 crypto/libressl/ssl/tls13_handshake.c
create mode 100644 crypto/libressl/ssl/tls13_handshake.h
create mode 100644 crypto/libressl/ssl/tls13_handshake_msg.c
create mode 100644 crypto/libressl/ssl/tls13_key_share.c
create mode 100644 crypto/libressl/ssl/tls13_legacy.c
create mode 100644 crypto/libressl/ssl/tls13_lib.c
create mode 100644 crypto/libressl/ssl/tls13_record.c
create mode 100644 crypto/libressl/ssl/tls13_record.h
create mode 100644 crypto/libressl/ssl/tls13_record_layer.c
create mode 100644 crypto/libressl/ssl/tls13_server.c
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/cca6fc5243d2098262ea81f83ad5b28d3b800f4a
--
DragonFly BSD source repository
More information about the Commits
mailing list