git: vendor/libressl: upgrade from 3.1.4 to 3.2.2
Daniel Fojt
deef at crater.dragonflybsd.org
Thu Nov 5 04:17:44 PST 2020
commit 8edacedfc4a3bc9ac4f463b53f61cb4a6eb8d031
Author: Daniel Fojt <df at neosystem.org>
Date: Tue Nov 3 19:37:17 2020 +0100
vendor/libressl: upgrade from 3.1.4 to 3.2.2
Summary of notable changes:
* new TLSv1.3 implementation enabled by default for both client
and server
* new X509 certificate chain validator that correctly handles
multiple paths through intermediate certificates
* new name constraints verification implementation which passes
the bettertls.com certificate validation check suite
* numerous leaks and out-of-bounds write fixed
* many improvements, refactoring, optimizations and code cleanups
See ChangeLog for details.
Summary of changes:
crypto/libressl/ChangeLog | 251 +++
crypto/libressl/VERSION | 2 +-
crypto/libressl/apps/openssl/apps.c | 6 +-
crypto/libressl/apps/openssl/apps.h | 5 +-
crypto/libressl/apps/openssl/cert.pem | 54 +-
crypto/libressl/apps/openssl/ocsp.c | 1363 ++++++++------
crypto/libressl/apps/openssl/openssl.1 | 75 +-
crypto/libressl/apps/openssl/req.c | 950 ++++++----
crypto/libressl/apps/openssl/s_client.c | 1359 ++++++++-----
crypto/libressl/apps/openssl/s_server.c | 1988 ++++++++++++--------
crypto/libressl/apps/openssl/verify.c | 308 ++-
crypto/libressl/apps/openssl/x509.c | 21 +-
crypto/libressl/crypto/asn1/a_bitstr.c | 4 +-
crypto/libressl/crypto/asn1/x_attrib.c | 7 +-
crypto/libressl/crypto/asn1/x_info.c | 31 +-
crypto/libressl/crypto/bn/bn_rand.c | 23 +-
crypto/libressl/crypto/cms/cms_err.c | 142 +-
crypto/libressl/crypto/ec/ec_curve.c | 168 +-
crypto/libressl/crypto/evp/e_aes.c | 36 +-
crypto/libressl/crypto/evp/evp_pbe.c | 4 +-
crypto/libressl/crypto/gost/gost2814789.c | 4 +-
crypto/libressl/crypto/gost/gost_err.c | 64 +-
crypto/libressl/crypto/gost/gostr341001_ameth.c | 22 +-
crypto/libressl/crypto/gost/gostr341001_params.c | 6 +-
crypto/libressl/crypto/objects/obj_dat.h | 92 +-
crypto/libressl/crypto/pem/pem_info.c | 51 +-
crypto/libressl/crypto/pkcs12/pk12err.c | 32 +-
crypto/libressl/crypto/pkcs7/pkcs7err.c | 43 +-
crypto/libressl/crypto/ui/ui_lib.c | 366 ++--
crypto/libressl/crypto/{x509v3 => x509}/ext_dat.h | 2 +-
.../libressl/crypto/{x509v3 => x509}/pcy_cache.c | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_data.c | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_int.h | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_lib.c | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_map.c | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_node.c | 2 +-
crypto/libressl/crypto/{x509v3 => x509}/pcy_tree.c | 2 +-
.../crypto/{x509v3/v3_akey.c => x509/x509_akey.c} | 2 +-
.../{x509v3/v3_akeya.c => x509/x509_akeya.c} | 2 +-
.../crypto/{x509v3/v3_alt.c => x509/x509_alt.c} | 2 +-
.../{x509v3/v3_bcons.c => x509/x509_bcons.c} | 2 +-
.../{x509v3/v3_bitst.c => x509/x509_bitst.c} | 2 +-
.../crypto/{x509v3/v3_conf.c => x509/x509_conf.c} | 2 +-
crypto/libressl/crypto/x509/x509_constraints.c | 1178 ++++++++++++
.../{x509v3/v3_cpols.c => x509/x509_cpols.c} | 2 +-
.../crypto/{x509v3/v3_crld.c => x509/x509_crld.c} | 2 +-
.../crypto/{x509v3/v3_enum.c => x509/x509_enum.c} | 2 +-
crypto/libressl/crypto/x509/x509_err.c | 92 +-
.../{x509v3/v3_extku.c => x509/x509_extku.c} | 2 +-
.../crypto/{x509v3/v3_genn.c => x509/x509_genn.c} | 2 +-
.../crypto/{x509v3/v3_ia5.c => x509/x509_ia5.c} | 2 +-
.../crypto/{x509v3/v3_info.c => x509/x509_info.c} | 2 +-
.../crypto/{x509v3/v3_int.c => x509/x509_int.c} | 2 +-
crypto/libressl/crypto/x509/x509_internal.h | 128 ++
crypto/libressl/crypto/x509/x509_issuer_cache.c | 167 ++
crypto/libressl/crypto/x509/x509_issuer_cache.h | 47 +
.../crypto/{x509v3/v3_lib.c => x509/x509_lib.c} | 8 +-
.../{x509v3/v3_ncons.c => x509/x509_ncons.c} | 4 +-
.../crypto/{x509v3/v3_ocsp.c => x509/x509_ocsp.c} | 2 +-
.../crypto/{x509v3/v3_pci.c => x509/x509_pci.c} | 2 +-
.../crypto/{x509v3/v3_pcia.c => x509/x509_pcia.c} | 2 +-
.../{x509v3/v3_pcons.c => x509/x509_pcons.c} | 2 +-
.../crypto/{x509v3/v3_pku.c => x509/x509_pku.c} | 2 +-
.../{x509v3/v3_pmaps.c => x509/x509_pmaps.c} | 2 +-
.../crypto/{x509v3/v3_prn.c => x509/x509_prn.c} | 2 +-
.../crypto/{x509v3/v3_purp.c => x509/x509_purp.c} | 6 +-
.../crypto/{x509v3/v3_skey.c => x509/x509_skey.c} | 2 +-
.../{x509v3/v3_sxnet.c => x509/x509_sxnet.c} | 2 +-
.../crypto/{x509v3/v3_utl.c => x509/x509_utl.c} | 5 +-
crypto/libressl/crypto/x509/x509_verify.c | 928 +++++++++
crypto/libressl/crypto/x509/x509_vfy.c | 310 +--
crypto/libressl/crypto/x509/x509_vpm.c | 2 +-
crypto/libressl/crypto/x509v3/v3err.c | 226 ---
crypto/libressl/include/openssl/obj_mac.h | 56 +-
crypto/libressl/include/openssl/opensslfeatures.h | 10 +-
crypto/libressl/include/openssl/opensslv.h | 6 +-
crypto/libressl/include/openssl/ssl.h | 45 +-
crypto/libressl/include/openssl/ssl3.h | 4 +-
crypto/libressl/include/openssl/tls1.h | 14 +-
crypto/libressl/include/openssl/ui.h | 351 ++--
crypto/libressl/include/openssl/x509_verify.h | 42 +
crypto/libressl/include/openssl/x509_vfy.h | 5 +-
crypto/libressl/include/openssl/x509v3.h | 4 +-
crypto/libressl/ssl/bs_cbb.c | 4 +-
crypto/libressl/ssl/d1_both.c | 51 +-
crypto/libressl/ssl/d1_lib.c | 122 +-
crypto/libressl/ssl/d1_pkt.c | 149 +-
crypto/libressl/ssl/s3_cbc.c | 8 +-
crypto/libressl/ssl/s3_lib.c | 47 +-
crypto/libressl/ssl/ssl_both.c | 38 +-
crypto/libressl/ssl/ssl_cert.c | 17 +-
crypto/libressl/ssl/ssl_ciph.c | 32 +-
crypto/libressl/ssl/ssl_ciphers.c | 152 +-
crypto/libressl/ssl/ssl_clnt.c | 45 +-
crypto/libressl/ssl/ssl_lib.c | 434 +++--
crypto/libressl/ssl/ssl_locl.h | 119 +-
crypto/libressl/ssl/ssl_methods.c | 204 +-
crypto/libressl/ssl/ssl_pkt.c | 235 +--
crypto/libressl/ssl/ssl_sess.c | 323 ++--
crypto/libressl/ssl/ssl_sigalgs.c | 4 +-
crypto/libressl/ssl/ssl_srvr.c | 64 +-
crypto/libressl/ssl/ssl_tlsext.c | 431 +++--
crypto/libressl/ssl/ssl_tlsext.h | 185 +-
crypto/libressl/ssl/ssl_versions.c | 32 +-
crypto/libressl/ssl/t1_enc.c | 32 +-
crypto/libressl/ssl/t1_lib.c | 171 +-
crypto/libressl/ssl/tls12_record_layer.c | 542 ++++++
crypto/libressl/ssl/tls13_client.c | 86 +-
crypto/libressl/ssl/tls13_handshake.c | 114 +-
crypto/libressl/ssl/tls13_internal.h | 96 +-
crypto/libressl/ssl/tls13_legacy.c | 129 +-
crypto/libressl/ssl/tls13_lib.c | 250 ++-
crypto/libressl/ssl/tls13_record.c | 7 +-
crypto/libressl/ssl/tls13_record_layer.c | 280 +--
crypto/libressl/ssl/tls13_server.c | 426 ++++-
crypto/libressl/tls/tls.c | 4 +-
116 files changed, 10823 insertions(+), 5187 deletions(-)
rename crypto/libressl/crypto/{x509v3 => x509}/ext_dat.h (98%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_cache.c (99%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_data.c (98%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_int.h (99%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_lib.c (98%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_map.c (98%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_node.c (98%)
rename crypto/libressl/crypto/{x509v3 => x509}/pcy_tree.c (99%)
rename crypto/libressl/crypto/{x509v3/v3_akey.c => x509/x509_akey.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_akeya.c => x509/x509_akeya.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_alt.c => x509/x509_alt.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_bcons.c => x509/x509_bcons.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_bitst.c => x509/x509_bitst.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_conf.c => x509/x509_conf.c} (99%)
create mode 100644 crypto/libressl/crypto/x509/x509_constraints.c
rename crypto/libressl/crypto/{x509v3/v3_cpols.c => x509/x509_cpols.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_crld.c => x509/x509_crld.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_enum.c => x509/x509_enum.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_extku.c => x509/x509_extku.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_genn.c => x509/x509_genn.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_ia5.c => x509/x509_ia5.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_info.c => x509/x509_info.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_int.c => x509/x509_int.c} (98%)
create mode 100644 crypto/libressl/crypto/x509/x509_internal.h
create mode 100644 crypto/libressl/crypto/x509/x509_issuer_cache.c
create mode 100644 crypto/libressl/crypto/x509/x509_issuer_cache.h
rename crypto/libressl/crypto/{x509v3/v3_lib.c => x509/x509_lib.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_ncons.c => x509/x509_ncons.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_ocsp.c => x509/x509_ocsp.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_pci.c => x509/x509_pci.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_pcia.c => x509/x509_pcia.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_pcons.c => x509/x509_pcons.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_pku.c => x509/x509_pku.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_pmaps.c => x509/x509_pmaps.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_prn.c => x509/x509_prn.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_purp.c => x509/x509_purp.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_skey.c => x509/x509_skey.c} (98%)
rename crypto/libressl/crypto/{x509v3/v3_sxnet.c => x509/x509_sxnet.c} (99%)
rename crypto/libressl/crypto/{x509v3/v3_utl.c => x509/x509_utl.c} (99%)
create mode 100644 crypto/libressl/crypto/x509/x509_verify.c
delete mode 100644 crypto/libressl/crypto/x509v3/v3err.c
create mode 100644 crypto/libressl/include/openssl/x509_verify.h
create mode 100644 crypto/libressl/ssl/tls12_record_layer.c
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/8edacedfc4a3bc9ac4f463b53f61cb4a6eb8d031
--
DragonFly BSD source repository
More information about the Commits
mailing list